Abstract: Aspects of the present disclosure relate to providing a booting key to a remote system. A policy server receives a verification that a predetermined number of user devices provided secret information for booting a remote system. The policy server provides, in response to the received verification, a message for a key server to provide a booting key to the remote system, the key server providing the booting key in response to the message and causing the remote system to complete a booting procedure, in response to the message from the policy server.

Abstract: Examples described herein include systems and methods for performing distributed encryption across multiple devices. An example method can include a first device discovering a second device that shares a network. The device can identify data to be sent to a server and calculate a checksum for that data. The device can then split the data into multiple portions and send a portion to the second device, along with a certificate associated with the server for encrypting the data. The first device can encrypt the portion of data it retained. The first device can receive an encrypted version of the second portion of the data sent to the second device. The first device can merge these two portions and send the merged encrypted data to the server, along with the checksum value. The server can decrypt the data and confirm that it reflects the original set of data.

Abstract: High performance query processing and data analytics can be performed across architecturally diverse scales, such as single core, multi-core and/or multi-nodes. The high performance query processing and data analytics can include a separation of query computation, keying data, and data movement and parallel computation, thereby enhancing the capabilities of the query processing and data analytics, while allowing the specification of complex forms of data parallel computation that may execute across real-time and offline. The decoupling of data movement and parallel computation, as described herein can improve query processing and data analytics speed, can provide for the optimization of searches in a plurality of computing environments, and can provide the ability to search through a larger space of execution plans.

Abstract: A first non-volatile memory may store first data and a second non-volatile memory may store second data. An authentication component may be coupled with the first non-volatile memory and the second non-volatile memory and may receive a request to perform an authentication operation. In response to the request to perform the authentication operation, the authentication component may access the first data stored at the first non-volatile memory and the second data stored at the second non-volatile memory and determine whether the second data stored at the second non-volatile memory has become unreliable based on a memory disturbance condition. In response to determining that the second data stored at the second non-volatile memory has become unreliable, a corrective action associated with the first data stored at the first non-volatile memory may be performed.

Abstract: A conferencing apparatus and a method for switching an access terminal therein are provided. The conferencing apparatus according to one embodiment of the present disclosure includes: a conference information management module configured to generate mapping information for terminal identification information of a first terminal and access information of a conference participant who is accessing a conference through the first terminal; and an access switch module configured to provide a token corresponding to the mapping information to the first terminal according to an access terminal switch request from the first terminal and, when the token is received from a second terminal, switch a terminal of the conference participant from the first terminal to the second terminal according to validity of the received token.

Abstract: A vehicle unit adapted to receive a GNSS raw data signal, characterised in that it comprises a secure processor or secure microcontroller unit (MCU) adapted to authenticate the GNSS raw data signal and securely calculate a position of the vehicle unit based on the authenticated or to be authenticated GNSS raw data signal.

Abstract: Systems and methods for distributed file processing are disclosed. In one embodiment, a computer-implemented method for distributed file processing in a distributed network may include: (1) receiving, at a first distributed host in a network of a plurality of distributed hosts, an archive command; (2) the first distributed host identifying a plurality of files in a shared file system to archive in response to the archive command; (3) the first distributed host splitting at least one of the plurality of files that is above a predetermined size into a plurality of file chunks; (4) the first distributed host instructing a second distributed host to archive one of the plurality of files or plurality of file chunks to a store; and (5) the first distributed host and the second distributed host archiving the plurality of files and the plurality of file chunks to the store.

Abstract: A data storage method comprises sending, by a blockchain node associated with a blockchain, data to an encryption device to cause the encryption device to encrypt the data and return the encrypted data to the blockchain node; receiving the encrypted data returned by the encryption device; and sending the encrypted data to other blockchain nodes associated with the blockchain to cause each of the other blockchain nodes to store the encrypted data in the blockchain after performing consensus verification on the encrypted data with success.

Abstract: This application discloses a private key generation method and system, and a device. The method includes: sending, by a first network device, a first request to a second network device, where the first request includes a first parameter set; receiving, by the first network device, a first response message returned by the second network device, where the first response message includes a first sub-private key and a second parameter set, the first sub-private key is generated based on the first parameter set, and the first sub-private key is generated for a terminal device; generating, by the first network device, a second sub-private key based on the second parameter set, where the second sub-private key is generated for the terminal device; and synthesizing, by the first network device, the first sub-private key and the second sub-private key into a joint private key according to a synthesis formula.

Abstract: The present invention provides an improved system and method for using cryptography to secure computer-implemented choice mechanisms. In several preferred embodiments, a process is provided for securing participants' submissions while simultaneously providing the capability of validating their submissions. This is referred to as a random permutation. In several other preferred embodiments, a process is provided for securing participants' advance instructions while simultaneously providing the capability of validating their advance instructions. This is referred to as a secure advance instruction. Applications include voting mechanisms, school choice mechanisms, and auction mechanisms.

Abstract: A client can allocate and reassociate unique identifiers to local content items associated with an account at a content management system, and use the unique identifiers to commit operations for the content items on the content management system. For example, a client can create a content item and determine the content item does not have an identifier from the content management system. The client obtains an identifier for the content item and asks the content management system to verify a uniqueness of the identifier. When the identifier is unique, the client adds a node corresponding to the content item to a local tree representing a state at the client of content items associated with the account, and uploads the content item with the identifier to the content management system. When the identifier is not unique, the client obtains a new identifier for the content item.

Abstract: A mobile communication device. The mobile communication device comprises a processor, a non-transitory memory, a subscriber identity module (SIM), wherein the SIM stores an encryption key, and a client application stored in the non-transitory memory. When executed by the processor, the client application transmits a server application authentication token request comprising an identity of the SIM, receives a message comprising a value, requests the SIM to encrypt the value using the encryption key stored by the SIM, receives an encrypted value from the SIM, transmits the encrypted value in a message, receives a server application authentication token, stores the server application authentication token in the non-transitory memory, transmits a server application access request comprising the server application authentication token, and conducts a communication session with the server application.

Abstract: Systems and methods for peer-to-peer secure document exchange are disclosed. The system may allow a document provider to securely transmit a certified document to a document verifier using decentralized storage. The verifier system may generate a session key pair and transmit the session public key to a trusted API provider. The trusted API provider may generate a session nonce. The verifier system may transmit the session nonce to the provider system. The provider system may use the session nonce to retrieve the session public key. The provider system may encrypt a certified document using the session public key and store the encrypted certified document in the decentralized storage. The verifier system may retrieve the encrypted certified document by polling the trusted API provider based on the session nonce. The verifier system may decrypt the encrypted certified document using the session private key.

Abstract: Disclosed are various embodiments for distributed verification of digital work product. A blockchain management application receives corresponding updates to a plurality of documents within a time interval. The blockchain management application then generates a single work product record in a blockchain. The single work product record evidences corresponding states of the plurality of documents at an end of the time interval.

Abstract: A network entity may determine whether a network context of a device is stored in the device or in the network based, at least in part, on a preference or capability of the device, as reported by the device during attachment to the network entity. The context may be stored in, and retrieved from, a dedicated context storage function that is independent of the network entity. A context storage function may be partitioned, or separate storage functions used, to automatically group and track access network contexts, core network contexts, or network slice contexts. The context storage function may provide to the device an index, such as a link or other identifier to be used in retrieving the stored context information. The context storage function may further provide a token to secure re-attachment communications among the device, the network entity, and the context storage function.

Abstract: In one embodiment, a device writes messages and corresponding trace-on-failure flags to log files when failure conditions are detected. The device propagates the trace-on-failure flags to headers of the log files. The device forms a file index of the log files that have trace-on-failure flags set in their headers. The device performs, using the file index, a lookup of messages in the log files associated with a particular error context. The device sends data from the lookup to an electronic display.

Abstract: A server receives a login request from a first device. The login request includes login information used for an application login. In response to receiving the login request from the first device, the server transmits, to a second device different from the first device, a first message including a verification code. The first message instructs the second device to broadcast an audio signal including the verification code. The verification code is used to verify the first device by the server.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for training a multi-party secure logistic regression model (SLRM). One of the methods includes receiving, at a plurality of secure computation nodes (SCNs), a plurality of random numbers from a random number provider; encrypting, at each SCN, data stored at the SCN using the received random numbers; iteratively updating a secure logistic regression model (SLRM) by using the encrypted data from each SCN; and after iteratively updating the SLRM, outputting a result of the SLRM, wherein the result is configured to enable a service to be performed by each SCN.

Abstract: A method includes securely booting a device using a bootloader, where the bootloader is digitally signed using a first cryptographic key associated with the bootloader. The method also includes executing one or more kernel or user applications using the device, where the one or more kernel or user applications are digitally signed using one or more second cryptographic keys associated with the one or more kernel or user applications. In addition, the method includes using an in-band channel to update or replace the first cryptographic key.

Abstract: An electronic device that prevents damage and an operation method thereof are provided. The electronic device includes a transceiver, a memory configured to store a first part of a first program, and a processor configured to receive, using the transceiver, a second part of the first program from a second electronic device and perform a first function of the first program by using the first part and the second part.

Abstract: A method and a device for performing communication by using a virtual subscriber identity module are used to provide a mode in which the device can perform communication without a SIM card. The method includes: receiving, by a first device, a virtual subscriber identity module data package sent by a second device by using a short range communications protocol, where the virtual subscriber identity module data package carries a virtual subscriber identity, and the virtual subscriber identity is used to uniquely identify a user using the first device when the first device performs communication in a network provided by a mobile communications operator; obtaining, by the first device, the virtual subscriber identity by using the virtual subscriber identity module data package; and communicating, by the first device by using the virtual subscriber identity, with another device in the network provided by the mobile communications operator.

Abstract: Example implementations relate to data recovery. An example controller can deliver file contents to a user, validate the file contents in real-time during the delivery, and in response to a determination that a portion of the file contents is broken, use the validated file contents to recover the broken portion of the file contents. The example controller can also deliver the recovered portion of the file contents to the user.

Abstract: Systems and methods for accessing credentials from a blockchain are provided. A computing device requests for a server to process a transaction. In response to the request, the server transmits a server public key to the computing device. A key generator of the computing devices uses the user private key and the server public key to generate a user public key. The user public key includes permissions to access credentials that are stored on blockchain. The server receives the user public key and generates a request for credentials to blockchain. The request includes the user public key and the server private key. The blockchain receives the request and generates an identity token. The identity token includes credentials that are specified in the user public key. The blockchain transmits the identity token to the server and the server uses the identity token to processes the transaction.

Abstract: A method provides a synchronization cycle for updating changing component property values at a client and a gateway system. When the client receives a change to a value, it saves the change as a pending value in association with an existing value for the component property. The client sends a set of changes and an identifier to the gateway system. The gateway system updates its component property values accordingly. The gateway system accumulates changes to property values including changes from the client and other changes received via data bindings or other methods. The gateway system sends a message to the client including the accumulated property value changes and the identifiers associated with client-provided value changes that have been applied. The client updates its component property values according to the accumulated changes and removes references to pending values that are associated with identifiers sent back by the gateway system.

Abstract: Methods and systems for Predictive Malware Defense (PMD) are described. The systems and methods can utilize advanced machine-learning (ML) techniques to generate malware defenses preemptively. Embodiments of PMD can utilize models, which are trained on features extracted from malware families, to predict possible courses of malware evolution. PMD captures these predicted future evolutions in signatures of as yet unseen malware variants to function as a malware vaccine. These signatures of predicted future malware “evolutions” can be added to the training set of a machine-learning (ML) based malware detection and/or mitigation system so that it can detect these new variants as they arrive.

Abstract: The embodiment herein provides a method for securely transmitting a firmware update image to a device using a key management system. The key management subsystem includes a cellular modem. The method includes (i) configuring a SIM of the cellular modem to update a public key of a server using a key manager module of the Subscriber Identity Module (SIM), (ii) enabling the SIM to receive an encrypted key package from the server, using the cellular modem, (iii) processing the encrypted firmware update image that has to be transmitted to the device using the SIM and (iv) transmitting the decrypted key package to the device to enable implementation of the decrypted key package into the device using the SIM.

Abstract: A shared key, used by one node and another node of a computing environment in authentication of one or more links coupling the one node and the other node, is determined to be within an expiration range. Based on determining the shared key is within the expiration range, re-authentication of at least one link is automatically initiated. The automatically initiating re-authentication includes obtaining, by the one node, a new shared key from a key server, sending a message encrypted with the new shared key from the one node to the other node via one link of the one or more links, and receiving by the one node via the one link an indication that the other node decrypted the message using the new shared key.

Abstract: In order to ensure that a Subscription Concealed Identifier, SUCI, is calculated in the Universal Subscriber Identity Module, USIM, part of a User Equipment, UE, when intended, when a SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the USIM, a network node sets proprietary information, which is not known to a Mobile Equipment, ME, part of the UE, as required for calculation of the SUCI. The USIM facilitates calculation of the SUCI in the ME part of the UE only when the SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the ME. When the SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the USIM, the ME part deletes any locally stored information required for calculation of the SUCI.

Abstract: Systems and methods for providing reliability and redundancy of data for networked nodes (e.g., sensors and/or actuators) is provided. Each sensor may operate as network node in the sensor network that may operate as a peer to peer (P2P) consensus network. Each network node may maintain its local copy of a data chain and may generate a data block for updating the data chain. After a threshold number of network nodes generate the same consensus block from the data block, each network node may update its local data chain by appending the consensus block thereto.

Abstract: An information processing apparatus is communicably connected to a server and performs authentication without inconvenience to a user. An information processing system includes an information processing terminal, a server, and an information processing apparatus. The information processing terminal is defined as a central device, and the server and the information processing apparatus are defined as peripheral devices in the information processing system. The information processing terminal and the server are connected to each other, and the information processing terminal and the information processing apparatus are connected to each other. The information processing terminal performs authentication of the information processing apparatus with the server.

Abstract: Some embodiments provide systems and methods for confidentially and securely provisioning data to an authenticated user device. A user device may register an authentication public key with an authentication server. The authentication public key may be signed by an attestation private key maintained by the user device. Once the user device is registered, a provisioning server may send an authentication request message including a challenge to the user device. The user device may sign the challenge using an authentication private key corresponding to the registered authentication public key, and may return the signed challenge to the provisioning server. In response, the provisioning server may provide provisioning data to the user device. The registration, authentication, and provisioning process may use public key cryptography while maintaining confidentiality of the user device, the provisioning server, and then authentication server.

Abstract: Techniques for operating a multi-homed computing instance process are described herein. First credentials associated with a first attribute of a first account may be obtained. A process executing on a computing instance may communicate with the first account over a first communication channel based at least in part on the first credentials. Instructions may be received for the process to communicate with both the first account and a second account. Second credentials associated with a second attribute of the second account may be obtained. The second credentials may be obtained based, at least in part, on the first attribute acquiring the second attribute. The process may communicate with the second account over a second communication channel based at least in part on the second credentials. Additionally, the process may communicate with multiple different representations of a particular account, such as different representations that are hosted in different respective regions.

Abstract: A privacy preserving tag and methods for reading the same are disclosed. An authentication and tracking method and system for the privacy preserving tag is also disclosed. The method includes storing information in memory of a tag, receiving a read response at the tag from a reading device, and responding to the read request by generating a response at the tag that includes a combination of a base resource identifier as well as a privacy identifier. The privacy identifier is provided to support privacy characteristics of the tag while enabling establishment of a personalized portal at a remote system.

Abstract: A system may include a transaction history controller to store, in a distributed blockchain database, a first chain including a primary head node for a first subscriber to a social media history map service and multiple blocks each representing an online transaction for the first subscriber, and a second chain including a follower head node, linked to the primary head node, for a second subscriber and multiple blocks each representing an online transaction for the second subscriber. The transaction history controller may receive data representing a first online transaction for the second subscriber, format the data for the distributed blockchain database, store the formatted data as a new block in the second chain, receive a request to generate a trend report for a cluster of subscribers that includes the first and second subscribers, and generate the trend report dependent on the blocks in the first and second chains.

Abstract: An initiator device and a target device may be configured to communicate with each other based on an anonymous key agreement procedure and an associated key agreement procedure. The anonymous key agreement procedure is performed for an initial communication session between the devices based on bonding identifiers (BIs) received in an attribute request/response. The BIs may be maintained by the devices to forego the anonymous key agreement procedure for subsequent communication sessions, where the devices may instead communicate based on an associated key agreement procedure. In cases where BIs are changed or lost by one of the devices, the associated key agreement procedure may not be performed and the anonymous key agreement procedure may be again attempted by the device. The other device is configured to determine that the anonymous key agreement procedure is being attempted and complete the anonymous key agreement procedure in an anonymous mode.

Abstract: Methods and apparatuses are described for generating a cryptographic authentication key. A computing device receives a request to generate a cryptographic key. The device generates a defined sequence of security questions, each question associated with a difficulty value. The device generates the key using the defined sequence of questions, comprising: a) presenting a first question and receiving an answer to the first question, b) generating a hash string corresponding to the received answer, c) determining a next question based upon the hash string, d) presenting the next question and receiving an answer to the next question, e) concatenating the answer to the next question with the hash string, f) applying a hash function to the hash string with the concatenated answer to update the hash string, g) repeating steps c-f until the difficulty values of the questions reaches a threshold, and h) generating the key from the updated hash string.

Abstract: A method and an apparatus for creating an index in a blockchain-type ledger, and a device are disclosed. According to solutions provided in implementations of the present specification, a service attribute of a data record written to a ledger and a storage location and a sequence number of the data record in the ledger are determined, a mapping relationship is established between the service attribute, the storage location, and the sequence number, and an inverted index with the service attribute as a primary key is created, facilitating subsequent query.

Abstract: Techniques for distributed processing and pre-fetching content using an in-browser neural network model are disclosed herein. In some embodiments, a server transmits a neural network model to a client device, where the neural network model is stored a persistent store of a browser on the client device, and, during a networking session in which the browser on the client device is accessing a page of an online service, the client device predicts at least one link from a plurality of links on the page using the stored neural network model. The client device then fetches content associated with the predicted link(s) from a server of the online service prior to any selection of the predicted link(s) during the networking session.

Abstract: This disclosure relates to providing a high availability computing service in a distributed system. In one aspect, a method includes sending, by a computing unit of multiple computing units that are each executing a respective copy of a computing task, a certificate request to a trusted certificate generator. The request includes authentication information. The authentication information includes a code hash of the computing task. The computing unit receives a certificate report including a public key certificate in a certificate chain generated for the code hash and a private key corresponding to the public key certificate. The public key certificate and the private key form a certificate pair. The certificate chain includes multiple certificates including the public key certificate and a root certificate corresponding to the public key certificate. The computing unit is used as a TLS server. The certificate pair is set as a certificate pair of the TLS server.

Abstract: Provided is an authentication system including: a device authentication agent installed in an Internet of things (IoT) device with a communication module and generating first device authentication information for authenticating the corresponding IoT device; an authentication server connected with the IoT device through wired or wireless communication and generating second device authentication information for authenticating the IoT device; and a mobile agent installed in a mobile device of a user, connected with the IoT device and the authentication server through the wireless communication, and verifying whether the IoT device or a message determined to be received from the IoT device is authentic according to whether the first device authentication information transmitted from the IoT device and the second device authentication information transmitted from the authentication server coincide with each other.

Abstract: A method for providing an authenticated connection between at least two communication partners and to a communication system. The method includes providing a shared secret key for the at least two communication partners; setting up an anonymous signal-conducting connection between the at least two communication partners, wherein all messages of the connection between the at least two communication partners are encrypted using the shared secret key; and authenticating the connection between the at least two communication partners by a user. The method provides a secure and convenient authentication of a connection between two communication partners, wherein the authentication is effected at the application level.

Abstract: A server receives a login request from a first device. The login request includes login information used for an application login. In response to receiving the login request from the first device, the server transmits, to a second device different from the first device, a first message including a verification code. The first message instructs the second device to broadcast an audio signal including the verification code. The verification code is used to verify the first device by the server.

Abstract: In some embodiments, an apparatus includes a server that stores a set of media files. The server is configured to send an authentication code to a first communication device in response to a request from the first communication device to access the set of media files such that the first communication device can present the authentication code to a user. The server is configured to associate an identifier of a second communication device with the first communication device such that a user of the second communication device can authorize access to the set of media files from the first communication device by sending the authentication code to the server using the second communication device.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for instantiating and managing systems that utilize hierarchal enclaves in a cloud environment.

Abstract: A method at a computing device for provisioning a network-connected device within a security platform, the method including receiving a first connection request, the first connection request being from an electronic apparatus and including a network-connected device identifier; authenticating the first connection request, thereby creating a first connection; receiving a second connection request, the second connection request being from the network-connected device and including the network-connected device identifier and a shared platform credential; receiving a request from the network-connected device to add the network-connected device to the security platform; and adding the network-connected device to the security platform based on a concurrent first connection and the request from the network-connected device to add the network-connected device to the security platform.

Abstract: Use the same basic idea of KE based on Ring LWE, this invention gives constructions of a new authenticated key exchanges system, where the authentication is achieved through a shared password between two parties. These new systems are efficient and have very strong security property including provable security and resistance to quantum computer attacks. This invention can also be modified using the LWE problem.

Abstract: A method for generating a terminal key includes calling a terminal key generation instruction through an interface provided by the driver, generating the terminal key in response to the terminal key generation instruction, and deleting the driver from the terminal when the terminal key has been successfully generated.

Abstract: A method to validate delivery of a document using a non-repudiation protocol and a time-based one time password (TOTP) for encryption is described. The method includes a one-time registration of an application with a trusted third party, wherein the trusted third party provides a seed to a first device of a first user. The first user receives and accepts a document from a second user. The first device generates the TOTP based on the seed. Using the TOTP as an encryption key, the first device computes a current hash. The delivery of the document can be validated by a second device of a second user based on a comparison of the current clock time and GPS coordinates (optional) of first device as compared to the associated values of the second device. The second device stores the document, first device's computed hash, and current clock time.

Abstract: A method and an apparatus for creating an index in a blockchain-type ledger, and a device are disclosed. According to solutions provided in implementations of the present specification, a service attribute of a data record written to a ledger and a storage location and a sequence number of the data record in the ledger are determined, a mapping relationship is established between the service attribute, the storage location, and the sequence number, and an inverted index with the service attribute as a primary key is created, facilitating subsequent query.

Abstract: The present disclosure relates to a communication technique that combines a 5G communication system for supporting a data rate that is higher than that of a beyond 4G system with IoT technology, and a system thereof. The present disclosure may be applied to intelligent services on the basis of 5G communication technology and IoT related technology, such as smart home, smart building, smart city, smart car or connected car, health care, digital education, retail, security and safety related services. More specifically, the present disclosure relates to an apparatus and a method in which a terminal performs communication connection by downloading and installing a communication service in a communication system.