Abstract: Aspects described herein provide a method of processing data in a machine learning model, including: receiving first domain input data; transforming the first domain input data to second domain input data via a domain transformation function; providing the second domain input data to a first layer of a machine learning model; processing the second domain input data in the first layer of the machine learning model according to a set of layer weights; and outputting second domain output data from the first layer of the machine learning model.

Abstract: In some examples, a first user equipment (UE) sends an indication to an application server that the first UE is to use a relay UE to access a network. The first UE receives, from the application server, a first identity different from a second identity of the first UE. The first UE uses the first identity to register with the network to authenticate the first UE.

Abstract: A system and method for a privacy mode are disclosed. A trusted execution environment and general operating system that has restricted access to the trusted execution environment are maintained on a processor. A privacy mode command indicating either one of a first value and a second value is received. A peripheral control interface, which is communicatively coupled to the trusted execution environment and otherwise communicatively isolated from the general operating system, is disabled when the privacy mode enable indicator has the first value and is enabled when the privacy mode enable indicator has the second value. An associated peripheral is disabled from providing signals to processing circuits when the peripheral control interface is in the disabled state and enabled to provide signals to processing circuits when the peripheral control interface is in the enabled state.

Abstract: A method for detecting privacy violations of patient personal healthcare information (PHI) can include receiving audit logs from all systems within a healthcare facility. These audit logs are generated any time PHI is accessed. The Healthcare Privacy Violation Detection System (HPV-DS) compares these generate audit logs to prior access history of the employee or authorized user that generated the audit log. If any field in the generated audit log is different from the authorized user's prior access history, the risk of a privacy violation is assessed and a risk score is assigned. For audit logs that differ from past access history enough, an alert turned on and the audit log is flagged for administrators to review.

Abstract: Systems and methods for establishing a data connection between a mobile device and a peripheral. The mobile device is configured to determine whether to handle user approval of the data connection between the mobile device and the peripheral. Through the mobile device, an input mechanism is provided for the user to provide input. The input is used in determining whether to approve the data connection between the mobile device and the peripheral.

Abstract: A biometric authentication method for a computer system, the computer system comprising: a computer; and an authentication server, the biometric authentication method including steps of: extracting a first feature from the captured biometric information; generating a template polynomial for enrollment; extracting a second feature from the captured biometric information; generating a template polynomial for authentication; generating a correlation function for calculating a correlation between the template polynomial for authentication and the enrolled template polynomial; calculating a correlation value between the template polynomial for authentication and the enrolled template polynomial by using the generated correlation function, and determining based on the calculated correlation value whether or not the biometric information at the time of authentication coincides with the biometric information enrolled.

Abstract: A method for protecting an integrated circuit. According to the method, the start-up of all, or part, of the circuit is determined in the presence of a key which is recorded in a non-volatile manner in the circuit, following the production thereof, and depends on at least one first parameter which is present in a non-volatile manner in the circuit after the production thereof.

Abstract: A method and system distributes shares of a secret among cooperating entities using linear interpolation. In one embodiment, a linear equation is formed using the secret and random elements. The linear equation represents a K-dimensional secret hyperplane, where K is the number of shares to reconstruct the secret. Shares of the secrets are created, with each share containing a point on the secret hyperplane. The shares are then distributed to cooperating entities for secret sharing.

Abstract: Given that a differentially private mechanism has a known conditional distribution, probabilistic inference techniques may be used along with the known conditional distribution, and generated results from previously computed queries on private data, to generate a posterior distribution for the differentially private mechanism used by the system. The generated posterior distribution may be used to describe the probability of every possible result being the correct result. The probability may then be used to qualify conclusions or calculations that may depend on the returned result.

Abstract: Apparatus, systems, and methods may operate to invoke multiple authentication mechanisms, by a client node, to encrypt N split-keys using credentials associated with corresponding ones of the authentication mechanisms. Further activity may include transforming the split-keys to provide N encrypted split-keys, and storing each of the encrypted split-keys with an associated local user identity and an identity of corresponding ones of the authentication mechanisms. Additional apparatus, systems, and methods are disclosed.

Abstract: A computing device receives a command to restrict access to encrypted data. The computing device generates a new record that can access the encrypted data. The computing device encrypts the record information for the new record using a public key of a trusted entity. The computing device prevents access to the encrypted data for a previously generated record or records.

Abstract: A validation module provides for the upgrading of a physical access control system (PACS) to full HSPD-12 compliance without requiring modification or replacement of the existing PACS. The validation module may contain all of the validation functionality required by federal specifications and technical requirements. The validation module may be installed between an existing PACS panel and a supported card/biometric reader. Readers may be selected based on assurance level requirements, e.g., contactless or contact readers for low and medium assurance level areas and full biometric readers for high assurance areas. The validation module may validate a card according to the assurance level setting, extract ID information from data on the card and then pass the ID information to the PACS panel for an access decision. Cardholder data captured by one validation module may be distributed to other validation modules of the PACS using a management station.

Abstract: A user sets an apparatus name easily identified by the user to a terminal, transmits the apparatus name together with user identification information to a terminal management server for managing a terminal, and the terminal management server registers the apparatus name as associated with the user identification information, thereby allowing the terminal management server to uniquely identify each terminal based on the apparatus name associated with the user identification information. Furthermore, a user can easily identify an apparatus name, thereby realizing a service utilizing system capable of reducing the laborious procedure of operating the terminal management server, and easily identifying each terminal.

Abstract: A Microprocessor (1) in a security-sensitive computing system for processing an operand according to an instruction is for improving its security provided with a modulo-based check hardware (2) to perform operations in parallel to the microprocessor (1) and for comparing both results regarding congruence.

Abstract: A cost-effective system that provides for the efficient protection of transmitted non-public attribute information may be used, for example, to control access to a secure area. Encryption of the attribute information may be performed using symmetric encryption techniques, such as XOR and/or stream cipher encryption. A centralized database that stores and transmits the encrypted attribute information may generate the encryption/decryption key based on selected information bytes, for example, as taken from a card inserted into a handheld device used at the secure area. The selected information to generate the encryption key stream may be varied on a periodic basis by the centralized database. Information as to which selected bytes are to be used for a particular access authorization request may be transmitted to the handheld unit or may be input through action of a user of the handheld unit, for example by entry of a PIN code.

Abstract: A method and system to authenticate users with a one time password by using a visual communication channel. The method and system may include using a device to capture a sequence of images being displayed and decrypt an encrypted one time password contained in the sequence of images.

Abstract: A flexible, efficient and easy-to-use computer security management system effectively evaluates and responds to informational risks on a wide variety of computing platforms and in a rapidly changing network environment. An individual computer system dynamically monitors its end user, without regard to network connectivity, in order to calculate a risk score and to ensure that the end user's behavior does not put corporate information or other assets at risk. Data regarding such risks and responses are analyzed and stored in real-time.

Abstract: Method, system, and program product for port based authentication protocols where addresses are dynamically assigned within a network environment, and more particularly to port based authentication in the network environment, where connection information is captured and stored. This facilitates administrator access to information created as a result of protocol exchanges involved in dynamic address assignment, authentication, and connection.

Abstract: A system comprising a trusted computing platform including one or more logically protected computing environments, each of which is associated with at least one service or process supported by said system, the system being arranged to load onto said trusted computing platform a predetermined security policy including one or more security rules for controlling the operation of each of said logically protected computing environments, the security rules for at least one of said logically protected computing environments including an execution control rule which defines the security attributes to be applied to a service or process associated with said logically protected computing environment when said service or process is started.

Abstract: A flexible, efficient and easy-to-use computer security management system effectively evaluates and responds to informational risks on a wide variety of computing platforms and in a rapidly changing network environment. An individual computer system dynamically monitors its end user, without regard to network connectivity, in order to calculate a risk score and to ensure that the end user's behavior does not put corporate information or other assets at risk. Data regarding such risks and responses are analyzed and stored in real-time.

Abstract: An arithmetic apparatus for performing a long product-sum operation includes an integer unit arithmetic circuit, a finite field GF(2^m) based unit arithmetic circuit logically adjacent to the integer unit arithmetic circuit, a selector for selecting the integer unit arithmetic circuit or the finite field GF(2^m) based unit arithmetic circuit, and an adder circuit which has a buffer for storing interim result data, adds the interim result data to the result data obtained by one of the integer unit arithmetic circuit and the finite field GF(2^m) based unit arithmetic circuit which is selected by the selector, propagates a carry in an integer unit arithmetic operation, and propagates no carry in a finite field GF(2^m) based unit arithmetic operation.

Abstract: Cryptographic methods and apparatus are provided for determination of multiplicative inverses. A Montgomery radix is selected based on a wordsize, permitting word-wise Montgomery multiplication. Using word-wise Montgomery multiplication, methods and apparatus determine various multiplicative inverses with reduced computation time.

Abstract: A pre-computation and dual-pass modular operation approach to implement encryption protocols efficiently in electronic integrated circuits is disclosed. An encrypted electronic message is received and another electronic message generated based on the encryption protocol. Two passes of Montgomery's method are used for a modular operation that is associated with the encryption protocol along with pre-computation of a constant based on a modulus. The modular operation may be a modular multiplication or a modular exponentiation. Modular arithmetic may be performed using the residue number system (RNS) and two RNS bases with conversions between the two RNS bases. A minimal number of register files are used for the computations along with an array of multiplier circuits and an array of modular reduction circuits. The approach described allows for high throughput for large encryption keys with a relatively small number of logical gates.

Abstract: A pre-computation and dual-pass modular operation approach to implement encryption protocols efficiently in electronic integrated circuits is disclosed. An encrypted electronic message is received and another electronic message generated based on the encryption protocol. Two passes of Montgomery's method are used for a modular operation that is associated with the encryption protocol along with pre-computation of a constant based on a modulus. The modular operation may be a modular multiplication or a modular exponentiation. Modular arithmetic may be performed using the residue number system (RNS) and two RNS bases with conversions between the two RNS bases. A minimal number of register files are used for the computations along with an array of multiplier circuits and an array of modular reduction circuits. The approach described allows for high throughput for large encryption keys with a relatively small number of logical gates.

Abstract: The modular exponentiation function used in public key encryption and decryption systems is implemented in a standalone engine having at its core modular multiplication circuits which operate in two phases which share overlapping hardware structures. The partitioning of large arrays in the hardware structure, for multiplication and addition, into smaller structures results in a multiplier design which includes a series of nearly identical processing elements linked together in a chained fashion. As a result of the two-phase operation and the chaining together of partitioned processing elements, the overall structure is operable in a pipelined fashion to improve throughput and speed. The chained processing elements are constructed so as to provide a partitionable chain with separate parts for processing factors of the modulus. In this mode, the system is particularly useful for exploiting characteristics of the Chinese Remainder Theorem to perform rapid exponentiation operations.

Abstract: Buffers, or registers, are used at one or more places between processing stages in a device for decrypting a data stream. The device has multiple processing stages arranged in a circular manner so that data is repeatedly passed from a prior stage to a next stage, and from a last stage back to a first stage, until processing is completed. The use of one or more registers at one or more positions allows data to be stored so that the stream associated with the stored data can effectively be suspended. This allows data from another stream to be processed while the suspended stream is in a wait state.

Abstract: Herein disclosed is a keyboard apparatus which comprises a joystick, a switch mounted on the joystick, a scan board operative to input a switch signal of the switch-on action of the switch, a memory for memorizing a key code relevant to the switch, a plurality of numerical keys each having a key code inputted therein and outputting a key code signal indicative of the key-pushed actions of the numerical keys, a CPU having the switch signal and the key code signal inputted therein, and state setting means for selectively setting two operation states respectively having the switch signal and the key code signal outputted from the CPU.

Abstract: Method for the cryptography of data recorded on a medium usable by a computing unit in which the computing unit processes an input information x using a key for supplying an information F(x) encoded by a function F. The function uses a decorrelation module Mk such that F(x)=[F′(Mk)](x), in which K is a random key and F′ a cryptographic function. This Abstract is neither intended to define the invention disclosed in this specification nor intended to limit, in any manner, the scope of the invention.

Abstract: A portable handheld computing device has a notification system that alerts a user of an event regardless of whether the device is on or off. The notification system has a notification mechanism that is activated upon occurrence of the event and remains active until the user acknowledges the activated mechanism. In one implementation, the notification mechanism is a light emitting diode (LED) mounted externally on the handheld computing device. The LED is visible to the user when the lid is closed onto the base (i.e., the device is off) or when the lid is open (i.e., the device is on). The notification mechanism also has a deactivation button mounted externally of the handheld computing device. The user depresses the deactivation button to deactivate the LED. The LED and deactivation button may be integrated as a single component.

Abstract: A portable handheld computing device has a notification system that alerts a user of an event regardless of whether the device is on or off. The notification system has a notification mechanism that is activated upon occurrence of the event and remains active until the user acknowledges the activated mechanism. In one implementation, the notification mechanism is a light emitting diode (LED) mounted externally on the handheld computing device. The LED is visible to the user when the lid is closed onto the base (i.e., the device is off) or when the lid is open (i.e., the device is on). The notification mechanism also has a deactivation button mounted externally of the handheld computing device. The user depresses the deactivation button to deactivate the LED. The LED and deactivation button may be integrated as a single component.

Abstract: Enrollment and authentication of a user based on a sequence of discrete graphical choices is described. A graphical interface presents various images and memory cues that a user may associate with their original graphical choices. Enrollment may require the input to have a security parameter value that meets or exceeds a threshold. An acceptable sequence of graphical choices is converted to a sequence of values and mapped to a sequence of codewords. Both a hash of the sequence of codewords and a sequence of offsets are stored for use in authenticating the user. An offset is the difference between a value and its corresponding codeword. Authentication requires the user to enter another sequence of discrete graphical choices that is approximately the same as original. The offsets are summed with the corresponding values before mapping to codewords. Authentication requires the sequence of codewords, or a hash thereof, to match.

Abstract: The identification information input apparatus comprises a rotary encoder group for giving the user a click feel per unit rotation and generating an electric signal, and inputting arbitrary alphanumeric characters forming alphanumeric characters assigned in proportion to rotation angle via rotating operation, a pushbutton switch group for confirming alphanumeric characters input via the dial unit, password conversion unit for converting the electric signal generated by the dial unit to the alphanumeric characters based on a conversion table, and password authentication unit for authenticating the converted alphanumeric characters by checking whether the alphanumeric characters converted by the conversion unit are alphanumeric characters constituting the password.

Abstract: A portable handheld computing device has a notification system that alerts a user of an event regardless of whether the device is on or off. The notification system has a notification mechanism that is activated upon occurrence of the event and remains active until the user acknowledges the activated mechanism. In one implementation, the notification mechanism is a light emitting diode (LED) mounted externally on the handheld computing device. The LED is visible to the user when the lid is closed onto the base (i.e., the device is off) or when the lid is open (i.e., the device is on). The notification mechanism also has a deactivation button mounted externally of the handheld computing device. The user depresses the deactivation button to deactivate the LED. The LED and deactivation button may be integrated as a single component.

Abstract: A tamper detect device is provided to a chassis of a system. The tamper detect device provides a signal when the chassis is opened while at least a part of the system is under power. In one embodiment, the signal is used to produce an immediate warning. In another embodiment, the tamper detect device is incorporated into the system and the warning is audio. In another embodiment, the warning is continually provided until the chassis cover is closed, the system is unplugged, or the tamper detect device is bypassed. In another embodiment, the system is a computer system.

Abstract: The present invention provides a personal computer system for receiving and retaining data and capable of securing data retained within the system against unauthorized access. More particularly, the system includes a computer including a processor and a detachable input/output (I/O) device that functions as a conventional computer interface when docked to the computer and wherein the computer system enters a suspend mode when the detachable I/O device is detached from the computer whereby the system data is secured against unauthorized access. A security module controls access to at least certain levels of data retained within the system by distinguishing between the detachable I/O device docked to the computer and the detachable I/O device detached from the computer. A docking station is coupled to the processor and is detachably coupled to the detachable I/O device.