Abstract: Method(s), system(s), apparatus are provided for quantum safe quantum streaming between a first endpoint device and second endpoint device via a server of a quantum cloud platform. Splitting, at the first endpoint device, a data item into a plurality of data shards that allow reconstruction of the data item. Encrypting, at the first endpoint device, each of the data shards separately using a first cryptographic key shared between the first endpoint device and the second endpoint device. Establishing, between the first endpoint device and the server, a first plurality of secure channels with the server of the quantum cloud platform using a second cryptographic key, the second cryptographic key shared between the endpoint and the server. Transmitting, from the first endpoint device to the server, the plurality of encrypted shards towards the second endpoint device via the server over the plurality of secure channels.

Abstract: Systems and methods for performing adaptive bitrate streaming using alternative streams of protected content in accordance with embodiments of the invention are described. One embodiment of the invention includes a processor, and memory containing a client application. In addition, the client application configures the processor to: request a top level index file identifying a plurality of alternative streams of protected content, where each of the alternative streams of protected content are encrypted using common cryptographic information; obtain the common cryptographic information; request portions of content from at least the plurality of alternative streams of protected content; access the protected content using the common cryptographic information; and playback the content.

Abstract: A method for determining the authenticity of a component in an electronic device, the method comprising: receiving a seed by a component in the electronic device; storing the seed in a block of non-volatile memory in the component; calculating, by the component, the output of a cryptographic function with the input based on the seed and storing the output in the block of non-volatile memory; iteratively calculating, by the component, the outputs of the cryptographic function wherein for each iteration the input for the cryptographic function is based on the seed and all previous outputs, and for each iteration storing the output in the block of non-volatile memory; and determining the authenticity of the component based on a selected output of the cryptographic function F, the selected output being one of the outputs stored in the block of non-volatile memory.

Abstract: A memory device includes an input unit configured to receive a plain text and output plain blocks and CTS plain block, a multi-core unit including a plurality of encryption/decryption cores configured to encrypt each of the plain blocks provided from the input unit and output cipher blocks in accordance with control of an encryption/decryption core control unit, a CTS core unit including a CTS core configured to encrypt the CTS plain block provided from the input unit into a CTS cipher block, and an output unit configured to receive the cipher blocks and the CTS cipher block and output a cipher text. The CTS plain block is generated through a CTS calculation based on the plain text.

Abstract: A system and method for aggregating data and for generating a stream of random numbers. There is a data bus, having a bus input with first and second output switching inputs that each mask values input thereto such that data from both the first and second output switching inputs are aggregated into the bus according to the masking thereof, and a bus output. There is also a data loop of random numbers having a data loop output port functionally coupled to the bus input through the first output switching input; a data feed having an output functionally coupled to the bus input through the second output switching input; and an active data operator coupled to the bus output such that data aggregated by the bus from the data loop and the first data feed is fed to the data operator, the output thereof being a stream of random numbers.

Abstract: Provided is a method for performing a plurality of cryptographic operations, that upon reception of a request to perform one of said cryptographic operations, prevents an execution by said processing system of said requested cryptographic operation until a predetermined waiting time (G) has elapsed, and before said predetermined waiting time has elapsed, receives one or more requests to perform another cryptographic operation, and after said predetermined waiting time (G) has elapsed, answers (S3) said requests by executing operations comprising mutualized calculations. The method determines said waiting time depending on execution times of said cryptographic operations to be performed and of said mutualized calculations.

Abstract: A cryptographic system includes a block transfer engine and a crypto map unit. The block transfer engine is configured to receive a plurality of encrypted counter values and a plurality of packet attributes. The block transfer engine is further configured to determine a subset of encrypted counter values from the plurality of counter values that is to be used to encrypt a subset of incoming packets from a plurality of incoming packets. Encrypted counter values other than the subset of encrypted counter values are stored for later encryption use. The crypto map unit is configured to receive the plurality of incoming packets and the subset of encrypted counter values from the block transfer engine. The crypto map unit is further configured to encrypt the subset of incoming packets from the received plurality of incoming packets with the subset of encrypted counter values.

Abstract: Systems and methods are provided executing jobs immediately upon receipt of a notification. The systems and methods may include receiving, at a cloud compute service, a notification that a sensitive file comprising sensitive data has been received at a file receipt location, the sensitive file being sent by a client device; generating, by the cloud compute service, a container instance in response to the notification; retrieving, by the container instance, the sensitive file from the file receipt location; generating, by the container instance, a stripped file by stripping the sensitive data from the sensitive file based on a configuration file; transmitting, by the container instance, the stripped file to a storage location; deleting the sensitive file and associated file pointers from the file receipt location; and terminating the container instance, wherein terminating the container instance comprises deleting files comprising sensitive data and associated file pointers.

Abstract: An embodiment of an apparatus may comprise a memory to store configuration information, an instruction decoder to decode an instruction having one or more fields including an opcode field, and circuitry communicatively coupled to the instruction decoder and the memory, the circuitry to determine if an opcode value in the opcode field of the instruction corresponds to an altered opcode value in the stored configuration information that correlates one or more altered opcode values with respective original opcode values, and, if so determined, decode the instruction based on one of the original opcode values correlated to the altered opcode value in the stored configuration information. Other embodiments are disclosed and claimed.

Abstract: A method including transmitting, by a user device, a connection request to a VPN service provider for obtaining VPN services; receiving, by the user device, a response to the connection request, the response including a custom digest header containing identification information that identifies an existing association between the user device and the VPN service provider; determining, by the user device based at least in part on the identification information, that the response is received from the VPN service provider; authenticating, by the user device, the VPN service provider based at least in part on determining that the response is received from the VPN service provider; and transmitting, by the user device to a VPN server associated with the VPN service provider, a service request for obtaining the VPN services based at least in part on authenticating the VPN service provider is disclosed. Various other aspects are contemplated.

Abstract: The present invention relates to virtual code-based control system, method and program, a control device and a control signal generating means. A control method on the basis of a control signal comprising a virtual code according to an embodiment of the present invention comprises: a control signal receiving step for a control module receiving, from a control signal generating means, a control signal generated by means of combining a plurality of specific codes in accordance with a particular rule; a step for the control module extracting the plurality of specific codes comprised in the virtual code; and a command searching step for the control module searching for a storage location comprising a particular command on the basis of the plurality of specific codes.

Abstract: A lock node for storing data and a protected storage unit. The lock node includes an input section which provides a plurality of key maps, each corresponding to one of a plurality of primary keys, respectively, applied to the input section, each key map including at least one main key, a variable lock section producing a derived key from a logical operation on the main keys corresponding to the primary keys applied to the input section, and an output section producing the data in response to the derived key.

Abstract: A method for an information processing apparatus in which a hybrid application having both a function of a native application and a function of a web application operates and that is communicable with a server, the method includes transmitting, upon acceptance of a predetermined user operation, an acquisition request for information about the web application to the server, reading information about the native application saved in advance in the hybrid application, and displaying information generated from the acquired information as a response to the acquisition request and the read information, as a result of the predetermined user operation.

Abstract: The disclosed exemplary embodiments include computer-implemented systems, devices, apparatuses, and processes that maintain data confidentiality in communications involving voice-enabled devices operating within a distributed computing environment. By way of example, an apparatus may receive, from a communications system across a public communications network, a request for an element of data generated by the computing system based on first audio content obtained at a device. The apparatus may obtain the requested data element and further, may generate acoustic data representative of at least a portion of the requested data element. The apparatus may also generate an encrypted response to the received request that includes the acoustic data, and transmit the encrypted response to the device across the public communications network.

Abstract: A method for determining the authenticity of an item, the method comprising: receiving, by an item, a seed; storing the seed in a block of non-volatile memory in the supply item follower component; calculating, by the item follower component, an output of a cryptographic function with the input based on the seed and storing the output in the block of non-volatile memory; iteratively calculating, by the item, the outputs of the cryptographic function wherein for each iteration the input for the cryptographic function is based on the seed and all previous outputs, and for each iteration storing the output in the block of non-volatile memory; and determining the authenticity of the item based on a selected output of the cryptographic function of the item, the selected output being one of the outputs stored in the block of non-volatile memory.

Abstract: Disclosed herein is a data encryption technique that pertains to a data stream that divides into data samples. Each sample is truncated by a predetermined number of bits to make room in the data stream for an encryption data packet. The truncation reduces the resolution of the data in exchange for security features. The encryption data packet includes a counter to prevent replay attacks and an HMAC to verify contents and synchronize the frames of the data stream. The data is encrypted and transmitted to a receiver where the data is played.

Abstract: There is provided a secure computing server that performs shift operation on secretly distributed shares. The secure computing server may perform the shift operation when a number of significant digits of secret information corresponding to a secretly distributed share is to be reduced.

Abstract: An anonymous signature system in which a signature ? is anonymized by an agent specified by a signer, includes computers each including a memory and a processor configured to, from a security parameter, generate a system parameter ? independent of the agent; from ?, generate an agent secret key w and an agent public key gA; from ?, generate a secret key x and a public key y of the signer; from x, a message m on which ? is to be put, and gA, generate ? to be put on m; from an identifier i of the signer, w, ?, a ring L representing a group to which the signer belongs, a list yL of public keys y of signers in L, and m, generate a ring signature ?? by anonymizing ?; and from L, yL, m, and ??, output a verification result b form.

Abstract: Described herein are techniques for preventing software applications from gaining access to unauthorized biometric data in accordance with user preferences. In some embodiments, a software application requests access to sensor data collected by a sensor installed on a user device via a gateway application installed on the user device. Upon receipt of the request, the gateway application determines what types of biometric data the software application is authorized to obtain within the sensor data. The gateway application then identifies biometric data that is present within the sensor data. The sensor data is then altered such that biometric data that the software application is not authorized to obtain is obfuscated. Once the sensor data has been altered, the software application is provided access to that altered sensor data.

Abstract: A method, computer system, and a computer program product for securing visible data is provided. The present invention may include encrypting an on-screen data rendered on a display of an endpoint device. The present invention may also include authenticating an external decryption device within a periphery defined by the endpoint device. The present invention may further include decrypting the encrypted on-screen data on the authenticated external decryption device.

Abstract: A system for generating a symmetric key to allow the sharing of information between two entities, wherein the shared information is used to start a server and the symmetric key is established from the private key of a first client and the public key of a second client and for use in a symmetric encryption methodology to encrypt information for transport to the second entity, allowing the second entity to form the same symmetric key to decrypt information with no key transport required.

Abstract: A system and method of generating a series of random number; from a source of random numbers in a computing system. Steps includes: loading a data loop (a looped array of stored values with an index) with random data from a source of random data; then repeating the following: reading a value from the data loop in relation to the index; operating on the multi-bit value thereby outputting a derived random number; and moving the index in relation to the looped array. The data loop may be a simple feedback loop which may be a shift register loaded by direct memory access (DMA). The operation may be performed by one or more arithmetic logic units (ALU) which may be fed by one or more data feeds and may perform XOR, Mask Generator, Data MUX, and/or MOD.

Abstract: An encoder that encodes a current block in a picture includes circuitry and memory. Using the memory, the circuitry: performs a first transform on a residual signal of the current block using a first transform basis to generate first transform coefficients; and performs a second transform on the first transform coefficients using a second transform basis to generate second transform coefficients and quantizes the second transform coefficients, when the first transform basis is the same as a predetermined transform basis; and quantizes the first transform coefficients without performing the second transform, when the first transform basis is different from the predetermined transform basis.

Abstract: A payment system implemented on a mobile device authorizes and processes transactions. The mobile device generates a public-private key pair and receives payment information. The private key and the payment information are split into a local and a remote fragment. The public key, a private key fragment, and a payment information fragment are sent to a secure payment system, and the other fragments are stored on the mobile device. When a transaction is received by the mobile device to authorize, the mobile device sends a payment fragment to the secure payment system and receives a private key fragment from the secure payment system. The mobile device authorizes the transaction using the private key, recovered from the private key fragments. The secure payment system verifies the transaction using the public key and processes the transaction using the recovered payment information. Additional techniques to process transactions using data splitting are disclosed.

Abstract: Techniques for data compression for efficient network management are described herein. In one example, for each byte of input data, either: (1) a value of that byte is added to a first-instance array if the value of that byte has not yet been seen in the input data; or (2) an index value is added to an index array, wherein the index value points to the appropriate location in the first-instance array. An “address-bit array” is created with one bit for each byte of the input data. Each bit in the address-bit array indicates whether information of a corresponding byte of the input data was put into the first-instance array or the index array. When the input data file is smaller, the index values in the index array tend to be mostly small valued bytes. Accordingly, the number of zero-valued most significant bits (MSBs) present in all bytes may be stripped from the index array, thereby compressing the input data.

Abstract: An anonymous authentication service for an invulnerable secret key authentication and encryption token distribution service. Applications place a small code segment within their communications protocol, thereby allowing network participants the full benefit of perfectly secure authenticated and encrypted message traffic without concern for third party key management. This is the world's first participant-managed, independent-trust secure messaging key distribution capability.

Abstract: A method for removing text noise according to an embodiment of the present disclosure includes inspecting quality of the text, correcting the text based on a result of inspection; selecting a noise candidate based on each type of sentences included in the corrected text, wherein the noise candidate is selected for each sentence included in the text and removing at least some of the sentences included in the noise candidate based on the purpose of the text.

Abstract: Remote terminals are configured to generate ciphertexts from plaintext polynomials. Each ciphertext corresponds to a plaintext polynomial bound to a message space of a polynomial-based fully homomorphic cryptographic scheme. At least one server is configured to receive ciphertexts via a network from the plurality of remote terminals. The server performs a multiplication operation and an addition operation on the ciphertexts to obtain resultant ciphertexts. The multiplication operation includes performing a bitwise decomposition function on a ciphertext to obtain a bitwise decomposed ciphertext. The bitwise decomposition function maps a multi-bit data type to a sequence of bits. The multiplication operation further includes performing matrix multiplication on the bitwise decomposed ciphertext and a data element belonging to a set of data elements. Message filters, data search engines, and other applications are discussed.

Abstract: The present application provides an information interaction method and apparatus, and a storage medium. In the method, a server receives an interactive video uploaded by a first user terminal, and sends the interactive video to a second user terminal. That is, in the embodiments of the present application, the video is taken as a carrier of interaction between strangers, which can bear diversified user information expressions. Moreover, the server further receives processing information for the interactive video sent by the second user terminal and/or the first user terminal, and processes the interactive video according to the processing information. That is, based on the video, friendly video interaction between strangers is realized, and social experiences of strangers in social activities are improved.

Abstract: A system for generating a symmetric key to allow the sharing of information between two entities, wherein the shared information is used to start a server and the symmetric key is established from the private key of a first client and the public key of a second client and for use in a symmetric encryption methodology to encrypt information for transport to the second entity, allowing the second entity to form the same symmetric key to decrypt information with no key transport required.

Abstract: A system for generating a symmetric key to allow the sharing of information between two entities, wherein the shared information is used to start a server and the symmetric key is established from the private key of a first client and the public key of a second client and for use in a symmetric encryption methodology to encrypt information for transport to the second entity, allowing the second entity to form the same symmetric key to decrypt information with no key transport required.

Abstract: The present disclosure relates to apparatuses and methods for memory management. The disclosure further relates to an interface protocol for flash memory devices including at least a memory array and a memory controller coupled to the memory array. A host device is coupled to the memory device through a communication channel and a hardware and/or software full encryption-decryption scheme is adopted in the communication channel for data, addresses and commands exchanged between the host device and the memory array.

Abstract: The present invention relates to virtual code-based control system, method and program, a control device and a control signal generating means. A control method on the basis of a control signal comprising a virtual code according to an embodiment of the present invention comprises: a control signal receiving step for a control module receiving, from a control signal generating means, a control signal generated by means of combining a plurality of specific codes in accordance with a particular rule; a step for the control module extracting the plurality of specific codes comprised in the virtual code; and a command searching step for the control module searching for a storage location comprising a particular command on the basis of the plurality of specific codes.

Abstract: A method in a virtual private network (VPN) environment, the method including transmitting, by a processor, a connection request to a VPN service provider for obtaining VPN services; receiving, by the processor, a response including custom headers and a payload indicating a VPN server for receiving the VPN services, the custom headers including a timing header, an authorization header, a digest header, and a signature header; authenticating, by the processor, the custom headers to determine whether the response was transmitted by the VPN service provider; and transmitting, by the processor to the VPN server, a request for obtaining the VPN services based at least in part on determining that the response was transmitted by the VPN service provider. Various other aspects are contemplated.

Abstract: Methods are disclosed for creating a virtual encryption session prior to video streaming content being requested to reduce or eliminate delay in initialization of the encryption session and content delivery to the customer. A virtual session has control word(s) (CW) and virtual entitlement control message(s) (ECM) that are devoid of content specific information. One or more virtual sessions may be stored at an edge device and may be used to encrypt the first portion of a content stream while a content-specific encryption session is being initiated.

Abstract: Techniques for secure public exposure of digital data include extracting first digital data comprising one or more batches, each batch comprising a plurality of no more than a number T of packets, each packet containing a plurality of a number n of bits. A random binary matrix CK consisting of T rows and n columns is generated. For a first batch, a first random n-bit temporary key is generated and positions of the nT elements of matrix CK are randomized to produce matrix CK(RP). For a packet in the first batch, a first packet vector key is generated based on non-overlapping pairs of bit positions for both the temporary key and for a first packet-corresponding row of matrix CK(RP). An encrypted packet is generated for the packet based on the packet and the first packet vector key. The encrypted packet is exposed publicly.

Abstract: A method of processing data includes at least one processor accessing a data storage unit, the data storage unit providing at least one input data object and at least one transmutation command to be performed on the at least one input data object. The at least one transmutation command operates in a forward mode on the at least one input data object to produce at least one output data object to be stored in a data storage unit.

Abstract: Embodiments are directed to monitoring network traffic using network monitoring computers (NMCs). NMCs may determine requests provided to a server based on a first portion of network traffic. NMCs may determine suspicious requests based on characteristics of the provided requests. NMCs may employ the characteristics of the suspicious requests to provide correlation information that is associated with the suspicious requests. NMCs may determine dependent actions associated with the server based on a second portion of the network traffic and the correlation information. And, in response to determining anomalous activity associated with the evaluation of the dependent actions, NMCs may provide reports associated with the anomalous activity.

Abstract: An integrated circuit features technology for generating a keystream. The integrated circuit comprises a cipher block with a linear feedback shift register (LFSR) and a finite state machine (FSM). The LFSR and the FSM are configured to generate a stream of keys, based on an initialization value and an initialization key. The FSM comprises an Sbox that is configured to use a multiplicative mask to mask data that is processed by the Sbox when the LFSR and the FSM are generating the stream of keys. Other embodiments are described and claimed.

Abstract: Systems and methods for performing adaptive bitrate streaming using alternative streams of protected content in accordance with embodiments of the invention are described. One embodiment of the invention includes a processor, and memory containing a client application. In addition, the client application configures the processor to: request a top level index file identifying a plurality of alternative streams of protected content, where each of the alternative streams of protected content are encrypted using common cryptographic information; obtain the common cryptographic information; request portions of content from at least the plurality of alternative streams of protected content; access the protected content using the common cryptographic information; and playback the content.

Abstract: Techniques for rapid video on demand (VOD) media content breach response are described. In some embodiments, during content preparation, a server generates an encrypted media content item by generating a first encrypted portion using a first key derived from a first seed that is of a first type and generating a second encrypted portion using a second key derived from a second seed that is of a second type. In some embodiments, the server classifies the first portion in a first category (e.g., a prioritized category) and the second portion in a second category (e.g., a non-prioritized category). During a breach response, the server repairs the encrypted media content item by re-encrypting portions in the first category, e.g., re-encrypting the first encrypted portion using a replacement key derived from a replacement seed that is of the first type, and updating encryption metadata.

Abstract: A method for transmitting data carrying optical information over an optical channel, comprising the steps of providing an optical transmitter consisting of a light source being a Mode-Locked Optical Frequency Comb (MLFC) for generating a frequency comb of multiple carriers, each of which being modulated by a baseband signal; an optical modulator for modulating each and all of the multiple carriers in a modulation bandwidth extending up to the modes' frequency spacing between the multiple carriers; performing all-optical encoding of the modulated carriers by manipulating the optical amplitude and/or phase and/or polarization of all optically modulated carriers; and transmitting, by the optical transmitter, the encoded modulated carriers to an optical receiver, over an optical channel.

Abstract: A format-preserving Just Encrypt 1 (JE1) system and method provides significant performance advantages over known FPE methods for longer character strings due to the technical improvements.

Abstract: Systems and methods are provided executing jobs immediately upon receipt of a notification. The systems and methods may include receiving, at a cloud compute service, a notification that a sensitive file comprising sensitive data has been received at a file receipt location, the sensitive file being sent by a client device; generating, by the cloud compute service, a container instance in response to the notification; retrieving, by the container instance, the sensitive file from the file receipt location; generating, by the container instance, a stripped file by stripping the sensitive data from the sensitive file based on a configuration file; transmitting, by the container instance, the stripped file to a storage location; deleting the sensitive file and associated file pointers from the file receipt location; and terminating the container instance, wherein terminating the container instance comprises deleting files comprising sensitive data and associated file pointers.

Abstract: Various examples are provided related to software and hardware architectures that enable a lightweight incremental encryption scheme that is implemented on a System-on-chip (SoC) resource such as a network interface. In one example, among others, a method for incremental encryption includes obtaining, by a network interface (NI) of a sender intellectual property (IP) core in a network-on-chip (NoC) based system-on-chip (SoC) architecture, a payload for communication to a receiver intellectual property (IP) core; identifying, by the NI, one or more different blocks between the payload and a payload of a previous packet communicated between the sender IP core and the receiver IP core; and encrypting, by the NI, the one or more different blocks to create encrypted blocks of an encrypted payload.

Abstract: Systems and methods are described for implementing load-dependent encryption mechanism selection in an elastic computing system. The elastic computing system can include a set of host devices configured to implement block storage volumes on behalf of users. Users may desire that such volumes be encrypted prior to storing data. It may be generally preferable for encryption to occur on the same host devices that host the volume, to reduce latency and bandwidth usage needed to encrypt the data. However, encryption of data can utilize significant computational resources, which may not be available on host devices that also have sufficient storage resources to host the volume. The present disclosure describes systems and methods that can account for computational resource availability on host devices, selecting “in-place” encryption only when available resources exist on host devices, and otherwise implementing remote encryption of volume data.

Abstract: A video output controlling apparatus and a video output controlling method that can reduce the possibility that a video for which encryption is required may be outputted in a non-encrypted state are provided. A first acceptance unit (40) accepts a video and an encryption necessity signal indicative of whether or not encryption of the video is required via a first route. A second acceptance unit (44) accept a control signal via a second route different from the first route. A video conversion unit (46) converts, in accordance with the control signal, the video accepted by the first acceptance unit (40) into one of a video that is different in a format from that of the video and is in an encrypted state and a video that is different in a format from that of the video and is not in an encrypted state.

Abstract: A computer-implemented method and system for computing large-degree isogenies of a base degree raised to a power of form ak+b and including the steps of providing at least one computer processor resident on an electronic computing device, performing, with the at least one processor, a large-degree isogeny by chaining together a plurality of scalar point multiplications, a plurality of isogeny computations, and a plurality of isogeny evaluations, wherein the large-degree isogeny includes a sequence storing at least one pivot point computed by one of the plurality of scalar point multiplications followed by an isogeny computation of degree b, performing at least one of the plurality of isogeny evaluations following one of the plurality isogeny computations, and performing an ak-isogeny through another sequence of a isogeny computations.

Abstract: The techniques described herein increase the throughput of a single VPN connection by creating multiple outbound and/or inbound Security Associations (SAs). For instance, two or more different SAs can encrypt outbound data packets to be sent over the VPN connection to a remote device. Moreover, two or more different SAs can decrypt inbound data packets received over the VPN connection from the remote device. Each of the SAs can be bound to a different processing core via the use of a Security Parameter Index (SPI) identifier. Consequently, inbound data packets communicated over a single VPN connection from a remote device to a physical host in a VPN gateway can be distributed amongst multiple processing cores for decryption purposes. Further, outbound data packets to be communicated over the single VPN connection from the physical host to the remote device can be distributed amongst multiple processing cores for encryption purposes.

Abstract: A mediating apparatus, a device management system, a communication control method, and a non-transitory recording medium. The mediating apparatus displays on a display, a screen presenting communication connection status of the communication of the one or more devices, receives selection of a device to be registered in the mediating apparatus, among the one or more devices displayed on the screen presenting the communication connection status, receives a registration request to register the device in the mediating apparatus, and in response to the registration request, connect communication between the mediating apparatus and the device, after disconnection of communication between the remote management system and the device.