Abstract: The present invention is a distributed and autonomous digital data security agent that secures stored data and the storage device itself, from remote manipulation. The present system is an “agent” in that it acts independently in the accomplishment of its objects and is distributed in that its functionality is resides on firmware resident at disparate hardware locations. The agent is autonomous in that it cannot be remotely compromised. The system includes server having a dedicated Private link with a Chip Administrator, and a Data Link between a first-Chip, a second: Chip of said security agent. The first-Chip is resident and operable to control Write/Read calls and data transfers between the server and the second: Chips of the data storage. The Chip Administrator, first-Chip and second-Chip in combination with their associated Firmwares provide said distributed and autonomous data security agent.

Abstract: Methods and systems described herein relate to an improved platform that provides secure, encrypted communications across distributed computer networks when coordinating cryptography-based digital repositories in order to perform blockchain operations in decentralized applications. More specifically, the methods and systems provide this improved platform by introducing additional abstraction layers into a production service for computing signatures during multi-party computation (MPC) signing procedures.

Abstract: A blockchain network may be used to improve upon public-key infrastructure by providing for fast and secure registration, revocation and update of digital certificates. A public key may be recorded on the blockchain by a certificate authority in such a manner that any third party may quickly and easily verify that the public key is certified by the certificate authority and that the certification has not been revoked. The certificate authority may be able to revoke the certification nearly instantaneously, and/or may be able to simultaneously certify a new key for the same entity while revoking the old key. In some cases, the ability to revoke a certification may be given to the owner of the public key or, in some cases, to one or even a group of other entities.

Abstract: An image forming apparatus includes: a main casing to which a consumable including a consumable memory is attachable; a main memory; and a controller configured to perform: when the consumable is new, storing identification information of the consumable in the main memory; when the consumable is used and is a special consumable, determining whether the identification information is stored in the main memory; when the identification information is stored in the main memory, permitting use of the consumable; when the identification information is not stored in the main memory; prohibiting use of the consumable; and while an external memory is physically connected to the main casing, storing the identification information in the external memory. By the external memory being physically connected to another image forming apparatus, the another image forming apparatus permits use of the consumable therein on the basis of the identification information stored in the external memory.

Abstract: Described systems and methods protect client devices such as personal computers and IoT devices against harmful or inappropriate Internet content. When a client uses an encrypted handshake to hide the identity of the end server, e.g., in applications implementing an encrypted client hello (ECH), some embodiments employ a modified DNS server to provide a surrogate key to the client instead of the genuine handshake key. A traffic filter executing for instance on a network gateway may then intercept and decrypt the handshake and apply an access policy to selectively allow or deny access to the respective end server. When access is allowed, the traffic filter may re-encrypt the server identifier using the genuine handshake key before forwarding the handshake to its destination. Communication privacy is maintained since the illustrated methods only decrypt the handshake, and not the actual payload.

Abstract: A method in accordance with the invention includes: providing to a hub, from an enclave associated with a TEE at a node, an enclave public key; establishing a channel with the hub by broadcasting to a blockchain network a funding transaction which encumbers a digital asset with a first public key, a second public key and a third public key such that the encumbrance of the digital asset may be removed by: 1) both a first signature generated from a first private key corresponding to the first public key and a second signature generated from a second private key corresponding to the second public key; or 2) a third signature, valid for the third public key, the third public key associated with a group; receiving a commitment transaction encrypted with the enclave public key; detecting a failure; issuing a failsafe activation request to the group using data from the enclave.

Abstract: A system, method, and computer-readable medium for performing a communications management operation. The communications management operation includes: providing a data center asset with a connectivity management system client module; setting the data center asset to a disable until claimed status; providing the data center asset with proof of possession information; establishing a connection between the connectivity management system client module and a connectivity management system of a data center monitoring and management console, establishing a secure communication channel between the connectivity management system client module and a connectivity management system aggregator based upon the proof of ownership information; and, setting the data asset center to a claimed status based upon the information exchanged between the connectivity management system client module and the connectivity management system.

Abstract: The invention relates to systems, methods, network devices, and machine-readable media for encrypting and decrypting messages in a decentralized multi-authority attribute-based encryption (MA-ABE) scheme for a non-trivial class of access policies whose security is based in the random oracle model solely on the Learning With Errors (LWE) assumption. In some embodiments, any party can become an authority and there is no requirement for any global coordination other than the creation of an initial set of common reference parameters.

Abstract: Systems and methods for enabling the secure use of cryptocurrencies (such as but not limited to Bitcoin, Ethereum, or Litecoin) in prize funds or gift cards that accept purchases or wagers in fiat currencies and payout in cryptocurrency. The prize funds can be associated with lotteries, charitable gaming, or casino environments with the inherent volatility of cryptocurrencies optionally mitigated and cryptocurrency payouts enabled for consumers or players without prior digital wallets as well as consumers or players with preexisting digital wallets.

Abstract: A wireless network access method, apparatus, device, and system are provided.

Abstract: According to an example aspect of the present invention, there is provided a method comprising, transmitting to a second wireless node timing information for security key adoption and information indicative of a third wireless node, transmitting to the third wireless node a message to estimate a channel between the second wireless node and the third wireless node, the message to estimate the channel comprising information indicative of the second wireless node and channel measurement resource information associated with the second wireless node, obtaining a security key generated on the basis of channel estimation information based on estimation of the channel by the third wireless node, and applying the security key for encrypted data transmission between the first wireless node and the second wireless node.

Abstract: The present disclosure discloses a file sharing method and system. The method includes: obtaining a target file and determining a first dynamic key corresponding to the target file; generating a first private key based on the first dynamic key and double private keys; selecting unpaired public and private keys, and generating a first public key based on the first dynamic key, the selected public and private keys; encrypting a symmetric key using the first public key to obtain a key ciphertext; encrypting the target file using the symmetric key to obtain a file ciphertext; signing the first dynamic key, the first public key, the key ciphertext and the file ciphertext using the first private key to obtain signature information; and uploading the first dynamic key, the first public key, the key ciphertext, the file ciphertext and the signature information to a cloud sharing end to share the target file.

Abstract: In certain aspects, a computer-implemented method includes monitoring data entries written on a private primary ledger. The computer-implemented method includes recording the data entries written on the private primary ledger to an immutable public secondary ledger.

Abstract: Disclosed in the present disclosure is a blockchain network security communication method based on a quantum key. On the basis of a blockchain network formed by means of combining quantum key distribution technology and blockchain technology, the method implements the process of quantum key distribution, acquisition and encryption transmission with simple steps which are easy to control and implement, to ensure the secure conduction of communication services in the blockchain network.

Abstract: This disclosure provides systems, methods, and apparatuses for associating a wireless communication device such as a wireless station (STA) of a STA multi-link device (MLD) with an access point (AP) MLD that includes a first AP associated with a first communication link of the AP MLD and includes one or more secondary APs associated with one or more respective secondary communication links of the first AP MLD. The first AP includes one or more virtual APs, and the first AP and the one or more virtual APs of the first AP belong to a first multiple basic service set identifier (BSSID) set associated with the first communication link.

Abstract: A method for authorizing a secure access from a local device to a remote server computer is disclosed. At the local device having a unique identifier (UID), processor, and memory, a security software obtains a personal identification number (PIN) of a user, and the UID of the local device. Authenticity of the PIN and the UID is verified without communication over a network, using a credential code generated using the PIN, the UID and the security software. Upon verifying the authenticity of the PIN and the UID, access credentials to the remote server computer are retrieved, and the secure access to the remote server computer is authorized using the retrieved access credentials. The remote server computer has a copy of the security software, the PIN, the UID and the credential code.

Abstract: A method, apparatus and computer program product are provided for generating a registered certified seal, sealing an asset, and verifying a sealed asset. In an example embodiment, a method is provided for receiving a request to generate a registered certified seal from an entity, accessing certifier entity data via a uniform resource locator of a certification authority identified by a certifying certificate, and verifying a digitally signed entity certifying certificate. The method further comprises upon verifying the digitally signed entity certifying certificate, receiving seal data comprising a seal data key for a certified seal, and saving the seal data for the entity within a digital seal registry, wherein the digital seal registry is searchable based at least in part on at least a portion of the seal data key.

Abstract: Embodiments for bounded broadcast encryption key management in a peer-to-peer network are described. To realize bounded broadcast encryption key management, a second peer of the peer-to-peer network receives a first broadcast message from a first peer. The first broadcast message includes at least a public key associated with the first peer. The second peer then generates a key seed in response to receiving the first broadcast message, and creates a second message that includes the key seed encapsulated with the public key. The second peer then transmits the second message to the first peer, and in response to the transmission of the second message, receives a packet from the first peer. The packet includes data encrypted using a secret key derivable from the key seed and one or more portions of the second message.

Abstract: An unlocking method and an electronic device relate to the field of terminal technologies.

Abstract: This disclosure provides systems, methods, and apparatuses for associating a wireless communication device such as a wireless station (STA) of a STA multi-link device (MLD) with an access point (AP) MLD that includes a first AP associated with a first communication link of the AP MLD and includes one or more secondary APs associated with one or more respective secondary communication links of the first AP MLD. The first AP includes one or more virtual APs, and the first AP and the one or more virtual APs of the first AP belong to a first multiple basic service set identifier (BSSID) set associated with the first communication link.

Abstract: A method and system for establishing two-way trust between a short-range communication device and a hub device. The method includes: obtaining, from a hub device, a digitally signed request for determining whether the hub device is a trusted communication device for a short-range communication device and a cryptographic key generated by the short-range communication device; generating a response to the request; encrypting the response to the request by using the cryptographic key provided by the short-range communication device, so that the encrypted response can be decrypted only by the short-range communication device; and providing the encrypted response to the hub device. The short-range communication device may decrypt the response and determine whether the hub device is the trusted communication device based on information indicated in the response.

Abstract: A first network device may install a new receive key on a data plane of the first network device, and may provide, to a second network device, a first request to install the new receive key. The first network device may receive a first indication that the new receive key is installed by the second network device, and may install a new transmit key on the data plane of the first network device based on the first indication. The first network device may provide, to the second network device, a second request to install the new transmit key, and may receive a second indication that the new transmit key is installed and that an old receive key is deleted by the second network device. The first network device may delete the old receive key from the data plane of the first network device based on the second indication.

Abstract: Systems, methods and devices are described for establishing trusted connections among two or more therapy devices that form, or form part of, a medication therapy system. A medication delivery electronics may include a first communication interface, a connection manager, and a therapy management application. A first communication interface may be configured to establish and communicate over one or more communication links. A connection manager may be configured to generate a candidate shared secret key and provide the shared key to a first therapy device over a first communication link established by a first communication interface. A candidate shared key may be generated responsive to one or more shared secret parameters.

Abstract: A method and device for establishing a communication along a communications channel between a first device (200A) and a second device (200B) is disclosed. The method comprises mutually discovering the first device (200A) and the second device (200B), validating (F5, F6, F7) the communications channel between the first device (200A) and the second device (200B) by exchange of data messages, exchanging a secret between the first device (200A) and the second device (200B) and then exchanging encrypted messages along the communications channel.

Abstract: Methods and systems for a device connectivity services system. A method for using the device connectivity services includes receiving a request to connect with a device to perform one or more tasks at the device, processing the request with respect to connectivity factors related to the request and the device, scheduling the request based on the connectivity factors, instantiating a controller to execute the one or more tasks at the device, sending commands to the device over a connection to perform the one or more tasks, and receiving responses from the device over the connection after completing the one or more tasks.

Abstract: This disclosure relates to, among other things, systems and methods for managing and/or verifying the integrity and/or provenance of digital content and/or media. Embodiments of the systems and methods disclosed herein may provide a mechanism for generating a secure records relating to digital content and/or other media by capturing records relating to creation and/or modification actions performed in connection with digital content and/or media and storing such records in a ledger. Trusted services that examine captured information recorded in trusted databases and/or ledgers and generate derivative information relating to associated content and/or media. When viewing content, trusted content applications may query the trusted service for derivative information relating to the content and/or media, providing users with an indication of the derivative information in connection with content and/or media playback.

Abstract: A node in a distributed network computes a hash of content for a service received in a data packet. The node verifies the data packet by comparing the hash of the content of a service received from a neighboring node to a hash of the content computed by the node. An amount of content of the service having a same identification is accumulated in a trusted execution environment (TEE) of the node, and a signature based on code stored in a TEE of the node is generated. The node then sends the data packet to the next neighboring node, where the service-related information includes the service ID, a hash of the service content and the signature. The service records with the accumulated amount of service content, accumulated hash values, and nodes' signatures are sent to the validation nodes to reach consensus for the service provided.

Abstract: This document describes systems and techniques for using secure MPC to select digital components in ways that preserve user privacy and protects the security of data of each party that is involved in the selection process. In one aspect, a method includes obtaining, by a first computer of a secure multi-party computation (MPC) system, at least a first share of a set of contextual properties of an environment in which a selected digital component will be displayed at a client device. For each digital component in a set of digital components, at least a first share of an eligibility expression that defines a relationship between a set of eligibility criteria for the digital component is obtained. A determination is made, based on the at least first share of the set of contextual properties and the at least first share of the eligibility expression, a first share of an eligibility parameter.

Abstract: Aspects of the disclosure are directed to point-to-point generation and rotation of security tokens to provide anti-spoof protection in a virtual network stack. Existing public key infrastructure can be leveraged to establish secure connections for control plane purposes. The hosts can run local daemons on machines and can establish secure connections to a control plane as well as to other hosts.

Abstract: This disclosure relates to protecting the security of information in content selection and distribution. In one aspect, a method includes receiving, from a client device and by a first computing system of multi-party computation (MPC) systems, a digital component request including first secret shares of data identifying user groups that include a user of the client device as a member. The first computing system transmits a contextual digital component request to a content platform. The first computing system receives, from the content platform, selection data for multiple digital components. The selection data includes first vector data defining a contextual-based vector of values selected based in part on the set of contextual signals. The first computing system obtains, for each digital component, second vector data defining a user group-based vector of values selected based in part on a respective user group corresponding to the digital component.

Abstract: Systems and methods to at least provide access control for execution of smart contract functions (methods) through consensus mechanisms are disclosed. A first smart contract is stored on a blockchain network. During execution, the first smart contract performs operations that include: aggregating a threshold number of signed blockchain transactions from authorized blockchain addresses, receiving a set of signed blockchain transactions calling a function of a target smart contract from a set of blockchain addresses, verifying that each blockchain address of the set of authorized blockchain addresses is authorized to make the call, and calling the function of the target smart contract when a number of signed blockchain transactions calling the function exceeds a threshold number.

Abstract: A method of processing a memory system that includes a substrate with a connector and a semiconductor memory chip connected to the connector is provided. The method includes detaching the semiconductor memory chip from the connector, performing an annealing process with respect to the semiconductor memory chip detached from the connector, and after the annealing process, attaching the semiconductor memory chip to the connector on the substrate.

Abstract: Systems and methods for using JavaScript Object Notation (JSON) Web Tokens for information security for a particular software-controlled application are disclosed. Exemplary implementations may: store information electronically, including different types of client-provided information, hardware information, key information, and permission information; provide individual JWTs that include individual expiration dates to individual users; receive a user request for continued access and/or use of the particular software-controlled application; perform different types of (automated) verification based on the client-provided information in the user request; and, responsive to particular results from the different types of verification, perform some combination of transferring a response to the user request and accepting or denying continued access and/or use of the particular software-controlled application.

Abstract: A method and system of managing third-party access to insurance information is disclosed. An insurer maintains an insurance information repository that can be accessed only by authenticated third-party partners. The authentication system generates a code for the insured member. The insured member can share the code to their selected third-party service provider. The selected provider will submit the code to the authentication system when requesting access to validated information about the insured member. The code, if valid, will authenticate the service provider and enable access to the requested information.

Abstract: The present disclosure generally relates to securing access to resource and access rights using cryptography and the blockchain. Certain embodiments of the present disclosure generally relate to systems and methods that enhance the security of resource access using hierarchical deterministic (HD) cryptography and the blockchain. Certain embodiments of the present disclosure relate to systems and methods that securely and anonymously represent the identity of a user and the user's access code data on a distributed ledger represented across the blockchain.

Abstract: The combination of virtual payment cards (tokens) and 3D Secure to transparently transport information to an issuing authority between mutually independent transactions. Furthermore, the virtual payment card standard digital information is transformed by embedding the mandated URL/SESSION ID without the need for the card schemes, acquirers, or payment gateways to make any modifications to their system or message formats.

Abstract: Systems and methods for network security are provided. Various embodiments issue single use certificates for validating remote endpoints access to the private network. Some embodiments use a triage zone (or triage gateway) to which remote device can calls into using a static issued certificate. However, instead of granting complete access to the virtual private network, the use of this static certificate only grants access to the triage zone where further validation of the endpoint without any access to sensitive content on the private network. The endpoint can be connected to an ID manager within the triage zone. The endpoint can then send the username and password to the ID manager that can create a single use certificate (e.g., valid for a limited period of time). While valid, the single use certificate can be used by the remote device to gain access to the production zone using a VPN tunnel.

Abstract: In general, one aspect disclosed features a media-capture device, comprising: one or more sensors; a hardware processor; and a non-transitory machine-readable storage medium encoded with instructions executable by the hardware processor to perform a method comprising: initiating acquisition of one or more sensor data samples representing analog phenomena captured by the one or more sensors; receiving the one or more sensor data samples; encoding the one or more sensor data samples; generating a to-be-signed data structure comprising at least one of: the one or more encoded sensor data samples, or one or more cryptographic hashes of the one or more encoded sensor data samples; generating a cryptographic hash of the to-be-signed data structure; determining whether a time-stamping server is reachable over a network connection by the media capture device; and configuring a second data structure based on the determination of whether the time-stamping server is reachable.

Abstract: Provided in embodiments of the present application are a a key generation and terminal provisioning method, an apparatus, and a device thereof. The method for generating a key includes: sending, by an enrollee, a first request message to a configurator, the first request message comprising a first identifier, and the first identifier used to instruct the configurator to perform a network reconfiguration operation; receiving, by the enrollee, a first message sent by the configurator and including first key information; generating, by the enrollee, a session key according to the first key information; sending, by the enrollee, a second message to the configurator, the second message comprising second key information, thus allowing the configurator to generate the session key according to the second key information.

Abstract: A method for personalizing embedded secure elements, eSE, allows for simplified manufacturing before being integrated into host devices. An eSE implements services executed by an embedded operating system, OS, whereupon it is loaded into the eSE. The non-personalized eSE comprises an OS loader and a master cryptographic key common to a plurality of secure elements. It can therefore be produced in large numbers. The OS loader obtains an operating system package from a server and installs it. In response to the installation, the OS loader generates a derivation cryptographic key by diversifying the master cryptographic key, and then the OS generates personalized data by deriving pre-personalization data with the derivation key. The eSE, deployed in the field in a simple non-personalized state, is fully personalized without exchanging secret personalized data.

Abstract: An electronic device includes a memory storing data from an external source, an application processing unit (APU) transmitting a secret key and public key generation command, an isolated execution environment (IEE) generating a secret key in response to the secret key generation command, generating a public key based on the secret key in response to the public key generation command, and storing the secret key, and a non-volatile memory performing write and read operations depending on a request of the APU. When the data are stored in the memory, the APU transmits a public key request to the IEE and in response the IEE transfers the public key to the APU through a mailbox protocol. The APU generates a ciphertext by performing homomorphic encryption on the data based on an encryption key in the public key, and classifies and stores the public key and the ciphertext in the non-volatile memory.

Abstract: A wellsite monitoring system includes a base station, a plurality of access points, and a wellsite communication interface. The base station is configured to provide communication between the wellsite and a remote system. Each of the access points is configured to communicate with base station. The wellsite communication interface is interfaced to well service equipment, and is configured to communicate with the access points via a wellsite protocol used by the base station, and to present an authentication credential to the base station. The base station is also configured to verify an identity of the wellsite communication interface via the authentication credential, and to enable communication with the wellsite communication interface based on verification of the identity of the wellsite communication interface.

Abstract: A processing method implemented by a first device including receiving first data including a challenge datum; obtaining key data including an encrypted cryptographic key which is masked by executing a cryptographic masking function; receiving an unmasking key; determining the encrypted cryptographic key by executing a cryptographic unmasking function on the basis of the unmasking key; determining a decrypted cryptographic key by a decryption by executing a decryption algorithm with white-box implementation on the basis of the encrypted cryptographic key; determining an answer datum by a cryptographic operation by executing a predetermined cryptographic algorithm on the basis of the decrypted cryptographic key and the challenge datum; and sending the answer datum to authenticate the first device.

Abstract: Methods, systems, and apparatus, including a method for determining network measurements. In some aspects, a method includes receiving, by a first aggregation server and from each of multiple client devices, encrypted impression data. A second aggregation server receives, from each of at least a portion of the multiple client devices, encrypted conversion data. The first aggregation server and the second aggregation server perform a multi-party computation process to decrypt the encrypted impression data and the encrypted conversion data. Each portion of decrypted impression data and each portion of decrypted conversion data is sent to a respective reporting system.

Abstract: In one embodiment, a discrepancy detection application automatically detects and addresses unauthorized activities associated with one or more authorization keys based on a request log and a provider log. The request log specifies activities that a client initiated, where the activities are associated with the authorization keys. The provider log specifies activities that a cloud provider performed, where the activities are associated with the authorization keys. In operation, the discrepancy detection application determines that one or more unauthorized activities have occurred based on comparing the request log to the provider log. The discrepancy detection application then performs an action that addresses the unauthorized activities.

Abstract: A key negotiation method and an electronic device are provided, and relate to the field of communications technologies. Specifically, the method includes: An IoT control device multicasts, in a first local area network, a discovery message that carries a first public key, and sends a second ciphertext to a first IoT device after receiving a first ciphertext and a second public key. After receiving a third ciphertext from the first IoT device, the IoT control device decrypts the third ciphertext based on a first session key, to obtain a second signature and second session information; verifies the second signature based on a long-term public key of the first IoT device; and performs encrypted communication with the first IoT device based on the first session key after the second signature is successfully verified.

Abstract: Disclosed herein are embodiments of systems, methods, and products comprising an analytic server for automated digital account/application enrollment. The analytic server may open a new account for a user during a registration process. The analytic server may facilitate automated digital enrollment to allow the user to manage the new account in a mobile application on the user's mobile device. The analytic server may send a text message comprising a direct link to the user's mobile device. The link may direct the user to the app store, where the user can download and install the mobile application automatically. The analytic server may also display a button that allows the user to activate a QR code and scan the QR code using the camera of the user's mobile device. Upon the mobile device scanning the QR code, the analytic server may automatically launch the mobile application and sign the user in.

Abstract: A home network serves a wireless service to visiting User Equipment (UEs) affiliated with visited networks and authorizes the wireless service for home UEs that are visiting the visited networks. A gateway transfers home context to a distributed ledger and receives visited context from the distributed ledger. The gateway transfers the visited context to a controller. The controller exchanges authorization data with the visited networks based on the visited context and the home context. The controller authorizes the wireless data service for the home UEs and the visiting UEs responsive to the exchange of the authorization data. The controller transfers session signaling to wireless access nodes responsive to the authorization of the wireless data service for the visiting UEs. The controller transfers authorization signaling to the visited networks responsive to the authorization of the wireless service for the home UEs.

Abstract: A method of providing secure communication between first and second devices comprises the first device and the second device connecting to a server via a secure communication channel. Encryption keys for the devices are generated and data relating to the encryption keys are exchanged via the server in the secure communication channel. A peer-to-peer connection for exchanging data is generated using encrypted connection information for the devices.

Abstract: Methods and systems for managing and/or processing a blockchain to maintain data security for confidential and/or personal data are provided. According to certain aspects, the disclosed data security techniques may enable access sharing functionality utilizing the blockchain. The data security techniques disclosed herein also enable the use of smart contracts to transfer funds associated with payment obligations. A node may receive a transaction indicative of a settlement condition of a smart contract being satisfied. Accordingly, the transaction may be compiled into a block of a blockchain and routed to the smart contract. The smart contract may direct a node to transfer funds in accordance with the payment obligations.