Abstract: A distributed system and method for compressing and restoring data across edge computing devices and cloud infrastructure is disclosed. The system preprocesses raw data at edge computing devices, compresses the data into latent space vectors using distributed encoders within a variational autoencoder spanning edge and cloud components, decompresses the vectors using decoders, and processes them through a resource-aware neural upsampler to generate enhanced reconstructed outputs. The system dynamically adapts compression based on available computing resources and network conditions, while enabling secure distributed processing through homomorphic operations on compressed data. Edge-cloud coordination layers manage data flow, compression parameters, and workload distribution, while maintaining system reliability through intelligent failover handling and resource optimization.

Abstract: The present disclosure provides a User Equipment (UE) comprising a transceiver circuit; and a controller configured to control the transceiver circuit to send, to an Access and mobility Management Function (AMF) of a communication node, an identifier, wherein upon successful authentication of a network access function of the UE in the communication node, the controller is configured to maintain a secure connection with the communication node.

Abstract: An apparatus and system for onboarding based on UE default manufacturer credentials are described. A UE sends default manufacturer credentials and an indication to proceed with restricted onboarding to an onboarding non-public network (O-SNPN). An Onboarding Server validates the authenticity of the UE based on the manufacturer credentials and sends a certificate. The UE is provisioned with a set of roots of trust certificate information to use to authenticate the certificate using one way authentication. After authentication, the UE receives network credentials and performs mutual authentication to register with a NPN while being authenticated by a home network. The UE identity is indicated as anonymous in response to an indication by the O-SNPN for subscriber identifier privacy.

Abstract: Systems and methods for managing communications during the orchestration of workspaces by multiple remote orchestrators are described. In an illustrative, non-limiting embodiment, a first orchestrator with respect to a workspace executed by a client Information Handling System (IHS) may include a processor and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution by the processor, cause the first orchestrator to: create a first payload with a first data portion; and receive, from a second orchestrator with respect to the workspace, a hash of at least a second data portion exclusive of the second data portion, where the second orchestrator is configured to send a second payload comprising the second data portion to the client IHS, and where the client IHS is configured to validate the second payload, at least in part, based upon the hash.

Abstract: A method includes receiving an indication of a request from a client device. The request is for establishing an access session to perform one or more actions on data of a data processing platform. The method includes receiving data indicative of a context of the access session request and establishing a challenge session associated with the request that indicates one or more challenges required of a user associated with a client device to successfully respond to in order to establish the requested access session, a number or a type of the one or more challenges being determined based on the context, and establishing an access session to enable the user to perform the one or more actions on the data of the data processing platform if responses to all challenges in the challenge session are successful.

Abstract: A service platform/transceiver device locking system include a transceiver device that disables its data communication operations during an initialization operation and generates challenge information, and a platform device that retrieves that challenge information. The platform device uses a service platform private key to encrypt the challenge information, and provides the encrypted challenge information and a service-platform-provider-private-key-signed service platform public key to the transceiver device. The transceiver device uses a service platform provider public key to verify a service platform public key in the service-platform-provider-private-key-signed service platform public key to produce a verified service platform public key that it uses to decrypt the encrypted challenge information to produce decrypted challenge information.

Abstract: A system and method for secure authentication between applications that may be attacked with an attack originating from a quantum computer is provided. The systems and methods can involve generating a plurality of keys, wherein each key of the plurality of keys is unique and determining one or more pairs of applications from a plurality of applications, wherein each pair can include applications that can connect. The systems and methods can also involve upon receiving a request from a first application of the plurality of applications to connect to a second application of the plurality of applications finding the pair of the one or more pairs that includes both the first application and the second application and associating one key of the plurality of keys to the pair, and performing by the first application and the second application, mutual authentication using the one key.

Abstract: Device-implemented methodology for enabling and/or performing crypto-erase via internal action and/or external action in a Key per IO-enabled system. In various approaches, crypto-erasure of the data stored in a Key per IO scheme is enabled by implementing an internal key, which is combined with an external key to generate a media encryption key, which is in turn used to encrypt/decrypt data. By restricting access to the internal key, destruction of the internal key and all media encryption key(s) created using the internal key, renders the data crypto-erased, and thus unrecoverable.

Abstract: A communication method, apparatus, and system are provided, to resolve problems in a conventional technology that an AKMA authentication procedure is complex and signaling overheads are large. Principles of the method are as follows: In a registration procedure of a terminal device, AKMA authentication is implicitly indicated based on primary authentication. For example, if primary authentication succeeds, it may be considered that AKMA authentication also succeeds. In addition, an AKMA temporary identifier is allocated to the terminal device after AKMA authentication succeeds. According to the method, apparatus, and system in this application, no additional AKMA authentication is required. This simplifies a procedure and reduces signaling overheads.

Abstract: Disclosed is a system for implementing indirect certificate pinning. The system comprises a client device configured to execute client application having a public signing key pinned thereto, and a certificate information server communicably coupled with client device. Upon execution, the client application is configured to: send, to certificate information server, a connection request; receive, from certificate information server, a security certificate of certificate information server and signing information pertaining to the security certificate, wherein signing information comprises: signatures of security certificate for at least one signing key pair that is valid at a time of receiving connection request, a version number of the at least one signing key pair, expiration details of the at least one signing key pair; and validate the signatures using the security certificate and the public signing key, for enabling connection of the client device with the certificate information server.

Abstract: In an approach, a processor receives a query relating to mobile number porting on a mobile network that includes a hierarchy including a mobile network operator and a mobile virtual network operator, the query requiring access to customer private data. A processor identifies a minimal number of participants in the mobile network with access to the customer private data. A customer provides a response to the query.

Abstract: The present invention is a distributed and autonomous digital data security agent that secures stored data and the storage device itself, from remote manipulation. The present system is an “agent” in that it acts independently in the accomplishment of its objects and is distributed in that its functionality is resides on firmware resident at disparate hardware locations. The agent is autonomous in that it cannot be remotely compromised. The system includes server having a dedicated Private link with a Chip Administrator, and a Data Link between a first-Chip, a second: Chip of said security agent. The first-Chip is resident and operable to control Write/Read calls and data transfers between the server and the second: Chips of the data storage. The Chip Administrator, first-Chip and second-Chip in combination with their associated Firmwares provide said distributed and autonomous data security agent.

Abstract: A blockchain network may be used to improve upon public-key infrastructure by providing for fast and secure registration, revocation and update of digital certificates. A public key may be recorded on the blockchain by a certificate authority in such a manner that any third party may quickly and easily verify that the public key is certified by the certificate authority and that the certification has not been revoked. The certificate authority may be able to revoke the certification nearly instantaneously, and/or may be able to simultaneously certify a new key for the same entity while revoking the old key. In some cases, the ability to revoke a certification may be given to the owner of the public key or, in some cases, to one or even a group of other entities.

Abstract: An image forming apparatus includes: a main casing to which a consumable including a consumable memory is attachable; a main memory; and a controller configured to perform: when the consumable is new, storing identification information of the consumable in the main memory; when the consumable is used and is a special consumable, determining whether the identification information is stored in the main memory; when the identification information is stored in the main memory, permitting use of the consumable; when the identification information is not stored in the main memory; prohibiting use of the consumable; and while an external memory is physically connected to the main casing, storing the identification information in the external memory. By the external memory being physically connected to another image forming apparatus, the another image forming apparatus permits use of the consumable therein on the basis of the identification information stored in the external memory.

Abstract: Methods and systems described herein relate to an improved platform that provides secure, encrypted communications across distributed computer networks when coordinating cryptography-based digital repositories in order to perform blockchain operations in decentralized applications. More specifically, the methods and systems provide this improved platform by introducing additional abstraction layers into a production service for computing signatures during multi-party computation (MPC) signing procedures.

Abstract: Described systems and methods protect client devices such as personal computers and IoT devices against harmful or inappropriate Internet content. When a client uses an encrypted handshake to hide the identity of the end server, e.g., in applications implementing an encrypted client hello (ECH), some embodiments employ a modified DNS server to provide a surrogate key to the client instead of the genuine handshake key. A traffic filter executing for instance on a network gateway may then intercept and decrypt the handshake and apply an access policy to selectively allow or deny access to the respective end server. When access is allowed, the traffic filter may re-encrypt the server identifier using the genuine handshake key before forwarding the handshake to its destination. Communication privacy is maintained since the illustrated methods only decrypt the handshake, and not the actual payload.

Abstract: A method in accordance with the invention includes: providing to a hub, from an enclave associated with a TEE at a node, an enclave public key; establishing a channel with the hub by broadcasting to a blockchain network a funding transaction which encumbers a digital asset with a first public key, a second public key and a third public key such that the encumbrance of the digital asset may be removed by: 1) both a first signature generated from a first private key corresponding to the first public key and a second signature generated from a second private key corresponding to the second public key; or 2) a third signature, valid for the third public key, the third public key associated with a group; receiving a commitment transaction encrypted with the enclave public key; detecting a failure; issuing a failsafe activation request to the group using data from the enclave.

Abstract: The invention relates to systems, methods, network devices, and machine-readable media for encrypting and decrypting messages in a decentralized multi-authority attribute-based encryption (MA-ABE) scheme for a non-trivial class of access policies whose security is based in the random oracle model solely on the Learning With Errors (LWE) assumption. In some embodiments, any party can become an authority and there is no requirement for any global coordination other than the creation of an initial set of common reference parameters.

Abstract: A system, method, and computer-readable medium for performing a communications management operation. The communications management operation includes: providing a data center asset with a connectivity management system client module; setting the data center asset to a disable until claimed status; providing the data center asset with proof of possession information; establishing a connection between the connectivity management system client module and a connectivity management system of a data center monitoring and management console, establishing a secure communication channel between the connectivity management system client module and a connectivity management system aggregator based upon the proof of ownership information; and, setting the data asset center to a claimed status based upon the information exchanged between the connectivity management system client module and the connectivity management system.

Abstract: Systems and methods for enabling the secure use of cryptocurrencies (such as but not limited to Bitcoin, Ethereum, or Litecoin) in prize funds or gift cards that accept purchases or wagers in fiat currencies and payout in cryptocurrency. The prize funds can be associated with lotteries, charitable gaming, or casino environments with the inherent volatility of cryptocurrencies optionally mitigated and cryptocurrency payouts enabled for consumers or players without prior digital wallets as well as consumers or players with preexisting digital wallets.

Abstract: According to an example aspect of the present invention, there is provided a method comprising, transmitting to a second wireless node timing information for security key adoption and information indicative of a third wireless node, transmitting to the third wireless node a message to estimate a channel between the second wireless node and the third wireless node, the message to estimate the channel comprising information indicative of the second wireless node and channel measurement resource information associated with the second wireless node, obtaining a security key generated on the basis of channel estimation information based on estimation of the channel by the third wireless node, and applying the security key for encrypted data transmission between the first wireless node and the second wireless node.

Abstract: A wireless network access method, apparatus, device, and system are provided.

Abstract: In certain aspects, a computer-implemented method includes monitoring data entries written on a private primary ledger. The computer-implemented method includes recording the data entries written on the private primary ledger to an immutable public secondary ledger.

Abstract: The present disclosure discloses a file sharing method and system. The method includes: obtaining a target file and determining a first dynamic key corresponding to the target file; generating a first private key based on the first dynamic key and double private keys; selecting unpaired public and private keys, and generating a first public key based on the first dynamic key, the selected public and private keys; encrypting a symmetric key using the first public key to obtain a key ciphertext; encrypting the target file using the symmetric key to obtain a file ciphertext; signing the first dynamic key, the first public key, the key ciphertext and the file ciphertext using the first private key to obtain signature information; and uploading the first dynamic key, the first public key, the key ciphertext, the file ciphertext and the signature information to a cloud sharing end to share the target file.

Abstract: This disclosure provides systems, methods, and apparatuses for associating a wireless communication device such as a wireless station (STA) of a STA multi-link device (MLD) with an access point (AP) MLD that includes a first AP associated with a first communication link of the AP MLD and includes one or more secondary APs associated with one or more respective secondary communication links of the first AP MLD. The first AP includes one or more virtual APs, and the first AP and the one or more virtual APs of the first AP belong to a first multiple basic service set identifier (BSSID) set associated with the first communication link.

Abstract: Disclosed in the present disclosure is a blockchain network security communication method based on a quantum key. On the basis of a blockchain network formed by means of combining quantum key distribution technology and blockchain technology, the method implements the process of quantum key distribution, acquisition and encryption transmission with simple steps which are easy to control and implement, to ensure the secure conduction of communication services in the blockchain network.

Abstract: A method, apparatus and computer program product are provided for generating a registered certified seal, sealing an asset, and verifying a sealed asset. In an example embodiment, a method is provided for receiving a request to generate a registered certified seal from an entity, accessing certifier entity data via a uniform resource locator of a certification authority identified by a certifying certificate, and verifying a digitally signed entity certifying certificate. The method further comprises upon verifying the digitally signed entity certifying certificate, receiving seal data comprising a seal data key for a certified seal, and saving the seal data for the entity within a digital seal registry, wherein the digital seal registry is searchable based at least in part on at least a portion of the seal data key.

Abstract: An unlocking method and an electronic device relate to the field of terminal technologies.

Abstract: A method for authorizing a secure access from a local device to a remote server computer is disclosed. At the local device having a unique identifier (UID), processor, and memory, a security software obtains a personal identification number (PIN) of a user, and the UID of the local device. Authenticity of the PIN and the UID is verified without communication over a network, using a credential code generated using the PIN, the UID and the security software. Upon verifying the authenticity of the PIN and the UID, access credentials to the remote server computer are retrieved, and the secure access to the remote server computer is authorized using the retrieved access credentials. The remote server computer has a copy of the security software, the PIN, the UID and the credential code.

Abstract: Embodiments for bounded broadcast encryption key management in a peer-to-peer network are described. To realize bounded broadcast encryption key management, a second peer of the peer-to-peer network receives a first broadcast message from a first peer. The first broadcast message includes at least a public key associated with the first peer. The second peer then generates a key seed in response to receiving the first broadcast message, and creates a second message that includes the key seed encapsulated with the public key. The second peer then transmits the second message to the first peer, and in response to the transmission of the second message, receives a packet from the first peer. The packet includes data encrypted using a secret key derivable from the key seed and one or more portions of the second message.

Abstract: This disclosure provides systems, methods, and apparatuses for associating a wireless communication device such as a wireless station (STA) of a STA multi-link device (MLD) with an access point (AP) MLD that includes a first AP associated with a first communication link of the AP MLD and includes one or more secondary APs associated with one or more respective secondary communication links of the first AP MLD. The first AP includes one or more virtual APs, and the first AP and the one or more virtual APs of the first AP belong to a first multiple basic service set identifier (BSSID) set associated with the first communication link.

Abstract: A method and system for establishing two-way trust between a short-range communication device and a hub device. The method includes: obtaining, from a hub device, a digitally signed request for determining whether the hub device is a trusted communication device for a short-range communication device and a cryptographic key generated by the short-range communication device; generating a response to the request; encrypting the response to the request by using the cryptographic key provided by the short-range communication device, so that the encrypted response can be decrypted only by the short-range communication device; and providing the encrypted response to the hub device. The short-range communication device may decrypt the response and determine whether the hub device is the trusted communication device based on information indicated in the response.

Abstract: A first network device may install a new receive key on a data plane of the first network device, and may provide, to a second network device, a first request to install the new receive key. The first network device may receive a first indication that the new receive key is installed by the second network device, and may install a new transmit key on the data plane of the first network device based on the first indication. The first network device may provide, to the second network device, a second request to install the new transmit key, and may receive a second indication that the new transmit key is installed and that an old receive key is deleted by the second network device. The first network device may delete the old receive key from the data plane of the first network device based on the second indication.

Abstract: Methods and systems for a device connectivity services system. A method for using the device connectivity services includes receiving a request to connect with a device to perform one or more tasks at the device, processing the request with respect to connectivity factors related to the request and the device, scheduling the request based on the connectivity factors, instantiating a controller to execute the one or more tasks at the device, sending commands to the device over a connection to perform the one or more tasks, and receiving responses from the device over the connection after completing the one or more tasks.

Abstract: Systems, methods and devices are described for establishing trusted connections among two or more therapy devices that form, or form part of, a medication therapy system. A medication delivery electronics may include a first communication interface, a connection manager, and a therapy management application. A first communication interface may be configured to establish and communicate over one or more communication links. A connection manager may be configured to generate a candidate shared secret key and provide the shared key to a first therapy device over a first communication link established by a first communication interface. A candidate shared key may be generated responsive to one or more shared secret parameters.

Abstract: A method and device for establishing a communication along a communications channel between a first device (200A) and a second device (200B) is disclosed. The method comprises mutually discovering the first device (200A) and the second device (200B), validating (F5, F6, F7) the communications channel between the first device (200A) and the second device (200B) by exchange of data messages, exchanging a secret between the first device (200A) and the second device (200B) and then exchanging encrypted messages along the communications channel.

Abstract: A node in a distributed network computes a hash of content for a service received in a data packet. The node verifies the data packet by comparing the hash of the content of a service received from a neighboring node to a hash of the content computed by the node. An amount of content of the service having a same identification is accumulated in a trusted execution environment (TEE) of the node, and a signature based on code stored in a TEE of the node is generated. The node then sends the data packet to the next neighboring node, where the service-related information includes the service ID, a hash of the service content and the signature. The service records with the accumulated amount of service content, accumulated hash values, and nodes' signatures are sent to the validation nodes to reach consensus for the service provided.

Abstract: This disclosure relates to, among other things, systems and methods for managing and/or verifying the integrity and/or provenance of digital content and/or media. Embodiments of the systems and methods disclosed herein may provide a mechanism for generating a secure records relating to digital content and/or other media by capturing records relating to creation and/or modification actions performed in connection with digital content and/or media and storing such records in a ledger. Trusted services that examine captured information recorded in trusted databases and/or ledgers and generate derivative information relating to associated content and/or media. When viewing content, trusted content applications may query the trusted service for derivative information relating to the content and/or media, providing users with an indication of the derivative information in connection with content and/or media playback.

Abstract: Aspects of the disclosure are directed to point-to-point generation and rotation of security tokens to provide anti-spoof protection in a virtual network stack. Existing public key infrastructure can be leveraged to establish secure connections for control plane purposes. The hosts can run local daemons on machines and can establish secure connections to a control plane as well as to other hosts.

Abstract: This document describes systems and techniques for using secure MPC to select digital components in ways that preserve user privacy and protects the security of data of each party that is involved in the selection process. In one aspect, a method includes obtaining, by a first computer of a secure multi-party computation (MPC) system, at least a first share of a set of contextual properties of an environment in which a selected digital component will be displayed at a client device. For each digital component in a set of digital components, at least a first share of an eligibility expression that defines a relationship between a set of eligibility criteria for the digital component is obtained. A determination is made, based on the at least first share of the set of contextual properties and the at least first share of the eligibility expression, a first share of an eligibility parameter.

Abstract: A method of processing a memory system that includes a substrate with a connector and a semiconductor memory chip connected to the connector is provided. The method includes detaching the semiconductor memory chip from the connector, performing an annealing process with respect to the semiconductor memory chip detached from the connector, and after the annealing process, attaching the semiconductor memory chip to the connector on the substrate.

Abstract: This disclosure relates to protecting the security of information in content selection and distribution. In one aspect, a method includes receiving, from a client device and by a first computing system of multi-party computation (MPC) systems, a digital component request including first secret shares of data identifying user groups that include a user of the client device as a member. The first computing system transmits a contextual digital component request to a content platform. The first computing system receives, from the content platform, selection data for multiple digital components. The selection data includes first vector data defining a contextual-based vector of values selected based in part on the set of contextual signals. The first computing system obtains, for each digital component, second vector data defining a user group-based vector of values selected based in part on a respective user group corresponding to the digital component.

Abstract: Systems and methods to at least provide access control for execution of smart contract functions (methods) through consensus mechanisms are disclosed. A first smart contract is stored on a blockchain network. During execution, the first smart contract performs operations that include: aggregating a threshold number of signed blockchain transactions from authorized blockchain addresses, receiving a set of signed blockchain transactions calling a function of a target smart contract from a set of blockchain addresses, verifying that each blockchain address of the set of authorized blockchain addresses is authorized to make the call, and calling the function of the target smart contract when a number of signed blockchain transactions calling the function exceeds a threshold number.

Abstract: The combination of virtual payment cards (tokens) and 3D Secure to transparently transport information to an issuing authority between mutually independent transactions. Furthermore, the virtual payment card standard digital information is transformed by embedding the mandated URL/SESSION ID without the need for the card schemes, acquirers, or payment gateways to make any modifications to their system or message formats.

Abstract: Systems and methods for network security are provided. Various embodiments issue single use certificates for validating remote endpoints access to the private network. Some embodiments use a triage zone (or triage gateway) to which remote device can calls into using a static issued certificate. However, instead of granting complete access to the virtual private network, the use of this static certificate only grants access to the triage zone where further validation of the endpoint without any access to sensitive content on the private network. The endpoint can be connected to an ID manager within the triage zone. The endpoint can then send the username and password to the ID manager that can create a single use certificate (e.g., valid for a limited period of time). While valid, the single use certificate can be used by the remote device to gain access to the production zone using a VPN tunnel.

Abstract: The present disclosure generally relates to securing access to resource and access rights using cryptography and the blockchain. Certain embodiments of the present disclosure generally relate to systems and methods that enhance the security of resource access using hierarchical deterministic (HD) cryptography and the blockchain. Certain embodiments of the present disclosure relate to systems and methods that securely and anonymously represent the identity of a user and the user's access code data on a distributed ledger represented across the blockchain.

Abstract: Systems and methods for using JavaScript Object Notation (JSON) Web Tokens for information security for a particular software-controlled application are disclosed. Exemplary implementations may: store information electronically, including different types of client-provided information, hardware information, key information, and permission information; provide individual JWTs that include individual expiration dates to individual users; receive a user request for continued access and/or use of the particular software-controlled application; perform different types of (automated) verification based on the client-provided information in the user request; and, responsive to particular results from the different types of verification, perform some combination of transferring a response to the user request and accepting or denying continued access and/or use of the particular software-controlled application.

Abstract: A method and system of managing third-party access to insurance information is disclosed. An insurer maintains an insurance information repository that can be accessed only by authenticated third-party partners. The authentication system generates a code for the insured member. The insured member can share the code to their selected third-party service provider. The selected provider will submit the code to the authentication system when requesting access to validated information about the insured member. The code, if valid, will authenticate the service provider and enable access to the requested information.

Abstract: In general, one aspect disclosed features a media-capture device, comprising: one or more sensors; a hardware processor; and a non-transitory machine-readable storage medium encoded with instructions executable by the hardware processor to perform a method comprising: initiating acquisition of one or more sensor data samples representing analog phenomena captured by the one or more sensors; receiving the one or more sensor data samples; encoding the one or more sensor data samples; generating a to-be-signed data structure comprising at least one of: the one or more encoded sensor data samples, or one or more cryptographic hashes of the one or more encoded sensor data samples; generating a cryptographic hash of the to-be-signed data structure; determining whether a time-stamping server is reachable over a network connection by the media capture device; and configuring a second data structure based on the determination of whether the time-stamping server is reachable.

Abstract: A method for personalizing embedded secure elements, eSE, allows for simplified manufacturing before being integrated into host devices. An eSE implements services executed by an embedded operating system, OS, whereupon it is loaded into the eSE. The non-personalized eSE comprises an OS loader and a master cryptographic key common to a plurality of secure elements. It can therefore be produced in large numbers. The OS loader obtains an operating system package from a server and installs it. In response to the installation, the OS loader generates a derivation cryptographic key by diversifying the master cryptographic key, and then the OS generates personalized data by deriving pre-personalization data with the derivation key. The eSE, deployed in the field in a simple non-personalized state, is fully personalized without exchanging secret personalized data.