Abstract: A working machine management system includes a working machine having a prime mover and a control unit and a key device which is detachable from the working machine and is used for operating the working machine. The key device stores first authentication information for identifying a drivable working machine and second authentication information necessary for the prime mover to continuously operate. When the key device is attached to the working machine, the control unit confirms validity of the key device based on the first authentication information, compares input information from the outside with the second authentication information to determine whether the prime mover can be operated if the key device is valid, and controls operation of the prime mover according to the determination result.

Abstract: A tamper detection apparatus includes a switch and a tamper detection circuit with a non-volatile memory in an industrial product enclosure. In response to the switch detecting a door or panel of an industrial product enclosure being open when an electronic component or system in the enclosure is unpowered, the tamper detection circuit stores a tamper event code in the non-volatile memory. After the electronic component or system is powered, a system processor obtains the tamper event code from the tamper detection circuit and refrains from operating a machine or process pending reset of the industrial product by a user.

Abstract: Techniques are provided for approval and execution of restricted operations. One method comprises receiving a request to perform an operation from a user; providing a redirect request with a protected request to obtain approval from an approval system; receiving a protected request approval with the protected request that was generated by the approval system using a shared secret; comparing the received protected request to a regenerated request generated using information stored with the request; and initiating an execution of the operation in response to the comparing satisfying one or more approval criteria. The shared secret may be shared between an operation execution system and the approval system. The processing of the request, an approval result and/or the execution of the operation can be audited.

Abstract: An opportunity for a computing device to participate in a secure session with a particular domain is identified. A secured microcontroller of the computing device is used to identify a secured, persistent seed corresponding to the particular domain and stored in secured memory of the computing device. A secure identifier is derived based on the seed and sent for use by the particular domain in authenticating the computing device to the particular domain for the secure session. The particular domain can further apply security policies to transactions involving the computing device and particular domain based at least in part on the secure identifier.

Abstract: An apparatus includes at least one linear feedback shift register and at least one processing device comprising a processor coupled to a memory. The at least one processing device is configured to obtain a given value from the at least one linear feedback shift register, the given value comprising a set of bits representing a current state of the linear feedback shift register. The at least one processing device is also configured to generate authentication information by applying the given value obtained from the at least one linear feedback shift register as input to a pseudorandom function, and to provide the generated authentication information to a validating application.

Abstract: A method, apparatus and computer program for generating a test sequence of code 108 are described, the test sequence of code to be run on a target processing system 106 for use in testing the target processing system. The test sequence of code is based on one or more directed sequences of code 102, in which the one or more directed sequences of code are predetermined sequences of one or more directed instructions for testing predetermined parts of the target processing system. The method includes, for at least one of the one or more directed sequences of code, inserting randomly selected instructions at one or more insertion points in the directed sequence of code.

Abstract: Embodiments disclosed herein describe systems and methods for authenticating a new device to operate on a network using peer-to-peer protocol key exchange. An existing network node sharing common secret seed information may initially exchange public keys with the new device. After the initial exchange, the network node and the new device may exchange one or more protocol messages. A received protocol message may include a pseudo-random number generated based upon a challenge position in a previously sent protocol message. If the network node determines a match between the received pseudo-random number at the challenge position and a locally generated pseudo-random number, the network node may authenticate the new device to the network.

Abstract: A mobile device covering device, including a main body to receive a mobile device therein, and a key unit disposed on at least a portion of the main body to facilitate access to a vehicle and receive input to operate functions of the vehicle.

Abstract: Share values for use in a cryptographic operation may be received and the cryptographic operation may be performed based on the share values. A pseudorandom number that is to be used by the cryptographic operation may be identified and the pseudorandom number may be generated based on a portion of the share values that are used in the cryptographic operation. The cryptographic operation may then be performed based on the generated pseudorandom number.

Abstract: A method for operating an access control device having a processor, a memory, and an internet connection comprises receiving a credential from a user; checking, by comparing the credential to matching credential information that would indicate the user is authorized to enter stored in the memory of the access control device, if no matching credential information that indicates the user is authorized is found in the memory of the access control device, then checking, at a remote cloud server, a list of buffered credential information for the matching credential information that indicates the user is authorized, and if the matching credential information that indicates the user is authorized is found, sending an unlock signal from the remote cloud server to the access control device.

Abstract: In an embodiment, an in-vehicle apparatus includes a transmitter operable to transmit radio frequency control signals and communication circuitry configured to communicate with a remote computer via a network. The communication circuitry is configured to receive information from the remote computer via the network, the information pertaining to one or more controllable devices of a user account. The apparatus includes a processor configured to: communicate, via the communication circuitry, a transmitter identifier representative of a transmitter code of the transmitter with the remote computer; effect the movable barrier operator to change a state of a movable barrier by causing the transmitter to transmit a first radio frequency control signal to the movable barrier operator system; and effect the movable barrier operator to learn the transmitter by causing the transmitter to transmit a second radio frequency control signal to the movable barrier operator system.

Abstract: A system for verifying a request for access to data is provided, the system comprising a first module 20 and a second module 30. The first module 20 is arranged to generate a password, and the second module 30 is arranged to receive a password associated with a request for data, validate the received password, and enable access to the requested data. The system is such that the first and second modules 20, 30 share a secret that has been uniquely assigned thereto, the shared secret being for use in generation and validation of a said password. Furthermore, the first module 20 is communicatively disconnected from the second module 30.

Abstract: Systems, devices, and methods are provided for generating and transmitting a stream of random numbers such that the transmitted stream of random numbers is based at least in part on two or more streams of received random numbers. A randomness beacon can include a processor, a transmitter, and a memory with instructions thereon to cause the beacon to receive the two or more streams of received random numbers, generate a new stream of random numbers based at least in part on the received streams, and transmit the new stream via the transmitter to a public network. A system can include the randomness beacon and two or more random number generators that are generating the two or more random number streams received by the beacon.

Abstract: A method for establishing consensus between a plurality of distributed nodes connected via a data communication network includes preparing a set of random numbers, wherein each of the random numbers is a share of an initial secret, wherein each share of the initial secret corresponds to one of a plurality of active nodes; encrypting, in order to generate encrypted shares of the initial secret, each respective share of the initial secret with a shared key corresponding to respective one of the plurality of active nodes to which the respective share corresponds; applying a bitwise xor function to the set of random numbers to provide the initial secret; and binding the initial secret to a last counter value to provide a commitment and a signature for the last counter. The method includes generating shares of a second and of a plurality of subsequent additional secrets by iteratively applying a hash function.

Abstract: Federated systems for issuing playback certifications granting access to technically protected content are described. One embodiment of the system includes a registration server connected to a network, a content server connected to the network and to a trusted system, a first device including a non-volatile memory that is connected to the network and a second device including a non-volatile memory that is connected to the network. In addition, the registration server is configured to provide the first device with a first set of activation information in a first format, the first device is configured to store the first set of activation information in non-volatile memory, the registration server is configured to provide the second device with a second set of activation information in a second format, and the second device is configured to store the second set of activation information in non-volatile memory.

Abstract: An authentication method includes that an authentication apparatus of an unmanned aerial vehicle (UAV) generates a session key, the authentication apparatus receives a device identification (ID) of a device and a randomly generated random number from the device of the UAV, the authentication apparatus obtains a device key of the device according to the device ID of the device, the authentication apparatus encrypts the session key and the random number according to the device key of the device, and the authentication apparatus sends the encrypted session key and the encrypted random number to the device.

Abstract: The invention relates to a method for operating a central locking apparatus of a motor vehicle, which is locked by a central locking system of the central locking apparatus as a result of driving above a minimum speed threshold, and is then decelerated to below the minimum speed, wherein in order to subsequently unlock the central locking system, an instantaneous geoposition (GP) emitted from a portable mobile terminal, is first received by means of a detection device of the central locking apparatus. The emitted instantaneous geoposition (GP) of the portable mobile terminal is subsequently evaluated by means of a control device of the central locking apparatus, wherein when evaluating the instantaneous geoposition (GP), the control device checks whether the emitted instantaneous geoposition (GP) is within a delimited, predetermined region, which is stored in the control device.

Abstract: A network attack defense method is provided. An access request transmitted from a client to a target server is intercepted by at least one processor of a bypass check device. The client is redirected to a target verification server, to perform verification of a verification code on the client. A verification result of the verification of the verification code performed on the client by the target verification server is obtained. The access request sent by the client is forwarded to the target server based on the verification result indicating that client verification is successful.

Abstract: The present disclosure includes secure communication between a vehicle and a remote device. An embodiment includes a processing resource, memory, and a vehicular communication component configured to, in response to receiving a request from a remote communication component to switch a state of a lock, calculate a challenge count for the request, generate a vehicular private key and a vehicular public key, perform a number of verification iterations, each respective verification iteration including providing the public key to the remote communication component, receiving, from the remote communication component, code for switching the lock state, verifying the remote communication component's identity, and incrementing a counter in response to verifying the remote communication component's identity, and decrypt the code using the private key and switch the lock state in response to the counter being incremented to a value equal to or greater than the challenge count.

Abstract: In an approach, a hybrid security key comprises at least one physical face on a first side of a key comprising a key groove cut and a barcode coupled to a top surface of the physical face; and at least one logical face on a second side of the key comprising a surface insert overlaying a conductive film, wherein the conductive film includes at least one contact point, at least one conductive trace, and a smart chip.

Abstract: An encryption method to protect the identification and account constructs displayed on cards, like identification cards and credit cards, or on paper medium like hospital or bank statements, where these constructs are comprised of numbers, and/or characters, and/or symbols and where the encryption method works by replacing some of the elements comprising the account construct with a special symbol(s) to avoid revealing the entire construct to unauthorized people and where the numbers and/or characters replaced by the special symbol(s) represent the personal identification number (PIN) associated with the construct. The method is designed to be utilized by issuers of cards like hospitals, governments and banks, and used as a process to protect the cardholder account information or account statements on paper medium. To provide the entire construct, the user simply replaces the special symbol(s) with his PIN. Without the PIN, a person will not be able to complete the construct.

Abstract: Systems and methods for controlling a moving barrier responsive to a transmission by a barrier operator controller comprising a plurality of 4-bit output nibbles generated from a 32 bit rolling code. The bit positions of the rolling code are inverted, divided by 16, converted to four bit base 9 coefficients, each four bit base 9 coefficients is substituted with a corresponding 4-bit output nibble. Receipt of the plurality of 4-bit output nibbles causes a barrier operator to actuate a motor connected to the moving barrier.

Abstract: A method for securely communicating digital content includes steps of: (1) receiving data from a plurality of key sources; (2) retrieving a plurality of data sets from the data, each one of the plurality of data sets comprising a plurality of data units; (3) extracting a plurality of selected data units from the plurality of data units; (4) generating a custom key using the plurality of selected data units; (5) encrypting content using the custom key; and (6) transmitting encrypted content.

Abstract: An electronic device and network scan method thereof are provided. The electronic device includes a communication module connected to an antenna capable of transmitting signals to and receiving signals from a network, a memory configured to store a database including a plurality of items of network identification information and country information corresponding to each item of network identification information, and a processor configured to control the communication module to perform a first network scan with respect to a specified frequency band of a specified radio access technology (RAT), determine country information using network identification information obtained by the first network scan and the database, and perform a second network scan with respect to a RAT and a frequency band determined based at least an the determined country information.

Abstract: An authentication application receives an audio input, detects whether the audio input matches a known passphrase, and processes the audio input to determine whether the audio input is consistent with a known voice signature. Upon determining that the audio input is consistent with the known voice signature, the application will identify a user who is associated with the voice signature. The device will output an audio prompt, receive a spoken answer, and analyze the spoken answer to determine whether it corresponds to an expected response. Outputting the prompt may responsive to determining that the user was not authenticated to the device or the application within a threshold time period, or if a security threat was posted to the user's profile, When the system determines that the spoken answer corresponds to the expected response, it will authenticate the user and provide the user with access to the device or application.

Abstract: A passive keyless entry system for an electronic lock, comprises a lock installation including a lock controller, and an RF transmitter and receiver, and a fob with a controller, and an RF transmitter and receiver. The fob generates messages to unlock the lock in an unlock event. The controllers share a secret specifying parameters for a sequence of messages to be exchanged bidirectionally between the installation and the fob, the parameters changing between each unlock event and an immediately subsequent unlock event. For each unlock event one of the controllers generates and sends a first message of the message sequence, in accordance with the specified parameters. The other controller causes transmission of a second message of the sequence in accordance with the specified parameters, in response to receiving the first message. At least one message of the sequence comprises a plurality of frames, each frame including a particular sequence of bits, adjacent frames being separated by an inter-frame interval.

Abstract: Systems, methods, and devices configured to build and utilize an intelligent cipher transfer object are provided. The intelligent cipher transfer object includes a set of participants protected by cloaking patterns. A portable dynamic rule set, which includes executable code for managing access to the protected set of participants, is included within the intelligent cipher transfer object. For a given user, the intelligent cipher transfer object may provide access to some of the participants while preventing access to other participants, based on the portable dynamic rule set therein.

Abstract: A control unit device in one disclosed embodiment includes a receiver and a memory that stores one or more operation keys and program instructions. The control unit further includes a processor coupled to the receiver and the memory. The program instructions are executable by the processor to cause the control unit device to, in response to a revocation command received by the receiver, perform a revocation process by selecting which of the one or more operation keys to retain in the memory based on, for each of the one or more operation keys, whether the control unit receives a message encrypted by the operation key during the revocation process.

Abstract: A method and system for generating a secure random seed uses chemical processes in a battery of an information handling system as an entropy source for randomness. The secure random seed may be used by a pseudo-random number generator to create a secure pseudorandom bit stream usable to generate secure encryption keys.

Abstract: A data transmission method, a base station, and user equipment are presented. The method includes performing rotation processing on a preset precoding matrix; performing precoding processing on to-be-sent information according to a precoding matrix obtained after the rotation processing; and sending to-be-sent information obtained after the precoding processing. In the embodiments of the present disclosure, indication information shared by a transmit end and a receive end is used to indicate whether to rotate a precoding matrix, and to-be-sent information is precoded according to the indication information. The transmit end and the receive end in this method learn the indication information in advance, and system security is improved by instructing the precoding matrix to perform flexible transformation.

Abstract: A vehicle includes a communicator for performing a radio frequency communication and another radio frequency communication with a smart key, and a controller for setting a plurality of vehicle controlled regions each having a preset range from a vehicle, estimating a position of a driver by using the radio frequency communication and the other radio frequency communication with the smart key, and setting a detection period of a Radio Frequency (RF) signal to be transmitted to the smart key based on a vehicle controlled region in which the driver is positioned, among the plurality of vehicle controlled regions.

Abstract: A control unit for retrofit to electromechanical or magnetic door locks is provided. The control unit includes a casing with an electrical exit port that is connected to the electrical connectors of a standard electromechanical door lock in order to provide an additional way of controlling the lock. Especially, the external control unit receives lock commands from a mobile device, such as a telephone, for locking or unlocking the door lock.

Abstract: Systems and methods for access control management designed for multi-unit buildings are provided. The disclosed systems can use mobile devices, a local mesh network, access control devices, and wireless communication to facilitate multi-unit real estate management. Mobile devices can download and use credentials to access appropriate areas and units in a building through local wireless communications with access control devices.

Abstract: The invention relates to methods for establishing a secure communication link between a mobile station and a secondary base station in a mobile communication system. The invention is also providing mobile communication system for performing these methods, and computer readable media the instructions of which cause the mobile communication system to perform the methods described herein. Specifically, the invention suggests that in response to the detected or signaled potential security breach, the master base station increments a freshness counter for re-initializing the communication between the mobile station and the secondary base station; and the mobile station and the secondary base station re-initialize the communication there between. The re-initialization is performed under the control of the master base station and further includes deriving a same security key based on said incremented freshness counter, and establishing the secure communication link utilizing the same, derived security key.

Abstract: Apparatus and method for communication are provided. The method includes storing a machine type communication channel access profile of user equipment configured to utilize machine type communication with a network when the equipment has not an active connection with the network. The access profile is based on active UE contexts including serving-cell contexts of the device on the last access occasion. The access profile is synchronized between the user equipment and the network.

Abstract: In certain embodiments, a data structure including first and second data structure portions may be obtained, where the first data structure portion is generated based on a first cryptographic scheme, and the second data structure portion is generated based on a second cryptographic scheme. The data structure may be processed to determine the first cryptographic scheme for extracting data from the first data structure portion and the second cryptographic scheme for extracting data from the second data structure portion. In some embodiments, a computer program may use the first cryptographic scheme to decrypt the first data structure portion to extract the first information from the first data structure portion, and the same computer program may use the second cryptographic scheme to decrypt the second data structure portion to extract the second information from the second data structure portion.

Abstract: In certain embodiments, first and second information to be represented in a data structure (accessible to a plurality of entities) may be obtained. First and second sets of permissions associated with the first and second information may be respectively obtained. A first cryptographic scheme may be determined for the first information based on the first set of permissions being associated with the first information. A second cryptographic scheme may be determined for the second information based on the second set of permission being associated with the second information. A first data structure portion may be generated based on the first cryptographic scheme, where the first data structure portion represents the first information in the data structure. A second data structure portion may be generated based on the second cryptographic scheme, where the second data structure portion represents the second information in the data structure.

Abstract: A method for updating a key in an active state is disclosed according to the embodiments of the present invention. The method includes steps of: initiating a key update by a user equipment in the active state or a network side when a pre-defined condition is met; updating the key by the network side and the user equipment, and negotiating an activation time of the new keys. An apparatus for updating a key in an active state is also disclosed according to the present invention. With the present invention, the user equipment in an active state and the network side may actively initiate the key update procedure in different cases, thereby solving the problem concerning the key update for a session in an active state.

Abstract: A method of operating a security server to securely transact business between a user and an enterprise via a network includes receiving, at the security server from an enterprise with which the user is currently connected via the network, a request of the enterprise to activate a secure communications channel over the network between the user and the security server. The request includes contact information for contacting the user via other than the network. The security server, in response, transmits an activation code for delivery to the user via other than the network and in a manner corresponding to the received contact information. The security server receives, from the user via the network, an activation code and compares the received activation code with the transmitted activation code to validate the received activation code. The secure communications channel is then activated based on the validation of the received activation code.

Abstract: In an aspect, a method can include generating a cyclic redundancy check code for a binary data item, using a generator polynomial; and masking, using polynomial addition, the binary data item with a binary mask. The method can also include at least one of: storing, by a microcircuit, the masked binary data item in a memory of an electronic device; or transferring, by the microcircuit, the masked data item to another device. The cyclic redundancy check code for the binary data item can be generated from the masked binary data item to prevent discovery of the binary data item by a side-channel attack during the generating the cyclic redundancy check. The binary mask can be a multiple of a random number and the generator polynomial, such that respective cyclic redundancy check code of the masked data item and the binary data item have a same result.

Abstract: Embodiments of a system and method are disclosed concerning the management of file usage. The method of controlling file access may manage a file with a target ID that has a sender and a recipient. The method may also establish a priority level key associated with the file. The priority level key may control file access. The method may provide the file access to the recipient if the recipient has access rights corresponding to the priority level key.

Abstract: The systems and methods of the invention provide a technique for authenticating a finance related transaction. The method may include providing a token which contains a token counter, the token counter periodically advancing to generate a changing token value, the token counter being synchronized to a base counter that generates an authenticating value; transforming the token value into a token output sequence using logic; and outputting at least part of the token output sequence to an authenticating authority, the authenticating authority having access to the authenticating value.

Abstract: A vehicle key fob is provided having a module for wirelessly communicating with an associated mobile device, a dedicated input device for initiating a mobile link mode, a plurality of input devices for commanding an associated vehicle to perform a user-selected function, and a processor configured to, upon receiving an input at the dedicated input device, send a command signal for performing the user-selected function to the mobile device.

Abstract: A method of controlling access at a vehicle to information communicated over a vehicle bus includes: storing one or more electronic control unit (ECU) identities in a central gateway module (CGM) that is communicatively linked with a vehicle bus; associating one or more message permissions for receiving messages via the vehicle bus with one of the ECU identities in the CGM that represents an ECU communicatively linked with the vehicle bus; wirelessly receiving a computer-readable instruction at the vehicle directing the CGM to change one or more message permissions associated with the ECU identity; and storing the changed message permissions in the CGM.

Abstract: Provided is an ultrasonic-wave communication system where the influence of ambient noise and the Doppler effect are suppressed and where a user of a portable terminal is prevented from hearing unwanted sound. After performing encryption processing of predetermined information such as store information, a beacon 5 sends out predetermined-information-containing beacon information of one channel as ultrasonic waves into the salesroom 3 by combining a control carrier, a first carrier, and a second carrier in such a way that a first carrier signal and a second carrier signal are output between control carrier signals a number of times according to the predetermined information and that a state where the first carrier signal and/or the second carrier signal is output is maintained.

Abstract: Systems and methods are described which utilize a recursive security protocol for the protection of digital data. These may include encrypting a bit stream with a first encryption algorithm and associating a first decryption algorithm with the encrypted bit stream. The resulting bit stream may then be encrypted with a second encryption algorithm to yield a second bit stream. This second bit stream is then associated with a second decryption algorithm. This second bit stream can then be decrypted by an intended recipient using associated keys.

Abstract: Embodiments of the invention provide methods for key fob to control unit verification, retention, and revocation. After an initial pairing between a key fob and a control unit, the devices share a secret operation key (OpKey). For verification, the key fob sends the 8 lowest-order bits of a 128-bit counter and some bits of an AES-128, OpKey encrypted value of the counter to the control unit. For key revocation and retention, the control unit is prompted to enter an OpKey retention and revocation mode. Subsequently, each of the remaining or new key fobs is prompted by the user to send a verification message to the control unit. When the control unit is prompted to exit the OpKey retention and revocation mode, it retains the OpKeys of only the key fobs that sent a valid verification message immediately before entering and exiting the OpKey retention and revocation mode.

Abstract: A multi-function identification system is described in the present invention. The system includes an appliance and a number of keys. Under a registration process, the system allows multiple appliances to be controlled by a single key or an appliance can be controlled by different keys. The system can also allow users to set specified actions to be conducted after identification processes are completed. That satisfies requirements of a multi-function identification. Meanwhile, the key is a plug-and play and on-the-go product. It is desired that the key is a host used for other purpose.

Abstract: A system and method of generating an encryption key in a self-encrypting mass storage device that includes using a manual input device as input for a micro-controller that contains a cyclic counter. An input device event triggers the micro-controller to read the current state of the cyclic counter. An accumulation of cyclic counter values is used as a source of entropy to seed a deterministic random number generator. The output of the deterministic random number generator is used as an encryption key for encryption/decryption processes within the mass storage device.

Abstract: Systems and methods for access control management designed for multi-unit buildings are provided. The disclosed systems can use mobile devices, a local mesh network, access control devices, and wireless communication to facilitate multi-unit real estate management. Mobile devices can download and use credentials to access appropriate areas and units in a building through local wireless communications with access control devices.