Abstract: Methods and systems for managing secrets are disclosed. To manage secrets, backups of the secrets may be obtained to facilitate future recoveries of the secrets. While backed up, the secrets may be protected with a security model. The security model may prescribe how decryption keys are maintained, and how various copies of the backed up secrets are to be separated from the decryption keys for encrypted copies of the secrets. When access to a secret is lost, a recovery may be performed using a corresponding encrypted backup of the secret.

Abstract: Disclosed in embodiments of the present application are an identity authentication method and apparatus, a device, a chip, a storage medium, and a program. Identify information of a requesting device and an authentication access controller is subjected to confidential processing to prevent the identify information of the requesting device and the authentication access controller from being exposed in a transmission process, so as to ensure that an attacker cannot obtain the private and sensitive information. Moreover, an authentication server is introduced, such that real-time authentication of bidirectional identity between the requesting device and the authentication access controller is achieved while the confidentiality of entity identity related information is guaranteed.

Abstract: A method of operating a power plant is provided. The method includes generating, with the one or more power generators, a total plant power. The method further includes supplying, with a back up power source, a backup power output. The method further includes providing a first portion of the total plant power to one or more auxiliary devices to meet an auxiliary demand. The method further includes providing at least one of a second portion of the total plant power and the backup power output to the flexible firm skid to meet the flexible firm demand. The method further includes providing a third portion of the total plant power to a power grid outside of the power plant to meet a grid demand.

Abstract: A non-transitory computer-readable media, method, and server for detecting and addressing vulnerabilities are described. For example, a server receives a security advisory of a vulnerability of a function in a third-party library, accesses a version control system of the third-party library to identify fix commits that address the vulnerability, determines files corresponding to functions in the third-party library that include the vulnerability, performs a comparison before and after a code change was made to the files, identifies functions that included the vulnerability and have been modified to address the vulnerability, performs a search for component versions that include the individual functions that included the vulnerability, generates an enriched vulnerability description that includes identifiers of package versions that include: fixed versions and vulnerable versions of the functions, and modifies project code in a development system to use the fixed versions of the functions.

Abstract: An electronic device includes processing circuitry and one or more memories, including a non-volatile memory. Ephemeral cryptographic key generation circuitry, in operation, applies a function to code stored in the non-volatile memory, generating an ephemeral cryptographic key. Cryptographic circuitry coupled between the processing circuitry and the one or more memories, in operation, performs one or more cryptographic operations on data using the generated ephemeral cryptographic key. The device may include a register, which, in operation, temporarily stores the generated ephemeral cryptographic key.

Abstract: Methods, systems, and apparatuses are described herein for improving computer authentication processes through the exclusion of certain merchants that may cause confusion. Indications of a plurality of different merchants, including merchant logos may be received. The indications may be processed to identify at least one similarity between a first merchant and a second merchant. A request for access to an account associated with a user and transaction data corresponding to the account may be received. Based on the similarity between the first merchant and the second merchant, at least one transaction corresponding to the first merchant may be removed to generate processed transaction record. An authentication question may be generated and a candidate response to the authentication question may be received. Based on the candidate response, access to the account may be provided.

Abstract: A method for verifying content data to be used in a vehicle is provided. The method includes acquiring content data, acquiring, from partial data divided from the content data, a respective plurality of first hash values, acquiring a signature generated by using the first hash values and a key, acquiring state information that indicates a state of a vehicle, determining an integer N that is greater than or equal to one based on the acquired state information, generating, from N pieces of partial data included in the partial data, respective second hash values, verifying the content data by using each of (a) a subset of the plurality of first hash values respectively generated from partial data other than the N pieces of partial data, (b) the second hash values, and (c) the signature, and outputting information that indicates a result of the verifying.

Abstract: A virtual machine management system may support backup and recovery for virtual machines that support various applications. The virtual machine management system may process a backup snapshot of the virtual machine to identify security risks in the virtual machine. A cloud platform may communicate with the virtual machine management system to support backup processing. The cloud platform may identify security configuration information and transmit such information and transmit indications of the information to the virtual machine management system. The cloud platform may receive an indication of one or more security risks and generate notifications that indicate the security risks.

Abstract: Methods and systems for generating electronic signatures are disclosed. In some embodiments, the method includes: storing pixel features of a signing device; capturing, via an imaging device, a plurality of image frames including the pixel features of the signing device; identifying in the plurality of image frames, by a processor, first pixels matching the stored pixel features of the signing device; generating, by the processor, a first image including the identified pixels; and connecting, by the processor, the identified pixels to form at least one line drawing representing a signature.

Abstract: A computer-implemented method comprising receiving a digital media signal from a creator; segmenting the media signal into sequential discrete segments; selecting a subset of the sequential discrete segments; iteratively, for each discrete segment, (i) generating a segment vector, (ii) generating an encrypted metadata vector based on media signal metadata, (iii) combining the segment vector and the metadata vector, (iv) applying a modulo operation to the combined vector to obtain a hidden pattern vector, (v) generating an encrypted creator vector, (vi) subtracting the hidden pattern vector from the creator vector to obtain a signature vector, (vii) modifying selected values in the discrete segment, based on the signature vector, to obtain a modified discrete segment; and outputting a modified version of the media signal comprising all of the modified discrete segments.

Abstract: A system is disclosed that includes a computer. The computer includes a processor and a memory. The memory includes instructions such that the processor is programmed to: group a plurality of endpoints based on evaluation result data for each endpoint of the plurality of endpoints; determine a target system configuration for the group; and transmit the target system configuration to a software agent corresponding to each endpoint of the plurality of endpoints.

Abstract: Disclosed are techniques for monitoring and identifying attempts to subvert a security wall within a network infrastructure.

Abstract: A device includes: an input/output unit configured to receive input of the binary of the software to be monitored in which a tamper detection feature and tamper detection feature calling functions are embedded; a CFG (control flow graph) generation unit configured to generate a CFG based on the binary; and an allowed list creation unit configured to determine the monitoring range for the tamper detection feature calling functions based on the CFG. The allowed list creation unit sequentially selects the tamper detection feature calling functions on the CFG, adds a node to the monitoring range for the selected tamper detection feature calling functions according to a predetermined rule, searches for the tamper detection feature calling function to be be executed next to the added node according to the predetermined rule, and adds the found tamper detection feature calling function to the monitoring range for the selected tamper detection feature calling functions.

Abstract: Systems and methods are described herein for providing content item recommendations based on a video. Using feature vectors corresponding to at least one frame of a video (e.g., generated based on texture and shape intensity of a frame), a recommendation system improves content recommendation using analytic and quantitative characteristics derived from a frame of a content item rather than merely manually labeled bibliographic data (e.g., a genre or producer). The recommendation system may generate a feature vector based on a texture, a shape intensity (e.g., generated from a Generalized Hough Transform), and temporal data corresponding to at least one frame of a video. The feature vector is analyzed using a machine learning model (e.g., a neural network) to produce a machine learning model output. The recommendation system causes a recommended content item to be provided based on the machine learning model output.

Abstract: Embodiments relate to methods and systems for object location tracking of one object from among many objects in a same vicinity. An example method includes: affixing a location tracking device to each of the one object and the many objects, the location tracking device being configured to: detect a movement state of the location tracking device; in response to detecting the movement state, establish a connection to identify itself to an external server and to identify a location of the location tracking device and the one object; and if the connection is established, then allow connection with one or more other location tracking devices, so that the one or more other location tracking devices can be identified to the external server to identify the location of the one or more location tracking devices.

Abstract: A method for sharing of digital health data in a travel environment is provided. Traveler's identities are managed using a distributed ledger system, that includes a global identity blockchain, security blockchains, and a health blockchain. The method comprises sending a request for predetermined number of health data records, receiving consecutive access keys for the requested records and a zero knowledge proof, verifying the zero knowledge proof, wherein the zero knowledge proof validates a latest access key of the consecutive access keys. Upon verification, retrieving the health data records from the health blockchain based on hashed access keys, wherein the hashed access keys are generated from the consecutive access keys, and verifying the consecutive access keys provided by the traveler using hashed previous access keys included in the retrieved health data records, to determine whether the traveler has provided the access keys required for the retrieved health data records as requested.

Abstract: A system for watermarking a USB Type-C and PD protocol hardware sub-system existing as a part of a SOC/IC system includes a tester to generate a watermarking signal, a device under test (DUT), wherein the DUT is configured with a USB Type-C port with power delivery implementation and including a hardware subsystem configured for watermarking the DUT and transmit a response signal upon receipt of the watermarking signal from the tester. The tester includes a controller including one or more processors that execute a set of executable instructions that are stored in a memory, upon which execution, the processor causes the controller to generate the watermarking signal, the watermarking signal comprises a custom signal and a custom packet associated with a configured custom signal stored in a data buffer that is associated with the SOC/IC system, and transmit the watermarking signal on one or more configuration channel (CC) lines.

Abstract: Disclosed is a semiconductor memory device and a memory system, including at least one high-bandwidth memory device configured to store data or output stored data according to an access command, a processor configured to generate the access command for the high-bandwidth memory device, and a logic die on the high-bandwidth memory device and including a last level cache providing a cache function to the processor. The last level cache is configured to perform a cache bypassing operation to directly access the high-bandwidth memory device without a cache replacement operation when an invalid line and a clean line do not exist in a cache miss state in response to a cache read or cache write request by the processor.

Abstract: A storage device includes a memory that includes a firmware image area, and a memory controller that receives a first firmware image that includes a firmware signature, firmware data, a first certificate that includes a first certificate public key, and a second certificate that includes a second certificate public key. The memory controller verifies the first certificate using the second certificate public key, compares a hash value of the firmware data with the firmware fingerprint when the first certificate is verified, verifies the firmware signature using the first certificate public key when the hash value of the firmware data matches the firmware fingerprint, and stores the first firmware image in a firmware image area when the firmware signature is verified.

Abstract: A wireless communication device serves a user application from a protected memory region. Processing circuitry receives a memory call from the user application for the protected memory region. In response, the processing circuitry generates network signaling that characterizes the memory call and authorization factors for the memory call. Communication circuitry wirelessly transfers the network signaling and receives other network signaling that indicates a memory instruction. The processing circuitry directs the memory circuitry to perform the memory call in the protected memory region for the user application per the memory instruction. The memory circuitry performs the memory call in the protected memory region for the user application per the memory instruction.

Abstract: Disclosed herein are an apparatus and method for distributed consensus in an environment in which a fraction of Byzantine nodes is dynamically changed. The distributed consensus apparatus in a dynamic Byzantine fraction environment includes one or more processor and executable memory for storing at least one program executed by the one or more processors. The at least one program is configured to calculate a stochastic variable for the probability that a preset fraction of Byzantine nodes is changed using the probability that at least one of consensus candidate nodes corresponding to a preset consensus quorum is changed to a Byzantine node and to perform distributed consensus using the stochastic variable in the dynamic Byzantine fraction environment.

Abstract: Techniques for allowing third-party DNS service providers to programmatically initiate changes to DNS resource records using an interface provided by a registrar or registry are disclosed. Further, techniques for validating change requests received at such an interface are disclosed. The disclosed techniques reduce errors and increase convenience.

Abstract: A computer implemented method is provided for creating and using a secret zero by multiple participants in a group. The secret zero is representative of a master secret that protects other secrets. The method includes creating, by a computing device of each participant, a message comprising a second public key, a commitment to a polynomial, a plurality of encrypted private key shares assigned to the other participants, a plurality of signatures associated with the private key shares assigned to the other participants, and a commitment of a symmetric key. The method also includes broadcasting, by the computing device of each participant, an encrypted version of the message to the group of participants. The method further includes broadcasting, by the computing device of each participant, the symmetric key to the group after all other participants have completed broadcasting their messages.

Abstract: A cross-blockchain data processing method is provided. The method includes: obtaining an asset transfer instruction triggered for a first asset on the first blockchain, and configuring an asset state of the first asset to a locked state on the first blockchain; determining the first asset in the locked state as an asset, and determining a cross-chain asset transfer request corresponding to the asset; obtaining an asset transfer interface associated with a second blockchain, and calling the asset transfer interface to transmit the cross-chain asset transfer request to a second server node on the second blockchain; and receiving signing response information transmitted by the second server node in response to determining that the verification succeeds, freezing the asset on the first blockchain according to the signing response information, and notifying the second server node to release a second asset associated with the asset on the second blockchain.

Abstract: System and methods are provided for selecting reference units for calibration of OTA testing stations. Various embodiments include selecting a reference unit for over-the-air (OTA) testing, the selecting including responsive to conducting one or more tests for a plurality of test items on a plurality of units via an OTA testing station, collecting test result values for each of the plurality of test items; calculating a sum of all errors for each of the units, wherein the errors represent a deviation from an average result for each of the test items; determining a unit which exhibits a lowest sum value of all of the errors, wherein the unit is determined as a reference unit for calibrating the OTA testing station; and testing a wireless device with the reference unit.

Abstract: Systems, methods, and devices that relate to the improvement of controlling impersonating attacks from foreign networks are disclosed. In one example aspect, a method for wireless communication includes receiving, by a policy control node, a request message from a first network node. The request message comprising a first identifier indicating a first public land mobile network associated with an establishment of a bearer or a session for a terminal device. The method includes transmitting a query to a second network node in the core network to obtain a second identifier of a second public land mobile network associated with a registration of the terminal device. The method also includes accepting or rejecting, by the policy control node, the establishment of the bearer or the session for the terminal based on whether the first identifier matches the second identifier.

Abstract: Provided is a computer-implemented video processing method. The method comprises receiving a stream of original images related to a video access event and creating a stream of output images corresponding to the original images. The output images include first images comprising a hidden digital forensic marker and second images comprising a visible digital forensic marker. The hidden marker and the visible marker each encode information related to the video access event. The stream of output images is output onto a network or caused to be displayed on a screen. The visible marker serves as a deterrent for distribution or recording, and if an attempt is made to remove it, the hidden marker remains in the image, allowing the information relevant to the video access event to be recovered. Also provided are a method of integrity detection for a stream of images containing markers, and a method of embedding a dynamic marker.

Abstract: A method for caching and deduplicating a plurality of received segments of data is disclosed. The method comprises identifying a value of a first data field in each segment acting as a unique source identifier; and identifying a value of a second data field in each segment, the second data field being densely populated by values in the plurality of segments. The value of the second data field is partitioned into a first partition comprising more significant bits and a second partition comprising less significant bits. A key is generated based on values of the first data field and the first partition. A database entry associates the first key with a bitmap, the bitmap having a length based on the number of possible values a bitmap of equal length to the second partition could validly take. Single bits of the bitmap are set corresponding to received segments, to enable deduplication.

Abstract: An information processing apparatus and an information processing method capable of improving convenience of a device in which a virtual machine is able to operate are provided. The information processing apparatus includes a processing unit having a function for controlling execution of processing regarding a virtual machine, in which a virtual machine program that operates the virtual machine is associated with condition information that includes information indicating a region of a recording medium and indicates a condition under which the virtual machine is operated, a code of the virtual machine program, and a first electronic signature generated on the basis of the condition information, and the processing unit controls the execution of the processing regarding the virtual machine on the basis of a confirmation result of the first electronic signature associated with the virtual machine program.

Abstract: Systems and methods described relate to executing, by a third computing entity different from a first computing entity and a second computing entity, a smart contract generated by the first computing entity and the second computing entity. A verification key is determined based on a power of a secret, the power of the secret being based on first and second sets of elliptic curve points. The smart contract comprising a first input from the first computing entity and a second input from the second computing entity are received. The smart contract is executed by computation of a function on an input to produce an output. A proof of correct execution of the smart contract is produced. A blockchain transaction is generated using an output of the smart contract. The generated blockchain transaction using the verification key and the proof of correct execution is validated by a fourth computing entity.

Abstract: An artificial intelligence (AI) and machine learning (ML) (collectively “AI/ML”) system that provides dynamic detection of potential of resource updates, authentication of the resources updates, and tracking of the links between resources through the use of resource signatures. The resource signatures may provide an indication of the application information, the resources that are accessed by the application, and the resources that access the application. As such, the AI/ML system can monitor and track the applications and updated resources that interact with the applications in order to identify any potential security issues, as well as to optimize and standardize the use of resources by the users when developing applications.

Abstract: Variable data printing workflows are enhanced for use with content that includes 2D code patterns, such as digital watermark data. One arrangement includes applying a filter to a content stream within a PDF document to extract both first variable pattern data for a first watermark pattern and second variable pattern data for a second watermark pattern. A first composite watermark pattern is then defined based on the extracted first variable watermark pattern data in conjunction with static watermark pattern data, and a second composite watermark pattern is defined based on the extracted second variable watermark pattern data in conjunction with the static watermark pattern data. A variety of other features and arrangements are also detailed.

Abstract: Aspects of the present disclosure provide systems, methods, apparatus, and computer-readable storage media that support securing code by dynamically inserting digital signatures in target code and maintaining the digital signatures in a linked structure (e.g., a blockchain-type structure).

Abstract: A method for publicly verifiable symmetric cryptography is disclosed. The method includes: obtaining an initial encrypted key and a homomorphic public key; obtaining a first message and an initial signature; calculating an initial hashed value of the first message; setting a cryptographic function of the initial hashed value of the first message and an initial private key; generating an evaluated value based on the cryptographic function, the homomorphic public key, the initial encrypted key, and the initial hashed value of the first message; and transmitting, at the verifier, a verification result based on a hashed value of the initial signature and the evaluated value. Other aspects, embodiments, and features are also claimed and described.

Abstract: A method and system for public key infrastructure (PKI) in software defined vehicles enables secure communication between electronic components. The method includes establishing trust between multiple electronic components through a certificate history comprising signed public keys stored on each component. Once trust is established through attestation between components, the method utilizes signed Diffie-Hellman key exchange to securely distribute symmetric keys to the trusted components. These symmetric keys enable authenticated communication between the components to control vehicle systems and functions. The system operates locally without requiring internet connectivity or specialized service tools, allowing for secure field replacement and upgrading of components while maintaining system security through verification of component authenticity and prevention of counterfeit hardware.

Abstract: A laser-scanning method may include obtaining scan data captured by a laser scanner in which the laser scanner includes a first private key that uniquely corresponds to the laser scanner. The laser-scanning method may include obtaining a first digital signature corresponding to the obtained scan data that is generated based on the scan data and the first private key. The laser-scanning method may include validating the first digital signature using a first public key that corresponds to the first private key and generating a report that summarizes results of the validating. The laser-scanning method may include transforming and aggregating, by a scan data aggregator, the scan data as aggregated scan data and generating a second digital signature corresponding to the aggregated scan data. The second digital signature may be generated by signing hashes corresponding to the aggregated scan data using a second private key corresponding to the scan data aggregator.

Abstract: An end-to-end mechanism is disclosed herein for transporting encrypted messages over hypertext transport protocol (HTTP) sent to a group of recipients. In particular, the disclosed mechanism receives a message (e.g., as an input from a user) and encrypts that message using an encryption mechanism with a key unique to a particular user and to the message (e.g., different messages are encrypted using different keys). The encrypted message is then stored in a generated object along with other metadata needed for message processing. Once the object is generated, it is signed and encoded into a binary representation that is then sent to a server. The server system receives the binary representation and decodes it back into the object. The metadata of the object is then used to route the message to the correct recipient applications for decryption.

Abstract: Methods, systems, and devices that support determining whether media data has been altered are described. Captured media data may be segmented into one or more subsets, and cryptographic representations (e.g., hashes) based on the subsets may be written to an immutable ledger, possibly along with metadata and other related data. A block of a blockchain may be created for each entry in the immutable ledger. A set of media data may be validated, if a corresponding immutable ledger exists, based on segmenting the set of media data into one or more subsets in accordance with the segmenting upon capture, creating candidate cryptographic representations (e.g., hashes) based on the subsets, and comparing the candidate cryptographic representations with contents of the corresponding immutable ledger.

Abstract: Provided is a data recording apparatus including a key exchange unit for exchanging a first encryption key with a system in response to authentication by the system, a data collection unit for collecting measurement data obtained by measuring a physical quantity associated with a measurement target, a data recording unit for recording the measurement data, and a data transmission unit for transmitting the measurement data encrypted using the first encryption key to the system. In addition, provided is a system including a key management unit for exchanging a first encryption key with a data recording apparatus in response to authentication of the data recording apparatus, a data obtaining unit for obtaining measurement data obtained by measuring a physical quantity associated with the measurement target encrypted by the data recording apparatus using the first encryption key, and a data management unit for managing the measurement data using a distributed ledger technology.

Abstract: Generally discussed herein are devices, systems, and methods for digital signature generation security. A method can include generating, by a first device, a first random number, in generating a signature for a communication, masking, using the first random number, only a private key, a hash of the communication, or a combination thereof, and providing the signature with the communication to a second device.

Abstract: Systems and methods which offer a loyalty program affiliated with different entities associated with an enterprise.

Abstract: A request to install a first version of a software application is received. The first version of the software application is stored in a first blockchain in a first distributed blockchain ledger. In response to receiving the request to install the first version of the software application, the first version of the software application is validated by running a hash of the first blockchain. In response to validating the first version of the software application, the first version of the software application is installed from the blockchain to a device. The software application may also be validated after being installed to the device.

Abstract: Apparatus, systems, methods, and articles of manufacture related to end-point media watermarking are disclosed. An example device includes a media receiver to receive a media signal, a watermark generator to generate a watermark, a trigger to activate the watermark generator to generate the watermark based on an external input, an encoder to encode the media signal with the watermark to synthesize an encoded media signal, a media output to render the encoded media signal.

Abstract: A method of processing a multimedia fragment into two or more variants of the multimedia fragment, each variant having a different watermark, the method comprising: fragmenting a multimedia content into a sequence of fragments; watermarking a plurality of the fragments to create two or more variants of each of the plurality of fragments, wherein the two or more variants of one fragment are watermarked using different watermarks; adjusting the length of the two or more variants for at least one of the fragments to a same adjusted length, wherein the adjusted length is indicative of a temporal position of the two or more variants of the at least one of the fragments compared to variants of other fragments in the sequence of fragments.

Abstract: A method includes populating a template database with templates associated with template identifiers (IDs) identifying the templates. The method also includes generating a data model that references a template within the template database, where the data model includes a template ID referencing the template in the template database, and where the template includes a parameter field. The data model further includes a template parameter to apply to the parameter field and a digital signature for at least the template ID and the template parameter. The method also includes deploying the data model within a distributed ledger.

Abstract: Methods and system for managing partial private keys for cryptography-based, storage applications used in blockchain operations and/or facilitating secure authentication when conducting blockchain operations using cryptography-based, storage applications. For example, the methods and system may perform a plurality of blockchain operations for digital assets stored in a first cryptography-based, storage application, wherein the first cryptography-based, storage application corresponds to a first partial private key, and wherein the first partial private key is stored on a first user device, and wherein the second partial private key is not accessible to platform service facilitating the first cryptography-based, storage application.

Abstract: Systems and methods for managing digital identities. In some embodiments, a method is provided, comprising acts of: receiving a request to validate at least one statement about a user; identifying, from the request, a reference to a distributed ledger, the reference comprising an identifier for the distributed ledger and an identifier for a transaction recorded on the distributed ledger; identifying, based at least in part on the identifier for the distributed ledger, at least one node of a network of nodes managing the distributed ledger; and communicating with the at least one node to validate the at least one statement about the user.

Abstract: A virtual machine comprises a browser and an output unit configured to output a file generated while the browser interprets and processes a Web page to storage, which is different from a storage region that the virtual machine has and can be shared with another virtual machine different from the virtual machine.

Abstract: A computer-implemented method comprising, at a verifying nodes of a blockchain network: obtaining a first transaction which comprises runnable code; receiving a second transaction which includes information comprising at least a submitted instance of an r-part and an s-part of a first ECDSA signature, and further comprising a nonce; and miming the code from the first transaction. The code is configured to verify that HPoW(ƒ(r, d)) meets a predetermined condition defined in the code, and to return a result of true on condition thereof, where r is the submitted instance of the r-part, d is the nonce, HPoW is a hash function, and f is a function combining q and d.

Abstract: Embodiments describe systems and methods for analyzing digital certificates. A computer-implemented method can include identifying a plurality of digital certificates, individual digital certificates of the plurality of digital certificates including respective internal information. External information associated with the individual digital certificates can be determined, the external information not contained within the respective digital certificate. The external information can be updated in a database with additional external information that is collected on a periodic basis. A query can be run against the database to identify one or more vulnerable digital certificates associated with a client based on the internal information and the external information. A notification can be sent to the client regarding the one or more vulnerable digital certificates.