Abstract: A method for integrity protection scheme by a mobile communication device or a core network entity according to a first exemplary aspect of the present disclosure includes configuring settings and parameters for integrity protection for user data with another party; receiving user plane data from the other party, calculating Message Authentication Code for Integrity (MAC-I) for a part of the data and checking integrity of the part of the data.

Abstract: Embodiments of the invention relate to methods, apparatus and systems for biometric processes. The methods include updating stored ear model data for a user following successful authentication of the user. The ear model data may be acquired using a personal audio device that generates an acoustic stimulus and detects a measured response. The acquisition of the ear model data may be responsive to a determination that the personal audio device is inserted into or placed adjacent to the user's ear. The acquisition of the ear model data may also be responsive to the determination that the personal audio device has not been removed from or moved away from the user's ear.

Abstract: Disclosed is a computer-implemented method for establishing a secure connection between two electronic computing devices which are located in a network environment, the two electronic computing devices being a first computing device offering the connection and a second computing device designated to accept the connection, the method comprising executing, by at least one processor of at least one computer, a connection-establishing application for exchanging an information packet between the first computing device and the second computing device comprising a secret usable for establishing the connection, and evaluating a response from the second computing device for establishing the secure connection.

Abstract: A system that provides for the accessing and playing of media files having differing associated rights such as non-DRM media files, purchased and downloaded media files, subscription download files such as tethered downloads, and subscription streamed DRM files. The system also provides a method and user interface for sharing a media collection among computing devices in communication via a network. The system allows access and playback, from each computing device on a network, of all media files in a media collection, regardless of their associated rights.

Abstract: Systems and methods for periodically modifying data privacy elements are provided. The systems and methods may identify a set of data privacy elements. A data privacy element can characterizes a feature of a computing device and can be detectable by a network host. A first artificial profile can be generated by modifying a first data privacy element based on an artificial profile model that defines a relationship associated with one or more constraints between the set of data privacy elements. Subsequent to generating the first artificial profile, a second artificial profile can be generated by periodically modifying a second data privacy element in accordance with the relationship defined by the artificial profile model. The computer device can be masked from being identified by the network host by sending the second artificial profile including the second data privacy element to a requested network location.

Abstract: Methods, computer readable media, and devices for escrow of master keys and recovery of previously escrowed master keys may be disclosed. A method for escrow of master keys may include registering a root certificate authority (CA) within each of two first-party hardware security modules (HSMs), initializing each of three third-party HSMs as master escrow recovery devices, performing a bootstrap operation on an authoritative blockchain to generate three master keys, generating a first set of master key shard ciphertexts using a first one of the three master escrow recovery devices, a second set using a second one of the three master escrow recovery devices, and a third set using a third one of the three master escrow recovery devices, and storing the first, the second, and the third set of master key shard ciphertexts as opaque objects in each of the two first-party HSMs.

Abstract: The technology disclosed herein pertains to a method for mobile storage device registration to a management domain using a random token and a pin. In at least one implementation, a technology disclosed herein provides a method of authenticating a device on a system, the method including generating a random token, displaying the random token to a user, communicating the random token to an authentication system portal, in response the authentication system portal validating the random token receiving a PIN from the user, and communicating the PIN to the authentication system portal, and receiving a portal IP address and a certificate of authentication from the authentication system portal.

Abstract: Embodiments of the disclosure relate to methods, apparatus and systems for authentication of a user. The described embodiments relate to obtaining ear biometric data for a user to be authenticated. The ear biometric data comprises one or more features characteristic of the user's ear canal and an associated fit metric indicative of a positioning of a personal audio device relative to the user's ear canal, the personal audio device comprising a transducer for application of acoustic stimulus to the user's ear to obtain the ear biometric data. The user may be identified as a particular authorised user based on one or more features and the associated fit metric.

Abstract: The invention discloses a method for managing communication authority based on multi-energy equipment data flow using digital twin and a system thereof, comprising the following steps: generating a unique permission code; Establishing a data flow interaction channel; utilizing a broadcast detection mechanism to periodically check the data flow communication authority based on the channel and continuously remove the data flow interaction channel that is expired and illegally authorized, thus to complete the data flow communication management. The present invention has the advantages that the management is more scientific, the algorithm is clearer, more efficient and safer, and the level is well arranged; the channel resource utilization rate is improved, filling the gap in the current stage of a method for managing communication authority based on multi-energy equipment data flow using digital twin and a system thereof, and ensuring the real-time mapping between physical entities and virtual images.

Abstract: Accessing and organizing data sets directly from a data warehouse including receiving, by a data analyzer, a request from a service provider client instructing the data analyzer to retrieve a data set from a service provider data warehouse, wherein the service provider client is a client of a service provider, and wherein the service provider data warehouse stores data sets for the service provider; retrieving, by the data analyzer, the data set directly from the service provider data warehouse using credentials provided by the service provider; selecting, by the data analyzer, a worksheet template based on the service provider; organizing, by the data analyzer, the data set into a worksheet based on the worksheet template; and presenting, by the data analyzer to the service provider client, the worksheet comprising the data set.

Abstract: A security device provisioning hub, including: a memory; and a processor configured to: receive a first secret token from a device manufacturer, wherein the first secret token is associated with a first service; receive a second secret token from a customer device having a security chip; verify that the first secret token and the second secret token are the same; and provide to the customer device access credentials to the first service.

Abstract: System and techniques for multi-tenant cryptographic memory isolation are described herein. A multiple key total memory encryption (MKTME) circuitry may receive a read request for encrypted memory. Here, the read request may include an encrypted memory address that itself includes a sequence of keyid bits and physical address bits. The MKTME circuitry may retrieve a keyid-nonce from a key table using the keyid bits. The MKTME circuitry may construct a tweak from the keyid-nonce, the keyid bits, and the physical address bits. The MKTME circuitry may then decrypt data specified by the read request using the tweak and a common key.

Abstract: Techniques are described with respect to facilitating password creation via a secure device in a defined corporate environment. An associated method includes receiving an authentication request associated with an authorized client of a client system in the defined corporate environment and initializing the secure device with respect to the client system responsive to validating the authentication request. The method further includes creating a password for the client system in compliance with policy criteria associated with the defined corporate environment, encrypting the password, and distributing the password via at least one predetermined technique. In an embodiment, the method further includes creating access control credentials for the client system in compliance with the policy criteria associated with the defined corporate environment.

Abstract: The present invention puts forward a personal electronic access permission (Figure B, 31) that can both check on the customer's identity (Figure A, step 2) and right to access an event/venue in one scanning event, and address the unwanted secondary market, still enabling a customer (Figure D, 5) to sell back an electronic access permission to the system (Figure D, I) in case the customer is not able to attend the event.

Abstract: A computerized method of the invention includes software having instructions loaded on a computer system including a database populated with item information associated with owner, leasee and/or lien holder information. The CPU executes the instructions for, in a first step, registering user, in a second step, associating items and, in a third step, making registered item information available for updating and interrogation by users with the requisite permissions.

Abstract: A responder device receives, from an initiator device, a request to initiate a cryptographic tunnel between the initiator device and the responder device. The responder device does not include a static private key to be used in an asymmetric cryptography algorithm when establishing the tunnel. The responder device transmits a request to a key server that has access to the static private key and receives a response that is based on at least a result of at least one cryptographic operation using the static private key. The responder device receives from the key server, or generates, a transport key(s) for the responder device to use for sending and receiving data on the cryptographic tunnel. The responder device transmits a response to the initiator device that includes information for the initiator device to generate a transport key(s) that it is to use for sending and receiving data on the cryptographic tunnel.

Abstract: A secure, remote support platform allows secure, remote device support with an edge device (101) and a trusted intermediary server resource (“trusted server”). The trusted server (113) is an endpoint for secure connections with a support application used by a remote technician and with the edge device. The secure connections carry messages with inputs, data requests, and feedback. Messages between the trusted server and support edge device are secured in a manner that allows each endpoint to validate the messages. The remote technician controls the edge device to assesses a target device connected to the edge device. The edge device presents emulated peripheral devices to the target device while capturing the target device desktop with a camera or presents remotely controlled peripherals and returns screen captures or updates of the desktop from the target device.

Abstract: The present disclosure generally relates to digital identification credential user interfaces.

Abstract: A new approach is proposed to support account takeover (ATO) detection based on login attempts by users. The approach relies on assessing fraudulence confidence level of login IP addresses to classify the login attempts by the users. A plurality of attributes/features in one or more user login data logs are extracted and used to build a labeled dataset for training a machine learning (ML) model that relies on statistics of the login attempts to classify and detect fraudulent logins. These attributes make it possible to ascertain if a login attempt or instance by a user is suspicious based on the ML model. In some embodiments, the ML model is trained using anonymized user login data to preserve privacy of the users and a proper level of data anonymization is determined based on the ML model's accuracy in detecting the ATO attacks when trained with different versions of the anonymized data.

Abstract: The present invention concerns the verification and authentication of independent digital wallets and, particularly, the linking of regulated and unregulated digital wallets when there is established common ownership and a desire to achieve rapid linking of those different accounts supported across disparate platforms for inter-dependent wallet operation. System intelligence (30, 42, 46, 50) makes use of selective scraping of data, in third-party database resources (52, 54), relating to or associated with events or transaction recorded in the public (unregulated) wallet that belong to an initially unknown individual whose identity requires verification for linking purposes. In the event of a verified response to such a randomly generated query, a non-transferrable NFT is generated by the system intelligence (46) of the regulated platform (27) and these non-transferable NFTs are placed within an accessible public ledger (66) as well as the purview of the private ledger (26).