Abstract: Disclosed is an adaptively secure multiparty non-interactive key exchange (NIKE) from polynomially hard indistinguishability obfuscation and other standard assumptions. This improves on all prior such protocols, which required sub-exponential hardness. Several compilers are established which simplify the task of constructing new multiparty NIKE protocols, and also establish a close connection with a particular type of constrained PRF.

Abstract: A first electronic device can establish a communication channel with a second electronic device and receive a second signed log head of an identifier log via the communication channel. The identifier log is managed by a key transparency server and can include public keys of users registered with the server and user identifiers. The second signed log head includes a hash of the public keys and the user identifiers in the identifier log. The second signed log head can be provided to the second device by the server. In response to sending a request for a consistency-checked log head from the server, the device can receive at least one consistency-checked signed log head. The device can verify a consistency between the second signed log head and the at least one consistency-checked log head. If verified the device can maintain use of the server for verifying ownership of the keys.

Abstract: The method provides an automated and scalable system for the generation, distribution, management of symmetric pre-shared keys (PSKs) to applications executing on headless and mobile devices. It helps achieve device protection, application security, and data protection with data authenticity and confidentiality in intra-device, inter-device, device-to-edge, and device-to-cloud communications. It helps Transport Layer Security (TLS) enabled applications dynamically acquire and renew PSKs and use identity hints for PSK based authentication ceremony during a TLS handshake. It helps client-server applications dynamically acquire and renew PSKs using keyed-hash message authentication code (HMAC) for data integrity and authenticity, content signing, and data encryption for confidentiality. It helps manage and distribute API shared secrets and API access tokens required for authenticated API requests and API security.

Abstract: Disclosed are various embodiments for authentication with network connected computing resources using a cryptographic coprocessor installed on a client device. A request can be sent to the client device to provision an asymmetric encryption key-pair using a cryptographic coprocessor installed on the client device, wherein the request comprises a key-authorization credential for the asymmetric encryption key-pair and the asymmetric encryption key-pair comprises a public key and a private key. The public key of the asymmetric encryption key-pair and an identity public key for the cryptographic coprocessor can be received. The public key, key-authorization credential, and the identity public key can then be stored in association with each other.

Abstract: Embodiments of the invention relate to a computer-implemented method for generating verification keys of a public-key signature scheme in a distributed network. The method comprises performing, by a subset of the nodes of a first subnetwork of nodes, a first distributed key generation protocol, the first distributed key generation protocol being configured to generate jointly a verification key for the first subnetwork and a plurality of corresponding secret key shares for the nodes of the first subnetwork. The method further comprises a step of performing, for a second subnetwork, by a subset of the plurality of nodes of the first subnetwork, a second distributed key generation protocol, the second distributed key generation protocol being configured to generate jointly a verification key of the second subnetwork and a plurality of corresponding secret key shares for the nodes of the second subnetwork.

Abstract: A method may include: sharing, by a client computer program and a server computer program, a set of identification keys, each identification key associated with a key label, and an authentication key; selecting, by the client computer program and the server computer program, one of the key labels; preparing, by the client computer program, quantum systems using a basis, randomly chosen bit values, and intensities; sending, by the client computer program, the quantum systems to the server computer program over a quantum communication channel, wherein the server computer program may be configured to measure the quantum systems using the basis and to announce quantum systems with photon detection; and generating, by the client computer program, a client tag using a shared keyed hash function executed on the authentication key and chosen bit values from the quantum systems with photon detection, and forwarding the client tag to the server computer program.

Abstract: Provided are a computer program product, system, and method for generating data protection directives to provide to a storage controller to control access to data in cache. A data protection directive is generated for a data subset indicating access request type and a protective action with respect to the access request type for the data subset. The data protection directive is transmitted to the storage controller. The storage controller includes the data protection directive in metadata for the data subset. The data protection directive causes the storage controller to perform the protective action in response to an access request of the access request type to a portion of the data subset.

Abstract: A communication system, a UE (User Equipment), a communication method and a computer readable medium may be provided. The communication system (100) includes: a first UE (User Equipment) (110) including a first controller and a first transceiver, wherein the first controller is configured to control the transceiver to send a message including L2 ID (Layer 2 Identity) and verification information; and a second UE (120) including a second controller and a second transceiver, wherein the second controller is configured: to control the transceiver to receive the message from the first UE (110); and to determine whether to accept the L2 ID or not using the verification information.

Abstract: A method executed by a computing device includes determining a set of identigens for each query word of a query to produce sets of identigens, where a set of identigens represents different meanings of a word of the query. The method further includes interpreting the sets of identigens to produce a query entigen group. The method further includes accessing a knowledge database utilizing the query entigen group to recover a preliminary response entigen group. The method further includes modifying an answer breadth level based on a response to the preliminary response entigen group to produce an updated answer breadth level. The method further includes accessing the knowledge database utilizing the query entigen group to recover a secondary response entigen group the updated answer breadth level.

Abstract: A framework for an Internet of things (IoT) service is provided. The framework includes a first device configured to obtain user-related data for the IoT service and control an IoT device based on control data that is generated using the user-related data and a second device configured to generate the control data by analyzing the user-related data. The first device and the second device are configured to share, using a blockchain, the user-related data and the control data.

Abstract: An automated contact tracing system for anonymously identifying contacts between users includes at least a tracing server; and more than one mobile device or wearable of a user comprising means for short-range proximity communication and means for carrying out a computer program for generating Encounter-Tokens, when one user spent a pre-defined amount of time in a pre-defined proximity range of another user.

Abstract: Techniques and devices for securing return communication through application uniform resource locators are described for commissioning a joiner device to a home area network by an initiator device in which the initiator device obtains a Responder Access Uniform Resource Locator (URL) and using the obtained Responder Access URL, generates an Augmented Responder Access URL. The initiator device accesses the Augmented Responder Access URL at a responder, which causes the responder to generate a Responder Payload. The initiator device accesses an Augmented Initiator Response URL including the generated Responder Payload and recovers the Responder Payload, the recovery of the Responder Payload causing the initiator device to commission the joiner device to the home area network.

Abstract: Device-implemented methodology for enabling and/or performing crypto-erase via internal action and/or external action in a Key per IO-enabled system. In various approaches, crypto-erasure of the data stored in a Key per IO scheme is enabled by implementing an internal key, which is combined with an external key to generate a media encryption key, which is in turn used to encrypt/decrypt data. By restricting access to the internal key, destruction of the internal key and all media encryption key(s) created using the internal key, renders the data crypto-erased, and thus unrecoverable.

Abstract: Embodiments of this application provide a key update method and a related apparatus. One example method includes: sending a first key update request to a second node, where the first key update request includes a first key negotiation parameter and first identity authentication information, and the first identity authentication information is generated by using a first shared key; receiving a first response message from the second node, where the first response message includes second identity authentication information; performing verification on the second identity authentication information by using the first shared key; and if the verification on the second identity authentication information succeeds, determining a first target key based on the first key negotiation parameter.

Abstract: Systems, methods, and computer-readable storage media to exchange using dynamic non-fungible token (DNFT) exchange instruments. One method includes receiving an issuance request, generating a DNFT exchange instrument, dynamically updating the DNFT exchange instrument, and executing an exchange.

Abstract: A method for providing interactive recording networks is disclosed. Multiple child networks can be established, each child network being coordinated by a respective coordinating entity. Each coordinating entity can also participate in a central parent network. A data package can be sent from one network to another. When a data package is sent to another network, additional data can be added to indicate that the data package is being escalated.

Abstract: Some examples relate to a verifying the authenticity of IKE exchange messages in a VPN. In an example, a VPN client sends a VPN server profile request message to a VPN server for establishing a VPN connection. In response, the VPN server provides a VPN server profile to the VPN client. The VPN server profile comprises a cryptographic public key associated with a server certificate of the VPN server. The VPN client stores the VPN server profile and sends an IKE message to the VPN server. In response to the IKE message, the VPN server sends a signed IKE response message. Upon receipt, the VPN client verifies the authenticity of the signed IKE response message. If the signed IKE message is successfully verified, the VPN client sends an identity of the VPN client to the VPN server.

Abstract: An example operation may include one or more of receiving, via a blockchain peer of a blockchain network, a request to execute chaincode of a blockchain of the blockchain network from a client application, offloading one or more of chaincode operations of the request to hardware on a network switch via a network path between the blockchain peer and the network switch, receiving execution results of the offloaded one or more chaincode operations from the network switch via the network path, and forwarding the execution results received from the network switch to the client application.

Abstract: The present disclosure provides protection to communications after establishing a secured connection to a secured website or application. An authentication service, after establishing a secured session, can calculate a trust score for a user. Based on the trust score, the security agent can encrypt access tokens used to authenticate a secure connection. The system can interrupt the secure connection based on the trust score of the user or the user device. The interruption takes place by ignoring requests to decrypt the access token. Without the decrypted access token, the browser is unable to authenticate the session, preventing further communications. After the user improves the security posture of the device or user, the security agent can recalculate the trust score. When the trust score is above a threshold, the security agent can being decrypting the access token, thereby authenticating communications from the browser.

Abstract: This disclosure generally relates to encrypted communication between terminal devices and service applications via a communication network. Such encrypted communication may be based on various hierarchical levels of encryption keys that are generated and managed by the communication network. Such encrypted communication and key management may be provided by the communication network to the terminal devices as a service that can be subscribed to. The various levels of encryption keys may be managed to improve flexibility of the communication network and to reduce potential security breaches.

Abstract: According to examples, an apparatus may include a processor and a memory on which are stored machine-readable instructions that when executed by the processor, may cause the processor to obtain an encryption key from a user. The processor may identify session activity data during a proxy session of the user and may encrypt the identified session activity data using the encryption key obtained from the user. The processor may store the encrypted session activity data.

Abstract: Provided is a secure communication control system. The secure communication control system comprises a guest control unit provided in a guest operating system for generating a thread requesting arbitrary data from a host application installed in a host operating system; a guest shared key generation unit for generating a guest shared key to be used in the thread; a guest communication unit for transmitting the thread and the guest shared key to the host operating system; a host shared key generation unit for generating a host shared key corresponding to the guest shared key; a host control unit for requesting data according to the thread from the host application to receive the data from the host application, generating a session key from the guest shared key, and generating cipher text by encrypting the data using the session key; and a host communication unit for transmitting the cipher text and the host shared key to the guest operating system.

Abstract: Aspects are described that utilize a distributed network of measurement points to detect sources of lag in a network, but are not so limited. Sources of lag can be detected at particular locations in a network or multiple networks using a plurality of distributed measurement points. Each measurement point can be configured to monitor network conditions at a particular network location using a measurement client to perform a network testing procedure with a measurement stream. Each measurement point can also include a measurement server configured to receive a measurement stream from at least one measurement client. A controller is configured to manage and control one or more of the plurality of measurement clients using a secure connection. Aspects are configured to detect one or more sources of lag of a distributed network of devices and/or cause procedures to be implemented to mitigate identified sources of lag.

Abstract: A distributed system and method for compressing and restoring data across edge computing devices and cloud infrastructure is disclosed. The system preprocesses raw data at edge computing devices, compresses the data into latent space vectors using distributed encoders within a variational autoencoder spanning edge and cloud components, decompresses the vectors using decoders, and processes them through a resource-aware neural upsampler to generate enhanced reconstructed outputs. The system dynamically adapts compression based on available computing resources and network conditions, while enabling secure distributed processing through homomorphic operations on compressed data. Edge-cloud coordination layers manage data flow, compression parameters, and workload distribution, while maintaining system reliability through intelligent failover handling and resource optimization.

Abstract: The present disclosure provides a User Equipment (UE) comprising a transceiver circuit; and a controller configured to control the transceiver circuit to send, to an Access and mobility Management Function (AMF) of a communication node, an identifier, wherein upon successful authentication of a network access function of the UE in the communication node, the controller is configured to maintain a secure connection with the communication node.

Abstract: A service platform/transceiver device locking system include a transceiver device that disables its data communication operations during an initialization operation and generates challenge information, and a platform device that retrieves that challenge information. The platform device uses a service platform private key to encrypt the challenge information, and provides the encrypted challenge information and a service-platform-provider-private-key-signed service platform public key to the transceiver device. The transceiver device uses a service platform provider public key to verify a service platform public key in the service-platform-provider-private-key-signed service platform public key to produce a verified service platform public key that it uses to decrypt the encrypted challenge information to produce decrypted challenge information.

Abstract: An apparatus and system for onboarding based on UE default manufacturer credentials are described. A UE sends default manufacturer credentials and an indication to proceed with restricted onboarding to an onboarding non-public network (O-SNPN). An Onboarding Server validates the authenticity of the UE based on the manufacturer credentials and sends a certificate. The UE is provisioned with a set of roots of trust certificate information to use to authenticate the certificate using one way authentication. After authentication, the UE receives network credentials and performs mutual authentication to register with a NPN while being authenticated by a home network. The UE identity is indicated as anonymous in response to an indication by the O-SNPN for subscriber identifier privacy.

Abstract: Systems and methods for managing communications during the orchestration of workspaces by multiple remote orchestrators are described. In an illustrative, non-limiting embodiment, a first orchestrator with respect to a workspace executed by a client Information Handling System (IHS) may include a processor and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution by the processor, cause the first orchestrator to: create a first payload with a first data portion; and receive, from a second orchestrator with respect to the workspace, a hash of at least a second data portion exclusive of the second data portion, where the second orchestrator is configured to send a second payload comprising the second data portion to the client IHS, and where the client IHS is configured to validate the second payload, at least in part, based upon the hash.

Abstract: A method includes receiving an indication of a request from a client device. The request is for establishing an access session to perform one or more actions on data of a data processing platform. The method includes receiving data indicative of a context of the access session request and establishing a challenge session associated with the request that indicates one or more challenges required of a user associated with a client device to successfully respond to in order to establish the requested access session, a number or a type of the one or more challenges being determined based on the context, and establishing an access session to enable the user to perform the one or more actions on the data of the data processing platform if responses to all challenges in the challenge session are successful.

Abstract: A system and method for secure authentication between applications that may be attacked with an attack originating from a quantum computer is provided. The systems and methods can involve generating a plurality of keys, wherein each key of the plurality of keys is unique and determining one or more pairs of applications from a plurality of applications, wherein each pair can include applications that can connect. The systems and methods can also involve upon receiving a request from a first application of the plurality of applications to connect to a second application of the plurality of applications finding the pair of the one or more pairs that includes both the first application and the second application and associating one key of the plurality of keys to the pair, and performing by the first application and the second application, mutual authentication using the one key.

Abstract: Device-implemented methodology for enabling and/or performing crypto-erase via internal action and/or external action in a Key per IO-enabled system. In various approaches, crypto-erasure of the data stored in a Key per IO scheme is enabled by implementing an internal key, which is combined with an external key to generate a media encryption key, which is in turn used to encrypt/decrypt data. By restricting access to the internal key, destruction of the internal key and all media encryption key(s) created using the internal key, renders the data crypto-erased, and thus unrecoverable.

Abstract: A communication method, apparatus, and system are provided, to resolve problems in a conventional technology that an AKMA authentication procedure is complex and signaling overheads are large. Principles of the method are as follows: In a registration procedure of a terminal device, AKMA authentication is implicitly indicated based on primary authentication. For example, if primary authentication succeeds, it may be considered that AKMA authentication also succeeds. In addition, an AKMA temporary identifier is allocated to the terminal device after AKMA authentication succeeds. According to the method, apparatus, and system in this application, no additional AKMA authentication is required. This simplifies a procedure and reduces signaling overheads.

Abstract: In an approach, a processor receives a query relating to mobile number porting on a mobile network that includes a hierarchy including a mobile network operator and a mobile virtual network operator, the query requiring access to customer private data. A processor identifies a minimal number of participants in the mobile network with access to the customer private data. A customer provides a response to the query.

Abstract: Disclosed is a system for implementing indirect certificate pinning. The system comprises a client device configured to execute client application having a public signing key pinned thereto, and a certificate information server communicably coupled with client device. Upon execution, the client application is configured to: send, to certificate information server, a connection request; receive, from certificate information server, a security certificate of certificate information server and signing information pertaining to the security certificate, wherein signing information comprises: signatures of security certificate for at least one signing key pair that is valid at a time of receiving connection request, a version number of the at least one signing key pair, expiration details of the at least one signing key pair; and validate the signatures using the security certificate and the public signing key, for enabling connection of the client device with the certificate information server.

Abstract: The present invention is a distributed and autonomous digital data security agent that secures stored data and the storage device itself, from remote manipulation. The present system is an “agent” in that it acts independently in the accomplishment of its objects and is distributed in that its functionality is resides on firmware resident at disparate hardware locations. The agent is autonomous in that it cannot be remotely compromised. The system includes server having a dedicated Private link with a Chip Administrator, and a Data Link between a first-Chip, a second: Chip of said security agent. The first-Chip is resident and operable to control Write/Read calls and data transfers between the server and the second: Chips of the data storage. The Chip Administrator, first-Chip and second-Chip in combination with their associated Firmwares provide said distributed and autonomous data security agent.

Abstract: Methods and systems described herein relate to an improved platform that provides secure, encrypted communications across distributed computer networks when coordinating cryptography-based digital repositories in order to perform blockchain operations in decentralized applications. More specifically, the methods and systems provide this improved platform by introducing additional abstraction layers into a production service for computing signatures during multi-party computation (MPC) signing procedures.

Abstract: An image forming apparatus includes: a main casing to which a consumable including a consumable memory is attachable; a main memory; and a controller configured to perform: when the consumable is new, storing identification information of the consumable in the main memory; when the consumable is used and is a special consumable, determining whether the identification information is stored in the main memory; when the identification information is stored in the main memory, permitting use of the consumable; when the identification information is not stored in the main memory; prohibiting use of the consumable; and while an external memory is physically connected to the main casing, storing the identification information in the external memory. By the external memory being physically connected to another image forming apparatus, the another image forming apparatus permits use of the consumable therein on the basis of the identification information stored in the external memory.

Abstract: A blockchain network may be used to improve upon public-key infrastructure by providing for fast and secure registration, revocation and update of digital certificates. A public key may be recorded on the blockchain by a certificate authority in such a manner that any third party may quickly and easily verify that the public key is certified by the certificate authority and that the certification has not been revoked. The certificate authority may be able to revoke the certification nearly instantaneously, and/or may be able to simultaneously certify a new key for the same entity while revoking the old key. In some cases, the ability to revoke a certification may be given to the owner of the public key or, in some cases, to one or even a group of other entities.

Abstract: Described systems and methods protect client devices such as personal computers and IoT devices against harmful or inappropriate Internet content. When a client uses an encrypted handshake to hide the identity of the end server, e.g., in applications implementing an encrypted client hello (ECH), some embodiments employ a modified DNS server to provide a surrogate key to the client instead of the genuine handshake key. A traffic filter executing for instance on a network gateway may then intercept and decrypt the handshake and apply an access policy to selectively allow or deny access to the respective end server. When access is allowed, the traffic filter may re-encrypt the server identifier using the genuine handshake key before forwarding the handshake to its destination. Communication privacy is maintained since the illustrated methods only decrypt the handshake, and not the actual payload.

Abstract: A method in accordance with the invention includes: providing to a hub, from an enclave associated with a TEE at a node, an enclave public key; establishing a channel with the hub by broadcasting to a blockchain network a funding transaction which encumbers a digital asset with a first public key, a second public key and a third public key such that the encumbrance of the digital asset may be removed by: 1) both a first signature generated from a first private key corresponding to the first public key and a second signature generated from a second private key corresponding to the second public key; or 2) a third signature, valid for the third public key, the third public key associated with a group; receiving a commitment transaction encrypted with the enclave public key; detecting a failure; issuing a failsafe activation request to the group using data from the enclave.

Abstract: The invention relates to systems, methods, network devices, and machine-readable media for encrypting and decrypting messages in a decentralized multi-authority attribute-based encryption (MA-ABE) scheme for a non-trivial class of access policies whose security is based in the random oracle model solely on the Learning With Errors (LWE) assumption. In some embodiments, any party can become an authority and there is no requirement for any global coordination other than the creation of an initial set of common reference parameters.

Abstract: A system, method, and computer-readable medium for performing a communications management operation. The communications management operation includes: providing a data center asset with a connectivity management system client module; setting the data center asset to a disable until claimed status; providing the data center asset with proof of possession information; establishing a connection between the connectivity management system client module and a connectivity management system of a data center monitoring and management console, establishing a secure communication channel between the connectivity management system client module and a connectivity management system aggregator based upon the proof of ownership information; and, setting the data asset center to a claimed status based upon the information exchanged between the connectivity management system client module and the connectivity management system.

Abstract: According to an example aspect of the present invention, there is provided a method comprising, transmitting to a second wireless node timing information for security key adoption and information indicative of a third wireless node, transmitting to the third wireless node a message to estimate a channel between the second wireless node and the third wireless node, the message to estimate the channel comprising information indicative of the second wireless node and channel measurement resource information associated with the second wireless node, obtaining a security key generated on the basis of channel estimation information based on estimation of the channel by the third wireless node, and applying the security key for encrypted data transmission between the first wireless node and the second wireless node.

Abstract: Systems and methods for enabling the secure use of cryptocurrencies (such as but not limited to Bitcoin, Ethereum, or Litecoin) in prize funds or gift cards that accept purchases or wagers in fiat currencies and payout in cryptocurrency. The prize funds can be associated with lotteries, charitable gaming, or casino environments with the inherent volatility of cryptocurrencies optionally mitigated and cryptocurrency payouts enabled for consumers or players without prior digital wallets as well as consumers or players with preexisting digital wallets.

Abstract: A wireless network access method, apparatus, device, and system are provided.

Abstract: In certain aspects, a computer-implemented method includes monitoring data entries written on a private primary ledger. The computer-implemented method includes recording the data entries written on the private primary ledger to an immutable public secondary ledger.

Abstract: The present disclosure discloses a file sharing method and system. The method includes: obtaining a target file and determining a first dynamic key corresponding to the target file; generating a first private key based on the first dynamic key and double private keys; selecting unpaired public and private keys, and generating a first public key based on the first dynamic key, the selected public and private keys; encrypting a symmetric key using the first public key to obtain a key ciphertext; encrypting the target file using the symmetric key to obtain a file ciphertext; signing the first dynamic key, the first public key, the key ciphertext and the file ciphertext using the first private key to obtain signature information; and uploading the first dynamic key, the first public key, the key ciphertext, the file ciphertext and the signature information to a cloud sharing end to share the target file.

Abstract: This disclosure provides systems, methods, and apparatuses for associating a wireless communication device such as a wireless station (STA) of a STA multi-link device (MLD) with an access point (AP) MLD that includes a first AP associated with a first communication link of the AP MLD and includes one or more secondary APs associated with one or more respective secondary communication links of the first AP MLD. The first AP includes one or more virtual APs, and the first AP and the one or more virtual APs of the first AP belong to a first multiple basic service set identifier (BSSID) set associated with the first communication link.

Abstract: Disclosed in the present disclosure is a blockchain network security communication method based on a quantum key. On the basis of a blockchain network formed by means of combining quantum key distribution technology and blockchain technology, the method implements the process of quantum key distribution, acquisition and encryption transmission with simple steps which are easy to control and implement, to ensure the secure conduction of communication services in the blockchain network.

Abstract: A method, apparatus and computer program product are provided for generating a registered certified seal, sealing an asset, and verifying a sealed asset. In an example embodiment, a method is provided for receiving a request to generate a registered certified seal from an entity, accessing certifier entity data via a uniform resource locator of a certification authority identified by a certifying certificate, and verifying a digitally signed entity certifying certificate. The method further comprises upon verifying the digitally signed entity certifying certificate, receiving seal data comprising a seal data key for a certified seal, and saving the seal data for the entity within a digital seal registry, wherein the digital seal registry is searchable based at least in part on at least a portion of the seal data key.