Abstract: A mediating apparatus, a device management system, a communication control method, and a non-transitory recording medium. The mediating apparatus displays on a display, a screen presenting communication connection status of the communication of the one or more devices, receives selection of a device to be registered in the mediating apparatus, among the one or more devices displayed on the screen presenting the communication connection status, receives a registration request to register the device in the mediating apparatus, and in response to the registration request, connect communication between the mediating apparatus and the device, after disconnection of communication between the remote management system and the device.

Abstract: A method in a virtual private network (VPN) environment, the method including receiving, at a first processor from a second processor, a connection request for obtaining VPN services; determining, by the first processor, custom headers including a timing header, an authorization header, a digest header, and a signature header; transmitting, by the first processor to the second processor, a response including the custom headers and a payload indicating a VPN server for providing the VPN services; and transmitting, by the second processor to the VPN server, a request for obtaining the VPN services based at least in part on authenticating the custom headers. Various other aspects are contemplated.

Abstract: An apparatus for encryption according to an embodiment of the present disclosure comprises a classifier configured to classify each data included in an original data set into one of encryption target data and non-encryption target data on the basis of at least one of determination on whether or not an operation to be applied to each data included in the original data set for an analysis of the original data set is a preset operation and determination on whether or not each data included in the original data set is sensitive information; and an encryptor configured to encrypt the encryption target data among the data included in the original data set using a homomorphic encryption algorithm.

Abstract: Technologies for trusted I/O include a computing device having a hardware cryptographic agent, a cryptographic engine, and an I/O controller. The hardware cryptographic agent intercepts a message from the I/O controller and identifies boundaries of the message. The message may include multiple DMA transactions, and the start of message is the start of the first DMA transaction. The cryptographic engine encrypts the message and stores the encrypted data in a memory buffer. The cryptographic engine may skip and not encrypt header data starting at the start of message or may read a value from the header to determine the skip length. In some embodiments, the cryptographic agent and the cryptographic engine may be an inline cryptographic engine. In some embodiments, the cryptographic agent may be a channel identifier filter, and the cryptographic engine may be processor-based. Other embodiments are described and claimed.

Abstract: Methods of providing multi-key encryption of a data set are provided. Operations include providing, to a first data user of the data set, a first user specific data point, providing, to a second data user of the data set, a second user specific data point, and providing, to the first data user and the second data user, at least two shared data points that, when used with either of the first user specific data point or the second user specific data point, define a component polynomial that corresponds to a component that is defined in the data set. Operations further include providing, to the first data user, a first key share point that, in combination with the first user specific data point, defines a first data user polynomial that identifies a first encryption key that is on the first data user polynomial.

Abstract: An encrypted file system key associated with a first secure enclave may be received. A request from a second secure enclave to access a file system associated with the encrypted file system key may be received. In response to receiving the request, the encrypted file system key may be decrypted with a cryptographic key associated with an enclave manager to obtain a file system key. The file system key may be encrypted based on another cryptographic key associated with the second secure enclave to generate a re-encrypted file system key. Furthermore, the re-encrypted file system key may be provided to the second secure enclave.

Abstract: The present invention extends to methods, systems, and computer program products for expanding semantic classes via user feedback. Aspects of the invention learn how a set of labels can be expanded from user-generated tags. Text labels applied by human reviewers to digital content can be inspected and compared to one another. When a threshold of human-generated text tags contain similar terminology, the set of labels can be expanded to define a representation of the similar terminology. Similar terminology can include terms that originate from the same base term, are synonyms, are more specific terms related to a general term category, etc. Similar terminology can be consolidated into a defining term that is used to generate a new (more granular) label or a new top level label. Accordingly, new semantic classes can be discovered from user-generated feedback. New semantic classes can provide a more granular representation of content item classification.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for storing blockchain data. One of the methods includes receiving a plurality of blocks from a blockchain node in the blockchain network; for each of the plurality of blocks: determining a first number of blockchain nodes that store a dataset divided from an error correction coding (ECC) encoded version of the block and a second number of blockchain nodes that store a dataset comprised of redundant bits divided from the ECC encoded version of the block; calculating a priority value of the block based on the first number and the second number; and encoding at least a portion of the plurality of blocks using ECC to generate a plurality of encoded blocks based on the priority value.

Abstract: Input signals may be received. Furthermore, a control signal controlling the implementation of a Differential Power Analysis (DPA) countermeasure may be received. One of the input signals may be transmitted as an output signal based on the control signal. A cryptographic operation may be performed based on the first output signal that is transmitted based on the control signal.

Abstract: A group of remote devices executing an omnichannel application are coordinated from a network node. An omnichannel mediator coordinates formation of at least two of said remote devices into an omnichannel cloudlet. A component manager controls which of a plurality of components of said omnichannel application should optimally be placed on which individual devices of said omnichannel cloudlet and how data should flow to individual devices of said omnichannel cloudlet. A replication optimizer optimally coordinates data replication for the group of remote device.

Abstract: A data processing device (10) is to be connected to another data processing device (20) and includes a first communicator (180) to share flow settings information for executing a first partial processing and a second partial processing included in a processing flow with the another data processing device (20), an execution controller (140) to cause a processing unit (130) to execute the first partial processing in accordance with the flow settings information, and a second communicator (190) to execute at least one of transmission of a first processing result obtained by execution of the first partial processing to the another data processing device (20) or reception of a second processing result obtained by execution of the second partial processing by the another data processing device (20).

Abstract: A method is provided for managing key rotation (use of series of keys) and secure key distribution in over-the-top content delivery. The method provided supports supplying a first content encryption key to a content packaging engine for encryption of a first portion of a video stream. Once the first content encryption key has expired, a second content encryption key is provided to the content packaging engine for encryption of a second portion of a video stream. The method further provides for notification of client devices of imminent key changes, as well as support for secure retrieval of new keys by client devices. A system is also specified for implementing a client and server infrastructure in accordance with the provisions of the method.

Abstract: A transceiver baseband hardware including an encryption-decryption block configured to encrypt and jumble intended transmission data or unjumble and decrypt received encrypted data, the encryption-decryption based on key coefficients generated based on a random key address, the encryption-decryption implemented via a cross logical operation of the encryption-decryption block. The cross logical operation includes when lower significant bytes of the key coefficients operating on most significant bytes of the intended transmission data and the encrypted data. The jumble and unjumble are implemented by a byte displacement/placement block based at least in part on the random key address.

Abstract: The present invention provides a receiving circuit applied to an HDMI, wherein the receiving circuit includes a decoder, a frame key calculating circuit, a line key calculating circuit and a control circuit. In the operations of the receiving circuit, the decoder decodes a data stream to generate at least one image frame, the frame key calculating circuit is arranged to calculate a frame key according to the image frame, the line key calculating circuit is arranged to calculate a plurality of line keys according to the image frame, and the control circuit determines to turn off or turn on the line key calculating circuit according to whether or not the image frame is displayed on a display panel.

Abstract: Implementations of the present specification provide a data processing method and apparatus. A method performed by a data provider includes: obtaining first encrypted data of first plaintext data, a first key used to decrypt the first encrypted data, and authorization information about the first plaintext data; sending a verification request to a data manager, the data manager including a first trusted execution environment; receiving authentication information from the data manager, and performing verification based on the authentication information; when the verification succeeds, securely transmitting the first key and the authorization information to the first trusted execution environment; and providing the first encrypted data to the data manager.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for storing blockchain data. One of the methods includes receiving a plurality of blocks from a blockchain node in the blockchain network; for each of the plurality of blocks: determining a first number of blockchain nodes that store a dataset divided from an error correction coding (ECC) encoded version of the block and a second number of blockchain nodes that store a dataset comprised of redundant bits divided from the ECC encoded version of the block; calculating a priority value of the block based on the first number and the second number; and encoding at least a portion of the plurality of blocks using ECC to generate a plurality of encoded blocks based on the priority value.

Abstract: In some implementations, a scheme for data communication in an automobile includes generating a cleartext message to be transmitted to a second ECU, generating a pseudo-random counter by applying a pseudorandom function to a counter value that is incremented for each cleartext message generated by the ECU; combining the cleartext message and the pseudo-random counter to create a randomized message; selecting from a plurality of available cryptography techniques, a selected cryptography technique; applying to the randomized message, the selected cryptography technique to create a ciphertext; and transmitting to the second ECU over the CAN bus, the ciphertext.

Abstract: Systems, apparatuses, and methods are provided for fast format-preserving encryption. An input string can be divided into blocks (potentially of varying length). An arrangement of cryptographic pipelines can perform operations on different blocks, each pipeline providing an output block. The cryptographic pipelines can interact such that the output blocks are dependent on each other, thereby providing strong encryption. The pipelines can operate efficiently on the block and operations can occur partly in parallel.

Abstract: Systems and methods are described for obfuscating variants of content segments. Variants of content segments can be used to encode an identifying sequence in a transmission of content. The variants of the content segments can each include one or more marked frames and one or more unmarked frames. Variations can be introduced into the unmarked frames for each of the variants of the content segments.

Abstract: A method for providing outputs to receivers of a vehicular vision system includes disposing a camera at a vehicle and disposing an LVDS repeater device at the vehicle. The LVDS repeater device includes a de-serializer, a repeater and at least two serializers. The LVDS repeater device is powered at least in part via power-over-coax from a head unit or ECU of the vehicle. The camera captures image data and outputs an LVDS camera output. The LVDS camera output is received at the LVDS repeater device and is de-serialized via the de-serializer. The de-serialized LVDS camera output is provided to the repeater and at least two outputs are provided to the serializers and are serialized. The serializers each output a respective LVDS repeater output to a respective receiver of the vehicle. The receivers include a receiver of respective ones of the vehicle head unit and the ECU.

Abstract: An encryption interface provides secure, low-latency communications between processors. A first processor block transforms initial data into encrypted data using a cipher for receipt by a second processor block, which transforms the encrypted data into decrypted data. The first processor block utilized a crypto circuit having a plurality of stages, each of which generate a subset of a cipher digit stream for encrypting the data. The second processor block receives and decrypts the encrypted data using a respective decryption circuit.

Abstract: Systems and methods for performing adaptive bitrate streaming using alternative streams of protected content in accordance with embodiments of the invention are described. One embodiment of the invention includes a processor, and memory containing a client application. In addition, the client application configures the processor to: request a top level index file identifying a plurality of alternative streams of protected content, where each of the alternative streams of protected content are encrypted using common cryptographic information; obtain the common cryptographic information; request portions of content from at least the plurality of alternative streams of protected content; access the protected content using the common cryptographic information; and playback the content.

Abstract: A payment system implemented on a mobile device authorizes and processes transactions. The mobile device generates a public-private key pair and receives payment information. The private key and the payment information are split into a local and a remote fragment. The public key, a private key fragment, and a payment information fragment are sent to a secure payment system, and the other fragments are stored on the mobile device. When a transaction is received by the mobile device to authorize, the mobile device sends a payment fragment to the secure payment system and receives a private key fragment from the secure payment system. The mobile device authorizes the transaction using the private key, recovered from the private key fragments. The secure payment system verifies the transaction using the public key and processes the transaction using the recovered payment information. Additional techniques to process transactions using data splitting are disclosed.

Abstract: A vision system of a vehicle includes a camera disposed at a vehicle and having a field of view exterior of the vehicle. The camera captures image data and outputs a low voltage differential signal (LVDS). The system includes an LVDS repeater that receives the LVDS signal output by the camera and outputs at least two LVDS outputs to respective receivers. Each of the at least two LVDS outputs is representative of the LVDS signal output by the camera. The receivers include a receiver of respective ones of at least two devices selected from the group consisting of (i) a vehicle head unit, (ii) a display device, (iii) an electronic control unit of the vehicle and (iv) an image processor for a driver assistance function.

Abstract: Systems, methods, and computer-readable media are disclosed for providing a test program with the capability to build and execute instructions and their functions (test streams) that have experienced failure so as to reproduce output errors as desired and improve the chances of determining the cause of the output errors. The test program allows a user to provide a data key seed that was used during a prior pass of the test program that produced an error output and a data key generation frequency value (N) that would be used to generate new program and data seeds every N passes of the test program. The user-provided key seed can be used to regenerate the same data keys that were generated in the prior test program pass that produced the error output. This mechanism enables the test program to recreate the same test stream of the error output from the prior pass.

Abstract: The method includes receiving, by one or more computer processors, a first text, wherein at least a portion of the received first text is confidential. The method further includes identifying, by one or more computer processors, an intended recipient of the received first text. The method further includes identifying, by one or more computer processors, a first conversion model, which corresponds to the intended recipient. The method further converting, by one or more computer processors, the received first text into a third text that does not include confidential text based upon the identified first conversion model.

Abstract: Systems, methods, and software can be used to process a resource request. In some aspects, a method, comprising: transmitting, from a mobile device, an encrypted request to a proxy server, wherein the encrypted request comprises a Hypertext Transfer Protocol (HTTP) request, the HTTP request is addressed to an application server that provides service to an application on the mobile device, and the encrypted request is encrypted using an application-specific credential that is associated with the application; and receiving, at the mobile device, an encrypted response in response to the encrypted request, wherein the encrypted response comprises an HTTP response generated by the application server.

Abstract: A distributed data storage system breaks data into n slices and k checksums using at least one matrix-based erasure code based on matrices with invertible submatrices, stores the slices and checksums on a plurality of storage elements, retrieves the slices from the storage elements, and, when slices have been lost or corrupted, retrieves the checksums from the storage elements and restores the data using the at least one matrix-based erasure code and the checksums. In a method for ensuring restoration and integrity of data in computer-related applications, data is broken into n pieces, k checksums are calculated using at least one matrix-based erasure code based on matrices with invertible submatrices, and the n data pieces and k checksums are stored on n+k storage elements or transmitted over a network.

Abstract: Disclosed are a communication technique for merging, with IoT technology, a 5G communication system for supporting a data transmission rate higher than that of a 4G system, and a system therefor. The disclosed communication technique and system therefor can be applied to intelligent services (for example, smart home, smart building, smart city, smart car or connected car, health care, digital education, retail, security and safety related services, and the like) on the basis of 5G communication technology and IoT-related technology. The present disclosure relates to a method and a device for receiving, by a terminal, broadcast information in a communication system.

Abstract: A system that receives a line encoded data stream from a source. The system has a de-serializer for de-serializing a line encoded data stream to generate a raw parallel data stream. The system has a serializer for serializing the raw parallel data stream. The system has a parallel data generator configured to generate another raw parallel data stream. The system has reconfigurable circuitry for communicating the raw parallel data stream to the serializer in a configuration and communicating the other parallel data stream in another configuration.

Abstract: A method is provided for managing key rotation (use of series of keys) and secure key distribution in over-the-top content delivery. The method provided supports supplying a first content encryption key to a content packaging engine for encryption of a first portion of a video stream. Once the first content encryption key has expired, a second content encryption key is provided to the content packaging engine for encryption of a second portion of a video stream. The method further provides for notification of client devices of imminent key changes, as well as support for secure retrieval of new keys by client devices. A system is also specified for implementing a client and server infrastructure in accordance with the provisions of the method.

Abstract: Systems and methods for performing adaptive bitrate streaming using alternative streams of protected content in accordance with embodiments of the invention are described. One embodiment of the invention includes a processor, and memory containing a client application. In addition, the client application configures the processor to: request a top level index file identifying a plurality of alternative streams of protected content, where each of the alternative streams of protected content are encrypted using common cryptographic information; obtain the common cryptographic information; request portions of content from at least the plurality of alternative streams of protected content; access the protected content using the common cryptographic information; and playback the content.

Abstract: A method, system, and apparatus are provided for a distributed firewall and virtual network services on a network. In one example, the method includes storing a plurality of predefined security groups, wherein each predefined security group has a set of predefined security rules for network packets configured to be transmitted between virtual machines (VMs) within the network; associating each virtual machine (VM) within the network with one or more predefined security groups (SGs); filtering an outgoing network packet from a sending VM to a receiving VM in response to the predefined security rules associated with the predefined SGs associated with the sending VM to validate the communication desired in the outgoing network packet; forming a secured network packet by encapsulating a header, a security tag, and the outgoing network packet together; and transmitting the secured network packet into the network for delivery to the receiving VM.

Abstract: Audit logs are a fundamental digital forensic mechanism for providing security in computer systems. In one embodiment, a system that enables the verification of log data integrity and that provides searchable encryption of the log data by an auditor includes a key generation center, logging machine, and an auditor computing device. The system enables Compromise-Resilient Searchable Encryption, Authentication and Integrity, Per-item QoF with E&A for Searchable Encrypted Audit Logs, and a Key Management and System Model.

Abstract: An automation network for monitoring the security of a transfer of data packets includes a first processing device configured to transfer a data packet from an installation component and to the installation component, and a second data processing device which is bidirectionally connected to the first data processing device. The second data processing device generates at least one response packet, when detecting a transmission of the data packet from the first data processing device, and sends the at least one response packet back to the first data processing device. The first data processing device includes a response filter which is configured to execute a check and subsequent rejection/acceptance of the at least one response packet.

Abstract: New techniques are disclosed for protecting a token seed in a multifactor authentication system. A personal identification number is used to derive a fixed share, and the token seed is split, using a secret sharing technique, into a set of three shares made up of the fixed share, a remote share, and a local share, such that the token seed can only be reconstructed using any two of the three shares. The remote share is stored on a remote authentication server, and an encrypted version of the local share is stored on the user device. The remote share may be encrypted by performing a key wrapping operation on the remote share using the local share, and then storing the encrypted version of the remote share on the remote authentication server. The token seed, fixed share, remote share and local share may then be deleted from the user device.

Abstract: A measuring device comprises a processing unit, a first antenna adapted to receive a first signal, and a second antenna, adapted to receive a second signal. The processing unit comprises a baseline unit adapted to determine a baseline variance of a first variable and/or a second variable. Moreover, it comprises a variance unit adapted to determine a variance of the first variable and/or the second variable. The first variable and the second variable are each at least initially derived from at least the first signal and the second signal. The processing unit furthermore comprises an error unit, adapted to determine if a systematic error is present, based on the baseline variance and the variance of the first variable and/or the second variable.

Abstract: A portable media system for a host computer system, and method of operation thereof, that includes: a controller in the portable media system for communicating clear information between the portable media system and the host computer system; and an encryption system in the portable media system for providing an encryption algorithm for the controller to decrypt cipher information for the host computer system.

Abstract: System and method embodiments are provided herein for efficient representation and use of initialization vectors (IVs) for encrypted segments using template mode representation in Dynamic Adaptive Streaming over Hypertext Transfer Protocol (DASH). An embodiment method includes sending in a media presentation description (MPD), from a network server to a client, a template for generating a universal resource locator (URL) to obtain an IV that is used for encrypting a segment, in absence of an IV value in the MPD, receiving from the client a URL configured according to the template, and upon receiving the URL, returning an IV corresponding to the URL to the client. Another embodiment method includes receiving in a MPD, at a client from a network server, a template for generating a URL to obtain an IV that is used for encrypting a segment, upon detecting an absence of an IV value or IV base value in the MPD, configuring a URL for the IV using the template, sending the URL for the IV, and receiving an IV.

Abstract: In one embodiment, a system includes a Headend apparatus including a watermark processor to generate secondary video streams from sections of a primary video stream, group the secondary video streams in groups of at least two secondary video streams, the secondary video streams including units of data for use in watermarking across cryptoperiods in an end-user device which selects one secondary video stream in each group for rendering as part of a composited video stream in order to embed units of data of an identification in the composited video stream, wherein in each cryptoperiod, the watermark processor is operative to generate different groups of the secondary video streams from different non-overlapping portions of the primary video stream, and an encryption processor to generate control words, encrypt each secondary video stream with a different control word, and change the control word of each secondary video stream every cryptoperiod.

Abstract: A method is provided for managing key rotation (use of series of keys) and secure key distribution in over-the-top content delivery. The method provided supports supplying a first content encryption key to a content packaging engine for encryption of a first portion of a video stream. Once the first content encryption key has expired, a second content encryption key is provided to the content packaging engine for encryption of a second portion of a video stream. The method further provides for notification of client devices of imminent key changes, as well as support for secure retrieval of new keys by client devices. A system is also specified for implementing a client and server infrastructure in accordance with the provisions of the method.

Abstract: A method comprises receiving a first cryptographic token for one search term and a second cryptographic token is generated using the one search term and at least another search term. A first search is conducted using the first cryptographic token to generate a first result set, and the second cryptographic token is used for computing a subset of results of the first result set.

Abstract: Systems, methods, and devices for processing video data are disclosed. Some examples relate to receiving or forming a parameter set having an identifier that is fixed length coded, wherein a parameter set identification (ID) for the parameter set is before any syntax element in the parameter set that is entropy coded and using the parameter set having the identifier that is fixed length coded to decode or encode video data. Other examples determine whether a first parameter set ID of a first parameter set of a first bitstream is the same as a second parameter set ID of a second parameter set of a second bitstream. In response to determining that the second parameter set ID is the same as the first parameter set ID, changing the second parameter set ID to a unique parameter set ID. A parameter set associated with the unique parameter set ID may be transmitted.

Abstract: A system and method for providing a scrambled tweak mode of block cipher encryption for a device that mitigates the effect of side channel attacks based on differential power analysis (DPA). The scrambled tweak mode encryption engine creates noise at the start of the encryption process by obfuscating the counter value with the use of the very fast mixing function, such as a mixing function based on a XOR tree, substitution-permutation networks, or double-mix Feistel networks. The mixing function uses some secret key material, which diversifies its behavior between different instantiations. Because the counter values are scrambled and the mixing functions operate very fast in parallel hardware, the input of the block cipher is pseudorandom and groups of blocks can't be correlated.

Abstract: Mechanisms for identifying hidden meaning in a portion of natural language content are provided. A primary portion of natural language content is received and a secondary portion of natural language content is identified that references the natural language content. The secondary portion of natural language content is analyzed to identify indications of meaning directed to elements of the primary portion of natural language content. A probabilistic model is generated based on the secondary portion of natural language content modeling a probability of hidden meaning in the primary portion of natural language content. A hidden meaning statement data structure is generated for the primary portion of natural language content based on the probabilistic model.

Abstract: The present invention relates to a secure caching technique for shared distributed caches. A method in accordance with an embodiment of the present invention includes: encrypting a key K to provide a secure key, the key K corresponding to a value to be stored in a cache; and storing the value in the cache using the secure key.

Abstract: Systems and methods for automatically maintaining the anonymity or privacy of a stream of data as it is transmitted over a network or provided for other use, by receiving a data stream in real-time from an original source and identifying a data subset of interest within the original data stream. The data subset of interest is segregated from the data stream for either obfuscating at least a portion of the data subset in accordance with certain criteria or encrypting it. The data subset is obfuscated or encrypted for purpose of transmission over the network or for testing and reunited at a target source with the remainder of the data stream.

Abstract: A method of using a hardware security module and an adjunct application programming interface to harden tokenization security and encryption key rotation is disclosed. In various embodiments, the method comprises receiving encrypted data at a processor of a computer system, decrypting the encrypted data to cleartext in the processor, and issuing a unique token associated with the data.

Abstract: An extensible personality-based secure messaging infrastructure deployed in a computerized system comprising at least one central processing unit, a memory, a storage system and a network interface unit, the system being accessible by a user, the system comprising: an application resource database configured to store at least one resource entry; a contact information database comprising at least one peer personality entry and an own personality entry, the at least one peer personality entry corresponding to at least one resource entry in the resource database; a key storage operatively coupled to the contact information database and comprising a plurality of communication channel key entries, a plurality of peer personalities key entries and a plurality of application resource key entries, and at least one of the plurality of the peer personalities key entries corresponding to at least one peer personality entry in the contact information database.

Abstract: Methods and systems are provided for facilitating access to a cloud-based logging service. According to one embodiment, access to a cloud-based logging service is integrated within a network security appliance by automatically configuring access settings for the logging service and creating an account for the security appliance with the logging service. A log is created within the logging service by making use of the automatically configured access settings and the account. A request is received by the security appliance to access data associated with the log. Responsive thereto and without requiring separate registration with the cloud-based logging service, the data is retrieved by the security appliance from the logging service and is presented via an interface of the security appliance.