Techniques are described for providing low-overhead cryptographic memory isolation to mitigate attack vulnerabilities in a multi-user virtualized computing environment. Memory read and memory write operations for target data, each operation initiated via an instruction associated with a particular virtual machine (VM), include the generation and/or validation of a message authentication code that is based at least on a VM-specific cryptographic key and a physical memory address of the target data. Such operations may further include transmitting the generated message authentication code via a plurality of ancillary bits incorporated within a data line that includes the target data. In the event of a validation failure, one or more error codes may be generated and provided to distinct trust domain architecture entities based on an operating mode of the associated virtual machine.

A method for managing error recovery data in a dispersed storage network begins with a storage network processing module receiving a write request for an encoded data slice of a set of encoded data slices, where data is dispersed in accordance with dispersed error encoding parameters to produce a set of encoded data slices. The method continues with the storage network processing module generating parity data for the encoded data slice and sending the encoded data slice to a first storage unit of a set of storage units. Finally, the method continues with the storage network processing module sending the parity data for the encoded data slice to a second storage unit of a set of storage units.

The present invention provides a reception apparatus for performing security tunneling and data re-transmission and unidirectionally receiving data from a transmission apparatus and a transmission apparatus for unidirectionally transmitting data to the reception apparatus. When the reception apparatus checks that there is an error in received data, the reception apparatus performs a switching operation or transmits a switching request signal to the transmission apparatus to notify of the error of the received data to the transmission apparatus. When the transmission apparatus has detected the switching, the transmission apparatus re-transmits data, in which an error is generated, to the reception apparatus. The transmission apparatus encrypts the data and transmits the encrypted data to the reception apparatus. According to the present invention, reliability and security of one-unidirectional data communication are improved.

The present disclosure relates to configuring at least one pair of devices in a physical unclonable function (PUF) apparatus and reading out at least one pair of devices for determining a persistent random PUF output. The pair of devices may be readout by measuring a physical difference between the devices/components caused by random manufacturing differences, which may then be used to determine a persistence random PUF output. Configuring the pair of devices includes measuring the random manufacturing difference and, based on that measurement, setting a readout condition for the pair of devices, which dictates aspects of the readout process that should be used for that pair of devices. Each time the pair of devices is readout in the future, it may be readout in accordance with the condition that was set at configuration.

An apparatus, computer-readable medium and computer-implemented method for masking data, including applying an irreversible function to a first data element to generate a derivative data element, the first data element being of a first data type and the derivative data element being of a second data type different than the first data type, selecting at least a portion of the derivative data element to serve as a template, generating a masked data element as the result of converting the template from the second data type to the first data type.

A storage network receives data and a corresponding task, selects a storage units for the task, determines whether the data slice is locally available and when the data slice is not locally available, determines whether a redundant data slice is available from another storage unit. When the redundant data slice is not available from another storage unit, the storage network facilitates rebuilding the data slice to produce a rebuilt data slice by retrieving a decode threshold number of data slices corresponding to the data slice, decoding the decode threshold number of data slices to reproduce a data segment and re-encoding the data segment to produce a pillar width number of data slices that includes the rebuilt data slice. The storage network then stores locally either the rebuilt data slice or the redundant data slice and processes one of: the data slice locally available, the rebuilt data slice stored locally, or the redundant data slice stored locally in accordance with the corresponding partial task to produce a partial result.

Provided is a method of a device transmitting integrity check data. The method includes establishing a voice communication channel with at least one other device, determining a size of a packet to be transmitted through the established voice communication channel based on a bandwidth of the communication channel, detecting a user's voice from an input signal, selectively inserting integrity check data for checking the integrity of data to be transmitted into the packet based on a result of the detection, and transmitting the packet to the at least one other device.

Each of a plurality of clients encodes events as respective vectors and cooperatively choose a joint key. Each client then encrypts its event vector(s) using the joint key to form secret shares of a fixed value and then sends the encoded, encrypted vectors to a service-providing system that selects pairs of the vectors and determines a comparison value from a reconstruction of the secret shares. When the comparison value meets a predetermined criterion, the service-providing system generates a message indicating similarity between the selected pairs of the vectors. The service providing system thus determines a degree of similarity between the events without requiring knowledge of raw data about the events.

A non-transitory computer readable storage medium has instructions executed by a processor to receive an original collection of symbols. A single use coding function is applied to the original collection of symbols to form a new collection of symbols. Encryption keys associated with a user are formed. The new collection of symbols is encrypted to form a recoded encrypted symbol file stored at a network accessible memory location. A distributed ledger entry with a data control signature is formed using the single use coding function encrypted with a private key. The distributed ledger entry is written to a distributed ledger. The distributed ledger entry is accessed. The recoded encrypted symbol file is read from the network accessible memory location. The data control signature and a symmetric key are used to convert the recoded encrypted symbol file to the original collection of symbols.

A method of transmitting a message includes, for each data block, generating a root matrix using a generator, generating a quasi-cyclic matrix H using the root matrix, encoding the block using H to create a codeword, and transmitting the codeword. The root matrix includes three submatrices: an identity matrix in an upper-left-hand portion of the root matrix, an identity matrix in a lower-left-hand portion of the root matrix, and a circulant matrix in a right-hand portion of the root matrix. The circulant matrix equals the sum of an identity matrix and an identity matrix with rows shifted once to the right. Generating H includes expanding the root matrix by replacing 0 elements in the root matrix by a square matrix of 0 elements and replacing 1 elements in the root matrix by a shifted diagonal matrix. Non-zero elements of the diagonal matrix are selected from GF(q) based on the generator.