Abstract: Techniques for enforcing trust policies for payload data transmitted through a data provisioning layer include: receiving, by a node in the data provisioning layer, payload data to be delivered to a recipient; obtaining, by the node, a trust policy indicating multiple attributes used to determine trustworthiness of payloads; determining, by the node, a set of values of the attributes associated with the payload data; generating, by the node, a trustworthiness opinion based at least on the trust policy and the set of values of the attributes; transmitting, by the node, the payload data and the trustworthiness opinion via the data provisioning layer toward the recipient; computing, by the recipient, a trustworthiness metric associated with the payload data based at least on the trustworthiness opinion; and determining, by the recipient, an action to take with respect to the payload data based at least on the trustworthiness metric.

Abstract: Briefly, example methods, apparatuses, and/or articles of manufacture are disclosed that may be implemented, in whole or in part, using one or more computing devices to facilitate and/or support one or more operations and/or techniques for electronic authentication infrastructure, such as implemented, at least in part, via one or more electronic communications.

Abstract: A method and system are provided for transferring digital assets in a digital asset network. Network users can be centrally enrolled and screened for compliance. Standardized transfer processes and unique identifiers can provide a transparent and direct transfer process. Digital assets can include sufficient information for ensuring that a value will be provided, including one or more digital signatures, such that value can be made immediately available to recipients.

Abstract: An encrypted rolling code, a plurality of differing data bit order patterns, and a plurality of differing data inversion patterns are provided. One then selects a particular one of each of these patterns and uses those selected patterns as transmission characteristics when transmitting at least part of the encrypted rolling code.

Abstract: There is described a system and method for performing biometric authentication, preferably voice biometric authentication. The system has a host device such as a mobile phone and a coupled headset device. The headset device is arranged to receive audio, and to cryptographically protect the audio before transmission to the host device for verification and biometric authentication.

Abstract: Systems and methods for applying an application layer policy to a transport layer security request are provided. A device, intermediary to one or more clients and one or more servers, can receive a transport layer security (TLS) request to establish a TLS connection between a client of the one or more clients and a server of the one or more servers. The TLS request can include an application layer request to a resource of the server. The device can apply an application layer policy to the application layer request of the TLS request. The device can determine, responsive to applying the application layer policy, whether to one of accept or reject at least the application layer request of the TLS request.

Abstract: The invention relates to a method for securely providing a personalized electronic identity on a terminal (2) which can be used by a user (1) for identification purposes when claiming an online service. In the method, an identification application is ran on a terminal (2), which is assigned to a user (1), in a system comprising data processing devices (9; 10; 11; 12) and said terminal (2), and additionally a personalization application and an identity provider application are ran.

Abstract: Various surgical hubs and data stripping methods are disclosed. The surgical hub comprises a processor and a memory coupled to the processor. The memory stores instructions executable by the processor to interrogate a modular device coupled to the processor via a modular communication hub. The modular device is a source of data sets that include patient identity data and surgical procedure data. The processor also executes instructions to: receive a data set from the modular device; discard the patient identity data and any portion of the surgical procedure data that identifies the patient from the data set; extract anonymous data from the data set and create an anonymized data set; and configure operation of the surgical hub or the modular device based on the anonymized data set.

Abstract: A method for recovering data. The method including collecting identity factors at a user device, wherein hashes of the identity factors are configured to be stored at a server. The method including generating at the user device a dynamic password based on the identity factors and a Salt configured to be generated by the server and configured to be delivered to the user device. The method including generating at the user device a data key and encrypting the data key using the dynamic password to generate an encrypted data key configured to be stored at the server. The method including encrypting at the user device data items using the data key to generate encrypted data items configured to be stored at the server. As such, the data items are recoverable by presenting the identity factors to the server.

Abstract: Techniques are provided for client application authentication and include receiving a request to authenticate an application and, based on the received request to authenticate the application, sending a request to perform a push communication, including a short-term shared key, to a digital distribution system, wherein the digital distribution system is a distribution source of the application. The digital distribution system attempts to send the push communication including the short-term shared key to the application. The techniques may proceed by receiving a request for resources from the provider client application and determining whether the application has the short-term shared key. When it is determined that the application has provided the short-term shared key, the requested resources to the application may be provided, otherwise, the requested resources may be denied.

Abstract: Processing within a computing environment is facilitated by generating a hybrid security certificate using multiple cryptosystems. The generating includes obtaining data for inclusion in the hybrid security certificate, and generating a first digital signature associated with a first cryptosystem to cover the data, and a second digital signature associated with a second cryptosystem to cover the data. The generating further includes providing the hybrid security certificate, where the hybrid security certificate includes the data, the first digital signature associated with the first cryptosystem, and the second digital signature associated with the second cryptosystem, and where the first digital signature has no dependency on a key of the second cryptosystem or the second digital signature, and the second digital signature has no dependency on a key of the first cryptosystem or the first digital signature.

Abstract: A data storage device includes a nonvolatile memory device, a volatile memory device, a data encryption circuit configured to encrypt data outputted from the nonvolatile memory device, a data decryption circuit configured to decrypt encrypted data output from the data encryption circuit and configured to provide the decrypted data to the volatile memory device, and a processor configured to perform a first process that controls installation of a first in-storage program in the data storage device, a second process configured to manage a mapping table storing a relation between a logical address and a physical address of the nonvolatile memory device, and a third process configured to execute the first in-storage program.

Abstract: Disclosed are various embodiments for authenticating a user using non-fungible tokens (NFTs). A trusted token issuer verifies a user's identity according to identifying credentials (e.g., government issued identification, passport, driver's license, etc.) presented by the user and creates a non-fungible token in response to verifying the credentials. The non-fungible token is associated with a user identifier and can be used by an access provider to authenticate a user requesting access to restricted content provided by the access provider. For example, when a client device associated with the user requests access from an access provider to an access-restricted website or other type of access-restricted area (e.g., building, concert venue, network, etc.), the access provider (e.g., website server, building computing device, venue system, etc.) uses the properties of the non-fungible token to verify one's identity and permit access upon verification.

Abstract: The present invention provides methods, systems and computer program products (software) for the reliable, attack-resistant authentication of a network-connected user to a network-connected service provider.

Abstract: The invention provides one or more consortia of networks that identify and share information about users and/or user devices interacting with the consortia. User devices may be identified, at least in part, by tag-based computer information. Computers and other devices accessing the Web carry device tags with date and time information describing when they were issued by a security tag server. A server time stamp may be inserted into time based computer tags such as a cookies indicating when they were created. Such time stamp information can be encrypted and analyzed during future attempts to access a secure network such as a customer attempting to log into an online banking account. When the time stamp information from the tag is compared to other selected information about the user, device and/or account, including but not limited to last account log-in date/time or account creation date, the invention may be used to detect suspicious activity.

Abstract: A method for processing a cryptographic operation request includes receiving, at a hardware security module (HSM), the cryptographic operation request including a cryptographic key and at least one authorization token, determining, by the HSM, whether an access control list (ACL) associated with the cryptographic key of the cryptographic operation request is authorized to govern access to the cryptographic key, and validating, by the HSM, the at least one authorization token. When the at least one authorization token is valid and the ACL is authorized to govern access to the cryptographic key of the cryptographic operation request, the method includes processing, by the HSM, the cryptographic operation request.

Abstract: The present disclosure provides systems and methods for authenticating photographic data. In one embodiment, a method comprises providing an image authentication application for use on a client device, the application configured to control image capture and transmission; receiving an image data file from the application at the authentication server comprising a photographic image captured by the application and metadata associated therewith; applying a watermark to the photographic image to create a watermarked image; applying date and time information to the tagged image; applying location information to the tagged image; creating a web address associated with the image data file; uploading the photographic image, the tagged image, or both to the web address; and transmitting an authenticated image file to the client device, the authenticated image file comprising one or more of: the watermarked image, the photographic image, the date and time information, geographic information, and the web address.

Abstract: A method for proving identity when registering for a service includes presenting by the entity a user with options for registering for the service, wherein the options comprise validating an identity of the user through a trusted partner. The method includes receiving, by the entity, user data from the trusted partner responsive to the user logging into a page on the trusted partner. The method includes validating the user identity for the service responsive to a determination that a user identifier from the trusted partner matches a user identifier on record with the entity. The method includes populating entity user data for the service according to the user data received from the trusted partner responsive to successfully validation of the user identity. In embodiments, a risk analysis score is determined for the user and registration steps for registering are selected based on comparison of the registration score with a threshold.

Abstract: A first apparatus performs a pairing providing process of displaying a provision string on the first apparatus and transmitting the provision string to a server apparatus, the provision string being of a given number of digits that changes every given amount of time in such a manner that, every given amount of time, the provision string is subjected to carrying and a new character is added to the rightmost digit of the provision string. A second apparatus transmits an acceptance string to the server apparatus, the acceptance string being input from the second apparatus based on the provision string displayed on the first apparatus. The server apparatus compares the provision string with the acceptance string, and determines that pairing is established between the first apparatus and the second apparatus when the provision string and the acceptance string match each other.

Abstract: The present disclosure relates to a communication method and system for converging a 5th-Generation (5G) communication system for supporting higher data rates beyond a 4th-Generation (4G) system with a technology for Internet of Things (IoT). The present disclosure may be applied to intelligent services based on the 5G communication technology and the IoT-related technology, such as smart home, smart building, smart city, smart car, connected car, health care, digital education, smart retail, security and safety services. Methods and systems for generating/deriving CU-UP security keys for disaggregated gNB architecture are described herein. A UE/gNB can inform the gNB/UE about the capability of the UE/gNB to derive CU-UP security keys. CU-UP security keys comprise an integrity protection key and a ciphering key. The gNB derives an integrity protection key and a ciphering key upon determining that the UE supports derivation of the CU-UP security keys or the UE has capability to derive CU-UP security keys.