Abstract: A data storage method comprises sending, by a blockchain node associated with a blockchain, data to an encryption device to cause the encryption device to encrypt the data and return the encrypted data to the blockchain node; receiving the encrypted data returned by the encryption device; and sending the encrypted data to other blockchain nodes associated with the blockchain to cause each of the other blockchain nodes to store the encrypted data in the blockchain after performing consensus verification on the encrypted data with success.

Abstract: Systems and methods for distributed file processing are disclosed. In one embodiment, a computer-implemented method for distributed file processing in a distributed network may include: (1) receiving, at a first distributed host in a network of a plurality of distributed hosts, an archive command; (2) the first distributed host identifying a plurality of files in a shared file system to archive in response to the archive command; (3) the first distributed host splitting at least one of the plurality of files that is above a predetermined size into a plurality of file chunks; (4) the first distributed host instructing a second distributed host to archive one of the plurality of files or plurality of file chunks to a store; and (5) the first distributed host and the second distributed host archiving the plurality of files and the plurality of file chunks to the store.

Abstract: This application discloses a private key generation method and system, and a device. The method includes: sending, by a first network device, a first request to a second network device, where the first request includes a first parameter set; receiving, by the first network device, a first response message returned by the second network device, where the first response message includes a first sub-private key and a second parameter set, the first sub-private key is generated based on the first parameter set, and the first sub-private key is generated for a terminal device; generating, by the first network device, a second sub-private key based on the second parameter set, where the second sub-private key is generated for the terminal device; and synthesizing, by the first network device, the first sub-private key and the second sub-private key into a joint private key according to a synthesis formula.

Abstract: The present invention provides an improved system and method for using cryptography to secure computer-implemented choice mechanisms. In several preferred embodiments, a process is provided for securing participants' submissions while simultaneously providing the capability of validating their submissions. This is referred to as a random permutation. In several other preferred embodiments, a process is provided for securing participants' advance instructions while simultaneously providing the capability of validating their advance instructions. This is referred to as a secure advance instruction. Applications include voting mechanisms, school choice mechanisms, and auction mechanisms.

Abstract: A client can allocate and reassociate unique identifiers to local content items associated with an account at a content management system, and use the unique identifiers to commit operations for the content items on the content management system. For example, a client can create a content item and determine the content item does not have an identifier from the content management system. The client obtains an identifier for the content item and asks the content management system to verify a uniqueness of the identifier. When the identifier is unique, the client adds a node corresponding to the content item to a local tree representing a state at the client of content items associated with the account, and uploads the content item with the identifier to the content management system. When the identifier is not unique, the client obtains a new identifier for the content item.

Abstract: A mobile communication device. The mobile communication device comprises a processor, a non-transitory memory, a subscriber identity module (SIM), wherein the SIM stores an encryption key, and a client application stored in the non-transitory memory. When executed by the processor, the client application transmits a server application authentication token request comprising an identity of the SIM, receives a message comprising a value, requests the SIM to encrypt the value using the encryption key stored by the SIM, receives an encrypted value from the SIM, transmits the encrypted value in a message, receives a server application authentication token, stores the server application authentication token in the non-transitory memory, transmits a server application access request comprising the server application authentication token, and conducts a communication session with the server application.

Abstract: A network entity may determine whether a network context of a device is stored in the device or in the network based, at least in part, on a preference or capability of the device, as reported by the device during attachment to the network entity. The context may be stored in, and retrieved from, a dedicated context storage function that is independent of the network entity. A context storage function may be partitioned, or separate storage functions used, to automatically group and track access network contexts, core network contexts, or network slice contexts. The context storage function may provide to the device an index, such as a link or other identifier to be used in retrieving the stored context information. The context storage function may further provide a token to secure re-attachment communications among the device, the network entity, and the context storage function.

Abstract: Systems and methods for peer-to-peer secure document exchange are disclosed. The system may allow a document provider to securely transmit a certified document to a document verifier using decentralized storage. The verifier system may generate a session key pair and transmit the session public key to a trusted API provider. The trusted API provider may generate a session nonce. The verifier system may transmit the session nonce to the provider system. The provider system may use the session nonce to retrieve the session public key. The provider system may encrypt a certified document using the session public key and store the encrypted certified document in the decentralized storage. The verifier system may retrieve the encrypted certified document by polling the trusted API provider based on the session nonce. The verifier system may decrypt the encrypted certified document using the session private key.

Abstract: In one embodiment, a device writes messages and corresponding trace-on-failure flags to log files when failure conditions are detected. The device propagates the trace-on-failure flags to headers of the log files. The device forms a file index of the log files that have trace-on-failure flags set in their headers. The device performs, using the file index, a lookup of messages in the log files associated with a particular error context. The device sends data from the lookup to an electronic display.

Abstract: Disclosed are various embodiments for distributed verification of digital work product. A blockchain management application receives corresponding updates to a plurality of documents within a time interval. The blockchain management application then generates a single work product record in a blockchain. The single work product record evidences corresponding states of the plurality of documents at an end of the time interval.

Abstract: Systems and methods for accessing credentials from a blockchain are provided. A computing device requests for a server to process a transaction. In response to the request, the server transmits a server public key to the computing device. A key generator of the computing devices uses the user private key and the server public key to generate a user public key. The user public key includes permissions to access credentials that are stored on blockchain. The server receives the user public key and generates a request for credentials to blockchain. The request includes the user public key and the server private key. The blockchain receives the request and generates an identity token. The identity token includes credentials that are specified in the user public key. The blockchain transmits the identity token to the server and the server uses the identity token to processes the transaction.

Abstract: An electronic device that prevents damage and an operation method thereof are provided. The electronic device includes a transceiver, a memory configured to store a first part of a first program, and a processor configured to receive, using the transceiver, a second part of the first program from a second electronic device and perform a first function of the first program by using the first part and the second part.

Abstract: A server receives a login request from a first device. The login request includes login information used for an application login. In response to receiving the login request from the first device, the server transmits, to a second device different from the first device, a first message including a verification code. The first message instructs the second device to broadcast an audio signal including the verification code. The verification code is used to verify the first device by the server.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for training a multi-party secure logistic regression model (SLRM). One of the methods includes receiving, at a plurality of secure computation nodes (SCNs), a plurality of random numbers from a random number provider; encrypting, at each SCN, data stored at the SCN using the received random numbers; iteratively updating a secure logistic regression model (SLRM) by using the encrypted data from each SCN; and after iteratively updating the SLRM, outputting a result of the SLRM, wherein the result is configured to enable a service to be performed by each SCN.

Abstract: Example implementations relate to data recovery. An example controller can deliver file contents to a user, validate the file contents in real-time during the delivery, and in response to a determination that a portion of the file contents is broken, use the validated file contents to recover the broken portion of the file contents. The example controller can also deliver the recovered portion of the file contents to the user.

Abstract: A method includes securely booting a device using a bootloader, where the bootloader is digitally signed using a first cryptographic key associated with the bootloader. The method also includes executing one or more kernel or user applications using the device, where the one or more kernel or user applications are digitally signed using one or more second cryptographic keys associated with the one or more kernel or user applications. In addition, the method includes using an in-band channel to update or replace the first cryptographic key.

Abstract: A method and a device for performing communication by using a virtual subscriber identity module are used to provide a mode in which the device can perform communication without a SIM card. The method includes: receiving, by a first device, a virtual subscriber identity module data package sent by a second device by using a short range communications protocol, where the virtual subscriber identity module data package carries a virtual subscriber identity, and the virtual subscriber identity is used to uniquely identify a user using the first device when the first device performs communication in a network provided by a mobile communications operator; obtaining, by the first device, the virtual subscriber identity by using the virtual subscriber identity module data package; and communicating, by the first device by using the virtual subscriber identity, with another device in the network provided by the mobile communications operator.

Abstract: Methods and systems for Predictive Malware Defense (PMD) are described. The systems and methods can utilize advanced machine-learning (ML) techniques to generate malware defenses preemptively. Embodiments of PMD can utilize models, which are trained on features extracted from malware families, to predict possible courses of malware evolution. PMD captures these predicted future evolutions in signatures of as yet unseen malware variants to function as a malware vaccine. These signatures of predicted future malware “evolutions” can be added to the training set of a machine-learning (ML) based malware detection and/or mitigation system so that it can detect these new variants as they arrive.

Abstract: A method provides a synchronization cycle for updating changing component property values at a client and a gateway system. When the client receives a change to a value, it saves the change as a pending value in association with an existing value for the component property. The client sends a set of changes and an identifier to the gateway system. The gateway system updates its component property values accordingly. The gateway system accumulates changes to property values including changes from the client and other changes received via data bindings or other methods. The gateway system sends a message to the client including the accumulated property value changes and the identifiers associated with client-provided value changes that have been applied. The client updates its component property values according to the accumulated changes and removes references to pending values that are associated with identifiers sent back by the gateway system.

Abstract: The embodiment herein provides a method for securely transmitting a firmware update image to a device using a key management system. The key management subsystem includes a cellular modem. The method includes (i) configuring a SIM of the cellular modem to update a public key of a server using a key manager module of the Subscriber Identity Module (SIM), (ii) enabling the SIM to receive an encrypted key package from the server, using the cellular modem, (iii) processing the encrypted firmware update image that has to be transmitted to the device using the SIM and (iv) transmitting the decrypted key package to the device to enable implementation of the decrypted key package into the device using the SIM.

Abstract: A shared key, used by one node and another node of a computing environment in authentication of one or more links coupling the one node and the other node, is determined to be within an expiration range. Based on determining the shared key is within the expiration range, re-authentication of at least one link is automatically initiated. The automatically initiating re-authentication includes obtaining, by the one node, a new shared key from a key server, sending a message encrypted with the new shared key from the one node to the other node via one link of the one or more links, and receiving by the one node via the one link an indication that the other node decrypted the message using the new shared key.

Abstract: In order to ensure that a Subscription Concealed Identifier, SUCI, is calculated in the Universal Subscriber Identity Module, USIM, part of a User Equipment, UE, when intended, when a SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the USIM, a network node sets proprietary information, which is not known to a Mobile Equipment, ME, part of the UE, as required for calculation of the SUCI. The USIM facilitates calculation of the SUCI in the ME part of the UE only when the SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the ME. When the SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the USIM, the ME part deletes any locally stored information required for calculation of the SUCI.

Abstract: Techniques for operating a multi-homed computing instance process are described herein. First credentials associated with a first attribute of a first account may be obtained. A process executing on a computing instance may communicate with the first account over a first communication channel based at least in part on the first credentials. Instructions may be received for the process to communicate with both the first account and a second account. Second credentials associated with a second attribute of the second account may be obtained. The second credentials may be obtained based, at least in part, on the first attribute acquiring the second attribute. The process may communicate with the second account over a second communication channel based at least in part on the second credentials. Additionally, the process may communicate with multiple different representations of a particular account, such as different representations that are hosted in different respective regions.

Abstract: Systems and methods for providing reliability and redundancy of data for networked nodes (e.g., sensors and/or actuators) is provided. Each sensor may operate as network node in the sensor network that may operate as a peer to peer (P2P) consensus network. Each network node may maintain its local copy of a data chain and may generate a data block for updating the data chain. After a threshold number of network nodes generate the same consensus block from the data block, each network node may update its local data chain by appending the consensus block thereto.

Abstract: A system may include a transaction history controller to store, in a distributed blockchain database, a first chain including a primary head node for a first subscriber to a social media history map service and multiple blocks each representing an online transaction for the first subscriber, and a second chain including a follower head node, linked to the primary head node, for a second subscriber and multiple blocks each representing an online transaction for the second subscriber. The transaction history controller may receive data representing a first online transaction for the second subscriber, format the data for the distributed blockchain database, store the formatted data as a new block in the second chain, receive a request to generate a trend report for a cluster of subscribers that includes the first and second subscribers, and generate the trend report dependent on the blocks in the first and second chains.

Abstract: A privacy preserving tag and methods for reading the same are disclosed. An authentication and tracking method and system for the privacy preserving tag is also disclosed. The method includes storing information in memory of a tag, receiving a read response at the tag from a reading device, and responding to the read request by generating a response at the tag that includes a combination of a base resource identifier as well as a privacy identifier. The privacy identifier is provided to support privacy characteristics of the tag while enabling establishment of a personalized portal at a remote system.

Abstract: Some embodiments provide systems and methods for confidentially and securely provisioning data to an authenticated user device. A user device may register an authentication public key with an authentication server. The authentication public key may be signed by an attestation private key maintained by the user device. Once the user device is registered, a provisioning server may send an authentication request message including a challenge to the user device. The user device may sign the challenge using an authentication private key corresponding to the registered authentication public key, and may return the signed challenge to the provisioning server. In response, the provisioning server may provide provisioning data to the user device. The registration, authentication, and provisioning process may use public key cryptography while maintaining confidentiality of the user device, the provisioning server, and then authentication server.

Abstract: An information processing apparatus is communicably connected to a server and performs authentication without inconvenience to a user. An information processing system includes an information processing terminal, a server, and an information processing apparatus. The information processing terminal is defined as a central device, and the server and the information processing apparatus are defined as peripheral devices in the information processing system. The information processing terminal and the server are connected to each other, and the information processing terminal and the information processing apparatus are connected to each other. The information processing terminal performs authentication of the information processing apparatus with the server.

Abstract: An initiator device and a target device may be configured to communicate with each other based on an anonymous key agreement procedure and an associated key agreement procedure. The anonymous key agreement procedure is performed for an initial communication session between the devices based on bonding identifiers (BIs) received in an attribute request/response. The BIs may be maintained by the devices to forego the anonymous key agreement procedure for subsequent communication sessions, where the devices may instead communicate based on an associated key agreement procedure. In cases where BIs are changed or lost by one of the devices, the associated key agreement procedure may not be performed and the anonymous key agreement procedure may be again attempted by the device. The other device is configured to determine that the anonymous key agreement procedure is being attempted and complete the anonymous key agreement procedure in an anonymous mode.

Abstract: Techniques for distributed processing and pre-fetching content using an in-browser neural network model are disclosed herein. In some embodiments, a server transmits a neural network model to a client device, where the neural network model is stored a persistent store of a browser on the client device, and, during a networking session in which the browser on the client device is accessing a page of an online service, the client device predicts at least one link from a plurality of links on the page using the stored neural network model. The client device then fetches content associated with the predicted link(s) from a server of the online service prior to any selection of the predicted link(s) during the networking session.

Abstract: A method and an apparatus for creating an index in a blockchain-type ledger, and a device are disclosed. According to solutions provided in implementations of the present specification, a service attribute of a data record written to a ledger and a storage location and a sequence number of the data record in the ledger are determined, a mapping relationship is established between the service attribute, the storage location, and the sequence number, and an inverted index with the service attribute as a primary key is created, facilitating subsequent query.

Abstract: Methods and apparatuses are described for generating a cryptographic authentication key. A computing device receives a request to generate a cryptographic key. The device generates a defined sequence of security questions, each question associated with a difficulty value. The device generates the key using the defined sequence of questions, comprising: a) presenting a first question and receiving an answer to the first question, b) generating a hash string corresponding to the received answer, c) determining a next question based upon the hash string, d) presenting the next question and receiving an answer to the next question, e) concatenating the answer to the next question with the hash string, f) applying a hash function to the hash string with the concatenated answer to update the hash string, g) repeating steps c-f until the difficulty values of the questions reaches a threshold, and h) generating the key from the updated hash string.

Abstract: A method for providing an authenticated connection between at least two communication partners and to a communication system. The method includes providing a shared secret key for the at least two communication partners; setting up an anonymous signal-conducting connection between the at least two communication partners, wherein all messages of the connection between the at least two communication partners are encrypted using the shared secret key; and authenticating the connection between the at least two communication partners by a user. The method provides a secure and convenient authentication of a connection between two communication partners, wherein the authentication is effected at the application level.

Abstract: Provided is an authentication system including: a device authentication agent installed in an Internet of things (IoT) device with a communication module and generating first device authentication information for authenticating the corresponding IoT device; an authentication server connected with the IoT device through wired or wireless communication and generating second device authentication information for authenticating the IoT device; and a mobile agent installed in a mobile device of a user, connected with the IoT device and the authentication server through the wireless communication, and verifying whether the IoT device or a message determined to be received from the IoT device is authentic according to whether the first device authentication information transmitted from the IoT device and the second device authentication information transmitted from the authentication server coincide with each other.

Abstract: This disclosure relates to providing a high availability computing service in a distributed system. In one aspect, a method includes sending, by a computing unit of multiple computing units that are each executing a respective copy of a computing task, a certificate request to a trusted certificate generator. The request includes authentication information. The authentication information includes a code hash of the computing task. The computing unit receives a certificate report including a public key certificate in a certificate chain generated for the code hash and a private key corresponding to the public key certificate. The public key certificate and the private key form a certificate pair. The certificate chain includes multiple certificates including the public key certificate and a root certificate corresponding to the public key certificate. The computing unit is used as a TLS server. The certificate pair is set as a certificate pair of the TLS server.

Abstract: A server receives a login request from a first device. The login request includes login information used for an application login. In response to receiving the login request from the first device, the server transmits, to a second device different from the first device, a first message including a verification code. The first message instructs the second device to broadcast an audio signal including the verification code. The verification code is used to verify the first device by the server.

Abstract: In some embodiments, an apparatus includes a server that stores a set of media files. The server is configured to send an authentication code to a first communication device in response to a request from the first communication device to access the set of media files such that the first communication device can present the authentication code to a user. The server is configured to associate an identifier of a second communication device with the first communication device such that a user of the second communication device can authorize access to the set of media files from the first communication device by sending the authentication code to the server using the second communication device.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for instantiating and managing systems that utilize hierarchal enclaves in a cloud environment.

Abstract: A method at a computing device for provisioning a network-connected device within a security platform, the method including receiving a first connection request, the first connection request being from an electronic apparatus and including a network-connected device identifier; authenticating the first connection request, thereby creating a first connection; receiving a second connection request, the second connection request being from the network-connected device and including the network-connected device identifier and a shared platform credential; receiving a request from the network-connected device to add the network-connected device to the security platform; and adding the network-connected device to the security platform based on a concurrent first connection and the request from the network-connected device to add the network-connected device to the security platform.

Abstract: A method for generating a terminal key includes calling a terminal key generation instruction through an interface provided by the driver, generating the terminal key in response to the terminal key generation instruction, and deleting the driver from the terminal when the terminal key has been successfully generated.

Abstract: Use the same basic idea of KE based on Ring LWE, this invention gives constructions of a new authenticated key exchanges system, where the authentication is achieved through a shared password between two parties. These new systems are efficient and have very strong security property including provable security and resistance to quantum computer attacks. This invention can also be modified using the LWE problem.

Abstract: A method and an apparatus for creating an index in a blockchain-type ledger, and a device are disclosed. According to solutions provided in implementations of the present specification, a service attribute of a data record written to a ledger and a storage location and a sequence number of the data record in the ledger are determined, a mapping relationship is established between the service attribute, the storage location, and the sequence number, and an inverted index with the service attribute as a primary key is created, facilitating subsequent query.

Abstract: A method to validate delivery of a document using a non-repudiation protocol and a time-based one time password (TOTP) for encryption is described. The method includes a one-time registration of an application with a trusted third party, wherein the trusted third party provides a seed to a first device of a first user. The first user receives and accepts a document from a second user. The first device generates the TOTP based on the seed. Using the TOTP as an encryption key, the first device computes a current hash. The delivery of the document can be validated by a second device of a second user based on a comparison of the current clock time and GPS coordinates (optional) of first device as compared to the associated values of the second device. The second device stores the document, first device's computed hash, and current clock time.

Abstract: Features for providing a secure method of symmetric encryption for private smart contacts among multiple parties in a private peer-to-peer network. The features include a master key representing a unique blockchain ledger. The master key may be shared among multiple participants in a private peer-to-peer network. Sharing of the master key may include communicating the master key in an encrypted message (e.g., email) using public key infrastructure (PKI). In some implementations, more complex distribution features may be includes such as quantum entanglement. The features support instantiation of a smart contract using a specific master key. The request may be submitted as an entry to the ledger with appropriate metadata and/or payload information for identifying and processing the request.

Abstract: The present disclosure relates to a communication technique that combines a 5G communication system for supporting a data rate that is higher than that of a beyond 4G system with IoT technology, and a system thereof. The present disclosure may be applied to intelligent services on the basis of 5G communication technology and IoT related technology, such as smart home, smart building, smart city, smart car or connected car, health care, digital education, retail, security and safety related services. More specifically, the present disclosure relates to an apparatus and a method in which a terminal performs communication connection by downloading and installing a communication service in a communication system.

Abstract: Systems, apparatuses, and methods are described for determining, based on blockchain, integrity of software and/or data stored on a vehicle. A computing device associated with a vehicle may determine one or more hash values for software and/or data stored on the vehicle. The computing device may receive values from read-only memory associated with the computing device and/or values from a blockchain of a distributed ledger system. The computing device may determine the integrity of the software and/or data based on the one or more hash values, the values from the read-only memory, and/or the values from the blockchain.

Abstract: A delegation request is submitted to a session-based authentication service, fulfillment of which involves granting an entity an access privilege to a computing resource. A session key is received from the session-based authentication service. The session key having been generated based at least in part on a restriction and a secret credential shared with the session-based authentication service and usable at least in part to prove possession of the access privilege to the computing resource. The session key is provided to the entity without providing the shared secret credential.

Abstract: Certain exemplary embodiments relate to techniques for processing PIN-inclusive transactions in connection with an electronic device or terminal, e.g., where PIN code encryption keys are not necessarily stored on the electronic device or terminal, and/or where payment instrument data is maintained in a separate system from PIN code data at least until certain elements are combined in a highly secure system for submission to an electronic funds transfer network. One or more separate or physically separated systems may be used in this regard, e.g., taking advantage of more prevalent computer networks such as the Internet. Similarly, the ability to provide less expensive terminals or electronic devices at a point-of-sale, point-of-purchase, etc., may be advantageous. The interchange rate is not necessarily driven up in certain example instances.

Abstract: A method performed by a client application executing on a client computing device is disclosed. The method includes generating a private key and a public key corresponding to the client application. The method also includes transmitting the public key to a middleware application executing on a middleware computing device, a server application executing on a server computing device, or both. The client application and the server application are engaged in a trusted relationship. The method also includes receiving, at the client application, a request to perform an operation on an encrypted content that is stored at the middleware computing device and that is encrypted with the public key by the middleware application or the server application, decrypting the encrypted content using the private key to generate a decrypted content, and presenting the decrypted content on a display screen of the client computing device.

Abstract: A system and method for utilizing connected devices to enable secure and anonymous electronic interaction in a decentralized manner without the need for usernames and passwords. The method comprises Blockchain, Merkle Trees and Public Key infrastructures and methods that utilize peer-to-peer network protocols. The methods include interactions of two self-sovereign identity groups; persons and devices, with each having their own authorization layer. The devices employ two domains of identity and authorization with each said device having its own self-assigned machine identity. There are three domains of Identity, Authentication and Authorization employed for persons. The final linking of the two groups requires access to be granted by the device in a distributed autonomous manner.