Abstract: The present invention proposes assigning a common system identification code to each of a control unit and a plurality of controllable slave units, storing that system identification code in a user-inaccessible memory of those units, and allowing pairing between the control unit and each of the slave units only if the system identification code of the control unit matches that of the respective slave unit. Thus a slave unit can only act upon a control signal if the control signal comes from the control master unit which shares the system identification code, i.e. is verifiably from the same family. This ensures that a slave unit only acts on instructions which come from a specified control unit, so providing security to the user. It is therefore impossible for a slave unit to act on instructions from any device other than the control master unit with which it shares a system identification code, which may be alternatively referred to as a family identification code or family ID.

Abstract: Systems and methods are described for authorizing users and/or devices. An example method may comprise receiving, from a user device, a request to access a function associated with a service account. The request may comprise an identifier of the user device. The example method may comprise determining, based on the identifier, a primary authority holder of the service account. The example method may comprise determining that a first record on a first distributed ledger associated with the primary authority holder indicates that the user device is associated with the primary authority holder. The example method may comprise determining that a second record on a second distributed ledger associated with the user device indicates that the user device is associated with the primary authority holder. The example method may comprise granting, based on the request, the first record, and the second record, the user device access to the function.

Abstract: A computer processing system and method for reducing memory footprint that includes initiating, through at least one computer processor, a cryptography session utilizing an i-degree isogeny arithmetic computation having chained computations therein. The cryptography session includes implementing a first iteration cycle, of a plurality of iteration cycles, and a implementing a remaining amount of the plurality of iteration cycles, each of the plurality iteration cycles computing isogenies using a compressed Z value to complete the -degree isogeny arithmetic computation. The first iteration cycle includes individually computing a plurality of sequentially occurring pivot points within the chained computations, implementing a Co—Z algorithm within the plurality of sequentially occurring pivot points to compute and store the compressed Z value on one of the plurality of temporary registers and computing a first isogeny of the -degree isogeny arithmetic computations using the compressed Z value.

Abstract: Systems and methods for data sharing and transaction processing for high security documents are disclosed. According to one embodiment, a method may include (1) at least one computer processor verifying that a sender of a document is authorized to send the document; (2) the at least one computer processor verifying that a receiver of the document is authorized to receive the document; (3) the at least one computer processor identifying at least one restriction to associate with the document; and (4) the at least one computer processor associating the at least one restriction with the document.

Abstract: Disclosed herein are embodiments of systems, methods, and products comprise a processor, which provides runtime enforcement of data flow integrity. The processor accesses the application binary file from the disk to execute an application and translates the application binary into intermediate representation. The processor applies the logic of data flow integrity controls to the intermediate representation. Specifically, the processor identifies the vulnerable code in the intermediate representation. The processor applies data flow integrity controls to the vulnerable code. The processor adds simple instrumentation that only changes the application's behavior when unauthorized data tampering occurs while preserving the application's normal behavior. When certain operations may cause unauthorized data tampering, the processor takes proper measures to stop the operations. The processor translates the intermediate representation back to a machine code and replaces the original binary with the machine code.

Abstract: The present disclosure concerns an electronic device configured for generating a control signal for controlling another device in a secured fashion when receiving a command signal from a mobile device, the electronic device being further configured for generating and storing a set of keys that are used for encrypting the command signal between the electronic device and the mobile device, each key being used only once. The present disclosure further pertains to a method for generating the control signal in a secured fashion in accordance with the command signal using the electronic device.

Abstract: The loading of a privileged application can be selectively blocked. An application restrictor can be configured to register for notifications whenever an application image is loaded. Then, whenever the application restrictor receives a notification, the application restrictor can evaluate whether the application image that is being loaded is a privileged application. If so, the application restrictor can evaluate the current process's parent tree to determine if an untrusted application is present at any level of the parent tree. The application restrictor will then allow the privileged application to load only when all applications in the parent tree are trusted applications. In this way, untrusted applications can be blocked from accessing a privileged application without blocking trusted applications from accessing the privileged application.

Abstract: Processing network requests includes receiving a request for a target media element available at a requested location. The request can identify a media repository that stores the target media element. A substitute media element that has content approximately equivalent to content of the target media element can be determined. The substitute media element can be stored on a sub-network connected to the network. A selection page having a link to the location of the substitute media element on the sub-network can be generated. A response to the request for the target media element can include the selection page, so as to offer a user a choice of media source.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for a biometric authentication system. In one aspect, a method includes, a vibrating component of a mobile device is vibrated; a vibration signal of the mobile device is detected as a user grips the mobile device; a dynamic grip signature is determined for the user based on the detected vibration signal; and the user is authenticated based on a comparison of the dynamic grip signature to an initial grip template.

Abstract: An example operation may include one or more of sending, by an administrator node, an encrypted random value adm1 to the participant node 1, wherein the adm1 is encrypted by a public key PK=PK_adm+PK1, wherein the PK_adm is a public key of the administrator node and the PK1 is a public key of the participant node 1, receiving, by an administrator node, a secret S1 from the participant node 1, wherein the S1 is a random value encrypted by the PK, storing, by an administrator node, a secret S=(S1+adm1) encrypted by the PK, sending, by an administrator node, an encrypted value (S+adm2??adm2) by the PK1 and a PK2 to the participant node 1 to be decrypted, wherein the adm2? and the adm2 are random values and the PK2 is a public key of a participant node 2, and in response to a confirmation that the participant node 1 has sent the (S?adm2+adm2?) encrypted by the PK2 to the participant node 2, sending, by an administrator node, the adm2? to the participant node 2 to compute a secret S2.

Abstract: According to an example embodiment of the present invention, there is provided an apparatus comprising at least one processing core configured to determine a pairing opportunity with a second apparatus and to cause a message to be transmitted to a server, the message comprising a generated number, a receiver configured to receive from the server an indication, and the at least one processing core being further configured to, at least in part based on the indication, cause the apparatus to participate in pairing with the second apparatus.

Abstract: This disclosure relates to providing a high availability computing service in a distributed system. In one aspect, a method includes sending, by a computing unit of multiple computing units that are each executing a respective copy of a computing task, a certificate request to a trusted certificate generator. The request includes authentication information. The authentication information includes a code hash of the computing task. The computing unit receives a certificate report including a public key certificate in a certificate chain generated for the code hash and a private key corresponding to the public key certificate. The public key certificate and the private key form a certificate pair. The certificate chain includes multiple certificates including the public key certificate and a root certificate corresponding to the public key certificate. The computing unit is used as a TLS server. The certificate pair is set as a certificate pair of the TLS server.

Abstract: Method for automatically distributing, as needed, a user's digital-works and usage-rights to one or more user-devices. A definition of the usage-rights for a digital-work may be stored at one or more locations on a network. A version of said digital-work suitable for a user-device may be provided by one or more locations on said network. When a user who is authorized to utilize said digital-work is active at a user-device, a version of said digital-work and authorization to utilize is automatically transferred when needed to a user-device. The digital-work and authorization may be automatically transferred as needed to any user-device where an authorized user is active. The usage-rights may only be valid for one or more specific users. The usage authorization at each user-device may be less than defined in the full usage-rights maintained on the network. Authorization to utilize said digital-work at a user-device may be extended from time to time by exchanging user-device status across the network.

Abstract: The present invention relates to a method to authenticate a subscriber (IMSIi) within a local network (LNj) comprising preliminary step of deriving a subscriber key (SMKi) in local keys (LKi), one local key (LKiLNj) for each local network (LNj) the subscriber (IMSIi) is authorized to access, provisioning each local network (LNj) the subscriber (IMSIi) is authorized to access with its own local key (LKiLNj). When an authentication is required in a given local network (LNj), an UICC application derives a local key (LKiLNj) in the UICC application of the subscriber (IMSIi) using the network identifier (LNj), the key derivation function (KDF) and the subscriber key (SMKi) and use the derived local key (LKiLNj) in the algorithm to perform local authentication in the local network (LNj).

Abstract: Disclosed are various approaches for implementing an application authentication wrapper. An authentication request, such as a Kerberos request, is created for authenticating the computing device. The authentication request is encrypted to generate an encrypted authentication request. The encrypted authentication request is then forwarded to a reverse proxy server. An encrypted authentication response is received from the reverse proxy server. The encrypted authentication response, such as a Kerberos response, is then decrypted to generate a corresponding authentication response, which is then forwarded to the computing device that generated the authentication request.

Abstract: A computing system includes a processor and memory coupled to the processor and storing instructions that, when executed by the processor provide a user interface module. The user interface module is configured to generate a tracker definition user interface having a threat parameter selection user interface element configured to receive a selection of at least one threat parameter, the tracker definition user interface also having a threat value user interface element configured to receive input specifying a threat value to match for the specified at least one threat parameter. The processor is configured to save a tracker based on the selection of at least one threat parameter and the threat value, and wherein the processor is configured to access a threat data store and execute the tracker against the threat data store to provide a tracker result.

Abstract: A radio frequency identification device, or RFID tag, has an antenna attached to or formed on a microchip. The microchip usually comprises low power fixed or programmable logic and a small quantity of persistent memory. As many RFID tags are powered by radio waves transmitted from an RFID tag reader, the low power fixed or programmable logic is often not capable of performing complex cryptographic calculations required for digital signing to provide one-way authentication of the tag. In the present disclosure a system and method are presented for enabling a low overhead challenge and response using a one-time password pad comprising passwords on the RFID tag and a blockchain to record a use of the passwords. Methods are also disclosed for securely replacing the one-time password pad, and using the RFID tag in combination with a blockchain to provide provenance information for the RFID tag.

Abstract: Managing privileged system access may be performed by a risk management system controlling user access privilege to production systems. One example method of operation may provide at least one of detecting an insecure user action at a user device, reducing an access privilege of a user profile associated with the user device to one or more privileged production servers, providing the user device with an application based on the insecure user action, determining that an outcome associated with the application has been achieved, and re-instating the access privilege of the user profile.

Abstract: An on-board communication device, an on-board communication system, and a specific processing prohibition method for a vehicle, in which a specific service can be prevented from being provided without limitation is disclosed. The on-board communication system can perform update processing of a relay processing program for a gateway using a wireless communication path through a wireless communication device or a communication path through a communication cable connected to a connector unit. When receiving an authentication request through either of the two communication paths, the gateway performs authentication processing, and if the authentication processing was successful, the gateway receives an update relay processing program through this communication path, and performs update processing by overwriting a stored relay processing program.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for a biometric authentication system. In one aspect, a method includes, a vibrating component of a mobile device is vibrated; a vibration signal of the mobile device is detected as a user grips the mobile device; a dynamic grip signature is determined for the user based on the detected vibration signal; and the user is authenticated based on a comparison of the dynamic grip signature to an initial grip template.