Example systems and methods for biometric authentication that can bridge fuzzy extractors with deep learning and achieve the goals of preserving privacy and providing recoverability from zero are disclosed. Embeddings comprising a face or speaker embedding in a non-Hamming distance space can be processed to create a personal reliable bit map and a reliable locality-sensitive hash (LSH) for mapping the non-Hamming distance space to a Hamming distance space. A fuzzy extractor can be applied to create metadata that can be stored on a computing device. A secret can be recovered from the metadata and can be used for identification.

The invention relates to distributed ledger technologies such as consensus-based blockchains. Computer-implemented N methods for reducing arithmetic circuits derived from smart contracts are described. The invention is implemented using a blockchain network, which may be, for example, a Bitcoin blockchain. A set of conditions encoded in a first programming language is obtained. The set of conditions is converted into a programmatic set of conditions encoded in a second programming language. The programmatic set of conditions is precompiled into precompiled program code. The precompiled program code is transformed into an arithmetic circuit. The arithmetic circuit is reduced to form a reduced arithmetic circuit, and the reduced arithmetic circuit is stored.

Decoding a partially encrypted data stream may include receiving and scanning the partially encrypted data stream. Scanning the partially encrypted data stream may include identifying an encrypted portion sentinel in the partially encrypted data stream subsequent to a first portion, identifying an encrypted portion in the partially encrypted data stream subsequent to the encrypted portion sentinel, and generating a decrypted data portion by decrypting the encrypted portion. Decrypting the encrypted portion may include identifying an encrypted data portion in the encrypted portion, the encrypted data portion omitting an end encrypted portion sentinel, decrypting the encrypted data portion, and identifying an end encrypted portion sentinel in the encrypted portion subsequent to the encrypted data portion. Decoding the partially encrypted data stream may include including the decrypted data portion in the decrypted output data stream, and outputting the decrypted output data stream to a client device in the second network domain.

A method for managing information handling systems includes initiating, by a stackable system role (SSR) manager of an information handling system of the set of information handling systems, a boot sequence, making a first determination that the boot sequence does not specify a SSR of the information handling system, based on the first determination: performing a hardware evaluation to identify available hardware resources of the information handling system, obtaining a hardware resource inventory based on the available resources, applying a hardware resource function to the hardware resource inventory to determine a SSR for the information handling system, and continuing the boot sequence using the SSR.

Techniques described herein provide users with the ability to persistently adjust settings for boot-time features (BTF) of a computing device. A user requests a particular BTF configuration adjustment for a device via a device driver. The driver instructs trusted firmware of the device to store a boot override record in persistent storage accessible by a bootloader for the device. Upon implementation of the boot sequence for the device, the bootloader applies the changes reflected in the record to BTF configuration data. The boot override information is persistently available to the bootloader, which ensures that the configuration changes that the boot override record(s) represent are applied to the BTFs of the device until the boot override record(s) are cleared or invalidated. Further, to ensure the security of boot override record(s), the trusted firmware generates, for each record, an HMAC tag using an HMAC key derived from a Chip Endorsement Fused Secret from the hardware.

A method to secure boot an electronic device is disclosed according to some embodiments. The method includes receiving a request to initiate a boot sequence using memory content stored in a non-volatile memory circuit. A secure boot circuit receives verification data from the non-volatile memory circuit indicating the memory content. The verification data includes an error correction code for the memory content without including all of the memory content. A cryptographic hashing operation is performed to the error correction code in the secure boot circuit to obtain a digest of the error correction code. The digest is compared with a pre-stored reference digest to generate a verification signal. The verification signal is provided to the electronic device indicating whether the boot sequence passes the verification.

A system is configured to derive a set of encryption keys from measured device characteristics of at least one PUF device and communicate with a remote device by performing a cryptographic operation secured by the set of encryption keys. The cryptographic operation includes segmenting a first data stream into a first plurality of data stream fragments, segmenting a first data stream fragment of the first plurality of data stream fragments into a first numeric value and a second numeric value, identifying, using the first numeric value, a first encryption key of the set of encryption keys, and applying a one-way cryptographic function to the first encryption key a first number of times determined by the second numeric value to generate a transformed fragment having a value that depends on the values of the first numeric value and the second numeric value from the first data stream fragment and a value of the first encryption key.

A Quantum Digital Signature (QDS)-based mail system and a transceiving method are provided. The system is a three-layer structure formed by a physical layer, a key layer, and an application layer. The physical layer is a key generation terminal and is used to generate a key string for signature in real time; the key layer is used to store the key string generated by the physical layer and provide a required key to the upper layer, namely, the application layer when required; and the application layer is a transceiving software part in the mail system, and is used to extract keys generated by the physical layer from the key layer so as to encrypt information to be sent. The mail transceiving method comprises: a quantum key distribution (QKD) phase, a mail signature phase, and a signature verification phase.

A memory controller, which manages a memory device, receives a memory command. The memory controller determines whether the memory command is encrypted. Upon determining that the memory command is encrypted, the memory controller performs a decryption function corresponding to the memory command. Conditioned on the performance of the decryption function resulting in a successful decryption of the memory command, the memory controller performs an operation on a memory location corresponding to a memory address included in the memory command.

An apparatus, such as a memory system (e.g., a NAND memory system), can have a controller with a first error correction code component and a memory device (e.g., a NAND memory device) coupled to the controller. The memory device can have an array of memory cells, a second error correction code component coupled to the array and configured to correct data from the array, and a cryptographic component coupled to receive the corrected data from the second error correction code component.