Abstract: Embodiments of a wireless device and methods for rekeying with reduced packet loss in a wireless network are generally described herein. In some embodiments, during rekeying operations a new key for reception may be installed early (i.e., prior to receipt of a rekeying confirmation message). The use of the new key for transmission may be delayed until after receipt of the rekeying confirmation message. The early installation of the new key for reception may allow both the new key and old key to be active at the same time for use decrypting received packets to reduce packet loss during rekeying operations. The rekeying confirmation message may be the fourth message of a four-way handshake for rekeying. In some embodiments, two key identifiers may be alternated between four-way handshakes to prevent deletion of the old key.

Abstract: Perfect secrecy can only be assumed if the length of the key is as long the message sent and the cardinality of the key space is the same as that of the message. The preferred embodiment will demonstrate how to implement a one-pad communication system between a transmitter and a receiver where only a few parameters need to be transferred to the receiver. The preferred embodiment will also demonstrate that a true random number will be generated and used. In an M-sequence LFSR, the integers N+K=M will be used. 2N will be the number of random number runs and 2K will be the quantity of random numbers generated during the runs. The formula is: (2N?1)*(2K)+(2K?1).

Abstract: A generator device being configured for generating pseudo random numbers, the generator device comprising a computing device operable for (i) calculating a first hash chain from an initial hash value (H_0), the first hash chain comprising a first sequence of M hash values (HA_1, HA_2, . . . , HA_M); (ii) calculating a second hash chain (20) comprising a second sequence of M hash values (HB_1, HB_2, . . . , HB_M) from the initial hash value (H_0) and the hash values (HA_1, HA_2, . . . , HA_M) of the first sequence; and (iii) determining the pseudo random numbers from the hash values (HB_1, HB_2, . . . , HB_M) of the second sequence. Also disclosed are a method for generating pseudo random numbers and a method for quantum computing secure authentication, as well as a computer program product and a data processing system.

Abstract: Multiple random numbers are generated. The multiple random numbers are N different random numbers. N is a positive integer. Generating the multiple random numbers includes generating a random number array including N storage units. The multiple random numbers are shuffled. A random number obtaining instruction is received. A random number is obtained from the multiple random numbers based on the random number obtaining instruction.

Abstract: An apparatus and method for performing operation being secure against side channel attack are provided. The apparatus and method generate values equal to values obtained through an exponentiation operation or a scalar multiplication operation of a point using values extracted from previously generated parameter candidate value sets and an operation secure against side-channel attack, thereby improving security against side-channel attack without degrading performance.

Abstract: Information is removed from data transmitted over networks and stored in data storage facilities by generating non-informational data as an output from a series of nodes (routers, computing devices or logical routing applications) by using a function that applies random data to the data received at each node. The function may be an XOR and the random data may be a pseudorandom string of the same length as the informational data. The non-informational data may be managed normally without concern for security. When the informational data is needed it can be re-generated using the non-informational data and a cascade of the random data from the series of nodes as inputs to an inverse function (XOR is its own inverse). The random data may be generated from a smaller random seed.

Abstract: The present relates to invention deals with an execution unit configured to execute a computer program instruction to generate random numbers based on a predetermined probability distribution. The execution unit comprises a hardware pseudorandom number generator configured to generate at least randomised bit string on execution of the instruction and adding circuitry which is configured to receive a number of bit sequences of a predetermined bit length selected from the randomised bit string and to sum them to produce a result.

Abstract: A database server stores encrypted vector data in which each of a plurality of elements is encrypted by encryption maintaining semi-homomorphism between calculation before encryption and calculation after encryption. The database server receives an obfuscated query (N-randomized query) from a terminal device, performs calculation for each of a plurality of segments of vectors of the obfuscated query with a segment of the encrypted vector data, and transmits the calculation to the terminal device in reply. The terminal device may acquire a result of decryption calculation transmitted in reply by a decryption device.

Abstract: Systems and methods are provided for configuring and deploying decoy content over a network. The methods generate decoy content, including identifying information, based on information about network traffic in a virtual network associated with a user. Cause the decoy content to be sent in the virtual network. Determine, based at least in part on the identifying information, that at least the portion of the decoy content was used. In response to determining that the portion of the decoy content was used, alert the user that the decoy content was used.

Abstract: An apparatus and method for multi-user quantum key distribution. The method for multi-user quantum key distribution is performed using a multi-user quantum key distribution apparatus and a quantum key client device, and includes generating, by the multi-user quantum key distribution apparatus, transmission qubit pairs based on a key bit string of a shared key to be distributed to the quantum key client device, measuring, by the quantum key client device, the transmission qubit pairs, received from the multi-user quantum key distribution apparatus through a quantum channel, based on a measurement basis, verifying security of the quantum channel using the transmission qubit pairs, and if the security has been verified, decoding qubit measurement values of the transmission qubit pairs into the shared key.

Abstract: The present disclosure discloses a mask S-box, a block ciphers algorithm unit, a device and a corresponding construction method. The mask S-box includes an input module, an address mapping processing module, and an output module. The input module receives a random number and an input data which is masked by the random number and uses the random number and the input data as two inputs of the mask S-box. The address mapping processing module performs one-to-one mapping on the two inputs and the corresponding memory address of the mask S-box. The output module linearly processes the random number by using a linear function to obtain the linearly converted random number, which is used as one output of the mask S-box. The memory address obtained by using the linearly converted random number to mask the output of the original S-box is used as the other output of the mask S-box.

Abstract: Non-informational data D is generated as an output using a non-informational data E and informational data as inputs to a function on a computing device in an information-restricted domain. The function may be an XOR and the non-informational data E may be a pseudorandom string of the same length as the informational data. The non-informational data D is moved to an unrestricted domain where it may be managed normally. When the informational data is needed it can be re-generated using the non-informational data D and non-informational data E as inputs to an inverse function (XOR is its own inverse). The non-informational data E may be generated from a smaller random seed.

Abstract: A method, system, and computer program product encrypt data. A processor(s) obtains plaintext (plaintext data) and randomly generates multiple seed keys and obtains a user-defined password. The processor(s) randomly generates encryption parameters (pattern indicators, end pointers, pattern indicator pointers, and component sizes) and encrypts the plaintext by converting the plaintext data to shuffle-transform encrypted text and generating, from the shuffle-transform encrypted text and based on the encryption parameters, a plurality of encrypted blocks. The processor(s) implements a dynamic mathematical offset, to a portion of mathematical functions underlying the encryption parameters. The processor(s) generates an encrypted chunk for each encrypted block of the plurality of encrypted blocks, wherein the encrypted chunk for each encrypted block contains a portion of the shuffle-transform encrypted text.

Abstract: A smart card (1) interfaces with a smart card reader (2) to generate an authentication message (PSRQ), which is sent to a PIN servicing centre (5, 6). If the authentication message (PSRQ) is validated by the PIN servicing centre (5, 6), a validation response message (PSRS) is sent back to the user (3). The user (3) enters the validation response message (PSRS) on the reader (2), which authenticates the validation response message (PSRS) with the smart card (1); the PIN servicing function may then be performed. The smart card cryptographic messages are generated internally and solely by the smart card (1)—the reader (2) acts merely as an input mechanism into the smart card (1) or as an output mechanism from the smart card (1) to the display (10). The reader (2), therefore, does not need to contain any customer information or be personalised by the card issuer.

Abstract: In one aspect of the present disclosure, a method is disclosed. The method involves: a reader detecting an eye-mountable device within a wireless communication range of the reader, wherein the eye-mountable device includes a transparent material having a concave mounting surface configured to be removably mounted on a corneal surface; wirelessly retrieving from the detected eye-mountable device a first set of data; using the retrieved first set of data to determine that a condition has been satisfied; and responsive to using the retrieved first set of data to determine that the condition has been satisfied, retrieving from the detected eye-mountable device a second set of data.

Abstract: An information sharing system includes a server and an in-vehicle system. The server includes: a first storage part; a first key generation part configured to generate a first private key and a first public key, if keys can be exchanged with the in-vehicle system; and a signature generation part configured to generate a signature value of the first public key using a server private key. The in-vehicle system includes: a second storage part configured to store a public key certificate including a server public key; a signature verification part configured to verify the first public key and a signature value received from the server, using a public key certificate; and a second key generation part configured to generate a second private key and a second public key, if a combination of the first public key and the signature value is correct as a result of the verification.

Abstract: A system and method for deterring malicious network attacks. The system and method is configured to execute instructions on at least one of the processors to generate a plurality of random blocks of data; generate a first XOR result by using the XOR function with the plurality of random blocks of data as the XOR function inputs; generate a tail value by using the XOR function with the first XOR result and a random encryption key as the XOR function inputs; encrypt a designated file using the random encryption key; write the plurality of random blocks and tail value to at least one storage medium; and write the encrypted designated file to at least one storage medium.

Abstract: Various aspects of the subject technology relate to systems, methods, and non-transitory machine-readable medium for generating random numbers are disclosed herein. Entropic data is collected from a computer system and the entropic data is stored as raw data in an assigned entropy pool. The entropic data is encrypted using a globally incrementing counter as an encryption key and the encrypted bytes are returned as a random number.

Abstract: Methods and systems for tag-based identification include reading a counterfeit-proof identification tag using a sensor in a user device. Features of the identification tag are extracted in accordance with a feature extraction function, using a processor, to generate a tag bit sequence. A challenge function is applied to the extracted features to generate a result. The result is transmitted to a remote server to authenticate the identification tag.

Abstract: A method and a device for manipulation protection, including receiving a first data packet sent from a first device by a second device, the first data packet including a first time-variant parameter; signing a concatenation of a first hash value with the first time-variant parameter and an identification of the second device with the aid of a private key of an asymmetric encryption method which is assigned to the second device, program instructions or data, which are stored on the second device and provided to be carried out during the operation of the second device, being used to determine the hash value; generating a second data packet including the signature and the concatenation; and sending the second data packet from the second device to the first device.

Abstract: In one embodiment, an apparatus includes: a device having a physically unclonable function (PUF) circuit including a plurality of PUF cells to generate a PUF sample responsive to at least one control signal; a controller coupled to the device, the controller to send the at least one control signal to the PUF circuit and to receive a plurality of PUF samples from the PUF circuit; a buffer having a plurality of entries each to store at least one of the plurality of PUF samples; and a filter to filter the plurality of PUF samples to output a filtered value, wherein the controller is to generate a unique identifier for the device based at least in part on the filtered value. Other embodiments are described and claimed.

Abstract: Techniques are disclosed relating to signing and authentication of network messages such as API calls. A server system and a client system may collaboratively establish a shared secret key, which is then usable to sign such messages. These techniques may be useful in various situations, such as for integrations between different systems.

Abstract: A data integrity system generates a transaction signature associated with a transaction based on transaction data received from a data producer. The transaction signature is unique to the transaction and is generated by applying a hash function to the transaction data. When the transaction data is to be transmitted to a data consumer, the data integrity system redacts the transaction data based on permission information associated with the data consumer and transmits the redacted transaction data to the data consumer. To enable the data consumer to verify the integrity of the received data, the data integrity system also transmits a cryptographic assurance that includes at least the transaction signature associated with the transaction. The data consumer verifies the integrity of the received data by independently generating a transaction signature based on the redacted transaction data and matching the independently generated signature with the transaction signature in the cryptographic assurance.

Abstract: Provided are a true random number generator and an oscillator. The random number generator includes an oscillator configured to output signals and oscillate a random number of times until phases of the signals being output are inverted with respect to each other after initialization, and a counter configured to count the number of oscillations. The counted number of oscillations is used as a seed for generating a random number.

Abstract: Example implementations relate to a bridge port extender. For example, a bridge port extender may include a processor. The processor may receive an Ethernet frame from a network bridge, where the Ethernet frame includes an encapsulated portion and an unencapsulated portion, and where the unencapsulated portion includes an E-tag. The processor may remove the E-tag from the unencapsulated portion to form a modified Ethernet frame. The processor may transmit the modified Ethernet frame to a client device based on the E-tag.

Abstract: A method of protecting a modular calculation on a first number and a second number, executed by an electronic circuit, including the steps of: combining the second number with a third number to obtain a fourth number; executing the modular calculation on the first and fourth numbers, the result being contained in a first register or memory location; initializing a second register or memory location to the value of the first register or to one; and successively, for each bit at state 1 of the third number: if the corresponding bit of the fourth number is at state 1, multiplying the content of the second register or memory location by the inverse of the first number and placing the result in the first register or memory location, if the corresponding bit of the fourth number is at state 0, multiplying the content of the second register or memory location by the first number and placing the result in the first register or memory location.

Abstract: A dynamic computer communication security encryption method or system using an initial seed key and multiple random number generators of a specific design, whereby a sequence of independent random entropy values is produced by one set of random number generators and encrypted along with the message stream using the initial seed key, or the output of a second set of random number generators initialized with the initial seed key, and following the subsequent transmission of the variable encrypted entropy/message block, the entropy values are used to symmetrically or identically augment or increase the current uncertainty or entropy of the cryptosystem at both the sender and the receiver, prior to the next encryption block operation.

Abstract: A method for execution by a rebuilding module includes detecting that less than a pillar width number of encoded data slices of a common revision are retrievable from a set of storage units. A decode threshold number of encoded data slices are retrieved and decoded to reproduce a data segment. The data segment is encoded to produce at least one encoded data slice and storage of the at least one encoded data slice in the set of storage units is facilitated in accordance with the common revision when determining to rebuild the at least one encoded data slice. The data segment is encoded to reproduce the set of encoded data slices and storage of the reproduced set of encoded data slices is facilitated in the set of storage units in accordance with a new revision when determining to not rebuild the at least one encoded data slice.

Abstract: A computer-implemented method for creating a deception computing system may include (i) identifying, by a computing device, a dataset of security alert signatures from a set of client devices, (ii) determining, by the computing device, a set of software vulnerabilities based on the dataset of security alert signatures, (iii) clustering, by the computing device, the set of software vulnerabilities to increase a length of at least one potential attack path within a predetermined number of honeypot machines, and (iv) distributing, by the computing device and based on clusters of software vulnerabilities, a set of vulnerable software among a set of honeypot machines within a honeynet. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A system and process provides quantum computer resistant algorithm cryptographic keys. Embodiments utilize a hardware noise source whose entropy is fed to a random bit generator to generate keys which go straight to the advanced encryption standard. The keys avoid the need for mutual authentication and are thus not subject to reverse factoring that can be accomplished through quantum computing.

Abstract: Generating a unique die identifier for an electronic chip including placing the electronic chip in an identifier generation state, wherein the electronic chip comprises a set of test circuits, wherein each of the set of test circuits is attached to a corresponding component on the electronic chip; obtaining an ordered list of race pairs of the set of test circuits; for each race pair in the ordered list of race pairs of the set of test circuits: selecting the race pair of test circuits; executing a race between the selected race pair; and adding an element to the unique die identifier based on an outcome of the executed race; and returning the electronic chip to an operational state.

Abstract: In some aspects, a method includes obtaining, by a response generator circuit, reliability information for each bit of an array of bits provided by a physical unclonable function (PUF) circuit; receiving, from the PUF circuit during run time, an array of values for the array of bits; selecting a plurality of values from the array of values received from the PUF circuit in accordance with the reliability information; and generating, by the response generator circuit, a PUF response from the selected plurality of values.

Abstract: A programmable magnetic device for generating random numbers during a programming operation, including an array of a plurality of magnetic tunnel junctions. Each magnetic tunnel junction includes a reference layer having a reference magnetization; a tunnel barrier layer; and a storage layer having a storage magnetization. The programmable magnetic device is arranged such that, during the programming operation, the storage magnetization is orientable in an unstable magnetization configuration and relaxable randomly in one of a plurality of stable or metastable configurations from the unstable magnetization configuration.

Abstract: In an RFID system having at least one tag and at least one reader, a tag and a reader can, in one embodiment, use a pair of keys, known to both the tag and the reader, to restrict the interaction of the tag and the reader so that tags having the pair of keys interact only with readers that use the pair of keys.

Abstract: A method begins by a processing module of a dispersed storage network (DSN) retrieving a decode threshold number of encoded data slices of a set of encoded data slices from a first grouping of storage units of the DSN. The method continues with the processing module determining a first status level indication of the retrieved decode threshold number of encoded data slices and sending check status request messages to a second grouping of storage units of the DSN. The method continues with the processing module receiving check status response messages and processing the check response messages to produce a second status level indication. When the second status level indication is substantially equal to the first status level indication, the method continues with the processing module indicating that the decode threshold number of encoded data slices is of a common status level as other encoded data slices of encoded data slices.

Abstract: Disclosed herein is a method for performing an integrated contactless point-of-sale transaction. More particularly, there is disclose a method comprising: receiving, by a mobile device 1, a seed number from a communications network; generating, by the mobile device 1, one or more session keys, in dependence on the received seed number, for use in encrypted communication with the mobile device 1; and/or generating, by the mobile device 1, a pre-image, in dependence on the received seed number, for use in generating an unpredictable number for use in secure communication with the mobile device. Advantageously, the generation of session keys and/or a pre-image in dependence on a seed number provided to the mobile device improves the security of the system since the source of the seed number can detect incorrect session keys and/or unpredictable number derived from an incorrect pre-image.

Abstract: A method for protection of cloud computing includes homomorphic encryption of data. Partially or fully homomorphic encryption allows for data within the cloud to be processed without decryption. A partially or fully homomorphic encryption is provided. The proposed scheme can be used with both an algebraic and analytical approaches. A cloud service is implemented on a server. A client encrypts data using fully homomorphic encryption and sends it to the server. The cloud server performs computations without decryption of the data and returns the encrypted calculation result to the client. The client decrypts the result, and the result coincides with the result of the same calculation performed on the initial plaintext data.

Abstract: Disclosed are various embodiments for generating encrypted media content items as well as decrypting encrypted media content items. A content type is embedded in an initialization vector corresponding to an encrypted sample. Upon decryption of encrypted content, the content type is identified and an action taken based upon the detected content type.

Abstract: There is described a method of obfuscating access to a data store by a software application. The method comprises accessing the data store using access operations. The access operations comprise real access operations and dummy access operations. Each real access operation is operable to access the data store as part of the execution of the software application. There is also described a computer program which, when executed by a processor, causes the processor to carry out the above method. There is also described a computer readable medium storing the above computer program. There is also described a system configured to carry out the above method.

Abstract: The present disclosure includes apparatuses and methods for obfuscation-enhanced memory encryption. An example method comprises performing a write operation, wherein the write operation includes transmitting a number of write transactions received from a host along with a number of spurious transactions to a memory, and wherein the number of spurious transactions are transmitted at a particular rate among the number of received write transactions.

Abstract: Systems, methods, software, and combinations thereof for evaluating entropy in a cryptography system are described. In some aspects, sample values are produced by an entropy source system. A typicality can be determined for each of the sample values. A grading is determined for preselected distributions based on the typicalities of the sample values. A subset of the preselected distributions are selected based on the gradings. An entropy of the entropy source system is calculated based on the subset of the plurality of distributions.

Abstract: Deduplication and compression evaluation methods and systems involve one or more processors obfuscating plain text file data in each file of a computer file system using a first cipher encryption scheme, obfuscating each plain text file name representing the plain text file data in each file of the computer file system using a second cipher encryption scheme, and associating each obfuscated file name representing the plain text file data of each of the plurality of files of the computer file system with the obfuscated file data of each of the plurality of files of the computer system. In addition, each plain text directory name for each of the obfuscated file names associated with the obfuscated file data in each of the plurality of files of the computer file system is obfuscated using a third cipher encryption scheme.

Abstract: Provided is a technique to download and install a profile to a universal integrated circuit without receiving, from a network, an SMS for triggering reception of the profile. Specifically, a terminal according to the present invention comprises a communication unit configured to transmit and receive a signal; a control unit configured to create information for triggering reception of a profile; and a universal integrated circuit card configured to: access a profile management server and receive the profile based on the information using the communication unit, and install the received profile.

Abstract: Systems and methods of computer network defense using Checksum-Security System (CSS) 10. An embodiment called Header Checksum Security System (HCSS) 22 uses header block checksum of a packet, and may be used in all routers or a subset of routers of a network. Another embodiment called Data Checksum Security System (DCSS) 24 used data block checksum pf a packet and may be used in the host computers. CSS uses randomization of the existing artifacts of a data packet, that of checksums of the packet. The randomization is able to substitute one value of the artifact with another identical value of the artifact, that is, one checksum is replaced by another checksum, where the replaced checksums have no relationship to the original checksums, they having been derived from a randomization process of the original checksum.

Abstract: In a general aspect, a conversion scheme is used in a public key cryptosystem. In some aspects, an error vector derivation function is applied to a random value and a message value to produce an error vector. A plaintext value is generated based on the random value, the message value, and the error vector. The error vector and the plaintext value are used in an encryption function to produce a ciphertext component, and the ciphertext component is provided for transmission in a communication system.

Abstract: A method of operating a storage system includes using the device driver to combine a password, the key salt, and the number of iterations to generate a primary key, using the device driver to generate a key schedule from the primary key, receiving an encrypted master key at the device driver, and using the device driver to decrypt the encrypted master key with the key schedule.

Abstract: Systems and methods for a random number generator including a systolic array to receive a plurality of first inputs, and to provide a random number output. In one embodiment, the systolic array can be arranged in two or greater dimensions, and each cell of the array comprises a ring oscillator. Data is read from a random access memory to provide the inputs to the systolic array. A linear feedback shift register receives the random number output as a feedback signal used to address the memory to read data to provide as the inputs to the systolic array.

Abstract: In a general aspect, a conversion scheme is used in a public key cryptosystem. In some aspects, a plaintext value is generated based on a message value, a constant value, and a random value. An error vector derivation function is applied to the plaintext value to produce an error vector. The plaintext value and the error vector are used in an encryption function to produce a ciphertext component, and the ciphertext component is provided for transmission in a communication network.

Abstract: A method for generating a secret or a key in a network, the network including at least one first and one second member and a transmission channel between at least the first and the second members. The first and second members being able to place at least one first value and one second value on the transmission channel. The first member causes a first member value sequence and the second member causes a second member value sequence to be transmitted over the transmission channel largely synchronously with each other. The first member and the second member generate a shared secret or a shared key on the basis of information about the first member value sequence and the second member value sequence and on the basis of an overlap value sequence resulting from the overlap of the first member value sequence with the second member value sequence on the transmission channel.

Abstract: Random number generators include a thermal optical source and detector configured to produce random numbers based on quantum-optical intensity fluctuations. An optical flux is detected, and signals proportional to optical intensity and a delayed optical intensity are combined. The combined signals can be electrical signals or optical signals, and the optical source is selected so as to have low coherence over a predetermined range of delay times. Balanced optical detectors can be used to reduce common mode noise, and in some examples, the optical flux is directed to only one of a pair of balanced detectors.