Abstract: A method for determining the authenticity of an item, the method comprising: receiving, by an item, a seed; storing the seed in a block of non-volatile memory in the supply item follower component; calculating, by the item follower component, an output of a cryptographic function with the input based on the seed and storing the output in the block of non-volatile memory; iteratively calculating, by the item, the outputs of the cryptographic function wherein for each iteration the input for the cryptographic function is based on the seed and all previous outputs, and for each iteration storing the output in the block of non-volatile memory; and determining the authenticity of the item based on a selected output of the cryptographic function of the item, the selected output being one of the outputs stored in the block of non-volatile memory.

Abstract: Disclosed herein is a data encryption technique that pertains to a data stream that divides into data samples. Each sample is truncated by a predetermined number of bits to make room in the data stream for an encryption data packet. The truncation reduces the resolution of the data in exchange for security features. The encryption data packet includes a counter to prevent replay attacks and an HMAC to verify contents and synchronize the frames of the data stream. The data is encrypted and transmitted to a receiver where the data is played.

Abstract: There is provided a secure computing server that performs shift operation on secretly distributed shares. The secure computing server may perform the shift operation when a number of significant digits of secret information corresponding to a secretly distributed share is to be reduced.

Abstract: An anonymous signature system in which a signature ? is anonymized by an agent specified by a signer, includes computers each including a memory and a processor configured to, from a security parameter, generate a system parameter ? independent of the agent; from ?, generate an agent secret key w and an agent public key gA; from ?, generate a secret key x and a public key y of the signer; from x, a message m on which ? is to be put, and gA, generate ? to be put on m; from an identifier i of the signer, w, ?, a ring L representing a group to which the signer belongs, a list yL of public keys y of signers in L, and m, generate a ring signature ?? by anonymizing ?; and from L, yL, m, and ??, output a verification result b form.

Abstract: Described herein are techniques for preventing software applications from gaining access to unauthorized biometric data in accordance with user preferences. In some embodiments, a software application requests access to sensor data collected by a sensor installed on a user device via a gateway application installed on the user device. Upon receipt of the request, the gateway application determines what types of biometric data the software application is authorized to obtain within the sensor data. The gateway application then identifies biometric data that is present within the sensor data. The sensor data is then altered such that biometric data that the software application is not authorized to obtain is obfuscated. Once the sensor data has been altered, the software application is provided access to that altered sensor data.

Abstract: A method, computer system, and a computer program product for securing visible data is provided. The present invention may include encrypting an on-screen data rendered on a display of an endpoint device. The present invention may also include authenticating an external decryption device within a periphery defined by the endpoint device. The present invention may further include decrypting the encrypted on-screen data on the authenticated external decryption device.

Abstract: A system for generating a symmetric key to allow the sharing of information between two entities, wherein the shared information is used to start a server and the symmetric key is established from the private key of a first client and the public key of a second client and for use in a symmetric encryption methodology to encrypt information for transport to the second entity, allowing the second entity to form the same symmetric key to decrypt information with no key transport required.

Abstract: A system and method of generating a series of random number; from a source of random numbers in a computing system. Steps includes: loading a data loop (a looped array of stored values with an index) with random data from a source of random data; then repeating the following: reading a value from the data loop in relation to the index; operating on the multi-bit value thereby outputting a derived random number; and moving the index in relation to the looped array. The data loop may be a simple feedback loop which may be a shift register loaded by direct memory access (DMA). The operation may be performed by one or more arithmetic logic units (ALU) which may be fed by one or more data feeds and may perform XOR, Mask Generator, Data MUX, and/or MOD.

Abstract: An encoder that encodes a current block in a picture includes circuitry and memory. Using the memory, the circuitry: performs a first transform on a residual signal of the current block using a first transform basis to generate first transform coefficients; and performs a second transform on the first transform coefficients using a second transform basis to generate second transform coefficients and quantizes the second transform coefficients, when the first transform basis is the same as a predetermined transform basis; and quantizes the first transform coefficients without performing the second transform, when the first transform basis is different from the predetermined transform basis.

Abstract: A payment system implemented on a mobile device authorizes and processes transactions. The mobile device generates a public-private key pair and receives payment information. The private key and the payment information are split into a local and a remote fragment. The public key, a private key fragment, and a payment information fragment are sent to a secure payment system, and the other fragments are stored on the mobile device. When a transaction is received by the mobile device to authorize, the mobile device sends a payment fragment to the secure payment system and receives a private key fragment from the secure payment system. The mobile device authorizes the transaction using the private key, recovered from the private key fragments. The secure payment system verifies the transaction using the public key and processes the transaction using the recovered payment information. Additional techniques to process transactions using data splitting are disclosed.

Abstract: Techniques for data compression for efficient network management are described herein. In one example, for each byte of input data, either: (1) a value of that byte is added to a first-instance array if the value of that byte has not yet been seen in the input data; or (2) an index value is added to an index array, wherein the index value points to the appropriate location in the first-instance array. An “address-bit array” is created with one bit for each byte of the input data. Each bit in the address-bit array indicates whether information of a corresponding byte of the input data was put into the first-instance array or the index array. When the input data file is smaller, the index values in the index array tend to be mostly small valued bytes. Accordingly, the number of zero-valued most significant bits (MSBs) present in all bytes may be stripped from the index array, thereby compressing the input data.

Abstract: An anonymous authentication service for an invulnerable secret key authentication and encryption token distribution service. Applications place a small code segment within their communications protocol, thereby allowing network participants the full benefit of perfectly secure authenticated and encrypted message traffic without concern for third party key management. This is the world's first participant-managed, independent-trust secure messaging key distribution capability.

Abstract: A method for removing text noise according to an embodiment of the present disclosure includes inspecting quality of the text, correcting the text based on a result of inspection; selecting a noise candidate based on each type of sentences included in the corrected text, wherein the noise candidate is selected for each sentence included in the text and removing at least some of the sentences included in the noise candidate based on the purpose of the text.

Abstract: The present application provides an information interaction method and apparatus, and a storage medium. In the method, a server receives an interactive video uploaded by a first user terminal, and sends the interactive video to a second user terminal. That is, in the embodiments of the present application, the video is taken as a carrier of interaction between strangers, which can bear diversified user information expressions. Moreover, the server further receives processing information for the interactive video sent by the second user terminal and/or the first user terminal, and processes the interactive video according to the processing information. That is, based on the video, friendly video interaction between strangers is realized, and social experiences of strangers in social activities are improved.

Abstract: Remote terminals are configured to generate ciphertexts from plaintext polynomials. Each ciphertext corresponds to a plaintext polynomial bound to a message space of a polynomial-based fully homomorphic cryptographic scheme. At least one server is configured to receive ciphertexts via a network from the plurality of remote terminals. The server performs a multiplication operation and an addition operation on the ciphertexts to obtain resultant ciphertexts. The multiplication operation includes performing a bitwise decomposition function on a ciphertext to obtain a bitwise decomposed ciphertext. The bitwise decomposition function maps a multi-bit data type to a sequence of bits. The multiplication operation further includes performing matrix multiplication on the bitwise decomposed ciphertext and a data element belonging to a set of data elements. Message filters, data search engines, and other applications are discussed.

Abstract: A system for generating a symmetric key to allow the sharing of information between two entities, wherein the shared information is used to start a server and the symmetric key is established from the private key of a first client and the public key of a second client and for use in a symmetric encryption methodology to encrypt information for transport to the second entity, allowing the second entity to form the same symmetric key to decrypt information with no key transport required.

Abstract: A system for generating a symmetric key to allow the sharing of information between two entities, wherein the shared information is used to start a server and the symmetric key is established from the private key of a first client and the public key of a second client and for use in a symmetric encryption methodology to encrypt information for transport to the second entity, allowing the second entity to form the same symmetric key to decrypt information with no key transport required.

Abstract: The present disclosure relates to apparatuses and methods for memory management. The disclosure further relates to an interface protocol for flash memory devices including at least a memory array and a memory controller coupled to the memory array. A host device is coupled to the memory device through a communication channel and a hardware and/or software full encryption-decryption scheme is adopted in the communication channel for data, addresses and commands exchanged between the host device and the memory array.

Abstract: The present invention relates to virtual code-based control system, method and program, a control device and a control signal generating means. A control method on the basis of a control signal comprising a virtual code according to an embodiment of the present invention comprises: a control signal receiving step for a control module receiving, from a control signal generating means, a control signal generated by means of combining a plurality of specific codes in accordance with a particular rule; a step for the control module extracting the plurality of specific codes comprised in the virtual code; and a command searching step for the control module searching for a storage location comprising a particular command on the basis of the plurality of specific codes.

Abstract: A method in a virtual private network (VPN) environment, the method including transmitting, by a processor, a connection request to a VPN service provider for obtaining VPN services; receiving, by the processor, a response including custom headers and a payload indicating a VPN server for receiving the VPN services, the custom headers including a timing header, an authorization header, a digest header, and a signature header; authenticating, by the processor, the custom headers to determine whether the response was transmitted by the VPN service provider; and transmitting, by the processor to the VPN server, a request for obtaining the VPN services based at least in part on determining that the response was transmitted by the VPN service provider. Various other aspects are contemplated.

Abstract: Methods are disclosed for creating a virtual encryption session prior to video streaming content being requested to reduce or eliminate delay in initialization of the encryption session and content delivery to the customer. A virtual session has control word(s) (CW) and virtual entitlement control message(s) (ECM) that are devoid of content specific information. One or more virtual sessions may be stored at an edge device and may be used to encrypt the first portion of a content stream while a content-specific encryption session is being initiated.

Abstract: Techniques for secure public exposure of digital data include extracting first digital data comprising one or more batches, each batch comprising a plurality of no more than a number T of packets, each packet containing a plurality of a number n of bits. A random binary matrix CK consisting of T rows and n columns is generated. For a first batch, a first random n-bit temporary key is generated and positions of the nT elements of matrix CK are randomized to produce matrix CK(RP). For a packet in the first batch, a first packet vector key is generated based on non-overlapping pairs of bit positions for both the temporary key and for a first packet-corresponding row of matrix CK(RP). An encrypted packet is generated for the packet based on the packet and the first packet vector key. The encrypted packet is exposed publicly.

Abstract: A method of processing data includes at least one processor accessing a data storage unit, the data storage unit providing at least one input data object and at least one transmutation command to be performed on the at least one input data object. The at least one transmutation command operates in a forward mode on the at least one input data object to produce at least one output data object to be stored in a data storage unit.

Abstract: Embodiments are directed to monitoring network traffic using network monitoring computers (NMCs). NMCs may determine requests provided to a server based on a first portion of network traffic. NMCs may determine suspicious requests based on characteristics of the provided requests. NMCs may employ the characteristics of the suspicious requests to provide correlation information that is associated with the suspicious requests. NMCs may determine dependent actions associated with the server based on a second portion of the network traffic and the correlation information. And, in response to determining anomalous activity associated with the evaluation of the dependent actions, NMCs may provide reports associated with the anomalous activity.

Abstract: An integrated circuit features technology for generating a keystream. The integrated circuit comprises a cipher block with a linear feedback shift register (LFSR) and a finite state machine (FSM). The LFSR and the FSM are configured to generate a stream of keys, based on an initialization value and an initialization key. The FSM comprises an Sbox that is configured to use a multiplicative mask to mask data that is processed by the Sbox when the LFSR and the FSM are generating the stream of keys. Other embodiments are described and claimed.

Abstract: Systems and methods for performing adaptive bitrate streaming using alternative streams of protected content in accordance with embodiments of the invention are described. One embodiment of the invention includes a processor, and memory containing a client application. In addition, the client application configures the processor to: request a top level index file identifying a plurality of alternative streams of protected content, where each of the alternative streams of protected content are encrypted using common cryptographic information; obtain the common cryptographic information; request portions of content from at least the plurality of alternative streams of protected content; access the protected content using the common cryptographic information; and playback the content.

Abstract: Techniques for rapid video on demand (VOD) media content breach response are described. In some embodiments, during content preparation, a server generates an encrypted media content item by generating a first encrypted portion using a first key derived from a first seed that is of a first type and generating a second encrypted portion using a second key derived from a second seed that is of a second type. In some embodiments, the server classifies the first portion in a first category (e.g., a prioritized category) and the second portion in a second category (e.g., a non-prioritized category). During a breach response, the server repairs the encrypted media content item by re-encrypting portions in the first category, e.g., re-encrypting the first encrypted portion using a replacement key derived from a replacement seed that is of the first type, and updating encryption metadata.

Abstract: A method for transmitting data carrying optical information over an optical channel, comprising the steps of providing an optical transmitter consisting of a light source being a Mode-Locked Optical Frequency Comb (MLFC) for generating a frequency comb of multiple carriers, each of which being modulated by a baseband signal; an optical modulator for modulating each and all of the multiple carriers in a modulation bandwidth extending up to the modes' frequency spacing between the multiple carriers; performing all-optical encoding of the modulated carriers by manipulating the optical amplitude and/or phase and/or polarization of all optically modulated carriers; and transmitting, by the optical transmitter, the encoded modulated carriers to an optical receiver, over an optical channel.

Abstract: A format-preserving Just Encrypt 1 (JE1) system and method provides significant performance advantages over known FPE methods for longer character strings due to the technical improvements.

Abstract: Systems and methods are provided executing jobs immediately upon receipt of a notification. The systems and methods may include receiving, at a cloud compute service, a notification that a sensitive file comprising sensitive data has been received at a file receipt location, the sensitive file being sent by a client device; generating, by the cloud compute service, a container instance in response to the notification; retrieving, by the container instance, the sensitive file from the file receipt location; generating, by the container instance, a stripped file by stripping the sensitive data from the sensitive file based on a configuration file; transmitting, by the container instance, the stripped file to a storage location; deleting the sensitive file and associated file pointers from the file receipt location; and terminating the container instance, wherein terminating the container instance comprises deleting files comprising sensitive data and associated file pointers.

Abstract: Various examples are provided related to software and hardware architectures that enable a lightweight incremental encryption scheme that is implemented on a System-on-chip (SoC) resource such as a network interface. In one example, among others, a method for incremental encryption includes obtaining, by a network interface (NI) of a sender intellectual property (IP) core in a network-on-chip (NoC) based system-on-chip (SoC) architecture, a payload for communication to a receiver intellectual property (IP) core; identifying, by the NI, one or more different blocks between the payload and a payload of a previous packet communicated between the sender IP core and the receiver IP core; and encrypting, by the NI, the one or more different blocks to create encrypted blocks of an encrypted payload.

Abstract: A video output controlling apparatus and a video output controlling method that can reduce the possibility that a video for which encryption is required may be outputted in a non-encrypted state are provided. A first acceptance unit (40) accepts a video and an encryption necessity signal indicative of whether or not encryption of the video is required via a first route. A second acceptance unit (44) accept a control signal via a second route different from the first route. A video conversion unit (46) converts, in accordance with the control signal, the video accepted by the first acceptance unit (40) into one of a video that is different in a format from that of the video and is in an encrypted state and a video that is different in a format from that of the video and is not in an encrypted state.

Abstract: Systems and methods are described for implementing load-dependent encryption mechanism selection in an elastic computing system. The elastic computing system can include a set of host devices configured to implement block storage volumes on behalf of users. Users may desire that such volumes be encrypted prior to storing data. It may be generally preferable for encryption to occur on the same host devices that host the volume, to reduce latency and bandwidth usage needed to encrypt the data. However, encryption of data can utilize significant computational resources, which may not be available on host devices that also have sufficient storage resources to host the volume. The present disclosure describes systems and methods that can account for computational resource availability on host devices, selecting “in-place” encryption only when available resources exist on host devices, and otherwise implementing remote encryption of volume data.

Abstract: A computer-implemented method and system for computing large-degree isogenies of a base degree raised to a power of form ak+b and including the steps of providing at least one computer processor resident on an electronic computing device, performing, with the at least one processor, a large-degree isogeny by chaining together a plurality of scalar point multiplications, a plurality of isogeny computations, and a plurality of isogeny evaluations, wherein the large-degree isogeny includes a sequence storing at least one pivot point computed by one of the plurality of scalar point multiplications followed by an isogeny computation of degree b, performing at least one of the plurality of isogeny evaluations following one of the plurality isogeny computations, and performing an ak-isogeny through another sequence of a isogeny computations.

Abstract: The techniques described herein increase the throughput of a single VPN connection by creating multiple outbound and/or inbound Security Associations (SAs). For instance, two or more different SAs can encrypt outbound data packets to be sent over the VPN connection to a remote device. Moreover, two or more different SAs can decrypt inbound data packets received over the VPN connection from the remote device. Each of the SAs can be bound to a different processing core via the use of a Security Parameter Index (SPI) identifier. Consequently, inbound data packets communicated over a single VPN connection from a remote device to a physical host in a VPN gateway can be distributed amongst multiple processing cores for decryption purposes. Further, outbound data packets to be communicated over the single VPN connection from the physical host to the remote device can be distributed amongst multiple processing cores for encryption purposes.

Abstract: A mediating apparatus, a device management system, a communication control method, and a non-transitory recording medium. The mediating apparatus displays on a display, a screen presenting communication connection status of the communication of the one or more devices, receives selection of a device to be registered in the mediating apparatus, among the one or more devices displayed on the screen presenting the communication connection status, receives a registration request to register the device in the mediating apparatus, and in response to the registration request, connect communication between the mediating apparatus and the device, after disconnection of communication between the remote management system and the device.

Abstract: A method in a virtual private network (VPN) environment, the method including receiving, at a first processor from a second processor, a connection request for obtaining VPN services; determining, by the first processor, custom headers including a timing header, an authorization header, a digest header, and a signature header; transmitting, by the first processor to the second processor, a response including the custom headers and a payload indicating a VPN server for providing the VPN services; and transmitting, by the second processor to the VPN server, a request for obtaining the VPN services based at least in part on authenticating the custom headers. Various other aspects are contemplated.

Abstract: An apparatus for encryption according to an embodiment of the present disclosure comprises a classifier configured to classify each data included in an original data set into one of encryption target data and non-encryption target data on the basis of at least one of determination on whether or not an operation to be applied to each data included in the original data set for an analysis of the original data set is a preset operation and determination on whether or not each data included in the original data set is sensitive information; and an encryptor configured to encrypt the encryption target data among the data included in the original data set using a homomorphic encryption algorithm.

Abstract: Technologies for trusted I/O include a computing device having a hardware cryptographic agent, a cryptographic engine, and an I/O controller. The hardware cryptographic agent intercepts a message from the I/O controller and identifies boundaries of the message. The message may include multiple DMA transactions, and the start of message is the start of the first DMA transaction. The cryptographic engine encrypts the message and stores the encrypted data in a memory buffer. The cryptographic engine may skip and not encrypt header data starting at the start of message or may read a value from the header to determine the skip length. In some embodiments, the cryptographic agent and the cryptographic engine may be an inline cryptographic engine. In some embodiments, the cryptographic agent may be a channel identifier filter, and the cryptographic engine may be processor-based. Other embodiments are described and claimed.

Abstract: Methods of providing multi-key encryption of a data set are provided. Operations include providing, to a first data user of the data set, a first user specific data point, providing, to a second data user of the data set, a second user specific data point, and providing, to the first data user and the second data user, at least two shared data points that, when used with either of the first user specific data point or the second user specific data point, define a component polynomial that corresponds to a component that is defined in the data set. Operations further include providing, to the first data user, a first key share point that, in combination with the first user specific data point, defines a first data user polynomial that identifies a first encryption key that is on the first data user polynomial.

Abstract: An encrypted file system key associated with a first secure enclave may be received. A request from a second secure enclave to access a file system associated with the encrypted file system key may be received. In response to receiving the request, the encrypted file system key may be decrypted with a cryptographic key associated with an enclave manager to obtain a file system key. The file system key may be encrypted based on another cryptographic key associated with the second secure enclave to generate a re-encrypted file system key. Furthermore, the re-encrypted file system key may be provided to the second secure enclave.

Abstract: The present invention extends to methods, systems, and computer program products for expanding semantic classes via user feedback. Aspects of the invention learn how a set of labels can be expanded from user-generated tags. Text labels applied by human reviewers to digital content can be inspected and compared to one another. When a threshold of human-generated text tags contain similar terminology, the set of labels can be expanded to define a representation of the similar terminology. Similar terminology can include terms that originate from the same base term, are synonyms, are more specific terms related to a general term category, etc. Similar terminology can be consolidated into a defining term that is used to generate a new (more granular) label or a new top level label. Accordingly, new semantic classes can be discovered from user-generated feedback. New semantic classes can provide a more granular representation of content item classification.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for storing blockchain data. One of the methods includes receiving a plurality of blocks from a blockchain node in the blockchain network; for each of the plurality of blocks: determining a first number of blockchain nodes that store a dataset divided from an error correction coding (ECC) encoded version of the block and a second number of blockchain nodes that store a dataset comprised of redundant bits divided from the ECC encoded version of the block; calculating a priority value of the block based on the first number and the second number; and encoding at least a portion of the plurality of blocks using ECC to generate a plurality of encoded blocks based on the priority value.

Abstract: Input signals may be received. Furthermore, a control signal controlling the implementation of a Differential Power Analysis (DPA) countermeasure may be received. One of the input signals may be transmitted as an output signal based on the control signal. A cryptographic operation may be performed based on the first output signal that is transmitted based on the control signal.

Abstract: A group of remote devices executing an omnichannel application are coordinated from a network node. An omnichannel mediator coordinates formation of at least two of said remote devices into an omnichannel cloudlet. A component manager controls which of a plurality of components of said omnichannel application should optimally be placed on which individual devices of said omnichannel cloudlet and how data should flow to individual devices of said omnichannel cloudlet. A replication optimizer optimally coordinates data replication for the group of remote device.

Abstract: A data processing device (10) is to be connected to another data processing device (20) and includes a first communicator (180) to share flow settings information for executing a first partial processing and a second partial processing included in a processing flow with the another data processing device (20), an execution controller (140) to cause a processing unit (130) to execute the first partial processing in accordance with the flow settings information, and a second communicator (190) to execute at least one of transmission of a first processing result obtained by execution of the first partial processing to the another data processing device (20) or reception of a second processing result obtained by execution of the second partial processing by the another data processing device (20).

Abstract: A method is provided for managing key rotation (use of series of keys) and secure key distribution in over-the-top content delivery. The method provided supports supplying a first content encryption key to a content packaging engine for encryption of a first portion of a video stream. Once the first content encryption key has expired, a second content encryption key is provided to the content packaging engine for encryption of a second portion of a video stream. The method further provides for notification of client devices of imminent key changes, as well as support for secure retrieval of new keys by client devices. A system is also specified for implementing a client and server infrastructure in accordance with the provisions of the method.

Abstract: A transceiver baseband hardware including an encryption-decryption block configured to encrypt and jumble intended transmission data or unjumble and decrypt received encrypted data, the encryption-decryption based on key coefficients generated based on a random key address, the encryption-decryption implemented via a cross logical operation of the encryption-decryption block. The cross logical operation includes when lower significant bytes of the key coefficients operating on most significant bytes of the intended transmission data and the encrypted data. The jumble and unjumble are implemented by a byte displacement/placement block based at least in part on the random key address.

Abstract: The present invention provides a receiving circuit applied to an HDMI, wherein the receiving circuit includes a decoder, a frame key calculating circuit, a line key calculating circuit and a control circuit. In the operations of the receiving circuit, the decoder decodes a data stream to generate at least one image frame, the frame key calculating circuit is arranged to calculate a frame key according to the image frame, the line key calculating circuit is arranged to calculate a plurality of line keys according to the image frame, and the control circuit determines to turn off or turn on the line key calculating circuit according to whether or not the image frame is displayed on a display panel.

Abstract: Implementations of the present specification provide a data processing method and apparatus. A method performed by a data provider includes: obtaining first encrypted data of first plaintext data, a first key used to decrypt the first encrypted data, and authorization information about the first plaintext data; sending a verification request to a data manager, the data manager including a first trusted execution environment; receiving authentication information from the data manager, and performing verification based on the authentication information; when the verification succeeds, securely transmitting the first key and the authorization information to the first trusted execution environment; and providing the first encrypted data to the data manager.