Abstract: Permissioned blockchains with off-chain storage establish integrity and no-later-than date-of-existence for documents, leveraging records containing hash values of documents. When a document's integrity or date is challenged, a new hash value is compared with a record in the blockchain. Proving date-of-existence (via hash value in a publication and/or SMS) for the block containing the record establishes no-later-than date-of-existence for the document. Permissioning monetizes operations, enforcing rules for submission rights and content, thereby precluding problematic material (privacy, obscenity, malicious logic, copyright violations) that threatens long-term viability. Compact records and off-chain storage in a document corral (with quarantine capability) preserve document confidentiality and ease storage burdens for distributed blockchain copies. Using multiple hash values for each document hardens against preimage attacks with quantum computing.

Abstract: A transmitter and receiver are provided for communication over a noisy channel in a wireless communications system. The transmitter and receiver use polar coding to provide reliability of data transmission over the noisy wireless channel. In addition, signature bits are inserted in some unreliable bit positions of the polar code. For a given codeword, the receiver with knowledge of the signature can more effectively decode the codeword. Cyclic redundancy check (CRC) bits may also included in the input vector to assist in decoding.

Abstract: A system includes a plurality of data input ports, each port corresponding to one of a plurality of different levels of security classification; a security device, configured for cryptographic processing, coupled to receive incoming data from each of the plurality of input ports, wherein the incoming data includes first data having a first classification level; a key manager configured to select and tag-identified first set of keys from a plurality of key sets, each of the key sets corresponding to one of the different levels of security classification, wherein the first set of keys is used by the security device to encrypt the first data; and a common encrypted data storage, coupled to receive the encrypted first data from the security device for storage.

Abstract: A block cipher method and apparatus using round repetition for providing, from a plaintext message, a ciphertext message and a global tag is disclosed; the plaintext message is converted into a plurality of ordered plaintext blocks which are successively processed during a round for computing: a cryptogram by encrypting input data using a single cryptographic key, said cryptogram comprising a first segment and a second segment; a ciphertext block by performing a first operation using, as operands: said first segment said current plaintext block and said second segment; at each next round said input data is newly determined based on the current ciphertext block and an updated reproducible data; the ciphertext message is determined by concatenating the ciphertext blocks and the global tag by a second operation using computed authentication local tags as operands.

Abstract: An apparatus, method, system and computer-readable medium are provided for preserving an encryption of data when confronted by an attack, such as a side channel analysis (SCA) attack based on a statistical analysis. In some embodiments, hardware, software, and/or firmware associated with an encryption calculation may be exercised or accessed during a background operation when an actual or real operation is not taking place. During the background operation, dummy values for data and one or more keys may be input to the hardware. A switching between the real operation and the background operation may take place seamlessly such that measurement of a physical characteristic associated with the hardware is indistinguishable in terms of when the real and background operations are active. In this manner, the secrecy of a key used in connection with the real operation may be preserved.

Abstract: An apparatus includes a subsurface sensor for use in a borehole to provide a subsurface measurement series, a subsurface processor to receive the subsurface measurement series, and a machine-readable medium. The machine-readable medium has program code to cause the apparatus to obtain the subsurface measurement series and generate an atom combination based on the subsurface measurement series using the subsurface processor, wherein the atom combination comprises a subset of atoms from a dictionary. The code also has instructions to generate a set of characterizing values and transmit the set of characterizing values to a different physical location, wherein the set of characterizing values comprises an atom identifier and at least one corresponding atom weight for at least one atom from the atom combination.

Abstract: Disclosed is a hardware module with a 32-bit unit operation for processor supporting ARIA encryption and decryption, including: an instruction pipeline that executes an instruction fetch, instruction decoding, and an instruction execution; and an ARIA operation module that has a 32-bit unit operation system provided in the instruction execution pipeline to support ARIA encryption and decryption. Two types of instructions, ARIA substitution layer and diffusion layer instructions are provided as a 32-bit unit operation instruction in order to provide an ARIA encryption/decryption function through the ARIA operation module, the substitution layer instruction includes two instructions for an even round and an odd round of the ARIA encryption/decryption, and the diffusion layer includes four types of diffusion layer instructions for the even sub-round and four types of diffusion layer instructions for the odd sub-round.

Abstract: Provided herein are system, methods and computer program products for identifying duplicate records stored in a database system, comprising: generating a plurality of encrypted match indexes for each of a plurality of records stored in the database system, each of the plurality of encrypted match indexes encrypts a value of each encryption enabled field of a respective one of the plurality of records defined by at least one match rule, creating a cluster of records comprising at least one set containing at least two records of the plurality of records, the at least two records having respective encrypted match indexes corresponding to the at least one match rule, causing identification of duplicate records in the at least one set according to detection of records of the at least one set having respective match indexes matching the at least one match rule, and outputting an indication of the identified duplicate records.

Abstract: Managing digital asset representation of physical assets upon transfer of ownership of the physical asset and its digital representation, for example a digital twin. Detecting a change-of-ownership event prompts a new owner to cause generation of a new digital agreement based on the original digital agreement subject to any desired modifications. A new digital twin and a new digital agreement are generated. Data may be written to a blockchain.

Abstract: Although TLS provides desirable end-to-end encryption, there are circumstances in which it is desirable or a regulatory requirement for a client to establish a TLS connection through an intermediary that is capable of creating an archival record. There is provided a modification to the TLS protocol that allows an aware client to provide a recovery record to such an intermediary. The recovery record permits the intermediary to verify that the encrypted recovery records can be decrypted by a party that holds the corresponding private key but does not enable decryption by the intermediary.

Abstract: An encryption circuit includes a pipelined encryption core having a plurality of round cores therein. The pipelined encryption core is configured to perform a real round operation on each of a plurality of pieces of input data received therein and generate encryption data from the input data using an encryption operation comprising the real round operation. An encryption controller is provided, which is coupled to the pipelined encryption core. The encryption controller is configured to control the pipelined encryption core so that at least one of the plurality of round cores performs a virtual round operation as part of the encryption operation. The pipelined encryption core is configured to perform a virtual encryption operation using at least one of: (i) dummy data, and (ii) a dummy encryption key.

Abstract: A registration apparatus generates a data random number tuple R that is a tuple of random numbers whose quantity is the same as a level quantity L of a hierarchy that a user attribute forms, and that is also a tuple of uniformly random numbers. Also, the registration apparatus accepts a plaintext M and attribute information B.

Abstract: A computer-implemented method, non-transitory, computer-readable medium, and computer-implemented system are provided for implementing privacy protection. In an implementation, a public key pk={N, h} corresponding to a target user is obtained, where h is a generator of a predetermined cyclic group with a size of k in a random number space Z*N, a length of k is i bits, a length of N is n bits, and i<<n. A random number r is selected, so that hr belongs to the predetermined cyclic group. To-be-encrypted data m, corresponding to the target user using the public key pk and the random number r, is processed to generate a homomorphic ciphertext c=(1+N)m·(hN mod N2)r mod N2. The homomorphic ciphertext c is provided to the target user, where the homomorphic ciphertext c can be decrypted using a private key sk to obtain the data m.

Abstract: A system and method for providing data such as credentials to a third-party service while protecting the data from exposure to intermediate services. The system receives a first request containing encrypted data, generates a second request by replacing the encrypted data from the first request with unencrypted data, and transmits the second request to the third-party service.

Abstract: Systems, devices, and methods for encrypting genetic information are provided herein. Also provided herein are systems, devices, and methods for encrypting compressed genetic data, transmitting encrypted compressed genetic data, and receiving, storing, accessing encrypted compressed genetic data. In some cases, a user interface is in communication with a system or device provided herein.

Abstract: In some aspects, an apparatus for encoding a stream of data for transmission to a receiver device comprises a memory device and a hardware processor. The memory device is a memory device configured to store at least one parameter associated with at least one cryptographic protocol, the at least one parameter identifying one or more cipher directives from a plurality of cipher directives including an exclusive-OR (XOR) function and a table lookup function. The hardware processor is configured to generate, for transmission to the receiver device, a frame comprising a first field identifying a custom or non-custom cryptographic scheme and a second field identifying a first cipher directive of the plurality of cipher directives.

Abstract: One or more example embodiments include user terminals, methods, and/or computer-readable recording mediums storing computer programs, in which information encrypted or decrypted not to be decoded by a message server that controls transmission and reception of messages between one or more user terminals is not shared with the message server. One or more example embodiments include user terminals, methods, and/or computer-readable recording mediums storing computer programs, which encrypt a first message by using an encryption key, transmit the first message from a first user terminal to a second user terminal, and decrypt a second message received from the second user terminal by using the encryption key.

Abstract: An operation method of an apparatus for decrypting input data of N*X bits (where N and X are positive integers) encrypted by using a block-level encryption algorithm, includes: receiving the input data and decoding the input data into data of N*Y bits (where Y is a positive integer) whose number is different from a number of N*X bits; performing first decryption operation processing of the block-level encryption algorithm on the data of N*Y bits; encoding the data of N*Y bits on which the first decryption operation processing is performed into intermediate data of N*X bits; and performing a plurality of intermediate round operations of a preset number based on the intermediate data of N*X bits.

Abstract: A method of transmitting entitlement messages to content consumption devices in a access control system, the method comprising periodically transmitting entitlement messages to content consumption devices in a access control system and periodically extending an expiry time comprised in the entitlement messages. The entitlement messages comprise indicator data indicating to the content consumption devices that subsequent entitlement messages loaded into a content consumption device after a first entitlement message is loaded into the content consumption device shall not be used by the content consumption device to access protected media content.

Abstract: A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data, that may be communicated using multiple communications paths.

Abstract: One or more example embodiments include user terminals, methods, and/or computer-readable recording mediums storing computer programs, in which information encrypted or decrypted not to be decoded by a message server that controls transmission and reception of messages between one or more user terminals is not shared with the message server. One or more example embodiments include user terminals, methods, and/or computer-readable recording mediums storing computer programs, which encrypt a first message by using an encryption key, transmit the first message from a first user terminal to a second user terminal, and decrypt a second message received from the second user terminal by using the encryption key.

Abstract: Performing replicated data integrity, including: generating, at a first computer system, a local hash of a local dataset; replicating the local dataset; receiving, at the first computer system from a second computer system, a remote hash of a remote dataset generated from the local dataset replicated from the first computer system; and determining, based at least on a comparison of the local hash of the local dataset with the remote hash of the remote dataset, validity of the remote dataset generated from the local dataset replicated from the first computer system.

Abstract: A method of processing data includes at least one processor accessing a data storage unit, the data storage unit providing at least one input data object and at least one transmutation command to be performed on the at least one input data object. The at least one transmutation command operates in a forward mode on the at least one input data object to produce at least one output data object to be stored in a data storage unit.

Abstract: The application discloses a memory controller and a method for controlling an access to a memory module. The memory controller is coupled between the memory module and a host controller to control the access of the host controller to the memory module. The memory controller comprises: a central buffer coupled to the host controller for receiving data access command from the host controller and coupled to the memory module for providing an encrypted data access command to the memory module; wherein the central buffer comprises a command processing module, for performing encryption operation to a data access command with a predefined command encryption algorithm to generate an encrypted data access command; wherein a data channel is coupled between the memory module and the host controller, and wherein under the control of the encrypted data access command, the memory module exchanges data with the host controller via the data channel.

Abstract: Disclosed are systems and methods for routing personal data when executing queries, in a client-server architecture. A data structure intended for dispatching to the server is divided at the client side into at least two substructures. These data substructures are dispatched from the client to the server by different routes. One of the routes includes a network node with anonymization module, said node being situated in a regional network different from the regional network in which the server is located and not being in the same intranet as the server or the client. The anonymization module of the node transforms each data substructure dispatched by this route. The data substructures are combined into a structure at the server after being obtained.

Abstract: Methods and apparatus for detecting that a processing node, in a network including a plurality of processing nodes, is reporting invalid results and for taking corrective actions in response to the detection are described.

Abstract: The application discloses a memory controller and a method for controlling an access to a memory module. The memory controller is coupled between the memory module and a host controller to control the access of the host controller to the memory module. The memory controller comprises: a central buffer coupled to the host controller for receiving data access command from the host controller and coupled to the memory module for providing an encrypted data access command to the memory module; wherein the central buffer comprises a command processing module, for performing encryption operation to a data access command with a predefined command encryption algorithm to generate an encrypted data access command; wherein a data channel is coupled between the memory module and the host controller, and wherein under the control of the encrypted data access command, the memory module exchanges data with the host controller via the data channel.

Abstract: A cryptanalysis method comprising: (A) Performing a ciphertext-only direct cryptanalysis of A5/1 and (B) Using results of Step (A) to facilitate the decryption and/or encryption of further communications that are consistent with encryption using the session key and/or decryption using the session key, wherein the cryptanalysis considers part of the bits of the session key to have a known fixed value, and wherein the cryptanalysis finds the session key. An efficient known plaintext attack on AS/2 comprises trying all the possible values for R4, and for each such value solving the linearized system of equations that describe the output; The solution of the equations gives the internal state of RI, R2, and R3; Together with R4, this gives the full internal state which gives a suggestion for the key.

Abstract: Various techniques provide systems and methods for facilitating iterative key generation and data encryption and decryption. In one example, a method includes encrypting, by an encryption logic circuit, a current data portion of plaintext data using a current encryption key to provide an encrypted current data portion. The method further includes generating, by the encryption logic circuit, a next encryption key for encryption of a next data portion of the plaintext data based on the current encryption key. Related methods and devices are also provided.

Abstract: An apparatus and method for encrypting messages from a first node splits the message into a plurality of message units, each of which is encrypted. The encrypted message units are split into path units, each of which is directed to a different route path to a destination node. At the destination node, the path units are received and reassembled into encrypted message units, which are decrypted into message fragments and concatenated to form a message corresponding to the original one sent.

Abstract: A method for processing cipher change failure comprises: storing a record's error information when a cipher change of ciphertext data in the record fails, the error information comprising an identifier of the record and a failure cause; determining a retry strategy based on the stored failure cause; and employing the retry strategy to reperform the cipher change of the ciphertext data in the record having the identifier.

Abstract: A method for automatically converting electronic data is disclosed.

Abstract: A system for fully integrated collection of business impacting data, analysis of that data and generation of both analysis driven business decisions and analysis driven simulations of alternate candidate business action comprising a business data retrieval engine stored in a memory of and operating on a processor of a computing device, a business data analysis engine stored in a memory of and operating on a processor of a computing device and a business decision and business action path simulation engine stored in a memory of and operating on a processor of one of more computing devices has been developed.

Abstract: Generating a secondary security key from a primary security key is provided. A first numeric code that is an alternate numeric representation of a first character in a primary security key is added to a second numeric code that is an alternate numeric representation of a second character in the primary security key to generate a running total value. The running total value is automatically designated as a secondary security key such that the primary security key is transformed into the secondary security key that is usable for encrypting data to provide a more secure computer system. The data is encrypted with the secondary security key.

Abstract: Computer-implemented methods, systems, and non-transitory, computer-readable media for server-based time authentication of blockchain-type ledgers are provided. One computer implemented method includes: determining at least one ledger that needs time authentication and includes one or more consecutive data blocks. For each ledger, determining ledger information corresponding to the ledger and including a plurality of items, such as: an identifier of the ledger, a block height of a starting block of the ledger, a block height of an ending block of the ledger, and a root hash of a Merkle tree formed by the one or more consecutive data blocks in the ledger. The ledger information is sent to a trusted time authentication agency for time authentication on each of the plurality of items. A time certificate, including a timestamp, the ledger information, and a digital signature of the time authentication agency is received from the time authentication agency.

Abstract: In one example, a processing system including at least one processor obtains a transport control protocol flow associated with a video session that streams a video from a server to a client. The transport control protocol flow comprises a plurality encrypted packets exchanged between the server and the client. The processing system then reconstructs a hypertext transfer protocol transaction that is part of the streaming video session. The reconstructing is performed without decrypting the plurality of encrypted packets.

Abstract: In a communication system, a management node includes: a high-order count value holding unit holding a high-order count value; and a high-order count value distribution unit updating the high-order count value under a high-order update condition and distributing the updated high-order count value to normal nodes. In the communication system, a normal node includes: a count value holding unit holding a count value; a low-order update unit updating a low-order count value held in the count value holding unit under a low-order update condition; and a high-order update unit updating a high-order count value held in the count value holding unit to the high-order count value distributed from the management node together with a reset of the low-order count value.

Abstract: A processor includes packed data registers and a decode unit to decode an instruction. The instruction is to indicate a first source operand having at least one lane of bits, and a second source packed data operand having a number of sub-lane sized bit selection elements. An execution unit is coupled with the packed data registers and the decode unit. The execution unit, in response to the instruction, stores a result operand in a destination storage location. The result operand includes, a different corresponding bit for each of the number of sub-lane sized bit selection elements. A value of each bit of the result operand corresponding to a sub-lane sized bit selection element is that of a bit of a corresponding lane of bits, of the at least one lane of bits of the first source operand, which is indicated by the corresponding sub-lane sized bit selection element.

Abstract: There is provided a method of generating a ciphertext. The method includes encrypting an input data to produce an encrypted data, and randomizing the encrypted data to produce the ciphertext. In particular, the randomizing process includes performing an exclusive-or (xor) operation on the encrypted data with a cipher pad, whereby the cipher pad is generated based on an xor-homomorphic function of a first key using a second key generated based on the encrypted data. There is also provided a corresponding system for generating a ciphertext, a corresponding method and system for decrypting a ciphertext, and a corresponding method and system for searching ciphertexts in a database, such as at an untrusted server.

Abstract: A wireless sensor preferably has a case which is intrinsically safe and has no exposed parts which can become not intrinsically safe due to the passage of time or through contact with chemicals typically encountered in a location where the wireless sensor is used. It preferably has no integral visual display other than lights, and it preferably includes at least one signal light. The sensor preferably includes a wireless transceiver for allowing remote read and remote control of the sensor. The sensor preferably includes piezoelectric pressure detectors for allowing a user to locally interact with the sensor by pressing on the case. Data can be automatically harvested from the sensors by a portable electronic data-retrieving device which is usually geographically remote from the sensors when the portable electronic data-retrieving device and the sensors are in range of a wireless system which allows them to communicate when they are geographically proximate each other.

Abstract: Techniques for mitigating side-channel attacks on cryptographic algorithms are provided. An example method according to these techniques includes applying a block cipher algorithm to an input data to generate a cryptographic output, such that applying the block cipher to input data comprises modifying an output of a stage of the block cipher algorithm such that each output of the stage of the block cipher algorithm has a constant Hamming weight, and outputting the cryptographic output.

Abstract: Examples perform asynchronous encrypted live migration of virtual machines (VM) from a source host to a destination host. The encryption of the memory blocks of the VM is performed optionally before a request for live migration is received or after said request. The more resource intensive decryption of the memory blocks of the VM is performed by the destination host in a resource efficient manner, reducing the downtime apparent to users. Some examples contemplate decrypting memory blocks of the transmitted VM on-demand and opportunistically, according to a pre-determined rate, or in accordance with parameters established by a user.

Abstract: Systems, devices, and methods for encrypting genetic information are provided herein. Also provided herein are systems, devices, and methods for encrypting compressed genetic data, transmitting encrypted compressed genetic data, and receiving, storing, accessing encrypted compressed genetic data. In some cases, a user interface is in communication with a system or device provided herein.

Abstract: Network systems and methods are disclosed for maintaining purchase history databases useful for targeted marketing while preventing users from obtaining access to customer financial accounts.

Abstract: A computing device includes an interface configured to interface and communicate with a dispersed storage network (DSN), a memory that stores operational instructions, and processing circuitry operably coupled to the interface and to the memory. The processing circuitry is configured to execute the operational instructions to perform various operations and functions. The computing device encrypts data using a key to generate encrypted data and processes it and a password based on a deterministic function to generate transformed data. The computing device masks the key based on a masking function based on the transformed data to generate a masked key, and then combines the encrypted data and the masked key to generate a secure package that is encoded in accordance with dispersed error encoding parameters produce a set of encoded data slices (EDSs) and transmits the set of EDSs to a plurality of storage units (SUs) to be distributedly stored therein.

Abstract: An example secure embedded device includes a secure non-volatile memory coupled to a processor. The processor provides a scramble or cipher key and uses a scramble algorithm or a cipher algorithm to scramble or cipher information received from an external device into transformed information. The processor writes a least a portion of the transformed information to a plurality of memory locations of the secure non-volatile memory. The plurality of memory locations is based on the scramble or cipher key.

Abstract: A hardware cipher module to cipher a packet. The cipher module includes a key scheduling engine and a ciphering engine. The key scheduling engine is configured to receive a compact key and iteratively generate a set of round keys, including a first round key, based on the compact key and determine, based upon a cipher mode indication and a type of ciphering whether to generate a key-scheduling-done indication after the first round key is generated and before all of the set of round keys are generated or to generate the key-scheduling-done indication after all of the set of round keys is generated. The ciphering engine is configured to begin to cipher the packet with one of the set of round keys as a result of receiving the key schedule done indication.

Abstract: A streaming media player receives a media stream from a first broadcast chain. Streaming performance feedback originating from the streaming media player is received at a processing system including an analytics module. The feedback includes identifying information sufficient to verify that a user of the media player is a valid user. In response to verifying that the feedback is from a valid user, identifying information is stripped out, and the feedback is transmitted to a media proposal server. The media proposal server determines, based on the streaming feedback, that media items scheduled for broadcast on a second, different broadcast chain, are to be replaced. Replacement media items, which have been identified, based at least in part, on feedback from the first broadcast chain, are transmitted to the second broadcast chain via a media distribution server.

Abstract: A cryptographic device (200) is provided to compute a key dependent cryptographic function for an input message. The cryptographic device has a data store arranged to store multiple variables (w) on which the cryptographic device acts to compute the cryptographic function, a variable (w) being distributed over multiple shares (wj) and represented in the data store as multiple encoded shares (xj), an encoded share being an encoding (xj=Encj (wj, sj)) of a share (wj) together with a state (sj), the multiple states (sj) corresponding to the same variable (w) having a relationship with the input message (M) so that there exists an injective mapping (?) from the input message (M) to the multiple states (?(M)=(s0, . . . , sn?1)).

Abstract: Embodiments include a computing processor control flow enforcement system including a processor, a block cipher encryption circuit, and an exclusive-OR (XOR) circuit. The control flow enforcement system uses a block cipher encryption to authenticate a return address when returning from a call or interrupt. The block cipher encryption circuit executes a block cipher encryption on a first number including an identifier to produce a first encrypted result and executes a block cipher encryption on a second number including a return address and a stack location pointer to produce a second encrypted result. The XOR circuit performs an XOR operation on the first encrypted result and the second encrypted result to produce a message authentication code tag.