Abstract: Methods, systems, and devices are provided that allow for access to a wireless computer network, such as a home or business network, via a communal device. The communal device retrieves network access information such as a PSK and provides a machine-readable code such as a QR code or bar code that automatically provides the access information to a user's device, thereby allowing access to the network with little or no user input required.

Abstract: Global identity contexts are established for unique constituents to interact with a cloud architecture through a variety of relationships. The global identity context enables a particular constituent to access services from different cloud-service providers in a secure and simplified manner. Authenticating one account can provide access to services associated with other accounts linked to the global identity context for the authenticated account. In some embodiments, the global identity platform includes an account management application and an identity management application. The account management application is configured to register one or more accounts for each constituent. The identity management application is configured to perform individualization to establish an individual identifier for each unique constituent and map each account to a particular individual identifier and one or more local identifiers.

Abstract: Computation efficiency of distributed secure implementation of the computation of a (sum of) products of values Vi, Wi from different servers on a distributed computing system is improved by generation of coefficients of a first and second polynomials P, Q by a first server. The first polynomial P has all numbers Xi from a first data set on the first server as roots. The second polynomial Q has values Q(Xi)=Vi for the numbers Xi from the first data set. The first server transmits coefficients of the polynomials to a second server in encrypted form. The second sever computes encrypted values <P(Xi?)> and <Q(Xi?)> of the polynomials for a number Xi? in a second set from the encrypted coefficients. The second server computes an encrypted binary value <di> from the encrypted value <p(Xi?) of the first polynomial p and computes an encrypted value of a product <di Q(Xi?) Wi>.

Abstract: The present application discloses a method of issuing pseudonymous authorisation tickets to nodes of a cooperative ITS, for signing messages, comprising: receiving a ticket request from a node in an authorisation server, and sending a validation request to an enrolment server, conducting a validity check in the enrolment server, and, when the validity check is passed, incrementing a counter value of a counter assigned to an account at an account server enrolled with the enrolment server for the requesting node, sending a validation message to the authorisation server, and issuing a pseudonymous authorisation ticket from the authorisation server to the requesting node, repeating the aforementioned steps until a predetermined charging period expires, and, upon expiry, sending, from the enrolment server to the authorisation server, said counter value, and sending a charging request calculated from said counter value from the authorisation server to the account server for charging said account.

Abstract: The present disclosure provides in various aspects an encryption device (100), a communication system and a method of exchanging encrypted data in such a network. In accordance with some illustrative embodiments of an aspect, the encryption device (100) comprises a communication interface (110), a variable key generator (120) configured to generate at least two keys, a memory (130) configured to store keys that are either generated by the variable key generator (120) and/or received at the communication interface (110), and an encryption/decryption component (140) configured to successively use keys stored in the memory (130) for encrypting a plaintext received at the communication interface (110) and for decrypting a ciphertext received at the communication interface (110), wherein the communication interface (110) is configured to communicate with an associated separate communication device which is used by a user of the encryption device (100) for communicating in a communication network.

Abstract: A method is disclosed. The method includes receiving a broadcast signal from a beacon device, the broadcast signal encoding a first credential associated with a first entity. In response to receipt of the broadcast signal, the mobile communication device transmits the received first credential to an authentication system. The authentication system determines if the first entity associated with the broadcast signal is authentic and generates a confirmation message confirming the authenticity of the first entity. The mobile communication device then receives the confirmation message indicating that the first entity is authentic. The mobile communication thereafter receives and transmits a second credential for the mobile communication device to the beacon device, which transmits the second credential to the authentication system. The authentication system then confirms the authenticity of the mobile communication device.

Abstract: A method and apparatus for identifying personally identifiable information (PII) and protected health information (PHI) within unstructured data, removing the PII and PHI from the unstructured data, and replacing the removed information with case-type tags that allows the user to understand what information was removed and to tune the level of information removal in future data sets.

Abstract: Systems, computer program products, and methods are described herein for secure data transmission using fully homomorphic encryption. The present invention is configured to electronically retrieve a data file from a source computing device, wherein the data file in encrypted using a public key; initiate a homomorphic engine on the data file, wherein the homomorphic engine comprises one or more homomorphic encryption algorithms; generate, using a first homomorphic encryption algorithm, a header and a trailer for the data file; generate, using the first homomorphic encryption algorithm, a unique row for the data file; generate an evaluation key based on at least generating the header, the trailer, and the unique row for the data file; append the header, the trailer, and the unique row to the data file to generate an appended data file; and transmit the appended data file to a target computing device.

Abstract: The method comprises: a user terminal initiating an authentication request to a target server and providing device information of the user terminal, and the target server receiving the authentication request and generating a temporary session, and sending a temporary session ID and the device information to a quantum key allocation network; the quantum key allocation network searching for a wearable device bound to the user terminal, and sending the temporary session ID to the wearable device; the wearable device collecting biological recognition information of a user, and sending the biological recognition information to the quantum key allocation network; and the quantum key allocation network matching the biological recognition information with pre-stored biological recognition information, wherein if matching is successful, an authentication result is sent to the target server, and then the target server sends the authentication result to the user terminal.

Abstract: Described are various embodiments of a system for monitoring a physical user presence during an authenticated user access session at an access point. In one embodiment, the system comprises a wireless digital user authentication device (UAD) operable to wirelessly establish the authenticated user access session, periodically communicate an authenticated presence code to actively maintain the session and acquire motion-related data during the session to capture a UAD departure motion representative of the user departing from the access point. The system further comprises a digital application operatively associated with the access point and operable to wirelessly establish the session with the UAD upon arrival at the access point, and periodically receive the authenticated presence code to maintain the authenticated user access session. The authenticated user session is terminated upon identifying the UAD departure motion from said the motion-related data.

Abstract: An encryption device (50) generates a ciphertext ct encrypted from information x with using an encryption token etk. A decryption key generation device (60) generates a decryption key dk from a user secret key sk in which a vector y is set, with using a decryption token dtk corresponding to the encryption token etk. A privacy-preserving analysis device (70) decrypts the ciphertext ct generated by the encryption device (50), by means of the decryption key dk generated by the decryption key generation device (60), so as to generate a result of computation over the vector x and the vector y.

Abstract: Methods and apparatus for securing access to an encrypted personal data store on a mobile device. In some embodiments, a universal integrated circuit card (UICC) processor receives, from a mobile device processor of a mobile device having an encrypted Personal Data Store (PDS), a PDS access request associated with a mobile application, then determines that access control rules are stored in at least one access control rules database and transmits to the mobile device processor, the access control rules governing access to the data in the encrypted PDS. The process also includes the UICC processor receiving a request for a symmetric shared secret and transmitting the symmetric shared secret to the mobile device processor for use in accessing the PID of the user stored in the encrypted PDS in accordance with the access control rules.

Abstract: An access control system and methods according to at least one embodiment leverage wireless access credentials to allow a user to securely gain access to a secured area using his or her mobile device. As such, a credentialed mobile device may permit access to the secured area without requiring a real-time connection to a credential management system and/or an administrative system.

Abstract: A device with key attestation features comprises an operating system stored in its memory, the operating system comprising a secure environment including a trusted application, and two or more device certificates, each associated with a device key pair, stored in the memory of the device. The trusted application is configured to handle key pair generation requests and key pair attestation requests to read an indication of a preferred device certificate. An attestation certificate that is generated in response to the key pair attestation request is then signed using one of the two or more device certificates with its associated device key pair based on the indication of a preferred device certificate.

Abstract: Systems, apparatuses, methods, and computer program products are disclosed for quantum one-time pad generation. An example method includes, among other operations, generating a first quantum one-time pad comprising a first set of entangled quantum particles. Subsequently, the example method includes storing the first set of entangled quantum particles in a first set of quantum storage cells. Each entangled quantum particle in the first set of entangled quantum particles may be stored in a respective quantum storage cell in the first set of quantum storage cells. Further, each entangled quantum particle in the first set of entangled quantum particles may be entangled with a respective entangled quantum particle in a second set of entangled quantum particles comprised by a second quantum one-time pad and stored in a second set of quantum storage cells.

Abstract: A wearable device-based identity authentication method and system, comprising: a user terminal initiates an authentication request to a target server and provides device information of the user terminal, the target server generates a temporary session, and sends a temporary session ID and the device information to a quantum key distribution network; the quantum key distribution network generates identification information, searches a wearable device bound to the user terminal, and sends the identification information to the wearable device; the wearable device receives and provides the identification information to the user terminal, the user terminal acquires the identification information, and sends verification information to the wearable device and then to the quantum key distribution network; the quantum key distribution network generates an authentication result and sends to the target server; and the target server generates an identification authentication result and sends to the user terminal.