Abstract: A constrained device, such as an Internet of Things (IoT) device, can use a handshake procedure to establish a secure transport session with a server and generate a corresponding client session state. The constrained device can encrypt the client session state into an encrypted client session state, and transmit the encrypted client session state to the server. When the constrained device enters an idle mode, the client session state may be cleared from memory of the constrained device. However, when the constrained device next wakes from the idle mode and re-enters an active mode, the constrained device can retrieve the encrypted client session state from the server. The constrained device can decrypt the encrypted client session state to recover the client session state, and use the recovered client session state to resume the secure transport session instead of establishing a new secure transport session with a new client session state.

Abstract: A method for performing deterministic data processing through Artificial Intelligence (AI) is disclosed. The method may include generating, via a deep learning network, a set of input feature vectors based on input data for a deterministic data processing model. The method may further include providing the set of input feature vectors to a trained AI model. The trained AI model may generate a set of output feature vectors that may correspond to an output data of the deterministic data processing model. The method may further include determining a variation between the set of output feature vectors and the output data, and iteratively performing incremental learning of the AI model based on the determined variation.

Abstract: A network device and a peripheral device for attachment with a medical imaging device provides for the encryption and conversion of a medical image into a secure and standardized image file format as well as the communication of the encrypted and/or converted image to a secure server on a remote network. The devices may detect an unencrypted medical image file transmitted and encrypt and convert selected medical image files associated with the medical data based on standardized medical data format specifications that correlate with an output destination type. An encryption and conversion unit may be incorporated within the hardware and software of a medical imaging device or another network device in order to provide the capability for encrypting a medical image for transmission that is compatible with a destination device or network.

Abstract: A communication apparatus acquires information about a communication-parameter setting process from a different communication apparatus and determines whether the acquired information includes identification information for identifying the different communication apparatus. If it is determined that the identification information is included, an authentication request is transmitted by unicast based on the identification information. If it is determined that the identification information is not included, the authentication request is transmitted by broadcast.

Abstract: For connection establishment, a system allocates memory that will be occupied by the data and handshake sub-protocol infrastructure that facilitates establishing a TLS connection. After connection establishment, the system allocates memory space for the data and record sub-protocol infrastructure that facilitates the asynchronous communication of application traffic. The memory space for the TLS session (i.e., the communication information separate from the handshake) has a substantially smaller footprint than the memory space for the TLS handshake. The TLS handshake memory space can be released and recycled for other connections while application communications use the smaller memory space allocated and populated with the TLS session data and infrastructure.

Abstract: A system and method allows a matching system to mediate requests for information among different computer systems without storing information that can be used to log into those computer systems.

Abstract: A computer implemented method for validating software is provided. The method includes generating a first check value, by a remote computing device, based on a unique value and software of the remote computing device, outputting the first check value and the unique value from the remote computing device to a secure data repository, obtaining, by a secure computing device, an authentic copy of the software of the remote computing device, obtaining, by the secure computing device, the unique value and the first check value from the secure data repository, computing, by the secure computing device, a second check value based on the authentic copy of the software for the remote computing device and the unique value, and determining, by the secure computing device, whether the remote computing device has authentic software based on a comparison of the obtained first check value and the second check value.

Abstract: A continuous glucose monitor for wirelessly transmitting data relating to glucose value to a plurality of displays is disclosed, as well as systems and methods for limiting the number of display devices that can connect to a continuous glucose transmitter. In addition, security, including hashing techniques and a changing application key, can be used to provide secure communications between the continuous glucose transmitter and the displays. Also provided is a continuous glucose monitor and techniques for authenticating multiple displays, providing secure data transmissions to multiple displays, and coordinating the interaction of commands and data updates between multiple displays.

Abstract: A computer-implemented method and system for verifying the identity of a user in an identity authentication and biometric verification system which includes collecting information from the user regarding the user's identity, which is then electronically authenticated. Upon authentication, personal information regarding the verified identity of the user is retrieved from a source database which is used to verify the identity of the user, via user interaction. Upon successful verification and authentication, biometric data regarding the user is electronically collected.

Abstract: The disclosure describes a scalable, risk-based authentication system including a plurality of fraud monitoring engines configured to: analyze user data and organization data, and generate a set of risk factors based on the user data and the enterprise data; a risk aggregator in communication with the plurality of fraud monitoring engines configured to: receive the set of risk factors, and transform the set of risk factors into risk indicators; and an authentication engine configured to: receive the risk indicators from the risk aggregator, and generate an authentication plan for a requested activity based on the risk indicators and the requested activity.

Abstract: In one embodiment, a method includes collecting DNS (Domain Name System) communications, analyzing the DNS communications, and identifying DNS tunneling or exfiltration based analysis of the DNS communications. Analyzing the DNS communications includes identifying a distinct query count for each of a plurality of clients over a specified time period and a data transfer direction between the clients and one or more servers, and categorizing the DNS communications based on session features associated with at least one of query type, transfer capability, and server response. An apparatus and logic are also disclosed herein.

Abstract: Elliptic Curve Cryptography (ECC) can provide security against quantum computers that could feasibly determine private keys from public keys. A server communicating with a device can store and use PKI keys comprising server private key ss, device public key Sd, and device ephemeral public key Ed. The device can store and use the corresponding PKI keys, such as server public key Ss. The key use can support all of (i) mutual authentication, (ii) forward secrecy, and (iii) shared secret key exchange. The server and the device can conduct an ECDHE key exchange with the PKI keys to mutually derive a symmetric ciphering key K1. The device can encrypt a device public key PK.Device with K1 and send to the server as a first ciphertext. The server can encrypt a server public key PK.Network with at least K1 and send to the device as a second ciphertext.

Abstract: A system-on-chip (SoC) includes a memory, a trust provisioning system, a one-time programmable (OTP) element, and a comparator. The memory is configured to store a first secret key before an execution of a trust provisioning operation. The trust provisioning system is configured to receive an encrypted version of a first set of secure assets and one of a second secret key and an encrypted version of the second secret key, and execute the trust provisioning operation on the SoC to store the first set of secure assets and the second secret key in the OTP element. The comparator is configured to compare the first and second secret keys to generate a valid signal that is indicative of a validation of the trust provisioning operation. The first set of secure assets and a second set of secure assets associated with the SoC are accessible based on the valid signal.

Abstract: A method for secure usage of cryptographic material in networked system components provided with the cryptographic material in which a lifecycle of every system component includes at least one development phase and one production phase. The entire cryptographic material is at least directly securely marked as development or production material. Each system component has a binary state flag showing which phase the system component is in and which is secured against unauthorized manipulation. Each system component determines via an assessment function which phase it is in, according to which each system component carries out a check, during which the current phase and the marker of the cryptographic material are compared. Security measures are introduced if there is no agreement between the phase and the marker.

Abstract: A system for contextual and risk-based multi-factor authentication having a multi-dimensional time series data server configured to monitor and record a network's traffic data and to serve the traffic data to other modules and a directed computation graph module configured to receive network traffic data from the multi-dimensional time series data server, determine a network traffic baseline from the network traffic data, and determine a verification score needed before granting access based at least in part by the network traffic baseline. A plurality of verification methods build up a user's verification score to required level to gain access.

Abstract: Disclosed herein are system, method, and apparatus for assisted third-party password authentication. The method performed at a client device includes creating a secure connection from an inline frame associated with a first application on the client device to an authorization server for accessing a second application. The method includes identifying, by the inline frame, one or more events that represent inputs for a user authorization credential, and proxying, by the inline frame, the identified one or more events to the authorization server using the secure connection. The method includes receiving an authorization code from the authorization server in response to the proxying. The method includes redirecting, by the inline frame, the authorization code to the application on the client device. The method includes transmitting, from the client device to the authorization server, the authorization code to receive an access token for accessing the second application.

Abstract: A system and method for performing differential phase shift in a quantum network are disclosed. The method includes determining a quantum key distribution (QKD) configuration for a quantum signal comprising a series of pulses based on signal amplitude, signal pulse width and block length. Further, the method includes grouping pulses to generate quantum signal blocks based on determined QKD configuration. The method includes assigning a random label to each of the quantum signal block based on the determined quantum key distribution configuration. Also, the method includes performing hybrid phase modulation to each of the pulses individually and to each of the quantum signal blocks with a defined phase difference between the each of the pulses individually and each of the quantum signal blocks. The hybrid phase modulation is performed based on the assigned random label. Further, the method includes transmitting the hybrid phase modulated quantum signal blocks to receiving units.

Abstract: Methods, computer program products, and systems are presented. The methods include, for instance: generating a plurality of deep transfer learning networks including a source deep transfer learning network for a source domain and a target deep transfer learning network for a target domain. Transfer layers of the source deep transfer learning network are encoded to a chromosome, diversified, and integrated with the target deep transfer learning network and the target deep transfer learning network passing a predefined fitness threshold condition is produced.

Abstract: A computer-implemented method and system for verifying the identity of a user in an identity authentication and biometric verification system which includes collecting information from the user regarding the user's identity, which is then electronically authenticated. Upon authentication, personal information regarding the verified identity of the user is retrieved from a source database which is used to verify the identity of the user, via user interaction. Upon successful verification and authentication, biometric data regarding the user is electronically collected.

Abstract: Systems and methods for implementing a Device Identifier Composition Engine (DICE)-based trusted computing base architecture, among various hardware, firmware, and software layers, are described. In an example, attestation and security operations may be supported in a multi-layered approach, by operations to: obtain a component identifier from a particular layer of at least one operational layer in a computing system; obtain a first compound device identifier, produced as an attestation value at a lower layer; and process, with a function, the component identifier from the particular layer and the first compound device identifier from the lower layer, to produce a second compound device identifier. In various examples, the second compound device identifier indicates attestation of at least one layer located at or below the particular layer.