Abstract: A device which can be implemented on a single packaged integrated circuit or a multichip module comprises a plurality of non-volatile memory cells, and logic to use a physical unclonable function to produce a key and to store the key in a set of non-volatile memory cells in the plurality of non-volatile memory cells. The physical unclonable function can use entropy derived from non-volatile memory cells in the plurality of non-volatile memory cells to produce a key. Logic is described to disable changes to data in the set of non-volatile memory cells, and thereby freeze the key after it is stored in the set.

Abstract: Techniques for securely controlling multiple lighting devices simultaneously with a lighting control device are disclosed. Command messages may be transmitted from the lighting control device to multiple lighting devices over a computer network without routing through a remote cloud service. The messages may be encrypted and may include an incremented sequence number. Lighting devices that receive a command message may compare the incremented sequence number to a previously stored sequence number corresponding to the lighting control device. If the incremented sequence number is greater than the stored sequence number, then a lighting device may determine the message was transmitted by an authorized lighting control device and may implement any command instruction included therein. If the incremented sequence number is equal to or less than the stored sequence number, then the lighting device may determine the command message was transmitted by a malicious source and may ignore the command message.

Abstract: A method implemented on a visual computing device to authenticate one or more users includes receiving a first three-dimensional pattern from a user. The first three-dimensional pattern is sent to a server computer. At a time of user authentication, a second three-dimensional pattern is received from the user. The second three-dimensional pattern is sent to the server computer. An indication is received from the server computer as to whether the first three-dimensional pattern matches the second three-dimensional pattern within a margin of error. When the first three-dimensional pattern matches the second three-dimensional pattern within the margin of error, the user is authenticated at the server computer. When the first three-dimensional pattern does not match the second three-dimensional pattern within the margin of error, user is prevented from being authenticated at the server computer.

Abstract: An online system receives a content item including a link to a landing page and determines a likelihood the landing page violates an online system policy based on a structural similarity between the landing page and a web page violating the policy. To determine the likelihood, the online system determines a hierarchical structure associated with the web page violating the policy and an additional hierarchical structure associated with the landing page. The hierarchical structure represents a structure of at least a portion of the web page and the additional hierarchical structure represents a structure of a corresponding portion of the landing page. The online system compares the hierarchical structure and additional hierarchical structure. Based on the comparison, the online system computes a measure of dissimilarity between the hierarchical structure and additional hierarchical structure and determines a likelihood the landing page violates the policy based on the measure of dissimilarity.

Abstract: Network circuitry authorizes User Equipment (UEs) for wireless services from wireless networks. The network circuitry stores lists of network identifiers that are associated with UE types. The network circuitry receives an authorization request that indicates a network identifier and a UE type. The UE type comprises model, operating system, user application, and/or radio frequency. The network circuitry retrieves a networks list for the UE type and compares the network identifier from the authorization request to the network identifiers on the network list. The authorization circuitry authorizes the UE responsive to a match between the network identifier from the authorization request and a network identifier on the network list.

Abstract: Techniques for securing displayed data on computing devices are disclosed. One example technique includes upon determining that the computing device is unlocked, capturing and analyzing an image in a field of view of the camera of the computing device to determine whether the image includes a human face. In response to determining that the image includes a human face, the technique includes determining facial attributes of the human face in the image via facial recognition and whether the human face is that of an authorized user of the computing device. In response to determining that the human face is not one of an authorized user of the computing device, the technique includes converting user data on the computing device from an original language to a new language to output on a display of the computing device, thereby securing the displayed user data even when the computing device is unlocked.

Abstract: Methods and systems for creating a verifiable digital identity are provided. The method includes obtaining a first user-generated item comprising an identifiable feature. The method also includes digitally signing the first user-generated item to generate a secure digital artifact. The method also includes uploading the secure digital artifact and the first user-generated item to an auditable chain of a public ledger. The method also includes verifying a digital identity of the user by auditing the auditable chain. The method also includes obtaining a second user-generated item generated comprising the identifiable feature. The method also includes comparing the first and second user-generated items. The method also includes uploading the second user-generated item to the public ledger when the comparing is within a threshold.

Abstract: A method for key agreement between a first party and a second party over a public communications channel, the method including selecting, by the first party, a first value “a”; multiplying the first value “a” by a second value “b” using Knuth multiplication to create a third value “d”, the third value “d” being a semistandard tableau; sending the third value “d” to the second party; receiving, from the second party, a fourth value “e”, the fourth value being a second semistandard tableau comprising the second value “b” multiplied by a fifth value “c” selected by the second party; and creating a shared secret by multiplying the first value “a” with the fourth value “e” using Knuth multiplication, wherein the shared secret matches the third value “d” multiplied by the fifth value “c” using Knuth multiplication.

Abstract: An administered authentication system can authenticate an artificial reality device using an authorization record between a user account and an artificial reality device. In some implementations, the authorization record is created in response to activation of a user account-specific key sent to a user-supplied contact, where an artificial reality device identifier was provided with the user-supplied contact. In other implementations, the authorization record is created in response to activation of a user account-specific key provided to the artificial reality device as a code, where activation of the key includes adding an artificial reality device identifier to a key activation message. In yet other implementations, the authorization record is created in response to an application associated with a user account activating an artificial reality device-specific key, with an artificial reality device identifier, that is provided via the artificial reality device.

Abstract: Described herein are systems and methods that allow for secure wireless communication between a contact lens system and an accessory device to protect sensitive data and prevent unauthorized access to confidential information. In certain embodiments, tampering attempts by potential attackers are thwarted by using a Physically Unclonable Functions (PUF) circuit that is immune to reverse engineering. In addition, sensors monitor a to-be-protected electronic device to detect tampering attempts and physical attacks to ensure the physical integrity of the communication system.

Abstract: Disclosed herein is a data storage device comprising a data path and an access controller. The data path comprises a data port configured to transmit data between a host computer and the data storage device. The data storage device is configured to register with the host computer as a block data storage device. A non-volatile storage medium stores encrypted user content data and a cryptography engine is connected between the data port and the storage medium and uses a cryptographic key to decrypt the encrypted user content data. The access controller generates a challenge for an authorized device; sends the challenge to the authorized device; receives a response to the challenge from the authorized device over the communication channel; calculates the cryptographic key based on the response; and provides the cryptographic key to the cryptography engine to decrypt the encrypted user content data stored on the storage medium.

Abstract: A method includes obtaining, by a consumer computing device of a data communication network, a temporary credential in accordance with a temporary credential protocol. The method continues with accessing, by the consumer computing device, a temporary vault in accordance with the temporary credential, where the temporary vault stores or is to store a set of shareable data records. The method continues with facilitating, by the consumer computing device, execution of a data analysis function on the set of shareable data records to produce an analytical result. The method continues with receiving, by the consumer computing device from the temporary vault, the analytical result. The method continues with storing, by the consumer computing device, the analytical result in memory associated with the user computing device.

Abstract: A system supports asset transfers among blockchains of differing distributed ledger technologies using interop circuitry. The interop circuitry may receive asset permissions from origin and target participant circuitry. The asset permissions may support transfer of an asset from an origin blockchain to a target blockchain. The interop circuitry, acting on behalf of the origin and target participant circuitry, locks an asset on the origin blockchain. Then the interop circuitry creates the asset on the target blockchain. The locking of the asset on the origin blockchain may prevent a double-expend opportunity, where the asset can be redeemed on the origin blockchain and on the target blockchain.

Abstract: A method for gesture-based multi-factor authentication includes mapping a gesture password to a first substitution string, generating a cryptographic key using the first substitution string as an input to a password authenticated key exchange protocol, encrypting a challenge response with the cryptographic key to generate an encrypted challenge response, and transmitting, to a relying party computing system, a first authentication message comprising the encrypted challenge response and a user identifier identifying a user.

Abstract: The present invention relates to a method for access control of a multimedia system to a secure operating system and a mobile terminal for implementing the method. The method includes the steps of: initiating an application access request for selecting a trusted application from a client application of a multimedia system to a secure operating system; making a decision as to whether the client application is a malicious application, and if not, proceeding to a next step, if yes, returning Selection Failure to the client application and performing an interrupt handling; sending the application access request from the multimedia system to the secure system; and acquiring, at the secure operating system, the trusted application based on the application access request and returning the trusted application to the multimedia system.

Abstract: In accordance with some embodiments, an apparatus that controls sensor paths for privacy protection is provided. The apparatus includes a housing arranged to hold a second device. The apparatus obtains first sensor data that includes a biometric marker associated with a user. The apparatus controls sensor paths by obtaining the first sensor data using sensors on the second device, on the apparatus, and/or on a supplemental functional device. The apparatus further generates second sensor data by masking the biometric marker associated with the user in the first sensor data. The apparatus additionally controls the sensor paths by providing the second sensor data from the first apparatus to the second device.

Abstract: Embodiments of the present disclosure provide systems and methods for controlling a manufacturing process in a manner that protects sensitive information from misuse by different entities involved in the manufacturing process. According to the present disclosure, a blueprint providing information regarding subcomponents of a product to be manufactured may be provided to a synthesizer device. The synthesizer device may engage in two-party computation with IP providers to generate a set of machine commands, which may be encrypted, and then provide a message including the set of machine commands to a manufacturer device. The manufacturer device may obtain authorization from the IP provider(s) based on the message, where the authorization may enable the manufacturer device to configure a manufacturing process in accordance with the set of machine commands to manufacture the subcomponents of the product.

Abstract: A method for a system includes forming within an app running upon a user smart-device, an ephemeral ID having data associated with a server and anonymous data, outputting the ephemeral ID to a first receiver associated with a first computer and to a second receiver associated with a second computer system separate from the first, receiving from the first receiver an identifier and a nonce, providing the identifier and the nonce to the server, receiving from the server a token associated with the first computer system authorizing access to the first computer system but not the second computer system by the user smart-device, storing the token for facilitated authentication of the user smart-device, and providing the token to the first receiver.

Abstract: A method includes retrieving a server certificate from a server in response to a request from a client to negotiate a connection between the client and the server and generating a new server public key and a new client public key in response to the request. The method also includes generating a new server certificate using information in the server certificate. The method further includes signing the new server certificate to produce a new signed server certificate, communicating the new signed server certificate, which includes the new server public key, to the client, and generating a new client certificate using information in a client certificate received from the client. The method also includes signing the new client certificate to produce a new signed client certificate and communicating the new signed client certificate, which includes the new client public key, to the server to establish the connection.

Abstract: A uniform enclave interface is provided for creating and operating enclaves across multiple different types of backends and system configurations. For instance, an enclave manager may be created in an untrusted environment of a host computing device. The enclave manager may include instructions for creating one or more enclaves. An enclave may be generated in memory of the host computing device using the enclave manager. One or more enclave clients of the enclave may be generated by the enclave manager such that the enclave clients configured to provide one or more entry points into the enclave. One or more trusted application instances may be created in the enclave.