Abstract: An information processing apparatus and an information processing method capable of improving convenience of a device in which a virtual machine is able to operate are provided. The information processing apparatus includes a processing unit having a function for controlling execution of processing regarding a virtual machine, in which a virtual machine program that operates the virtual machine is associated with condition information that includes information indicating a region of a recording medium and indicates a condition under which the virtual machine is operated, a code of the virtual machine program, and a first electronic signature generated on the basis of the condition information, and the processing unit controls the execution of the processing regarding the virtual machine on the basis of a confirmation result of the first electronic signature associated with the virtual machine program.

Abstract: Systems and methods described relate to executing, by a third computing entity different from a first computing entity and a second computing entity, a smart contract generated by the first computing entity and the second computing entity. A verification key is determined based on a power of a secret, the power of the secret being based on first and second sets of elliptic curve points. The smart contract comprising a first input from the first computing entity and a second input from the second computing entity are received. The smart contract is executed by computation of a function on an input to produce an output. A proof of correct execution of the smart contract is produced. A blockchain transaction is generated using an output of the smart contract. The generated blockchain transaction using the verification key and the proof of correct execution is validated by a fourth computing entity.

Abstract: A method for caching and deduplicating a plurality of received segments of data is disclosed. The method comprises identifying a value of a first data field in each segment acting as a unique source identifier; and identifying a value of a second data field in each segment, the second data field being densely populated by values in the plurality of segments. The value of the second data field is partitioned into a first partition comprising more significant bits and a second partition comprising less significant bits. A key is generated based on values of the first data field and the first partition. A database entry associates the first key with a bitmap, the bitmap having a length based on the number of possible values a bitmap of equal length to the second partition could validly take. Single bits of the bitmap are set corresponding to received segments, to enable deduplication.

Abstract: An artificial intelligence (AI) and machine learning (ML) (collectively “AI/ML”) system that provides dynamic detection of potential of resource updates, authentication of the resources updates, and tracking of the links between resources through the use of resource signatures. The resource signatures may provide an indication of the application information, the resources that are accessed by the application, and the resources that access the application. As such, the AI/ML system can monitor and track the applications and updated resources that interact with the applications in order to identify any potential security issues, as well as to optimize and standardize the use of resources by the users when developing applications.

Abstract: A method for publicly verifiable symmetric cryptography is disclosed. The method includes: obtaining an initial encrypted key and a homomorphic public key; obtaining a first message and an initial signature; calculating an initial hashed value of the first message; setting a cryptographic function of the initial hashed value of the first message and an initial private key; generating an evaluated value based on the cryptographic function, the homomorphic public key, the initial encrypted key, and the initial hashed value of the first message; and transmitting, at the verifier, a verification result based on a hashed value of the initial signature and the evaluated value. Other aspects, embodiments, and features are also claimed and described.

Abstract: Variable data printing workflows are enhanced for use with content that includes 2D code patterns, such as digital watermark data. One arrangement includes applying a filter to a content stream within a PDF document to extract both first variable pattern data for a first watermark pattern and second variable pattern data for a second watermark pattern. A first composite watermark pattern is then defined based on the extracted first variable watermark pattern data in conjunction with static watermark pattern data, and a second composite watermark pattern is defined based on the extracted second variable watermark pattern data in conjunction with the static watermark pattern data. A variety of other features and arrangements are also detailed.

Abstract: Aspects of the present disclosure provide systems, methods, apparatus, and computer-readable storage media that support securing code by dynamically inserting digital signatures in target code and maintaining the digital signatures in a linked structure (e.g., a blockchain-type structure).

Abstract: A method and system for public key infrastructure (PKI) in software defined vehicles enables secure communication between electronic components. The method includes establishing trust between multiple electronic components through a certificate history comprising signed public keys stored on each component. Once trust is established through attestation between components, the method utilizes signed Diffie-Hellman key exchange to securely distribute symmetric keys to the trusted components. These symmetric keys enable authenticated communication between the components to control vehicle systems and functions. The system operates locally without requiring internet connectivity or specialized service tools, allowing for secure field replacement and upgrading of components while maintaining system security through verification of component authenticity and prevention of counterfeit hardware.

Abstract: Methods, systems, and devices that support determining whether media data has been altered are described. Captured media data may be segmented into one or more subsets, and cryptographic representations (e.g., hashes) based on the subsets may be written to an immutable ledger, possibly along with metadata and other related data. A block of a blockchain may be created for each entry in the immutable ledger. A set of media data may be validated, if a corresponding immutable ledger exists, based on segmenting the set of media data into one or more subsets in accordance with the segmenting upon capture, creating candidate cryptographic representations (e.g., hashes) based on the subsets, and comparing the candidate cryptographic representations with contents of the corresponding immutable ledger.

Abstract: Provided is a data recording apparatus including a key exchange unit for exchanging a first encryption key with a system in response to authentication by the system, a data collection unit for collecting measurement data obtained by measuring a physical quantity associated with a measurement target, a data recording unit for recording the measurement data, and a data transmission unit for transmitting the measurement data encrypted using the first encryption key to the system. In addition, provided is a system including a key management unit for exchanging a first encryption key with a data recording apparatus in response to authentication of the data recording apparatus, a data obtaining unit for obtaining measurement data obtained by measuring a physical quantity associated with the measurement target encrypted by the data recording apparatus using the first encryption key, and a data management unit for managing the measurement data using a distributed ledger technology.

Abstract: A laser-scanning method may include obtaining scan data captured by a laser scanner in which the laser scanner includes a first private key that uniquely corresponds to the laser scanner. The laser-scanning method may include obtaining a first digital signature corresponding to the obtained scan data that is generated based on the scan data and the first private key. The laser-scanning method may include validating the first digital signature using a first public key that corresponds to the first private key and generating a report that summarizes results of the validating. The laser-scanning method may include transforming and aggregating, by a scan data aggregator, the scan data as aggregated scan data and generating a second digital signature corresponding to the aggregated scan data. The second digital signature may be generated by signing hashes corresponding to the aggregated scan data using a second private key corresponding to the scan data aggregator.

Abstract: An end-to-end mechanism is disclosed herein for transporting encrypted messages over hypertext transport protocol (HTTP) sent to a group of recipients. In particular, the disclosed mechanism receives a message (e.g., as an input from a user) and encrypts that message using an encryption mechanism with a key unique to a particular user and to the message (e.g., different messages are encrypted using different keys). The encrypted message is then stored in a generated object along with other metadata needed for message processing. Once the object is generated, it is signed and encoded into a binary representation that is then sent to a server. The server system receives the binary representation and decodes it back into the object. The metadata of the object is then used to route the message to the correct recipient applications for decryption.

Abstract: A request to install a first version of a software application is received. The first version of the software application is stored in a first blockchain in a first distributed blockchain ledger. In response to receiving the request to install the first version of the software application, the first version of the software application is validated by running a hash of the first blockchain. In response to validating the first version of the software application, the first version of the software application is installed from the blockchain to a device. The software application may also be validated after being installed to the device.

Abstract: Systems and methods which offer a loyalty program affiliated with different entities associated with an enterprise.

Abstract: Generally discussed herein are devices, systems, and methods for digital signature generation security. A method can include generating, by a first device, a first random number, in generating a signature for a communication, masking, using the first random number, only a private key, a hash of the communication, or a combination thereof, and providing the signature with the communication to a second device.

Abstract: Apparatus, systems, methods, and articles of manufacture related to end-point media watermarking are disclosed. An example device includes a media receiver to receive a media signal, a watermark generator to generate a watermark, a trigger to activate the watermark generator to generate the watermark based on an external input, an encoder to encode the media signal with the watermark to synthesize an encoded media signal, a media output to render the encoded media signal.

Abstract: A method of processing a multimedia fragment into two or more variants of the multimedia fragment, each variant having a different watermark, the method comprising: fragmenting a multimedia content into a sequence of fragments; watermarking a plurality of the fragments to create two or more variants of each of the plurality of fragments, wherein the two or more variants of one fragment are watermarked using different watermarks; adjusting the length of the two or more variants for at least one of the fragments to a same adjusted length, wherein the adjusted length is indicative of a temporal position of the two or more variants of the at least one of the fragments compared to variants of other fragments in the sequence of fragments.

Abstract: A method includes populating a template database with templates associated with template identifiers (IDs) identifying the templates. The method also includes generating a data model that references a template within the template database, where the data model includes a template ID referencing the template in the template database, and where the template includes a parameter field. The data model further includes a template parameter to apply to the parameter field and a digital signature for at least the template ID and the template parameter. The method also includes deploying the data model within a distributed ledger.

Abstract: Methods and system for managing partial private keys for cryptography-based, storage applications used in blockchain operations and/or facilitating secure authentication when conducting blockchain operations using cryptography-based, storage applications. For example, the methods and system may perform a plurality of blockchain operations for digital assets stored in a first cryptography-based, storage application, wherein the first cryptography-based, storage application corresponds to a first partial private key, and wherein the first partial private key is stored on a first user device, and wherein the second partial private key is not accessible to platform service facilitating the first cryptography-based, storage application.

Abstract: Systems and methods for managing digital identities. In some embodiments, a method is provided, comprising acts of: receiving a request to validate at least one statement about a user; identifying, from the request, a reference to a distributed ledger, the reference comprising an identifier for the distributed ledger and an identifier for a transaction recorded on the distributed ledger; identifying, based at least in part on the identifier for the distributed ledger, at least one node of a network of nodes managing the distributed ledger; and communicating with the at least one node to validate the at least one statement about the user.

Abstract: A virtual machine comprises a browser and an output unit configured to output a file generated while the browser interprets and processes a Web page to storage, which is different from a storage region that the virtual machine has and can be shared with another virtual machine different from the virtual machine.

Abstract: A computer-implemented method comprising, at a verifying nodes of a blockchain network: obtaining a first transaction which comprises runnable code; receiving a second transaction which includes information comprising at least a submitted instance of an r-part and an s-part of a first ECDSA signature, and further comprising a nonce; and miming the code from the first transaction. The code is configured to verify that HPoW(ƒ(r, d)) meets a predetermined condition defined in the code, and to return a result of true on condition thereof, where r is the submitted instance of the r-part, d is the nonce, HPoW is a hash function, and f is a function combining q and d.

Abstract: An example operation includes one or more of detecting, by a validation service node, an access of a block on a blockchain ledger; accessing, by the validation service node, a block validation stamp comprising meta-data signed by a trusted stamping authority (TSA) on the blockchain ledger; and validating the block based on the meta-data.

Abstract: A cookie compliance management system enables automated evaluation of cookie compliance within an enterprise. The system determines whether a cookie set by an application in the environment is compliant with a policy. It comprises a workflow engine, a cookie discovery engine (CDE), a cookie characterization engine (CCE), a cookie policy engine (PE), and a cookie registry. The workflow engine receives a request to initiate an evaluation of an application for cookie compliance. The CDE is invoked and returns cookies that are set by the application. The CCE receives a set of base attributes associated with a cookie discovered by the CDE, and computes a set of descriptive attributes determined to be required to enable evaluation of the cookie according to a policy. The policy engine receives policy rules and the set of descriptive attributes and, in response, determines whether the cookie is compliant with the policy. The cookie registry stores cookie data.

Abstract: Methods and apparatuses for data communication and cybersecurity are provided to handle the PKI over constrained devices with application over PAN/LP-WAN and other similar devices and networks. This significantly improves the security capabilities of such devices in terms of identity verification, encrypted communication, and device life-cycle management. The apparatus may authenticate a party of a data communication session using a micro certificate within a micro public key infrastructure that provides transport or application layer security. The micro public key infrastructure may be the combination of communication protocol, micro certificates, and a management platform. The apparatus may establish the data communication session using the micro certificate. The apparatus may perform secured data communication over the data communication session.

Abstract: Methods and systems are presented for generating a zero-knowledge, or other, proof for a prover (user) in need of specialized services for generating a zero-knowledge proof. The prover transmits a proof request comprising a witness and a statement to an orchestrator. The orchestrator determines an optimal zero-knowledge proof system for the particular statement and witness. It then transmits the proof request to a prover network with the optimal proof system to generate a zero-knowledge proof in an efficient manner. The proof is then transmitted back to the orchestrator and/or published or otherwise made available.

Abstract: The present invention discloses a watermark embedding method based on service invocation data, comprising obtaining service invocation data, and preprocessing the invocation data, then, obtaining the key data through screening the preprocessed invocation data based on relevant weights, then, adding timestamps to the key data to obtain enhanced data, after that, selecting the contribution degree of the enhanced data to obtain high-quality data, and encoding the high-quality data to generate encoded data, then, constructing a data watermark embedding model by employing the encoded data, and inputting the service invocation data to be embedded into the data watermark embedding model, and thus the embedding results can be output. This method can not only improve the accuracy of watermark embedding for service invocation data, but also provides good interpretability, making it directly applicable to watermark embedding systems.

Abstract: Embodiments describe systems and methods for analyzing digital certificates. A computer-implemented method can include identifying a plurality of digital certificates, individual digital certificates of the plurality of digital certificates including respective internal information. External information associated with the individual digital certificates can be determined, the external information not contained within the respective digital certificate. The external information can be updated in a database with additional external information that is collected on a periodic basis. A query can be run against the database to identify one or more vulnerable digital certificates associated with a client based on the internal information and the external information. A notification can be sent to the client regarding the one or more vulnerable digital certificates.

Abstract: A computer-implemented method that provides watermark-based image reconstruction to compensate for lossy encoding schemes. The method can generate a difference image describing the data loss associated with encoding an image using a lossy encoding scheme. The difference image can be encoded as a message and embedded in the encoded image using a watermark and later extracted from the encoded image. The difference image can be added to the encoded image to reconstruct the original image. As an example, an input image encoded using a lossy JPEG compression scheme can be embedded with the lost data and later reconstructed, using the embedded data, to a fidelity level that is identical or substantially similar to the original.

Abstract: Methods of securely controlling a utility grid edge device are provided. A method of securely controlling a utility grid edge device includes receiving renewed security information at a node that includes cryptographic circuitry. Moreover, the method includes controlling an operation of the utility grid edge device via the node, after receiving the renewed security information. Related nodes and utility grid edge devices are also provided.

Abstract: Methods, apparatus, systems, and articles of manufacture are disclosed to securely configure an endpoint. Example apparatus disclosed herein include memory, machine readable instructions, and processor circuitry to at least one of instantiate or execute the machine readable instructions to access a certificate at an ePolicy orchestrator, the certificate including private key information, access a configuration, the configuration including policy information and installation instructions, sign the configuration using the private key information to securely sign the configuration, the signed configuration including a secured signature, create a secured installer using the certificate and the signed configuration, the secured installer including an agent, and provide the secured installer to an endpoint for installation of the agent and execution of the endpoint.

Abstract: A method is disclosed. The method includes receiving, by an access control server, an authentication request message comprising a credential or a token from an access device, after the access device receives the credential or the token from a portable device of a user. The method also includes responsive to receiving the authentication request message, transmitting, by the access control server, a challenge message to a user device associated with the user; generating, by the access control server, an authentication indicator. The method also includes transmitting, by the access control server, an authentication response message including the authentication indicator to the access device.

Abstract: Securely storing data includes encrypting the data using a random key to provide obfuscated data, scrambling the obfuscated data to provide scrambled obfuscated data, generating a scramble schema indicating how to unscramble the scrambled obfuscated data, encrypting the scrambled obfuscated data to provide encrypted scrambled obfuscated data, splitting the scramble schema, and distributing separate portions of the scramble schema and separate portions of the encrypted scrambled obfuscated data to separate entities. The data may be private key data. Securely storing data may also include concatenating the random key on to the obfuscated data prior to scrambling the obfuscated data, wherein the random key is scrambled together with the obfuscated data. Scrambling the obfuscated data may use a Fisher Yates Shuffle mechanism. Securely storing data may also include generating and distributing a symmetric authentication key that is used to authenticate a first entity to a second entity.

Abstract: A novel structured random sample consensus protocol to greatly improve blockchain and distributed ledger technology throughput and scalability, while maintaining decentralization and high levels of security. The invention leverages small committees of fixed sizes, called “Clans,” threshold cryptography, and logical virtual districts, called “Tribes,” in order to deterministically random sample disparate nodes for sentiment analysis on a transactions validity, thereby only requiring a relatively small subset of nodes to validate any particular transaction or batch of transactions thus enabling much greater concurrency and parallel processing compared to other more linearized consensus algorithms, while maintaining high security.

Abstract: Disclosed are a computer-hosted database system providing cryptographic verifiability and comprising an immutable key-value data store and cryptographic proof data (which may be stored in a Merkle Hash Tree). The logical structure of a data record is defined by a rich data model and comprises a first field and a second field. Disclosed is a method that comprises receiving an instruction requesting retrieval of first field data and returning the data stored in the first field and cryptographic proof data sufficient to prove data originality of the first field data without knowledge of the data in the second field. The rich data model may be a relational data model or a document data model.

Abstract: A file recovery method executed by a storage device among a plurality of storage devices is provided. The file recovery method includes: detecting that the storage device is compromised and deleting file slices and an original encryption key from the storage of the storage device; after the deleting, generating a new encryption key different from the original encryption key; and instantiating a file recovery method to obtain the previously stored file slices on the compromised storage device from other non-compromised storage devices and to distribute new file slices encrypted using the new encryption key to non-compromised storage devices storing file slices encrypted using the old encryption key of the comprised storage device.

Abstract: Methods and systems described in this disclosure electronically notarize a document. The system can receive biometric information from a user, extract characteristics from the biometric information, and compare the characteristics of the biometric information with previously stored characteristics of the user's biometric information. When the characteristics of the biometric information match the previously stored characteristics to a threshold, the system can create an identity of the user using the characteristics of the biometric information. The system can send a document to the user for cryptographic signature and receive an indication that the document has been signed. The cryptographic signature can be generated with a digest of the document, the identity, and a cryptographic key associated with the user. The system can inspect the digest of the document, the cryptographic key, and the identity associated with the document to verify authenticity of the document and the identity of the user.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for jointly training an encoder that generates a watermark and a decoder that decodes a data item encoded within the watermark. The training comprises obtaining a plurality of training images and data items. For each training image, a first watermark is generated using an encoder and a subsequent second watermark is generated by tiling two or more first watermarks. The training image is watermarked using the second watermark to generate a first error value and distortions are added to the watermarked image. A distortion detector predicts the distortions based on which the distorted image is modified. The modified image is decoded by the decoder to generate a predicted data item and a second error value. The training parameters of the encoder and decoder are adjusted based on the first and the second error value.

Abstract: The present invention is a data protocol providing notarization of a data between two or more nodes on a content-addressable peer-to-peer storage network. A node generates a new data block, which is witnessed by peer nodes to increase the integrity of the data. Each peer node responds to the node's signature request with an encoded digital signature of the data using a private key. The node appends the signature from each witness node to the data block and then generates a cryptographic hash of the entire data block, which is used as the identity of the block.

Abstract: Devices, systems, and methods enabling parties with little trust or no trust in each other to enter into and enforce value transfer agreements conditioned on input from or participation of a third party, over arbitrary distances, without special technical knowledge of the underlying transfer mechanism(s), optionally affording participation of third-party mediators, substitution of transferors and transferees, term substitution, revision, or reformation, etc. Such value transfers can occur reliably without involving costly third-party intermediaries who traditionally may otherwise be required, and without traditional exposure to counterparty risk.

Abstract: A memory system includes a nonvolatile memory and a controller. In a case where first encrypted data obtained by encrypting first data with a first DEK is stored in the nonvolatile memory, in response to determining that second data received based on a first write request from a host is the same as the first data and a first user uses the host, the controller encrypts the first DEK with a first KEK associated with the first user to acquire a first encrypted DEK, and stores the first encrypted DEK.

Abstract: Embodiments of this application provide an information verification method, apparatus, and device. The method includes: sending a first message to a server that includes a target domain name and first indication information, which indicates a status of first verification information stored in a client, the first verification information is verification information generated based on multiple domain names and owner information of the multiple domain names, the first verification information verifies the owner information of the multiple domain names, and the multiple domain names include a target domain name; receiving a second message sent by the server based on the first message, where the second message indicates target first verification information, which is used by the client to verify owner information of the target domain name; and verifying the obtained owner information of the target domain name based on the second message.

Abstract: This disclosure relates to field of cryptography and digital signatures. The constant theft of cryptocurrencies is due to compromise of the secret signing key inherently stored in a single location. Also, one of challenges in the existing ECDSA signature is single point failure, wherein the signing key (private key) is prone to theft. The disclosed technique overcomes the challenging in the existing techniques by party distributed signature that ensures the safety of the private key. The disclosed techniques slits the key in two parts and saves at two different locations/machines. Further based on a ECDSA based technique, the digital signature is obtained securely using several steps that includes generation of first two parts of digital signature at one party, generation of the second two parts of digital signature at second party, finally decrypting a complete digital signature at the first party.

Abstract: Systems and methods are described for accessing resources of a Unified Endpoint Management (“UEM”) system through an enrolled device. In an example, an unenrolled device can be paired with an enrolled device. The unenrolled device can connect to the enrolled device on a local network. The enrolled device can verify the unenrolled device using a key provided during pairing. The unenrolled device can send requests for UEM resources to the enrolled device, which the enrolled device can send to a UEM server. The UEM server can send the requested UEM resources to the enrolled device, and the enrolled device can send the UEM resources to the enrolled device over the local network.

Abstract: A method of creating secure endpoints on a network includes registering by a node using a random selection algorithm to choose which server to register to; receiving by the node a property set ID of a property set that the node is a member of; and authorizing by the node using the property set ID to look up its authorization details in the property set. A method of creating secure endpoints on a secure network having at least one community of interest, includes registering by a node using a random selection algorithm to choose which server to register to; receiving by the node a property set ID of a property set that the node is a member of; and authorizing by the node through an authorization server using the property set ID to look up its authorization details in the property set; wherein the node and the authorization server are a member of the at least one community of interest.

Abstract: Cross-channel user authentication is provided, to increase resilience of a computerized system to cyber-attacks and to fraudulent transactions. In a demonstrative scenario, a user utilizes his web browser on his laptop computer to log-in to a web server; which in turn extracts the IP address of the laptop computer. The web server triggers an application server to send a Push Notification to a Mobile App that had been installed on a smartphone of that user who just logged in; and that Push Notification causes that smartphone to respond to the application server with the IP address of the smartphone. If the IP address of the computer is not identical to the IP address of the smartphone, then the servers determine that the log-in attempt on the computer was possibly fraudulent, and fraud mitigation operations are initiated. Optionally, geo-location data, device orientation data, device motion data, or other parameters are used as part of the cross-channel authentication process.

Abstract: The invention relates to securing of a digital file content against forgery and falsifying, and particularly of digital data relating to its belonging to a specific batch of digital files, while allowing offline or online checking of the authenticity of a secured digital file and conformity of its digital data with respect to that of a genuine original digital file.

Abstract: Apparatuses, systems, and techniques to generate a trusted execution environment including multiple accelerators. In at least one embodiment, a parallel processing unit (PPU), such as a graphics processing unit (GPU), operates in a secure execution mode including a protect memory region. Furthermore, in an embodiment, a cryptographic key is utilized to protect data during transmission between the accelerators.

Abstract: The methods and system allow for the generation of a signcrypted biometric electronic signature token using a subsequent biometric sample after an enrollment of a biometric reference value in a biometric system. The signcrypted biometric electronic signature token involves simultaneous encryption and digital signature to protect the confidentiality. The system as described herein provides data integrity, origin authentication, and efficiency by performing encryption and digital signature simultaneously. The process allows a signcrypting party to enroll in a biometric service, sign a piece of data or content using a public key, that may be tied to a trusted anchor certificate authority, and submit a biometric sample. Subsequently, the relying party may validate the information on that piece of data or content to confirm the identity of the signcrypting party.

Abstract: A method for cryptographic signature of a datum comprises determining: a signature point equal to the addition of elements equal to a derived first point and of number equal to a first scalar; a second scalar by subtracting, from the product of the first scalar and of a selected scalar, the product of a third and of a fourth scalar; another signature point equal to the addition of elements equal to a selected point and of number equal to the second scalar, and of elements equal to a derived second point and of number equal to the fourth scalar; and a signature portion based on a private key, on the first scalar, on a coordinate of the signature point and on the datum. The derived first and second point are respectively equal to the addition of elements equal to a generator point and of number equal to a fifth and to the third scalar.