Abstract: A system and a computer-implemented method for providing responder information are disclosed herein. The method includes receiving, via a computing device, a sensor data generated by one or more safety devices corresponding to one or more responders. The computer-implemented method further includes analyzing, via the computing device, the sensor data to generate an analyzed sensor data. The computer-implemented method further includes establishing, via an application programming interface (API), a direct communication link between the computing device and at least one server or establishing, via a local application, a direct communication link between the computing device and at least one third party server. The computer-implemented method further includes transmitting, via the computing device, the analyzed sensor data to the at least one server or transmitting, via the computing device, the analyzed sensor data to the at least one third party server.

Abstract: Systems and methods are disclosed for cryptographic signing of content requests. One method includes receiving, at a content network, a content request from a publisher website, the publisher website purporting to be associated with a publisher domain. At the content network, a public key may be received associated with the publisher domain. At the content network, at least one policy may be received associated with the publisher domain. It may be determined whether the content request comprises a cryptographic signature. If it is determined that the content request does not comprise a cryptographic signature, content may or may not be provided to the publisher website according to the policy from the publisher domain. If it is determined that the content request comprises a cryptographic signature, the cryptographic signature of the request may be validated using the public key.

Abstract: A method includes receiving a first transaction request and a second transaction request including identification of a first trust action and a second trust action requested to be performed with respect to an electronic document. A first trust service provider and a second trust service provider, different from the first trust service provider, are selected to perform the requested first trust action and the second trust action, respectively. Performance of the first trust action and the second trust action on the same electronic document is coordinated with the selected first trust service provider and the second trust action provider. A first proof and a second proof are obtained confirming performance of the requested first trust action and the requested second trust action by the respective trust service providers.

Abstract: A data transmission method includes a step in which a first device generates a first encrypted packet by encrypting a packet addressed to a second device with an associated first encryption key. A device to be a transmission destination of the first encrypted packet is determined. A second encrypted packet is generated by encrypting the first encrypted packet with an associated second encryption key, and the second encrypted packet is transmitted to the determined device. The method includes determining another device and executing the transmission step if the decrypted first encrypted packet is not addressed to the device itself in the determination regarding whether or not the decrypted first encrypted packet is addressed to the device itself and of further decrypting the first encrypted packet if the decrypted first encrypted packet is addressed to the device itself.

Abstract: A computing device, in particular, for a control unit of a motor vehicle. The computing device is configured to receive messages from at least one external unit. The computing device is configured to store the received messages at least temporarily and to transmit a plurality of the received messages to a cryptographic module, which is configured to execute a check of the transmitted messages.

Abstract: A speech processing method, performed by an electronic device, includes determining a first speech feature and a first text bottleneck feature based on to-be-processed speech information, determining a first combined feature vector based on the first speech feature and the first text bottleneck feature, inputting the first combined feature vector to a trained unidirectional long short-term memory (LSTM) model, performing speech processing on the first combined feature vector to obtain speech information after noise reduction, and transmitting the obtained speech information after noise reduction to another electronic device for playing.

Abstract: Maintaining, for each target key in a key-value computer database, a signature policy; creating a transaction candidate in the database based on a transaction context submitted to the database by a first user, the transaction candidate comprising: a key, a value comprising a transaction content and a signature of the first user, and a signors list of additional one or more users who are required to co-sign the transaction candidate before the transaction candidate is committed in the database as a transaction, wherein the signors list is automatically computed based on the signature policies of the one or more target keys; collecting a signature for the transaction candidate from at least one of the additional one or more users, according to the signors list; verifying that all signatures required by the signors list have been collected; and in response to the verification, committing the transaction content of the transaction candidate.

Abstract: A process includes enforcing compliance of a compute appliance to a reference operating state for the compute appliance. The compute appliance is part of a cloud-based computing system. Enforcing compliance with the reference operating state includes, responsive to a startup of the compute appliance, the compute appliance determining an actual compute state of the compute appliance. The actual compute state includes an actual physical topology placement of a hardware component of the compute appliance. Determining the actual compute state includes determining the physical topology placement of the hardware component. Enforcing compliance with the reference operating state includes verifying whether the actual compute state complies with the reference compute state. The verification includes comparing the actual compute state to the reference compute state.

Abstract: A sensor control assembly and method providing a secured sensor data and an optimized handling of the sensor including a sensor, a first processing unit adapted to provide a cryptographic checksum of sensor data, a distributed database, a second processing unit adapted to verify the sensor data, and a third processing unit adapted to determine the demand for calibration. A manufacturing device contains at least a part of the sensor control assembly.

Abstract: Techniques are described herein that are capable of provisioning a trusted execution environment (TEE) based on (e.g., based at least in part on) a chain of trust that includes a platform on which the TEE executes. Any suitable number of TEEs may be provisioned. For instance, a chain of trust may be established from each TEE to the platform on which an operating system that launched the TEE runs. Any two or more TEEs may be launched by operating system(s) running on the same platform or by different operating systems running on respective platforms. Once the chain of trust is established for a TEE, the TEE can be provisioned with information, including but not limited to policies, secret keys, secret data, and/or secret code. Accordingly, the TEE can be customized with the information without other parties, such as a cloud provider, being able to know or manipulate the information.

Abstract: Methods, systems, and devices that support determining whether media data has been altered are described. Captured media data may be segmented into one or more subsets, and cryptographic representations (e.g., hashes) based on the subsets may be written to an immutable ledger, possibly along with metadata and other related data. A block of a blockchain may be created for each entry in the immutable ledger. A set of media data may be validated, if a corresponding immutable ledger exists, based on segmenting the set of media data into one or more subsets in accordance with the segmenting upon capture, creating candidate cryptographic representations (e.g., hashes) based on the subsets, and comparing the candidate cryptographic representations with contents of the corresponding immutable ledger.

Abstract: An apparatus for performing cryptographic primitives includes a processor that is configured to receive an instruction to perform a cryptographic primitive, where the instruction includes one or more operands, at least one of the operands indicates one or more data structures that include values for the cryptographic primitive, and where the values include a first value indicating a mode of encryption that indicates an order of performing an encryption operation and an authentication operation and a second value indicating a cipher type; and perform the cryptographic primitive and store an output of the cryptographic primitive in an output data structure.

Abstract: A TEE system that includes a first platform that runs a first TEE, a second platform that runs a second TEE, and a merging unit that is adapted to merge a first output from the first TEE of the first platform, with a second output from the second TEE of the second platform, so as to form an output of the TEE system. The first TEE and the second TEE are based on different implementations. In this way, the security of the system is improved, as a malicious actor even be able to access “t” machines, still would not be able to retrieve the secret unless there are multiple exploitable TEE vulnerabilities on all executing TEE platforms at the same time.

Abstract: A system (1) is configured to receive status information reflecting a current status of a device (33) and determine first status information (68,69) for presentation on a first user device (1). The first status information reflects the current status of the device. The system is further configured to cause the first status information to be presented on the first user device and cause second status information (78,79) to be presented on a second user device. The second status information reflects the current status of the device in dependence on whether a privacy mode is active for the device.

Abstract: Content conversion verification, includes: converting, at a first computer system, an original content file to a target format, generating a converted content file in the target format; generating a checksum for the converted content file; and sending the original content file and the checksum to a second computer system. Key words include content verification and checksum.

Abstract: This document describes a three-party cryptographic handshake protocol in a wireless network in which a sighter receives, from a beacon, a packet including an exponentiation of a random value and a proxy value and generates an end-to-end encrypted ephemeral identifier (E2EE-EID) from the exponentiation of the random value and the proxy value. The sighter generates a message for an owner, selects a private key, and computes an exchanged key using the private key and the E2EE-EID. The sighter extracts a common symmetric key from the exchanged key, encrypts the message using the common symmetric key, and transmits the encrypted message to the owner.

Abstract: An apparatus to verify firmware in a computing system, comprising a non-volatile memory, including firmware memory to store agent firmware associated with each of a plurality of interconnect protocol (IP) agents and version memory to store security version numbers (SVNs) included in the agent firmware, a security controller comprising verifier logic to verify an integrity of the version memory by applying a hash algorithm to contents of the version memory to generate a SVN hash, and a trusted platform module (TPM) to store the SVN hash.

Abstract: An encryption and signature device for AI model protection is provided. The encryption and signature device for AI model protection includes a key derivation unit, a model encryption unit, a model password encryption unit, an image generation unit and a signature unit. The key derivation unit is configured to derive a model key according to a model password and a derivation function. The model encryption unit is configured to encrypt an AI model according to the model key to generate an encrypted AI model. The model password encryption unit is configured to encrypt the model password to generate an encrypted model password. The image generation unit is configured to generate an image file according to the encrypted model password and the encrypted AI model. The signature unit is configured to sign the image file according to a private key to obtain a signed image file.

Abstract: A method for identifying a peripheral device from a digital content having been received by said peripheral device from a master device located at a user end is described. The master device can be connected to a server located at a back end, and the method includes receiving, by the master device from the peripheral device, at least peripheral identification data. The method also includes generating, at the master device, a first mark as a function of at least a part of the peripheral identification data, and watermarking the digital content using the first mark before transmitting the digital content to the peripheral device.

Abstract: A method for protecting content, comprising receiving, from a client device, a request for an encryption key for encrypting the content comprising a reference associated with the client device, identifying a set of supported security capabilities corresponding to the reference associated with the client device, identifying a set of required security capabilities corresponding to the content associated with the key request, determining if the set of supported security capabilities satisfy the set of required security capabilities, and in response to determining that the supported security capabilities satisfy the set of required security capabilities, transmitting the encryption key to the client device.

Abstract: Systems and methods seamlessly blend edited and unedited regions of an image. A computing system crops an input image around a region to be edited. The system applies an affine transformation to rotate the cropped input image. The system provides the rotated cropped input image as input to a machine learning model to generate a latent space representation of the rotated cropped input image. The system edits the latent space representation and provides the edited latent space representation to a generator neural network to generate a generated edited image. The system applies an inverse affine transformation to rotate the generated edited image and aligns an identified segment of the rotated generated edited image with an identified corresponding segment of the input image to produce an aligned rotated generated edited image. The system blends the aligned rotated generated edited image with the input image to generate an edited output image.

Abstract: According to an embodiment of the present disclosure, a ring-learning with rounding (LWR)-based quantum-resistant signature method includes: a key generation step of receiving a security parameter, and outputting a signature key and a verification key, via an operation on a ring defined by a cyclotomic equation including three terms; a signature value output step of outputting a signature value based on the output signature key; and a signature verification step of calculating an operation value based on the output verification key and signature value, and verifying a signature based on a result of comparing the output signature value with the calculated operation value.

Abstract: In various example embodiments, a machine is configured to redirect completion of a transaction to a trusted device. For example, the machine determines that a page involving the transaction is being displayed in a user interface of a first device. The page may be associated with the product or service. The machine identifies an interruption of the displaying of the page in the user interface of the first device. The machine identifies a second device that is trusted by the user. The machine transmits a communication including a notification to the second device. The notification indicates the transaction.

Abstract: Embodiments disclosed herein allow multiple providers to answer for DNS while having DNSSEC enabled for the same zone. To do so, the system shares DNSKEY records between autonomous DNS vendors. Sharing DNSKEY records allows customers to use multiple DNS providers with DNSSEC enabled without sharing private keys amongst providers.

Abstract: Devices and techniques for authenticated modification of a storage device are described herein. A data transmission, received at an interface of the storage device, can be decoded to obtain a command, a set of input identifications, and a first signature corresponding to data identified by the input identifications. Members of the set of input identifications can be marshalled to produce an input set. A cryptographic engine of the storage device can be invoked on the input set to produce a second signature from the input set. The first signature is and the second signature are compared to determine a match. In response to the match, the input set can be written to a secure portion of the storage device.

Abstract: A method of implementing a revocable threshold hierarchical identity-based signature scheme may include receiving an identifier associated with a user. A first secret key based on the identifier may be generated. A string and the identifier may be directed to be posted on a block of a blockchain. A second secret key may be generated using the string, the first secret key, and the identifier. The block that includes the string and the identifier may be signed using the second secret key. A message may be signed using the second secret key to generate a signature. The signature may be provided to a device. The signature may be verifiable by the device using the string and the identifier obtained from the block by the device.

Abstract: An example computer-implemented system maintains user profiles and displays external content. Method and system are provided for performing attribution of conversions with respect to the external content in a privacy safe manner by anonymizing personally identifiable information utilizing cryptographic salt.

Abstract: The disclosed embodiments are related to securely updating a semiconductor device. In one embodiment, a method comprises receiving a command; generating, by the semiconductor device, a response code in response to the command; returning the response code to a processing device; receiving a command to replace a storage root key of the device; generating a replacement key based on the response code; and replacing an existing key with the replacement key.

Abstract: A method and system for adding overtly human-perceptible supplemental audio content into a media stream to help mask audio effects of an audio watermark in the media stream. A method involves receiving a media stream that defines a sequence of audio content presentable by a content presentation device, modifying the media stream to produce a modified media stream that defines the sequence of audio content, and outputting the modified media stream for presentation by the content presentation device. The modified media stream includes an audio watermark that is machine-detectable to trigger an interactive event. Further, the act of modifying the media stream involves adding into the media stream supplemental audio content coincident with the audio watermark, to help mask the audio watermark in the modified media stream during presentation of the modified media stream by the content presentation device.

Abstract: A coupon-minter is configured to perform operations including: generating a coupon comprising encrypted discount information, wherein the encrypted discount information is encrypted with a discount key; generating, for the coupon, a hashlock from a preimage; introducing the coupon to a blockchain in association with the hashlock, wherein the blockchain is configured to permit claiming of the generated coupon only upon receiving access to the preimage used to generate the hashlock. A store-manager configured to perform operations including: claiming, using the preimage, the coupon in the blockchain; encrypting the discount key with a clearing-house public key; updating the coupon with the encrypted discount key. A clearing-house-manager configured to perform operations comprising: detecting the store-manager's claiming of the coupon; decrypting the encrypted discount key with a clearing-house private key to re-generate the discount key; and decrypting the encrypted discount information with the preimage.

Abstract: Devices, systems, and methods enabling parties with little trust or no trust in each other to enter into and enforce value transfer agreements conditioned on input from or participation of a third party, over arbitrary distances, without special technical knowledge of the underlying transfer mechanism(s), optionally affording participation of third-party mediators, substitution of transferors and transferees, term substitution, revision, or reformation, etc. Such value transfers can occur reliably without involving costly third-party intermediaries who traditionally may otherwise be required, and without traditional exposure to counterparty risk.

Abstract: A method of processing a video fragment into two or more variants of the video fragment, each variant having a different watermark, the method comprising: fragmenting a video content into a sequence of fragments; watermarking a plurality of the fragments to create two or more variants of each of the plurality of fragments, wherein the two or more variants of one fragment are watermarked using different watermarks; adjusting the length of the two or more variants for at least one of the fragments to a same adjusted length, wherein the adjusted length is indicative of a temporal position of the two or more variants of the at least one of the fragments compared to variants of other fragments in the sequence of fragments.

Abstract: A multimedia information processing method includes: parsing multimedia information to separate an audio from the multimedia information; converting the audio to obtain a mel spectrogram corresponding to the audio; determining, according to the mel spectrogram corresponding to the audio, an audio feature vector corresponding to the audio; and determining, based on an audio feature vector corresponding to a source audio in source multimedia information and an audio feature vector corresponding to a target audio in target multimedia information, a similarity between the target multimedia information and the source multimedia information.

Abstract: Systems, methods, and software can be used for securing injected codes of a browser plugin. One example of a method includes establishing a code package to be injected into a web page. The code package comprises at least one element, and the at least one element includes a first script to be executed before executing a code of the web page. The method further includes injecting the at least one element to the web page to execute the first script. The execution of the first script comprises generating a script element comprising one or more secrets. The method further comprises appending the script element to the web page and deleting the script element from the web page.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for detecting errors that can occur in third party content presentation and verifying that third party content provided by a content provider to a content platform is actually displayed and is visible to the user when the content platform is accessed on the client device. Methods can include receiving, from an application executing on a client device, a request to generate a digitally signed token that is used to validate whether a particular content item displayed at the particular portion of the display is a third party content item. A digital watermark embedded at the particular portion of the display can be extracted and decoded to obtain data for attributes that are descriptive of the particular content item. A digitally signed token can be generated using this data, and the token can then be provided to application.

Abstract: Apparatuses, systems, devices, mechanisms, and methods are used to locate an ABTT terminus and then to measure the temperature of the ABTT terminus.

Abstract: Secure communication between users and resources of an electrical infrastructure and associated systems and methods. A representative secure distributed energy resource (DER) communication system provides for the creation of trust rules that govern the permitted communications between users and resources of an electrical infrastructure system, and the enforcement of the trust rules.

Abstract: A method for controlling one of a plurality of voting servers in an electronic voting system is provided. The method includes receiving, from a terminal, transaction data including voting data, and generating, using a processor, a block including the transaction data and dummy transaction data. The dummy transaction data including dummy voting data that is not associated with the voting data. The method further connects the generated block to a blockchain, the blockchain being stored in a memory.

Abstract: Provided is a method for generating a digital signature of an input message (M) based on a secret key (dA) of a client device having access to a first set and a second set of precomputed data stored in a storage unit. The first set of precomputed data comprises private element parts (ki) protected with an homomorphic encryption. The second set of precomputed data comprises public element parts (Qi) paired with the private element parts of the first set. Each private element part is a discrete logarithm of the public element part paired therewith. The private element (k), can be homomorphically encrypted, by combining homomorphically encrypted private element parts selected in the first set (ki). The selection of the public and private element parts depends on the input message. Other embodiments are disclosed.

Abstract: A computer program product includes one or more computer readable storage media, and program instructions collectively stored on the one or more computer readable storage media, the program instructions include program instructions to authenticate an application as authorized to perform encryption and program instructions to receive data at an authenticated encryption layer. The program instructions include program instructions to encrypt the data using an encryption key, wherein the encryption key is not available to the application, and program instructions to generate a watermark token of the encrypted data. The program instructions include program instructions to generate a watermark of the encrypted data using the watermark token and a watermark key and program instructions to send the encrypted data, the watermark token, and the watermark to a storage system. The storage system is configured to verify the encrypted data for storage using the watermark key.

Abstract: Client identifier watermarks in media signals are disclosed. An example apparatus to watermark a multilayered file includes a watermark storage to store media identifiers. The example apparatus also includes an encoder to encode a first bit sequence in the media file on a first encoding layer of a multilayered watermark, the first bit sequence to include a client identifier of a client associated with the media file, and encode a second bit sequence in the media file on a second encoding layer of the multilayered watermark, the second bit sequence to include a media identifier to identify media corresponding to the media file.

Abstract: It is provided a method for controlling access to a physical space using a co-sign delegation. The method is performed in a lock device and comprises the steps of: receiving an access request from an electronic key; obtaining a plurality of delegations, wherein each delegation is a delegation from a delegator to a delegatee, the plurality of delegations collectively forming a chain of delegations; determining that a delegation is a co-sign delegation, indicating that all further delegations need to be cryptographically signed by both the delegator of the respective delegation and by an access controller; and granting access to the physical space when the chain of delegations start in an owner of the lock device and ends in the electronic key; and when all delegations in the chain of delegations after the co-sign delegation are cryptographically signed by both the delegator of the respective delegation and by the access controller.

Abstract: Presented herein are certificate-based techniques through which a Radio Interface Unit may be securely onboarded to a service provider network. In one example, a method is provided that includes obtaining, by a Dynamic Host Configuration Protocol (DHCP) server, an address assignment request for the, wherein the address assignment request comprises a vendor device certificate, a signed nonce, a non-encrypted serial number for the RIU, a signed serial number for the RIU, and a vendor identifier; validating the vendor device certificate, the signed nonce, and the signed serial number for the RIU based on a vendor root certification authority certificate; validating the non-encrypted serial number for the RIU; and generating an address assignment response based on validating the non-encrypted serial number for the RIU, the vendor device certificate, the signed nonce, and the signed serial number for the RIU.

Abstract: Systems and procedures are provided for validating an IHS (Information Handling System) as operating using only factory-provisioned lockable devices. During factory provisioning of the IHS, a signed inventory certificate is uploaded to the IHS that includes an inventory of factory-provisioned lockable devices and also includes encrypted code(s) for accessing the lockable devices. Upon delivery and initialization of the IHS, the inventory certificate is retrieved by a pre-boot validation process. An inventory of detected lockable devices of the IHS is then collected. The validation process compares the collected inventory of detected lockable devices against the inventory of factory-provisioned lockable devices from the inventory certificate in order to validate the IHS is operating using only factory-provisioned lockable devices.

Abstract: A system and method for enabling secure device-to-device (D2D) communication between a plurality of user devices. The method includes providing public and private keys for each of the user devices, the private key arranged to decrypt data encrypted by the corresponding public key. A sender user device creates a digital signature using its private key. The sender double-encrypts a transmission using both the public keys of a recipient user device and a first relay user device. The transmission is transmitted from the sender to the recipient through a plurality of relay user devices. Each relay user device receives the transmission, decrypts a first layer of encryption with its private key, encrypts the transmission with the public key of a subsequent user device; and forwards the data transmission to the subsequent user device. The recipient authenticates the digital signature of the sender using the public key of the sender.

Abstract: A first request to send a message via a communication channel of the plurality of communication channels is received via a first application programming interface (API) call. The first request is received from a client device associated with a client account and includes an identifier of a content resource having message content for the message. The content resource is obtained based on the identifier. The message is prepared based on the first request and the content resource. The prepared message is sent to a recipient device via the communication channel.

Abstract: According to one embodiment, a server device includes a memory and a processor. The memory stores verification information. The processor accepts a request to transmit a certificate number, generates information in which identification information of one of storage devices from which data is to be erased, a public key, a secret key, and the certificate number are associated with one another, transmits the certificate number, performs verification using an authenticator transmitted by the one storage device and verification information, generates, based on a result of the verification, an erasure certificate that includes the identification information and the certificate number and is signed using the secret key, and transmits the erasure certificate.

Abstract: Various embodiments relate to a method for multiplying a first and a second polynomial in a ring q [X]/(Xn+1) where q is a positive integer.

Abstract: Disclosed are systems, methods, and non-transitory computer-readable media for distributed DCP over internet. A client-side digital content delivery device receives a digital cinema package (DCP) for a digital movie from a remote digital content delivery system. The DCP includes a unique digital watermark applied by the content delivery system. In response to receiving an input to cause playback of the digital movie, the client-side digital content delivery device compares a unique device identifier for a display device paired to the client-side digital content delivery device to an authorized unique identifier. If the unique device identifier matches the authorized unique identifier, the client-side digital content delivery device uses the DCP to causes presentation of the digital movie by the display device paired to the client-side digital content delivery device.

Abstract: A method includes establishing a first funds transfer account associated with a first device and a second funds transfer account with a second device, funding at least the first fund account, and selecting the second device as the recipient of a funds transfer from the first device. The method further includes sending a communications link request from the first device to the second device and receiving acceptance of the communications link request from the second device. The method then establishes a communications link between the first device and the second device, initiates a funds transfer from the first device to the second device, wherein the amount is designated at the first device, and verifies the funds transfer amount, the first funds transfer account, and the second funds transfer account. Then, the method transfers the amount to the second funds transfer account associated with second device.