Described herein is a system and method for validating media integrity using asymmetric key cryptography utilizing a public/private cryptographic key pair. The private key is kept secret and is known to an originator and/or publisher of a media file. The public key is added to the media file and is used to validate integrity of the media file, that is, that content of the media file (e.g., portion(s), frame(s)) has not been altered since publication of the media file. By validating integrity of the media file, strong proof that the media file came from an owner of the keypair (e.g., had possession of the private key) can be obtained, for example, resolving issues of trust and/or authenticity common in altered content. In some embodiments, information regarding an origin of the content can further be determined.

In a blockchain, contents of communication of electronic data are basically made public, and a malicious person can find system vulnerability of the blockchain. Leak of secret information or the like to an unintended third party through unauthorized access or the like by exploiting the vulnerability and cause is actually possible. Thus, it cannot be said that sufficient security measures are taken. In the present invention, a colony server stores partial data containing data of a predetermined size from a beginning of data to be managed received from a terminal, and a center server stores body data containing data of the predetermined size +1 and thereafter. Thus, the data to be managed is managed in a divided manner. Also, even if the body data is leaked from the colony server through unauthorized access or the like, the body data is merely part of the data to be managed, and has no value on its own. Thus, the present invention provides a system and the like for achieving robust security against unauthorized access.

A technique for processing Bluetooth Mesh packets that comprise erroneous cyclic redundancy check (CRC) values. The disclosed mesh node receives packets, each of which comprising a Protocol Data Unit (PDU) and a cyclic redundancy check (CRC) field. The PDU comprises an AD Data field with multiple octets; the AD Data field itself comprises a Network Identifier (NID) field. After determining the value of the CRC field in a first packet to be invalid, and subject to further checks, the mesh node selects a selected set of one or more NID values, based on the validity of the value of the NID field in the first packet. The mesh node then processes at least some of the multiple octets in the AD Data field in the first packet in accordance with a set of network keys that hash to the one or more NID values in the selected set.

Embodiments of present disclosure relates to and systems to reduce propagation delays in hardware implementation of 3GPP confidentiality or standardized algorithm 128-EEA3 and 3GPP integrity algorithm 128-EIA3 using ZUC module. The reduction of the propagation delays is achieved by improving or optimizing secondary critical paths, which are subsequent to primary critical path, related to the 3GPP confidentiality or standardized algorithm 128-EEA3 and the 3GPP integrity algorithm 128-EIA3. Non-conventional modifications in the hardware implementation are proposed for the improvement or optimization.

In one embodiment, a processor includes a memory hierarchy and a core coupled to the memory hierarchy. The memory hierarchy stores encrypted data, and the core includes circuitry to access the encrypted data stored in the memory hierarchy, decrypt the encrypted data to yield decrypted data, perform an entropy test on the decrypted data, and update a processor state based on a result of the entropy test. The entropy test may include determining a number of data entities in the decrypted data whose values are equal to one another, determining a number of adjacent data entities in the decrypted data whose values are equal to one another, determining a number of data entities in the decrypted data whose values are equal to at least one special value from a set of special values, or determining a sum of n highest data entity value frequencies.

This disclosure relates to a data storage device. A data port transmits data between a host computer system and the data storage device over a data channel. The device repeatedly broadcasts advertising packets over a wireless communication channel different from the data channel. Each advertising packet comprises a random value and a message authentication code calculated based on the random value and an identity key. The identity key is readable by a device to be connected and in proximity of the data storage device out of band of the data channel and the communication channel. The identity key enables the device to be connected to verify the message authentication code based on the random value and the identity key to thereby authenticate the data storage device.

Systems and methods are described for providing secure storage of data sets while enabling efficient deduplication of data. Each data set can be divided into fixed-length blocks. The plaintext of each block can be convergently encrypted, such as by using a hash of the plaintext as an encryption key, to result in block-level ciphertext that can be stored. If two data sets share blocks, the resulting block-level ciphertext can be expected to overlap, and thus duplicative block-level ciphertexts need not be stored. A manifest can be created to facilitate re-creation of the data set, which manifest identifies the block-level ciphertexts of the data set and a key by which each block-level ciphertext was encrypted. By use of block-level encryption, nearly identical data sets can be largely deduplicated, even if they are not perfectly identical.

In an example, a subject using a user mobile-identification-credential device (UMD) requests vetting by a vetting system, which receives verified subject information associated with a level-n mobile identification credential (MIC-n) that UMD received from a level-n authorizing party system (APS-n). MIC-n is linked to lower level MIC-0 to MIC-(n−1). The vetting system, as level-n relying party system (RPS-n), uses the verified subject information associated with the linked MIC-0 to MIC-n to verify or not verify the identity of the subject, develops an identity profile of the subject, and determines a vetting result of the subject by calculating a composite trust score based on MIC trust values for the multiple levels of MIC. MIC-i (i=1 to n) is linked to MIC-(i−1) which UMD received from APS-(i−1), and APS-i is RPS-(i−1) which verified the identity of the subject using verified subject information associated with MIC-(i−1), such that MIC-0 to MIC-n are linked.

A secure access control system configured to control access to sensitive data stored on disparate systems is disclosed. A first entity is designated to control access to second entity data. An authentication token, generated using a key derivation function, is used to authenticate the first entity. The authenticated first entity is granted access to second entity data. An access control interface is generated configured to selectively grant or withdraw access to second entity data. The access control interface identifies entities associated with respective access controls. The access control interface is instantiated on a first entity device. Activation indications of access controls is received over a network. Access to second entity data is accordingly granted or withdrawn. Access control transition event rules and/or access control transition time rules are retrieved. Using monitored events and the access control transition event rules, and/or a monitored current time and the access control transition time rules, a determination is made as to transition access control of the second entity data first entity to the second entity.

A method for data exchange on a communication network, operating according to a protocol, and including a transmission bus, a first node and a second node. The first node carries out the steps of: constructing a first and a second data frame which transport first and second information data; calculating a first message authentication code as a function of the first and the second information data; constructing a third data frame which transports the first message authentication code; transmitting all of the data frames thus constructed. The second node carries out the steps of: receiving the first, the second and the third data frames; extracting the first and the second information data and the first message authentication code; calculating a second message authentication code as a function of the first and the second information data extracted; comparing the message authentication code extracted with the message authentication code calculated in order to verify the identity thereof.