Abstract: A method for remote attestation includes establishing, using a cryptographic protocol, a communication session between a first computing device and a second computing device. The communication session includes communications encrypted by an ephemeral session key. The method includes receiving, at the first communication device via the communication session, from the second computing device, an attestation request requesting the first computing device to provide an attestation report. The method includes generating, by the first computing device, the attestation report based on the ephemeral session key and sending, using the communication session, the attestation report to the second computing device.

Abstract: A computer boot method, performed by a processing device includes: reading a first bit string in a predetermined data block from a target device, performing a bit rotation in a first direction on the first bit string according to a first default bit count to generate a second bit string, obtaining a third bit string associated with a prestored bit string, determining whether a to-be-verified parameter of the second bit string matches the third bit string, authorizing the target device to perform a boot procedure when the to-be-verified parameter of the second bit string matches the third bit string, and not authorizing the target device to perform the boot procedure when the to-be-verified parameter of the second bit string does not match the third bit string.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium for retrieving information from a server. Methods can include a server receiving a set of client-encrypted queries. The server identifies a set of server-encrypted decryption keys and transmits the set to the client device. The server receives a set of client-server-encrypted decryption keys that includes the set of server-encrypted decryption keys encrypted by the client device. The server also receives a set of client-encrypted/client-derived decryption keys that were derived by the client device. The server generates matching a map that specifies matches between the set of client-server-encrypted decryption keys and the set of client-encrypted/client-derived decryption keys. The server filters the set of client-encrypted queries using the map to create a set of filtered client-encrypted queries and generates a set of query results.

Abstract: According to one embodiment, a data protection apparatus includes a processor configured to execute an encryption process on log data including a data frame including a plurality of pieces of data generated along a time sequence. The processor is configured to encrypt each of the pieces of data with a corresponding encryption key among a first initial key and a first encryption keys generated in a forward direction to a time sequence of the pieces of data. The processor is configured to encrypt each of a plurality of pieces of data encrypted with the corresponding encryption key with a corresponding encryption key among a second initial key and a second encryption keys generated in a backward direction to a time sequence of the pieces of data.

Abstract: A storage device having improved security reliability includes a non-volatile memory, and a storage controller configured to control an operation of the non-volatile memory, generate a key material, receive a key identification (ID) from a firmware, determine whether a salt value matching the key ID is stored in the non-volatile memory, generate a private key using the salt value stored in the non-volatile memory and the key material in response to determining that the salt value matching the key ID is stored in the non-volatile memory, and, in response to determining that the sale value matching the key ID is not stored in the non-volatile memory, receive a salt value from the firmware and generate the private key using the salt value from the firmware and the key material, and store the salt value used for generating the private key in the non-volatile memory.

Abstract: There are provided systems and methods for canary card identifiers for real-time usage alerts. A user associated with an organization, such as an employee of a company, are provided a payment instrument or card affiliated with that company to make one or more purchases. In order to prevent or limit fraud, as well as detect fraudulent actors, the organization utilizes multiple card identifiers and/or payment cards, where a portion of those identifiers are valid, and another portion are not valid but marked for generation of one or more alerts on use of that portion of identifiers. A monitoring and alert system resides on top of an electronic transaction processing network to detect use of the marked identifiers. If detected, a real-time alert is then transmitted to the organization with data associated with the use of the marked identifiers.

Abstract: There is provided a method for on-device verification, comprising: using at least one processor of a mobile device for: executing an application, establishing a communication with an applet stored in a storage component of circuitry installed in the mobile device, obtaining an indication that the mobile device is authenticated for cellular communication by a service provider, and validating a process of the application based on the indication.

Abstract: Pseudorandom batch code printing and product authentication systems and methods are described comprising a batch code printing application (app) for generating an authenticating sequence of authentic pseudorandom numbers by inputting an initial seed value into a cryptographic algorithm to output an initial authenticating pseudorandom number in the authenticating sequence. A second alphanumeric code is generated based on a second authenticating pseudorandom number of the authenticating sequence. A printer is controlled to print a first pseudorandom batch code comprising the first alphanumeric code on a first product and a second pseudorandom batch code comprising the second alphanumeric code on a second product, where the first and second products are part of a product batch. An authentication app determines an identified product date and a suspect alphanumeric code from a suspect batch code as printed on a suspect product, and generates one of: (1) an authenticating output, or (2) a counterfeit output.

Abstract: This document describes techniques for expanding user groups while preserving user privacy and data security. In one aspect, a method includes receiving, by a content platform and from a client device of a user, a request for a digital component that also includes a user identifier. A determination is made that the user identifier is included in a user list that includes multiple user identifiers respectively corresponding to multiple users in a user action group. In response to determining that the unique identifier is included in the user list, a digital component of the entity for which the user list is generated is selected and provided to the client device of the user for display to the user of the client device.

Abstract: A device includes a random number generator configured to generate a random number, a memory configured to store at least one lookup table, and a processing circuit configured to generate a generator based on the random number, create the at least one lookup table based on the generator, and write the created at least one lookup table to the memory, wherein the processing circuit is configured to access the memory based on a first input and a second input, and generate a result of a modular multiplication of the first input by the second input based on the at least one lookup table.

Abstract: A system and method, for the assurance of authenticity, confidentiality and integrity of the executed programs, the analytic models and the processed data used by heterogeneous processing units such as graphic processing units (GPU), neural processing units (NPU) and video processing units (VPU), etc. that are connected to the central processing unit (CPU) through standard open interconnects such as Ethernet, USB and SPI, etc.

Abstract: An exemplary integrated circuit design lockout system comprises an integrated circuit and a key obfuscated circuit embedded with the integrated circuit. The key obfuscated circuit is configured to verify that a user provides a valid key for the integrated circuit before the user is allowed to operate the integrated circuit. The exemplary integrated circuit design lockout system further comprises a lockout circuit embedded with the key obfuscated circuit, wherein the lockout circuit is configured to allow for a threshold number of failed attempts for the user to provide the valid key before the lockout circuit prohibits the user from making any further attempts at providing the valid key for the integrated circuit.

Abstract: A synergistic approach to mitigating crosstalk in a Dynamic Random-Access Memory (DRAM) implements the use of a random number generator to increment a counter in a probabilistic manner. The counter is formed by reclaiming bytes of a double data rate (DDR) fault isolation feature. The random number generator value may be compared against a predetermined parameter value and a determination may be made whether or not to extract and increment the counter based on a result of the comparison. A logic controller compares the counter value to a predetermined hotness threshold parameter and a flag is set based on an existence of an address match in local memory. Based on the results of the comparison, access to the DRAM is reduced.

Abstract: Systems, methods, and computer-readable storage media to protect non-fungible tokens (NFTs) using a protection architecture. One method includes receiving an NFT, authenticating the NFT including authenticating or verifying the NFT using a key and authenticating the link of the NFT, and protecting the NFT including generating a public-private key pair, encapsulating the NFT within a control structure, updating an NFT account in an overlay ledger, generating and storing a cold storage object in a cold storage ledger, and broadcasting the NFT to a blockchain storage.

Abstract: Systems and methods include a random number pool where one or more sets of key data elements of the random number pool are transmitted and added or replaced with another set of key data elements.

Abstract: A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data, that may be communicated using multiple communications paths.

Abstract: Various embodiments are described that relate to random noise addition to a communication. A first secure network can employ a first encryption scheme and a second secure network can employ a second encryption scheme. In order to communicate between the first secure network and the second secure network such that the schemes are not decipherable, random noise can be added to a communication designated to transfer from the first secure network to the second secure network.

Abstract: The Parallelizable Distributed Data Preservation Apparatuses, Methods and Systems (“PDDP”) transforms an ad impression event, a bidding invite, original data set, original data distribution estimation, symetry ML BET table inputs via PDDP components into real-time mobile bid, mobile ad placement, pseudo random datastet, build classifier structure, build regression structure outputs. In one example embodiment, the PDDP includes an apparatus. The PDDP's apparatus' instructions include obtaining original data set and determine appropriate symmetry ML basic element table, generating original data distribution estimation structure and generate new dataset random generation structure, generating new random dataset transformation structure and transforming original data with the symmetry ML basic element table into pseudo random dataset. The PDDP also provides pseudo random dataset to machine learning component and to generate build classifier and build regression structures from the machine learning component.

Abstract: A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data, that may be communicated using multiple communications paths.

Abstract: An encryption device includes: an encryption key generation unit that generates an encryption key on the basis of photoelectric random numbers that are random numbers obtained on the basis of photoelectric conversion performed by an array sensor in which a plurality of pixels having light-receiving elements for visible light or non-visible light are one-dimensionally or two-dimensionally arranged; and an encryption unit that performs encryption of a target signal on the basis of the encryption key generated by the encryption key generation unit. Accordingly, it is possible to realize encryption that makes deciphering of an encryption key more difficult as compared to a case in which pseudo-random numbers are used, and thus it is possible to promote improvement of security.

Abstract: A method for providing challenges to a device comprising (i) compiling a first challenge based on a first random value and a parameter; (ii) compiling a second challenge based on a second random value, the parameter and based on the first challenge or any intermediate result thereof; and (iii) providing the first challenge and the second challenge to the device.

Abstract: A controller is provided for generating a policy controlling a system by learning a dynamics of the system.

Abstract: The present disclosure includes systems and methods for reducing rewrite overhead in a sequential access storage system. The method may comprise writing a data set to a sequential access medium using a magnetic head, wherein the data set comprises a plurality of encoded data blocks, classifying each of the plurality of encoded data blocks on the sequential access medium into one of at least three classes of write quality, and rewriting the encoded data blocks in a rewrite area of the sequential access medium based at least in part on the write quality class. In some embodiments, the at least three classes of write quality may comprise a hard rewrite class for which rewrites are necessary to prevent data loss, a soft rewrite class for which rewrites are desirable but not necessary, and a no rewrite class for which no rewrite is needed or desired.

Abstract: An encryption method includes: receiving cipher data which is binary data; determining target components in a resistive memory array according to values of respective bits in the cipher data; determining current values generated by respective columns of components according to the target components; and generating key data according to the current values generated by the respective columns of components. The present disclosure can effectively reduce computing power and power consumption of an encryption process in an edge device.

Abstract: A system has a server and a processor electrically coupled to the server that receives an input binary string as an input and uses a decision matrix to determine via a plurality of cycles what a next state of a plurality of target cells being transformed will become to produce an output binary string that will be a cryptographic key.

Abstract: A probabilistic scheme that uses temperature to reload an LFSR at runtime introduces randomness to prevent row hammer attacks. In one example, a memory controller includes input/output (I/O) interface circuitry to receive memory access requests from a processor. A linear feedback shift register (LFSR) in the memory controller is shifted in response to receipt of a memory access request to a target address. The shift register is compared a value in the LFSR with a pre-determined value. If the value in the LFSR is equal to the predetermined value, a refresh is triggered to one or more neighboring addresses of the target address. The LFSR is reloaded with one of multiple seeds based on a temperature (for example, from an on-die thermal sensor, a DIMM sensor, and/or other temperature). Selecting one of multiple seeds based on temperature on the fly makes the scheme unpredictable and robust against row hammer.

Abstract: A radio communication apparatus makes it possible to prevent contents of communication from being intercepted. The radio communication apparatus includes a generation unit configured to generate a first unique word based on operation time information of the radio communication apparatus before communication with a radio communication apparatus is started, and generate, for each radio frame, an ith unique word (i: an integer equal to or greater than two) based on an (i?1)th unique word when the communication is started, and a transmitting unit configured to transmit a first radio frame including the first unique word and an ith radio frame including the ith unique word to the radio communication apparatus.

Abstract: To improve adaptation of network infrastructure to address rotations performed by wireless client device, embodiments provide for an exchange of a stable machine identifier (SMI) between a network access device and an authentication service. Some embodiments define a new SMI attribute that is included in a authentication service access-request and/or access-accept message. When a network access device obtains an SMI for a particular wireless client device, the network access device passes the SMI to the authentication service. Similarly, if an authentication service obtains a SMI value for a wireless client device, this information is provided to a network access device.

Abstract: Methods and systems for implementing one-time pad (OTP) encryption in industrial wireless instruments advantageously make use of data storage devices now available that can store a large number of encryption keys or pads in a small enough package to fit within an industrial wireless instrument. In some embodiments, the wireless instruments use solid-state memory devices that can easily hold a sufficient number of pads to last the expected lifetime of the wireless instruments. The solid-state memory devices are installed only during manufacturing of the wireless instruments where tamper-resistant manufacturing and assembly techniques may be used to ensure security for the pads. Likewise, the solid-state memory devices of the wireless instruments are also replaced or replenished only at an authorized manufacturer should additional pads be needed.

Abstract: Techniques for protecting data using two password asymmetric encryption based on time-constrained password-based partner tokens. To encrypt data, a first partner computing device receives a first partner token from a second computing device. The first partner computing device decrypts the first partner token to recover first public key data generated by the second partner computing device. The first partner computing device derives a cryptographic encryption key to encrypt the data based on the first public key data, and based on first private key data generated by the first partner computing device. The second computing device may decrypt the encrypted data based on a second partner token generated by the first partner computing device, using a cryptographic decryption key derived using second private key data generated by the second computing device and second public key data generated by the first computing device and embedded and encrypted in the second partner token.

Abstract: An encryption interface provides secure, low-latency communications between processors. A first processor block transforms initial data into encrypted data using a cipher for receipt by a second processor block, which transforms the encrypted data into decrypted data. The first processor block utilized a crypto circuit having a plurality of stages, each of which generate a subset of a cipher digit stream for encrypting the data. The second processor block receives and decrypts the encrypted data using a respective decryption circuit.

Abstract: A system and method for providing secure Single-Sign-On (SSO) authentication in a zero-knowledge architecture. A first server component may operate as a first relying party in a first SSO flow. When the user of an application successfully authenticates to a first identity provider, a first part of a secret key may be provided to the application. Additionally, a second server component may operate as a second relying party in a second SSO flow. When the first part of the secret key is received by the application, authentication information may be provided to a second identity provider. Based on a successful authentication, a second part of the secret key may be provided to the application. The first and second parts of the secret key may be combined by the application to generate a final secret key that may be used to decipher encrypted user data.

Abstract: In accordance with some embodiments, an apparatus includes a crypto engine that provides device independent crypto services. The apparatus includes a housing arranged to hold a device. The apparatus also includes a non-transitory memory that further includes a key store for storing a first key. The apparatus further includes a communication device at least partially supported by the housing and connectable to the device to establish a communication channel with the device. The apparatus also includes a controller (e.g., a crypto engine) that receives, via the communication channel, a first portion of data from the device, performs a cryptographic operation on the first portion of the data using the first key to generate a modified first portion, sends, via the communication channel, the modified first portion to the device, and enables the device to derive a second portion of the data using the modified first portion.

Abstract: A software and hardware infrastructure is provided that can generate traceable and verifiably random number sequences provided from multiple random number sources, including quantum entropy sources, potentially located at multiple points of origin, and distribute the verifiable number sequences across multiple channels and protocols to multiple ultimate destinations in a distributed computing environment. Random number sequences obtained from unique entropy sources can be tagged with information on the provenance and/or other details of the creation of each number sequence. Tags can be used to verify the reliability of each tagged number sequence and/or its associated source. Tags can also include a use indicator to avoid re-use of a tagged number sequence.

Abstract: Techniques for real-time delivery of personalized content are provided. An example method includes detecting that a delivery server invoked an API in response to the delivery server detecting that a client device is accessing a communication provided to the client device by the delivery server, the communication formatted in accordance with a template; receiving a request for offers, the request including a user identifier associated with a user of the client device and offer query criteria based on the template; building the offers by: retrieving candidate offers specific to the user from a database server using an API request; and, based on the offer query criteria, identifying the offers, from the candidate offers, to deliver to the delivery server; and transmitting the offers to the delivery server to cause the delivery server to populate the communication with content corresponding to the offers.

Abstract: A functional component and having a partial plastic housing element with a plastic housing wall, the plastic housing wall having a device identification region integrated into the plastic housing wall and thus realizing a constituent part of the plastic housing wall. The device identification region comprising identification elements integrated into the plastic housing wall, those identification elements that realize part of a surface of the plastic housing wall realizing device identification elements, the device identification region being realized individually for the device by the device identification elements, such that the device can be unambiguously identified by means of the device identification region.

Abstract: A device and method manage digital data. The device and method may receive a trusted-phrase text string at a client device. The device and method may receive an application pin number (APN) associated with a user. The device and method may process the APN to determine a selector value. The device and method may extract a portion of the trusted-phrase text string based on the selector value to yield a sub-trusted-phrase text string, generating a storage access ID (SAID), the SAID including the APN and the sub-trusted-phrase-text string encrypted using the trusted-phrase text string as an encryption phrase; and, outputting the SAID to an external device, for creation of a data storage location at a storage server, the data storage location having a name based on the SAID. The device and method may include ability to recover the trusted-phrase text string.

Abstract: Provided is a process that establishes user identities within a decentralized data store, like a blockchain. A user's mobile device may establish credential values within a trusted execution environment of the mobile device. Representations of those credentials may be generated on the mobile device and transmitted for storage in association with an identity of the user established on the blockchain. Similarly, one or more key-pairs may be generated or otherwise used by the mobile device for signatures and signature verification. Private keys may remain resident on the device (or known and input by the user) while corresponding public keys may be stored in associated with the user identity on the blockchain. A private key is used to sign representations of credentials and other values as a proof of knowledge of the private key and credential values for authentication of the user to the user identity on the blockchain.

Abstract: An integrated-circuit device comprises a physical-unclonable-function (PUF) unit, a secure module, and an interconnect system communicatively coupled to the PUF unit and to the secure module. The device transfers a PUF key from the PUF unit to the secure module, over the interconnect system. In order to do this, the secure module generates a random value. The secure module then sends the random value to the PUF unit. The PUF unit then performs a bitwise XOR operation between the received random value and the PUF key, to generate a masked value. The PUF unit then transfers the masked value over the interconnect system to the secure module. The secure module then unmasks the PUF key by performing a bitwise XOR operation between the received masked value and the random value.

Abstract: Systems and methods of generating a security key for an integrated circuit device include generating a plurality of key bits with a physically unclonable function (PUF) device. The PUF can include a random number generator that can create random bits. The random bits may be stored in a nonvolatile memory. The number of random bits stored in the nonvolatile memory allows for a plurality of challenge and response interactions to obtain a plurality of security keys from the PUF.

Abstract: Cryptographic method for verifying data method, implemented by at least one apparatus, for comparing a first dataset and a second dataset, in particular with a view to determining whether these two datasets are identical, this method not requiring the presence of these two datasets in the apparatus, and comprising the following steps: a) mixing a number, called the mixer number, with the first dataset, using a mixing function in order to obtain mixed data, b) hashing the mixed data using a hash function, and c) comparing the hash thus obtained in step b) with a third dataset assumed to be the hash of the second dataset mixed with the same mixer number as that used in step a) and with the same mixing function.

Abstract: A method includes generating a data signal based on data, scrambling the data signal with a pseudo-random signal thereby generating a scrambled data signal, generating an amplitude shift keying (ASK) signal based on the scrambled data signal, and transmitting, by a transceiver, the ASK signal.

Abstract: A method, implemented by at least one apparatus, for comparing a first dataset and a second dataset, in particular with a view for determining whether these two datasets are identical. The method not requiring the presence of these two datasets in the apparatus, and including the following steps of: a) mixing a number, called the mixer number, with the first dataset, using a mixing function, in order to obtain mixed data, b) hashing the mixed data using a hash function, and c) comparing the hash thus obtained in step b) with a third dataset assumed to be the hash of the second dataset mixed with the same mixer number as that used in step a) and with the same mixing function.

Abstract: A method includes obtaining, from a server, a filter including a set of encrypted identifiers each encrypted with a server key controlled by the server. The method includes obtaining a request that requests determination of whether a query identifier is a member of a set of identifiers corresponding to the set of encrypted identifiers. The method also includes transmitting an encryption request to the server that requests the server to encrypt the query identifier. The method includes receiving, from the server, an encrypted query identifier including the query identifier encrypted by the server key and determining, using the filter, whether the encrypted query identifier is not a member of the set of encrypted identifiers. When the encrypted query identifier is not a member of the set of encrypted identifiers, the method includes reporting that the query identifier is not a member of the set of identifiers.

Abstract: A communication system authorizes a User Equipment (UE) for a wireless data service and a media-conferencing service. A network core receives UE authentication data from the UE that is based on a secret key. The network core determines network authentication data for the UE that is also based on the secret key. The network core authorizes the UE for the wireless data service based on the UE authentication data and the network authentication data. The network core transfers the network authentication data for the UE to a media-conferencing server in response to the authorization of the UE for the wireless data service. The media-conferencing server receives other UE authentication data from the UE that is based on the secret key. The media-conferencing server authorizes the UE for the media-conferencing service based on the other UE authentication data from the UE and the network authentication data from the network core.

Abstract: The present disclosure relates to a communication method and system for converging a 5th-Generation (5G) communication system for supporting higher data rates beyond a 4th-Generation (4G) system with a technology for Internet of Things (IoT). The present disclosure may be applied to intelligent services based on the 5G communication technology and the IoT-related technology, such as smart home, smart building, smart city, smart car, connected car, health care, digital education, smart retail, security and safety services. The disclosure relates to a method and apparatus for connecting communication by downloading and installing one or more communication services in a terminal in a wireless communication system. In addition, the disclosure relates to a method and apparatus for remotely downloading and installing a profile in a terminal, and managing a plurality of installed profiles.

Abstract: A method of securely encrypting data whereby a computing device can utilize a seed and a pin to generate a mantissa of an irrational number. The computing device can then utilize a portion of the mantissa as a one-time pad to encrypt data. The seed can be transmitted to a recipient via a graphical code to enable secure decryption by a recipient's computing device.

Abstract: This document describes techniques for expanding user groups while preserving user privacy and data security. In one aspect, a method includes receiving, by a content platform and from a client device of a user, a request for a digital component that also includes a user identifier. A determination is made that the user identifier is included in a user list that includes multiple user identifiers respectively corresponding to multiple users in a user action group. In response to determining that the unique identifier is included in the user list, a digital component of the entity for which the user list is generated is selected and provided to the client device of the user for display to the user of the client device.

Abstract: A request for a transaction between a client system and a server system may be processed. The transaction may be associated with transmission of data between the client system and the server system. The data may be encrypted using a transient encryption key to form encrypted data. The transient encryption key may be a synced-clock random number configured to automatically change when a designated time interval elapses. The encrypted data may be transmitted between the client system and the server system.

Abstract: A method for preventing side-channel attack according to an embodiment includes generating an order table which includes a position index value for each bit value of a bit string that is secret information to be generated through a decryption algorithm of an Nth Degree Truncated Polynomial Ring Units (NTRU) LPRime algorithm, shuffling a sort order of the position index value for the each bit value in the order table based on a random number, determining a generation order for the each bit value according to the sort order of the position index value for the each bit value in the order table, and generating the secret information through the decryption algorithm. The secret information is generated by generating the each bit value according to the determined generation order.