A cryptographic method and system. A plurality of ciphers is identified in a message received by a recipient, such message encrypting a digital asset. A private key associated with the recipient is obtained. The private key corresponds to a public key associated with the recipient. The method includes solving for x in the equation: [(f.sub.0(R.sub.0.sup.−1 N′.sub.0 mod S)+P′+f.sub.λ(R.sub.n.sup.−1 N′.sub.n mod S))/(h.sub.0(R.sub.0.sup.−1 N′.sub.0 mod S)+Q′+h.sub.λ(R.sub.n.sup.−1 N′.sub.n mod S))]*h(x)−f(x)=0 mod p, where (i) P′, Q′, N′.sub.0, and N′.sub.n correspond to the ciphers in the received message; (ii) R.sub.0, R.sub.n and S are data elements of the private key; (iii) f(.Math.) is a polynomial function defined by coefficients f.sub.0, f.sub.1, . . . f.sub.λ that are also data elements of the private key; and (iv) h( ) is a polynomial function defined by coefficients h.sub.0, h.sub.1, . . . h.sub.λ that are also data elements of the private key. The value of x is assigned to the digital asset, which is then stored in non-transitory memory or packaged in a message sent over the data network.

Methods and system for privacy preserving information exchange in a network of electronic devices are disclosed. In one embodiment, a method is implemented in an electronic device to serve as a local party for information exchange between the local party and another electronic device to serve as an aggregator. The method includes storing a plurality of values in a 2D vector, where a first dimension of the 2D vector is based on the number of values, and where each position in the first dimension has one unique value. The method further includes transmitting the 2D vector to the aggregator with masking for the aggregator to prevent the aggregator from decoding the 2D vector, where aggregating the masked 2D vector with masked 2D vectors from other local parties allows decoding of the aggregated 2D vector.

A vehicular control apparatus is used in an onboard system provided with a plurality of information processors mutually connected via a communication bus, and includes a storage section for storing information, and an arithmetic section for executing a process based on the information stored in the storage section. The information contains first management information relating to a security abnormality as a communication data abnormality owing to security attack from outside the onboard system, and second management information relating to a safety abnormality as a communication data abnormality owing to an abnormality in the onboard system. The first management information contains first limit condition information indicating a first limit condition for executing a security coping with the security abnormality. The second management information contains second limit condition information indicating a second limit condition for executing a safety coping with the safety abnormality. Upon detection of the communication data abnormality in the onboard system, the arithmetic section determines a coping content to the detected communication data abnormality based on the first management information and the second management information.

Example embodiments of the present disclosure relate to devices, methods, apparatuses and computer readable storage media for data encryption and decryption. In example embodiments, a first cipher key and a second cipher key are obtained. The first cipher key comprises a vector of cipher elements, and the second cipher key comprises a set of indices corresponding to a subset matrix of a polarizing matrix. A cipher vector is generated by polar coding of a data vector based on the first and second cipher keys and the polarizing matrix. The data and cipher vectors are combined for encryption of the data vector.

A method for managing memory within a computing system. The method includes one or more computer processors identifying a range of physical memory addresses that store a first data. The method further includes determining whether a second data is stored within the range of physical memory addresses that stores the first data. The method further includes responding to determining that the second data is stored within the range of physical memory addresses that store the first data, by determining whether a process accessing the second data is identified as associated with a side-channel attack. The method further includes responding to determining that the process accessing the second data is associated with the side-channel attack, by initiating a response associated with the process accessing the second data.

A multivariate signature method for resisting key recovery attack, which establishes a new signature verification condition by adding additional value of signature. The verification condition implies verification of internal information x and y, thereby effectively resisting key recovery attack generated by the existence of equivalence key. Specifically, the method includes the three stages of data preprocessing, signature generation and signature verification. The invention is a signature authentication method based on polynomial equations of a plurality of variables in a finite field, which can effectively resist the key recovery attack, provide the basic technical support for the information security and the establishment of the trust system in the quantum computer era, and provide a secure digital signature option in the quantum era. The present invention is especially suitable for use under application condition which has limited storage and processing time, such as smart cards, wireless sensor networks and dynamic RFID tags.

A method for key agreement between a first party and a second party over a public communications channel, the method including selecting, by the first party, from a semigroup, a first value “a”; multiplying the first value “a” by a second value “b” to create a third value “d”, the second value “b” being selected from the semigroup; sending the third value “d” to the second party; receiving, from the second party, a fourth value “e”, the fourth value comprising the second value “b” multiplied by a fifth value “c” selected by the second party from the semigroup; and creating a shared secret by multiplying the first value “a” with the fourth value “e”, wherein the shared secret matches the third value “d” multiplied by the fifth value “c”.

A method for secure access control to a data storage system for a host apparatus by means of an access control device, the method comprising: as part of a first mode of operation of the access control device, receiving user data from the host apparatus and transmitting it in unmodified or modified form to the data storage system for local storage; exchanging a first cryptographic secret with a computer system to enable encryption of data by the access control device in dependence on the first cryptographic secret; receiving a data read request for at least a portion of the user data stored in the data storage system; in response to the data read request, transitioning the access control device to a second mode of operation in which the access control device is configured to perform read access but not write or delete access to the data storage system; and in the second operating mode, retrieving user data requested according to the data read request from the data storage system, encrypting them using the first cryptographic secret (K) or a key derived therefrom according to a key generation rule and transmitting the user data encrypted in this way to a predetermined user data recipient; wherein the user data is processed as part of the method in such a way that the encrypted user data transmitted as part of the second operating mode represents information which can be extracted from it for the user data recipient and which represents an identity of the access control device and/or of the data storage system or allows a clear conclusion to be drawn therefrom.

A method for encrypting messages is provided. The method for encrypting messages includes: generating a seed; generating a mask based on the seed; generating a masked message by masking an original message using the mask; acquiring a target message by performing white box encryption on the masked message; and disclosing the target message and the seed.

Disclosed is a cyber-security system that is configured to aggregate and unify data from multiple components and platforms on a network. The system allows security administrators can to design and implement a workflow of device-actions taken by security individuals in response to a security incident. Based on the nature of a particular threat, the cyber-security system may initiate an action plan that is tailored to the security operations center and their operating procedures to protect potentially impacted components and network resources.