Abstract: A method for managing hardware resources includes obtaining, by a local virtual hardware license manager, a license request from an application instance, in response to the license request: sending a virtual hardware license request to a license management system, wherein the virtual hardware license request comprises a hardware resource list, making a first determination that a response to the virtual hardware license request validates the virtual hardware license request, and in response to the first determination: providing, based on the hardware resource list, a signed hardware resource document to a hardware resource manager managing a hardware resource, wherein the hardware resource list specifies the hardware resource, updating a hardware resource access repository to specify enabled access of the hardware resource by the application instance, and initiating access to the hardware resource by the application instance.

Abstract: A method for anonymous signature of a message executed by a member entity of a group. The method includes: registering the member entity with an administration entity of the group; generating by the member entity a trace from a trace generator calculated by at least one revocation entity and included in a public key of the group, the trace being invariant relative to the anonymous signatures generated by the member entity in accordance an anonymous signature scheme; blindly obtaining by the member entity a private group key; and generating at least one signature according to the anonymous signature scheme by using the private key, the signature comprising the trace.

Abstract: A system receives an audio-video recording that includes image frames. For each image frame, a portion of the image frame is identified that corresponds to a first face of a first subject. An image region is determined for the identified portion of the image frame. A first face portion of the audio-video recording is stored that corresponds to the determined image region for each of the image frames along with a private key for the audio-video recording and a first mask identifier for the first subject. A public key is generated for the private key. A remaining portion of the audio-video recording is associated with the generated public key and the first mask identifier for the first subject. The remaining portion, the public key, and the first mask identifier are provided to a media server that communicates with a media player.

Abstract: Systems and methods are provided herein for temporary digital content sharing. The systems and methods may involve receiving, from a first device, a selection of a first element associated with a first URL. The systems and methods may also involve determining first content associated with the first URL. The systems and methods may also involve receiving, from the first device, a selection of a second device at which to display the first content associated with the first URL. The systems and methods may also involve providing the first URL to the second device, wherein the URL allows access to the content by the second device.

Abstract: Enabling control of authenticated applications and websites from other applications and websites within an auto entertainment service, including: implementing controls of the auto entertainment service within a privilege auto platform with a defined structure that enables a controller to issue a command; constructing calls appropriate to execute the command; routing playback controls through the privilege auto platform; issuing the command to the privilege auto platform with a content ID; and receiving the command and making the calls for content and digital rights management to execute the command.

Abstract: Systems and methods are described that use cryptographic techniques to improve the security of applications executing in a potentially untrusted environment associated with a software application. Embodiments of the disclosed systems and methods may, among other things, facilitate cryptographic operations within an execution environment associated with browser software of a client system while maintaining security of cryptographic keys imported into the environment. As the security of keys is maintained in an execution environment implementing embodiments of the disclosed systems and methods, users and/or systems may be more willing to consign their keys for use in connection with cryptographic operations performed in such environments.

Abstract: Systems, methods, and computer-readable media for providing standards compliant encryption, storage, and retrieval of data are disclosed. In an embodiment, data is received at a first data center from a first device in connection with a service request and encrypted to produce encrypted data. The encrypted data may be transmitted from the first data center to the first device, and then may subsequently be received at a second data center. The second data center may store the encrypted data in a database accessible to the second data center. Because all data provided to the system is encrypted by the first data center prior to being stored and/or provided to the second data center, the database and the second data center may be out of the scope of compliance monitoring, auditing, and reporting for one or more data security standards.

Abstract: A process of confirming an originator of an electronic mail (email) includes receiving a request for verification of the identity of an alleged originator of the email, which may be sent from the actual originator of the email or a recipient of the email. The alleged originator of the email may be determined, e.g., by parsing the email to determine the name of the sender in the email. Verification is obtained from a biometric-enabled client that is associated with the send whether the email was in fact sent by the sender as well as confirmation of the identity of the sender based on a previously stored identity-proofed biometric.

Abstract: Medical devices, systems, and methods related thereto a glucose monitoring system having a first display unit in data communication with a skin-mounted assembly, the skin-mounted assembly including an in vivo sensor and a transmitter. The first display unit and a second display unit are in data communication with a data management system. The first display unit comprises memory that grants a first user first access level rights and the second display unit comprises memory that grants a second individual second access level rights.

Abstract: Temporal key generation devices and methods are described. One such device of a first domain receives a “seed” to generate a private key associated with a public key for use in a second domain. The device uses the private key in cryptographic operations with the second domain. When the device loses power or is no longer connected to the second domain, the private key may be erased or no longer stored on the device.

Abstract: A cryptographic circuit performs a substitution operation of a cryptographic algorithm. For each substitution operation of the cryptographic algorithm, a series of substitution operations are performed by the cryptographic circuit. One of the substitution operations of the series is a real substitution operation corresponding to the substitution operation of the cryptographic algorithm. One or more other substitution operations of the series are dummy substitution operations. A position of the real substitution operation in said series is selected randomly.

Abstract: Various embodiments include a first node for providing a function to a second node for evaluation, the first node configured to form a first plurality of garbled circuits for the function, each circuit being formed from a circuit representing the function and a respective set of wire keys and including one or more logic operations, one or more input wires for inputting data into the circuit and one or more output wires for outputting the result of the function, wherein each respective set of wire keys comprises a respective subset of wire keys for each input wire and each output wire, each subset of wire keys comprising a plurality of wire keys, each wire key in the plurality being associated with a possible value for the wire; and publish a first list of the first plurality of garbled circuits for the function for access by a plurality of second nodes.

Abstract: The apparatus for securely updating the binary data in the vehicle includes a plurality of nodes that transmit/receive block data to/from each other through a wireless network. Each of the plurality of nodes includes a data reception unit that receives block data from another node, a data verification unit that compares the block data received from the another node with previously stored block data, a data correction unit that deletes the block data, or combines the block data with the previously stored block data and encrypts the combined block data to generate corrected block data, a data storage unit that stores the corrected block data, and a data transmission unit that transmits the corrected block data to another node.

Abstract: A device participates in a cyclical collaboration system. The device receives a request from a third party. A request value is determined that is associated with the request. A first random number is determined based on the first request value. The first random number is provided to a downstream device. A second random number is received that is generated by a upstream device. A first encrypted request value is determined based on the first request value, the first random number, and the second random number. The first encrypted request value is provided to a multiple party encryption subsystem. Encrypted request values generated by other participants of the cyclical collaboration network are received from the multiple party encryption subsystem. A validation score is determined based on the first encrypted request values and the encrypted request values received from the multiple party encryption subsystem.

Abstract: A method for performing a security chip protocol comprises receiving, by processing hardware of a security chip, a message from a first device as part of performing the security chip protocol. The processing hardware retrieves a secret value from secure storage hardware operatively coupled to the processing hardware. The processing hardware determines a path through a key tree based at least in part on the message. The processing hardware derives a validator at least in part from the secret value using a sequence of entropy redistribution operations associated with the path through the key tree. The processing hardware exchanges the validator between the security chip and the first device as part of the security chip protocol in order to authenticate at least one of the security chip or the first device.

Abstract: A system for providing quality of service (QoS) levels to clients requesting credentials from a credential management service is provided. The system includes an application programming interface (API) operable to receive credential requests from each of a plurality of clients, each credential request including a client identifier, and a QoS manager operable to: distribute the credential requests to a corresponding client queue of a plurality of client queues based on the client identifier, select a credential request distributed to the plurality of client queues based on a selection scheme, and transmit the selected credential request to a QoS queue of the credential management service for processing.

Abstract: Systems and methods provide for a solution for encryption by dynamically opening multiple channels between the client and the server, where the channels include both secured (e.g., SSL/TLS and etc.) channels and non-secured channels. Non-sensitive information can be over non-secured channels, and sensitive information can be sent via the secured channels. The system can recognize whether the information is sensitive or not via the use of tags on a page or frame that delineate which information is sensitive. For instance, on a form, tags can mark off the areas of the form that may contain sensitive information, such as social security numbers, names, addresses, financial information, and other private information. All the data within the tags can be considered sensitive and so be communicated to the server via a secure channel while other data can be transmitted through unsecured channels.

Abstract: An encryption box device has a memory and a processor coupled to the memory. A first clipboard runs on the processor and downloads a plaintext stream. An encryption engine runs on the processor and receives the plaintext stream and encrypts the plaintext stream to produce an encrypted stream. A digitizer runs on the processor and digitizes the encrypted stream to produce a digitized encrypted stream. A second clipboard runs on the processor and uploads the digitized encrypted stream. The encryption engine may also decrypt the encrypted stream to produce the plaintext stream and upload the plaintext stream to the first clipboard.

Abstract: A device determines that a data breach of an application has been reported and determines that an individual has an account with the application based on identifying an association between an application identifier and a username the individual uses to access the application. The device receives, from a user device associated with the individual, password information used to access the application. The device uses the password information and usernames for a group of applications with which the individual has accounts to perform a login procedure for the group of applications to determine that login information for one or more of the applications includes the password information used to access the application affected by the data breach. The device provides, to the user device or another device, a recommendation to change the password information used to access the application and the one or more applications.

Abstract: A method by one or more computing devices for obfuscating challenge code. The method includes obtaining challenge code for interrogating a client, inserting, into the challenge code, code for obfuscating outputs that are to be generated by the client, where the code for obfuscating the outputs includes code for applying a first chain of reversible transformations to the outputs using client-generated random values, interning strings appearing in the challenge code with obfuscated strings, inserting code for deobfuscating the obfuscated strings into the challenge code, inlining function calls in the challenge code, removing function definitions that are unused in the challenge code due to the inlining, reordering the challenge code without changing the functionality of the challenge code, and providing the challenge code for execution by the client.