Methods, apparatus and computer program product for protecting a confidential integrated circuit design process. The computer-implemented method includes receiving a design specification dataset from a first untrusted computing device; extracting confidential design specification data from the design specification dataset; encrypting the confidential design specification data to produce encrypted confidential design specification data; generate a first encryption key to be associated with the encrypted confidential design specification data; retrieving a confidential design specification data subset for replacing a design element subset with a security hard macro (SHM) placeholder design element set; generating a security hard macro (SHM) placeholder feature set comprising those security hard macro (SHM) placeholder features representing mappings from the confidential design specification data subset to the SHM placeholder design element set; and transmitting, to the first untrusted computing device, the encrypted confidential design specification data, the first encryption key, and the SHM placeholder feature set.

An ABE method with multiple tracing attribute authorities: performing, by a central authority, system initialization to generate a public parameter and disclosing the public parameter; performing, by each of attribute authorities, initialization to generate a key pair, and disclosing a public key in the key pair; performing, by a data owner, symmetric encryption on plaintext data, performing ABE on a symmetric key based on a hidden access structure, and generating an integrity verification value; requesting, by a data user, a decryption key to the attribute authority according to an own attribute; restoring, by the data user in response to decryption, an access structure, generating an outsourcing decryption key, sending the outsourcing decryption key to a cloud storage center for semi-decryption; generating, by the cloud storage center, a semi-decrypted ciphertext, and feeding the semi-decrypted ciphertext back to the data user; fully decrypting the semi-decrypted ciphertext according to a private decryption key.

Systems and methods are described for providing ways to protect client devices in communication with virtual desktops and virtual applications from keylogging attacks. A keyboard filter driver obfuscates scancodes from key presses produced on the keyboard of the client device so that malicious keylogging or keyboard hooking software is not able to observe user inputs. The obfuscated scancodes are conveyed and de-obfuscated before being applied in the virtual desktop or virtual application.

This disclosure relates to, among other things, electronic device security systems and methods. Certain embodiments disclosed herein provide for protection of cryptographic keys and/or associated operations using both an operating system security service and a software-based whitebox cryptographic security service executing on a device. Leveraging operating system security services and software-based whitebox cryptographic security services may provide enhanced security when compared to using either service alone to protect cryptographic keys and associated operations. In additional embodiments, server-side cryptographic security solutions may be further used to enhance device security implementations.

A cloud-based system and method for encrypting media content is disclosed. The system comprises a key server microservice, for receiving control word requests and for generating encoded control words and a software encryption microservice, communicatively coupled to the key server microservices, the encryption microservice for receiving the media content, for generating the control word requests, for receiving the encoded control words, and for white-box encrypting the media content according to the generated encoded control words.

According to an embodiment, an information processing apparatus includes: a memory on which first/second processing applications are stored, the first processing application being a secure application; and a processor that is coupled to the memory and executes the first and second processing applications. The first processing application includes an issuance module, a first communication module, and a log verification module. The issuance module issues a command to call a function of the second processing application and links the command to a verification rule. The first communication module transmits, to the second processing application, a command execution request including command identification information that identifies the command, and receives, from the second processing application, an execution log including an execution result of the command identified by the command identification information. The log verification module verifies correctness of the received execution log in accordance with the verification rule.

A method for hyper security encoding includes receiving data to be encrypted, and padding the data to be encrypted with padding data to avoid un-obfuscated bits after encryption. The method also includes encrypting, with a Mojette Transform, the data to be encrypted after the data to be encrypted is padded with the padding data, and outputting a result of the encryption as encrypted data.

The invention relates to a method for enrolling data in order to verify the authenticity of a security datum, the method comprising implementing by data processing means of a server the steps of: obtaining a reference security datum, generating a first encoded datum by applying to the reference security datum an obfuscated fuzzy Hamming distance encoding procedure, determining from the reference security datum, a plurality of derived data of the reference security datum, generating a first random datum, and determining a second encoded datum such that a variable point comparison predicate parameterized by the second encoded datum and the first random datum is true when said variable point has as coordinates said derived data, storing on a data storage means of the server at least said first and second encoded data. The invention also relates to a verification method and a server for this purpose.

A method according to one embodiment includes generating one or more key tables based on a first seed value; generating one or more secret values from a tweak value based on the one or more key tables; and performing encryption or decryption using the one or more secret values. An apparatus according to one embodiment includes a key table generator configured to generate one or more key tables based on a first seed value, a secret value generator configured to generate one or more secret values from a tweak value based on the one or more key tables, and an encryptor/decryptor configured to perform encryption or decryption using the one or more secret values.

One example method includes receiving identification information associated with a new user device, the new user device associated with the user; accessing a signature chain associated with the user, the signature chain comprising one or more sequential records; associating user personal information with the new user device; generating a cryptographic signature based on cryptographic keys associated with the new user device; generating an obfuscated representation of the user personal information; generating a record comprising the identification information, the user personal information, the cryptographic signature, and the obfuscated representation of the user personal information; generating a cryptographic identifier based on the identification information, the cryptographic signature, the obfuscated representation of the user personal information, and a latest of the one or more sequential records; inserting the cryptographic identifier into the record; appending the record to the signature chain as a sequential record; receiving a request to join a video conference from the user device, the request identifying the new client device and the user as a participant in the video conference; and authenticating the user based on the record.