Abstract: A device may receive a certificate, such as an X.509 certificate, that includes authentication information. The authentication information may uniquely identify a customer equipment. The device may authenticate the customer equipment using the authentication information. The device may obtain configuration information, associated with configuring the customer equipment to receive a service, based on authenticating the customer equipment using the authentication information. The device may provide the configuration information to permit the customer equipment to be configured to receive the service. The device may provide the service to the customer equipment based on authenticating the customer equipment.

Abstract: A set of methods are proposed to increase data security, both in motion and at rest, by creating microshard data fragments. Microshard data fragments are subsets of a data file which are smaller than a defined atomic unit of value (e.g. a fraction of the size of a social security number or valuable password that one seeks to protect). These microshard data fragments are then dispersed across several physical locations, obscuring the value. Additional techniques are proposed to further frustrate unauthorized reassembly attempts and to create system efficiencies.

Abstract: Systems and methods relating to alerting users as to user information to be exchanged during transactions. A user information system (UIS) information circuit and an associated user information database populates an account with user information received from at least one of the user and a plurality of entities. A user information request relating to a transaction is received from an entity computing system associated with an entity over a network via a network interface circuit. A security circuit sends an alert comprising an approval request containing an identification of user information requested in the user information request to a user computing device associated with the user over the network. The security circuit receives an approval of the approval request from the user computing device, and the UIS information circuit provides the approved information to the entity to complete the transaction.

Abstract: A method according to one embodiment includes transmitting, by an enterprise system, a data request for user data stored in a software wallet to a software wallet provider, transmitting, by the software wallet provider, an authorization request to an end user device of the user in association with the data request, creating, by the end user device, a transaction signed with a first private cryptographic key to generate a signed transaction, transmitting, by the end user device, the signed transaction to the software wallet provider, signing, by the software wallet provider, the signed transaction with a second private cryptographic key to generate a multi-signed transaction, transmitting, by the software wallet provider, the multi-signed transaction to the enterprise system, and validating, by the enterprise system, the multi-signed transaction using a public cryptographic key associated with the first private cryptographic key and the second private cryptographic key.

Abstract: An information processing apparatus that successively activates a plurality of modules, comprises a first module, a second module, and a third module. The first module activates the second module which has been verified, and the second module activates the third module which has been verified. The first module includes verification information used for verifying both of the second module and the third module, verifies the second module using the verification information and verifies the third module using the verification information.

Abstract: Examples described herein include systems and methods for providing push notifications to a third-party application executing on a client device. An example can include encrypting user credentials, generating a callback Uniform Resource Locator (“URL”) with at least a portion of the encrypted credentials embedded into the URL, and requesting notifications from an email service to be provided at the callback URL. Upon receiving a notification at the callback URL, a system component can decrypt the credentials within the URL using a private key and log into the email account using those decrypted credentials. The system component can then generate a push notification based on any changes found in the email account and cause the notification to be delivered to the third-party application on the client device.

Abstract: A method of storing data on target data processing devices, the method comprising: for each target data processing device, using a security data processing device on which first data has been stored to: obtain a device cryptographic certificate from the target data processing device, the device cryptographic certificate having been generated by, and being verifiable as having been generated by, a trusted entity; verify the device cryptographic certificate as having been generated by the trusted entity; generate second data using the first data; and store the second data on the target data processing device.

Abstract: Apparatuses, methods, systems, and program products are disclosed for distributed license encryption and distribution. An apparatus includes a processor and a memory that stores code executable by the processor. The code is executable to select a license token from a pool of available license tokens associated with available digital licenses in response to a license request from a first device. The license token includes information identifying second devices where segments of a digital license associated with the license token are stored. The segments are encrypted using encryption keys for one or more participants. The code is executable to re-encrypt the segments of the digital license for the selected license token using an encryption key for the first device and send the license token to the first device where it is used to request the segments from the second devices, decrypt the segments, and reconstruct the digital license.

Abstract: Disclosed in some examples are methods, systems and machine-readable mediums which allow for more secure authentication attempts by implementing authentication systems with credentials that include interspersed noise symbols in well-distributed positions determined by the user. These systems secure against eavesdroppers such as shoulder-surfers or man-in-the middle attacks as it is difficult for an eavesdropper to separate the well-distributed noise symbols from legitimate credential symbols.

Abstract: An example operation may include one or more of generating, by an executing client, a blockchain transaction comprising an anonymous rating, a proof, a nullifier, and a root node value, receiving, by a smart contract, the blockchain transaction, the anonymous rating related to an authorizing client, verifying the proof with the root node value and the nullifier, verifying that the root node value is a current or a previous merkle tree root node value, adding the anonymous rating to a shared ledger, marking the nullifier as used, and storing the marked nullifier to the shared ledger.

Abstract: A device is described that includes a first microprocessor configured for interfacing with a digital access control backend, and a second microprocessor configured for dedicated communications with an access control manager device backend. The first microprocessor is a master device that controls the operation of the second microprocessor as a secondary device. The proposed device is configured for operation of the first microprocessor and the second microprocessor at low clock speeds and to maintain a hash segregation between locally received data sets and data sets transmitted to an external authentication system.

Abstract: Confirming user consent includes prompting the user to tap a card a card reader or a computing device and confirming consent in response to the user taping the card. The user may be prompted for a response in a plurality of possible responses and only a particular one of the possible responses may require taping the card. The user may consent to installation of software on the computing device. The user may be logged in to the computing device. A login ID for the user may be cached and/or may be accessed in connection with the user tapping the card. Confirming user consent may also include obtaining a pairing code for accessing the card and confirming consent in response to the user taping the card and the pairing code allowing access to the card. The pairing code may be cached in the card reader or the computing device.

Abstract: A method of providing cyber security to an industrial control system is described. The method includes detecting an anomaly and recording and reporting the detected anomaly to a control system within a network associated with the industrial control system.

Abstract: Some embodiments provide a method, executable by a network device, that receives a first set of commands instructing the network device to allow network traffic to egress out of an authentication port of the network device. The authentication port is configured to belong to a first virtual local area network (VLAN). An unauthenticated device is connected to the authentication port. The method further receives a second set of commands instructing the network device to add ports belonging to the first VLAN to a broadcast domain of a second VLAN. The method also broadcasts an address request to the broadcast domain of the second VLAN. The method further receives, from the unauthenticated device, a response to the address request.

Abstract: The disclosed technology is generally directed to secure transactions. In one example of the technology, an enclave is used for executing a cryptlet binary of a first cryptlet. The enclave is a secure execution environment for which results of a secure execution are capable of being attested to have run unaltered and in private, the enclave stores an enclave private key, and the first cryptlet is associated with at least a first counterparty. A cryptlet binding that is associated with the first cryptlet is generated. The cryptlet binding includes counterparty information that is associated with at least the first counterparty. Cryptlet binding information is provided to a cryptlet binding key graph. A location of a hardware security module (HSM) that stores a key that is associated with the first counterparty is received from the cryptlet binding key graph.

Abstract: A mobile device is disclosed.

Abstract: Systems, methods, and computer-readable media for shared electronic documents are disclosed. The systems and methods may involve enabling access to an electronic word processing document including blocks of text, wherein each block of text has an associated address; accessing at least one data structure containing block-based permissions for each block of text, and wherein the permissions include at least one permission to view an associated block of text; receiving from an entity a request to access the electronic word processing document; performing a lookup in the at least one data structure to determine that the entity lacks permission to view at least one specific block within the electronic word processing document; and causing to be rendered on a display associated with the entity, the electronic word processing document with the at least one specific block omitted from the display.

Abstract: One embodiment of the present invention provides an enhanced authentication system. During operation, the system can obtain, from a remote device of a client, an authentication request prior to the exchange of application layer web traffic associated with a piece of resource protected by the system. The system can then determine, in the authentication request, an indicator indicating whether certificate-based authentication is enforced for the client. If certificate-based authentication is enforced for the client, the system can initiate certificate-based authentication for the client. On the other hand, if certificate-based authentication is not enforced for the client, the system can send information associated with a user interface to the client. The user interface can allow the client to select an authentication method from a set of authentication methods supported by the system.

Abstract: A system for data processing, comprising a plurality of data processing systems, each associated with a user and having an anchor certificate, a proxy system operating on a processor and configured to determine whether an expiration associated with the anchor certificate for each data processing system is within a predetermined time of expiration and a certificate expiration monitor operating on the processor and configured to generate a certificate signing request in response to the determination that the expiration associated with the anchor certificate for each data processing system is within the predetermined time of expiration.

Abstract: A method for connecting an end device to a linkable computer infrastructure is provided. A device certificate is created and supplied to a user of the end device. The device certificate is input into the end device. A data link from the end device to an access zone connected upstream of functions of the linkable computer infrastructure is produced. The access zone may be selectively separated from the functions of the linkable computer infrastructure by this link. The end device is registered in the access zone using the device certificate. By access of a function from the linkable computer infrastructure to the end device registered in the access zone, this end device is identified for the linkable computer infrastructure. With successful identification of the end device, use of the linkable computer infrastructure is enabled for the end device.