Abstract: A method of authenticating a user based on user effort, the method includes receiving a registration from a user device with a user effort-based identity authorization token and a first user effort, submitting the first effort to the effort validation server, receiving an effort analysis from the effort validation server, issuing a credential to the user device based on the effort analysis, receiving an access request from the user device, the access request including the credential and a second effort, providing the second effort to the validation server, receiving a validation response from the validation server, and granting access to the user device as a function of the validation response.

Abstract: A method is provided for monitoring and logging data related to a compressed gas operation. A communication interface is coupled to a device supporting a compressed gas operation. Data related to the compressed gas operation is automatically collected via the communication interface at a first data store every first time increment of a first time period. Portions of the data from the first data store are automatically collected at a second data store every second time increment of each first time period. The second time increment is greater than the first time increment, and the portions of the data are collected for a second time period which is greater than the first time period.

Abstract: An example embodiment may involve a network interface configured to transmit and receive frames. The embodiment may also involve a network protocol stack configured to: (i) perform encapsulation of outgoing messages into outgoing frames for transmission by way of the network interface, or (ii) perform decapsulation of incoming frames received by way of the network interface into incoming messages. The embodiment may also involve a parsing and validation module configured to: (i) receive representations of the incoming or the outgoing messages, and (ii) perform one or more validation checks on the representations, wherein the representations define transactions that are functionally equivalent to corresponding transactions that are defined by the messages, wherein the one or more validation checks are performed in parallel to performance of the encapsulation or decapsulation, and wherein a representation of a message failing the one or more validation checks causes the message to be discarded.

Abstract: User access to a set of data stored in a distributed ledger, wherein the distributed ledger is stored by a plurality of node computing entities, is provided. A first node computing entity receives a share key request indicating that a first user account has authorized a second user account to have access to a set of data stored in the distributed ledger. A data access key (DAK) for accessing the set of data is encrypted using an encrypting key of the second user account. A block comprising the encrypted DAK is generated, signed using a signing key of the first user account, and posted to the distributed ledger. The block is authenticated using an authentication key of the first user account and accessed via a decrypting key of the second user account such that the second user account may use the DAK to access the set of data.

Abstract: A system for optimizing network traffic is described. An appliance operates within a cluster of appliances. The appliance includes one or more network interfaces to facilitate a first secure session between a client device and the appliance, and a second secure session between the appliance and a server. One of the network interfaces is configured to receive a secure connection request to the server. A secure session exchange module acquires a message from another appliance, with the message indicating that the other appliance is acting as a primary instance for the server. The secure session exchange module determines whether a valid primary instance for the server exist, and requests from the other appliance at least one session-related parameter based on determination of existence of the valid primary instance for the server. A session to the server is used based on at least one session-related parameter acquired from the other appliance.

Abstract: Aspects of the present disclosure disclose provide systems and methods for updating, or patching, encrypted image files located at a remote location. More specifically, a content update package that includes encrypted information is received and decrypted. Based on the content update package, a first portion of data in an encrypted image file is located, where the first portion data is to be decrypted and updated based on data in the content update package. The updated data may then be encrypted, verified, and stored. When the updating, or patching, process is complete, the file version located at the remote location is the same as the latest file version. In addition, the updating, or patching, process may be split between multiple operating systems.

Abstract: Embodiments relate to the field of communications technologies, and in particular, to a policy management method and system, and an apparatus. The method includes: requesting, by a policy decision entity, an NFVO in a management domain of a composite NS to perform a management operation on a policy group. According to embodiments, consistency between the LCM policy of the composite NS and the LCM policy of the nested NS forming the composite NS is ensured, and policy management execution efficiency is improved in a scenario of providing a composite NS across management domains.

Abstract: A method and device for aggregate point-solution mapping is disclosed. The aggregate point-solution mapping includes accessing a plurality of system data types for an assembly operation. For each of the plurality of system data types, a functional location is determined that relates to the assembly operation, and correlating the functional location to a layout mapping for the assembly operation. Each of the plurality of system data types are compared with a respective data type threshold to produce a status result. Upon an unfavorable comparison, visual indicator data is generated for the status result, and presented for display via the layout mapping at the functional location.

Abstract: Embodiments provide methods and apparatuses to manage hardware resource access on a mobile device comprising detecting an attempt by the first application to access the first hardware resource when the application is executing in the background and determining that there is not a policy for the first application to access the first hardware, providing a notification requesting user input thereof, and adding a new policy accordingly.

Abstract: A cloud asset manager can securely provide multi-tenant access to remote assets while preserving isolation across tenants. The remote asset manager defines various roles for legitimate users of the remote asset manager. The roles are associated with credentials that provide access to the remote assets and/or information about the remote assets maintained by a service provider. And the users map to roles based on attempted actions that access the service provider. Thus, a user's requested action is attempted with credentials associated with a role that maps to the requested action.

Abstract: Methods, systems, and devices for secure endpoint authentication credential control are described. An endpoint agent may receive an indication from an operating system of an endpoint device that the operating has received authentication credentials from a user. The endpoint agent may be housed in the endpoint device, and may detect a change between the received set of authentication credentials and a previous version of authentication credentials. Based on this detection, the endpoint agent may transmit the received authentication credentials to a central server. The central server may transmit the authentication credentials to an information technology (IT) resource which requires user authentication prior to granting access to a user.

Abstract: In accordance with a designation of a private alias endpoint as a routing target for traffic directed to a service from within an isolated virtual network of a provider network, a tunneling intermediary receives a baseline packet generated at a compute instance. The baseline packet indicates a public IP (Internet Protocol) address of the service as the destination, and a private IP address of the compute instance as the source. In accordance with a tunneling protocol, the tunneling intermediary generates an encapsulation packet comprising at least a portion of the baseline packet and a header indicating the isolated virtual network. The encapsulation packet is transmitted to a node of the service.

Abstract: Methods and apparatuses are provided for configuring and using a contactless application on a chip within a portable device comprising input/output connections arranged to communicate with other devices via a contact connection and via a contactless connection. One such method comprises a first process and a second process. The first process comprises receiving, at the chip and from a first other device, a set of computer instructions, to be executed by the chip, to create a contactless application in a data store of the chip and initialise at least one file associated with the contactless application. The second process comprises executing, by the chip of the portable device, the contactless application, to transmit data to a second other device.

Abstract: An apparatus for cloud key management may include a networking interface, a memory, and a processor, coupled to the memory and the networking interface, the networking interface to couple the apparatus to one or more endpoint servers (EPSs) of a cloud service provider (CSP), each EPS including a hardware accelerator, and a management node (MN) of the CSP. The apparatus may further include an accelerator functional unit (AFU) developer interface module operated by the processor to receive cryptographic material (CM) for each of one or more AFU developers (AFUDs) and store it into the memory, the CM includes a public key hash (PKH), and an encryption key (EK) to decrypt an AFU of the AFUD.

Abstract: The present embodiments relate to systems and methods for using a blockchain to record information related to the lifecycle of a vehicle associated with a Vehicle Identification Number (VIN), or other vehicle identifier. For example, the VIN lifecycle process may be used to ensure the transferability of title, including when information relevant to transferability is not easily determinable, such as after a collision occurs. The systems and methods may include the reception of a mileage report corresponding to a vehicle and updating a blockchain to associate the vehicle with mileage information. The systems and methods described herein may allow for using a blockchain which gives the option for private information, and permissioned participants in the blockchain. In particular, the systems and methods allow for a distributed consensus amongst businesses, consumers, and authorities, as to the validity of information and transactions stored on the blockchain.

Abstract: Techniques for analyzing a page to be presented by a browser running on a computing platform. The page is disabled. The page is tested to determine if the page is framed by a second page. The page is enabled if the testing indicates that the page is not framed by a second page. Each level of a hierarchy of framed pages is inspected to determine whether each level is authorized. The page is enabled if the inspecting indicates that each level of the hierarchy of framed pages is authorized.

Abstract: A method for storing a data file, ‘DF’ on a storage entity, ‘SE’ includes a computing entity, ‘CE’, chunking the DF into a number of blocks using a one-way-function and a chunking key. The CE may compute a hash value for each of the blocks. One or more proxies, ‘PE’, may check whether the blocks are already stored, resulting in a first number of already stored blocks and a second number of blocks not being stored. The CE may encrypt the blocks not being stored using an encryption key, transmit the encrypted blocks to the SE for storing, and inform the PE about the hash value of each of the transmitted blocks and corresponding storage location information of the transmitted blocks.

Abstract: A server receives a single certificate signature request from a requestor and determines that the requestor is authorized for a certificate corresponding to the single certificate signature request. The server generates a first certificate corresponding to the single certificate signature request, wherein the first certificate has a first expiry value. The server transmits the generated first certificate to the requestor. Responsive to an amount of time elapsing, the server automatically generating a second certificate corresponding to the single certificate signature request, wherein the amount of time expiring is less than the first expiry value. The server transmits the generated second certificate to the requestor.

Abstract: A client establishes a network session with a server. The network session is used to establish an encrypted communications session. The client establishes another network session with another server, such as after terminating the first network session. The client resumes the encrypted communications session over the network session with the other server. The other server is configured to receive encrypted communications from the client and forward them to the appropriate server.

Abstract: The present disclosure relates to a sensor network, machine type communication (MTC), machine-to-machine (M2M) communication, and technology for internet of things (IoT). The present disclosure may be applied to intelligent services based on the above technologies, such as smart home, smart building, smart city, smart car, connected car, health care, digital education, smart retail, security and safety services. A method includes acquiring a shared address for at least one file stored at a cloud storage server upon detecting that the at least one file needs to be backed up, determining at least one other cloud storage server to which the at least one file will be backed up, and transmitting a backup request message including the shared address to the at least one other cloud storage server.

Abstract: Credential and authentication management in scalable data networks is described, including detecting a request from an extension installed on a browser to access a data network, initiating another request from the extension to a server to retrieve authentication data to access the data network, transferring from the server to the extension the authentication data and an instruction to the extension to generate a further request, transmitting the further request to the data network from the browser, the request comprising the authentication data from the server without manual input of the authentication data, presenting an overlay on the browser, the overlay being configured to indicate a login status associated with the data network, and monitoring a cookie and data transferred between the data network and the browser at an application layer or data layer after access to the data network has been provided to the browser in response to the request.

Abstract: A method includes receiving a firmware update package at an information handling system. The update package includes a payload containing a transition basic input-output system (BIOS) and another payload containing a new BIOS. The new BIOS is stored at an Extensible Firmware Interface system partition (ESP). A firmware image at a BIOS flash device at the information handling system is updated using the new BIOS retrieved from the ESP.

Abstract: Method and apparatus are disclosed for homomorphic re-encryption schemes in a system comprising a cloud service provider (CSP), a third authorized party (TAP), a data requestor (DR) and a plurality of data providers (DPs). According to an embodiment, a method implemented at a CSP comprises: in response to a request from a TAP, obtaining from a plurality of DPs cipher texts of their respective data, based on the request, wherein each DP is able to homomorphically encrypt its data; analyzing the cipher texts; and sending the analyzing result to the TAP, wherein the TAP is able to re-encrypt the analyzing result, such that a DR can decrypt the re-encrypted analyzing result with the DR's secret key.

Abstract: In accordance with a first aspect of the present disclosure, a method for configuring a transponder is conceived, comprising: deriving a signature from a physical unclonable function; verifying said signature; initiating a key training sequence between a base station and the transponder in dependence on a result of verifying the signature. In accordance with other aspects of the present disclosure, a corresponding computer program, transponder and base station are provided.

Abstract: An automated method that generates crowd-sourced event notifications includes: retrieving sensor data from mobile devices; detecting events based on the retrieved sensor data; and generating a set of summary nodes based on the events, where each summary node is associated with multiple events. A system that generates crowd-sourced event notifications includes: multiple mobile devices, each having at least one sensor, each mobile device identifies events using calculations based on sensor data and generates a notification for each identified event; and an analytics server that generates a set of summary nodes based on the identified events, each summary node associated with multiple events. An automated method that generates event notifications includes: retrieving sensor data; calculating a set of statistical values based on the sensor data; comparing the statistical values to at least one threshold; and generating an event notification when the threshold is exceeded by any of the statistical values.

Abstract: Communication network architectures, systems and methods for supporting a network of mobile nodes. As a non-limiting example, various aspects of this disclosure provide communication network architectures, systems, and methods for supporting a dynamically configurable communication network comprising a complex array of both static and moving communication nodes (e.g., the Internet of moving things). More specifically, systems and methods for self and automated management of certificates in a network of moving things that may include autonomous vehicles.

Abstract: A data statistics method and an apparatus thereof, the method comprises: receiving, by a first processor of the cooperative data party, data identifiers corresponding to pieces of first data for the data statistics and corresponding encrypted data from the statistical data party; determining, by the first processor, an identifier intersection according to data identifiers corresponding to pieces of second data of the cooperative data party and the received data identifiers corresponding to the pieces of first data; performing, by the first processor, statistical processing on encrypted data corresponding to common data identifiers in the identifier intersection to obtain encrypted statistical values; and sending, by the first processor, the encrypted statistical values to a second processor of the statistical data party to enable the second processor to perform decryption on the encrypted statistical values and obtain the statistical values.

Abstract: The web cookie data specifying a web cookie associated with an encoded domain is received. An identifier of an original domain corresponding to the encoded domain is determined. The web cookie data is stored in a stored web cookie in a manner that associates the web cookie data to the original domain but the stored web cookie is scoped to a domain scope that includes the encoded domain.

Abstract: A management device includes a storage management unit configured to store, in a storage unit in accordance with a priority, a plurality of pieces of transmission data having corresponding time information among a plurality of pieces of transmission data generated by dividing a plurality of pieces of content data each encoded for a channel.

Abstract: An agent application executing on a client device retrieves an execute command from a command queue managed by a server and retrieves certificates and configuration settings for establishing a virtual private network (VPN) connection. An enrollment application resident on the client device executes in response to the execute command to modify a network setting of a network interface card (NIC) of the client device and establish a VPN connection with a domain controller located within the corporate domain using the certificate and configuration settings. The enrollment application further transmits a request over the VPN connection to the domain controller to join the corporate domain, wherein a corporate account in a directory service is established for the client device; reverts back to the prior network setting of the NIC and terminates the VPN connection and reboots the client device.

Abstract: The present disclosure relates to a pre-5th-Generation (5G) or 5G communication system to be provided for supporting higher data rates Beyond 4th-Generation (4G) communication system such as Long Term Evolution (LTE). The various embodiments of the present invention disclose a method of secured transmission and reception of discovery message in device to device (D2D) communication system. According to one embodiment, a transmitting user equipment (UE) receives a ProSe group key (PGK) from a Prose function to perform a D2D communication in a D2D public safety group. The transmitting UE then derives a ProSe traffic key (PTK) using the PGK for transmitting data packets in the D2D communication. Using the PTK, the transmitting UE further derives a Prose integrity protection key (PIK) for securing a discovery message to discover one or more receiving UEs. The transmitting UE transmits the integrity protected discovery message using the derived PIK to the receiving UE.

Abstract: A system incorporates a managing server executing software on a processor, game servers serving video games, a plurality of network-connected mobile computerized appliances in use by persons to play games served by the game servers; and software executing on processors of the computerized appliances. Software at the computerized appliances provides interactive interfaces, enabling a first player launch a chat session through the managing server with one or more other players, enabling any one of the players in a chat session to associate a game served by one of the one or more game servers with the chat session, and enabling players in the chat session to enter the game associated with the chat session, and to leave the game and return to the chat session.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for secure data transmission using natural language. One of the methods includes: obtaining sensitive information for a user; obtaining a natural language key for the user, wherein the natural language key for the user includes one or more natural language tokens; generating decoding data for the sensitive information for the user, wherein generating the decoding data comprises: for each place in the sensitive information for the user: assigning a respective one of the natural language tokens in the natural language key for the user to the value at the place, and generating one or more respective dummy natural language tokens for each value of the respective set of possible values for the place other than the value at the place; and providing the decoding data for use in decoding the natural language key into the sensitive information.

Abstract: Systems and methods for automating client-side synchronization and discovery of public keys and certificates of external contacts include a key synchronizer at a client device. The key synchronizer obtains, from the client device, an external contact associated with an external domain outside of a local domain of the client device and then identifies, based on the external domain, a public key registry outside of the local domain. The key synchronizer obtains, from the public key registry, a registry-supplied public key or digital certificate for the external contact and then stores the registry-supplied key as a locally-stored key in the local key store such that the client device can obtain and apply the locally-stored key to secure an email targeting the external contact as a recipient of the email.

Abstract: A method is provided that protects electronic Identity information based on key derived operation. The method includes using an electronic Identity server to send an application derived identifier of the application and user electronic Identity code to a host security module that randomly generates an application master key, encrypts the application derived identifier with the application master key, and gets an application encryption key. The host security module encrypts the user electronic Identity code with the application encryption key, and gets an encryption document. The electronic Identity server codes the encryption document and an application identity code, and gets an application electronic Identity code. The electronic Identity server uses the application electronic Identity code as the user identifier.

Abstract: A centralized framework for managing the data encryption of resources is disclosed. A data encryption service is disclosed that provides various services related to the management of the data encryption of resources. The services may include managing application policies, cryptographic policies, and encryption objects related to applications. The encryption objects may include encryption keys and certificates used to secure the resources. In an embodiment, the data encryption service may be included or implemented in a cloud computing environment and may provide a centralized framework for effectively managing the data encryption requirements of various applications hosted or provided by different customer systems. The disclosed data encryption service may provide monitoring and alert services related to encryption objects managed by the data encryption service and transmit the alerts related to the encryption objects via various communication channels.

Abstract: Systems, devices and automated processes detect piracy of broadcast television signals through selective delay of decrypted code words that are used to render satellite or other received television signals. Smart cards or similar access control hardware are programmed to selectively delay delivery of cryptographic code words based upon the identity of the receiver device. The delayed delivery of the code words produces intentional glitches in the content rendered by the receiver, thereby allowing viewers of the rendered content to ascertain the identity of the device.

Abstract: Various methods for detecting a man-in-the-middle (MITM) during HTTPS communications are disclosed including, in some aspects, establishing a TCP connection for the retrieval of a web page from a domain name using an alternate IP address that is different from the IP address of the target domain where receipt of the target web page in response to a HTTP GET message indicates that a MITM is present, using a domain name as the SNI in a TLS connection and an alternate domain name in a HTTP GET message where receipt of a target web page of the alternate domain name indicates that a MITM is present, and generating an alternate domain name using a domain generation algorithm and using the generated alternate domain name as the SNI in the TLS message where receipt of a certificate for the generated alternate domain name indicates that a MITM is present.

Abstract: A digital rights management (DRM) method for an intelligent operating system comprises: acquiring a play list of media data to be played and encrypted media data; inquiring and acquiring one or more DRM application modules, wherein the DRM application module contains an identifier of a trusted application module; requesting DRM authorization by the DRM application module from a DRM server, judging a content permission and acquiring an encrypted content encryption key (ECEK) and transmitting the ECEK to a TEE; after judging that the content permission is legitimate; decrypting the ECEK acquired by the trusted application module which is in the TEE and corresponds to the trusted application module identifier to acquire a content encryption key (CEK), and decrypting the encrypted media data by using the CEK; and storing the decrypted media data in a security cache region for decoding and outputting.

Abstract: The method comprising: a) receiving, by an encoding module computer device (103), from a user (100), a message (101) including a content to be encoded; b) generating, by the encoding module (103), a generated encoding (104) of the content of the provided message (101) using encoding information (112); c) sending, by the encoding module computer device (103), the generated encoding (104) to a reception module computer device (106) and verifying, by the reception module computer device (106), that the generated encoding (104) corresponds to the encoding of the content of the message (101) by using a generated verification information (105) and public information (107), wherein the at least one code (102) having a cryptographic relationship with the public information (107) and the message (101), and the public information (107) and the message (101) having a cryptographic or a public relationship.

Abstract: A first service submits a request to a second service on behalf of a customer of a service provider. The request may have been triggered by a request of the customer to the first service. To process the request, the second service evaluates one or more policies to determine whether fulfillment of the request is allowed by policy associated with the customer. The one or more policies may state one or more conditions on one or more services that played a role in submission of the request. If determined that the policy allows fulfillment of the request, the second service fulfills the request.

Abstract: Provided is an electric pipette system, including: an operating condition receiving milt configured to receive an operating condition of a manipulation operation to foe occur next; a suction/discharge operating unit configured to perform at least any one of a suction operation and a discharge operation of a liquid by an electric pipette based cm the operating condition; an information collecting unit configured to collect various types of information during the suction operation or the discharge operation of the liquid; and an information recording unit configured to record the information.

Abstract: Operational facets of a compressor are controlled from a remotely-located computer. Data from the compressor is automatically collected at a first data store every first time increment of a first time period. Portions of the data from the first data store are automatically collected at a second data store every second time increment of each first time period. The second time increment is greater than the first time increment, and the portions of the data are collected for a second time period which is greater than the first time period. Successful verification of user authentication data collected at the computer causes automatic generation of an image of application icons at the computer to enable the computer as an input device for controlling the compressor and selections of routines available at an analytics visualization generator that uses data from the second data store.

Abstract: Static analysis is applied to unrecognized software objects in order to identify and address potential anti-sandboxing techniques. Where static analysis suggests the presence of any such corresponding code, the software object may be forwarded to a sandbox for further analysis. In another aspect, multiple types of sandboxes may be provided, with the type being selected according to the type of exploit suggested by the static analysis.

Abstract: A zombie server can be detected. Detecting a zombie server can include receiving, at a server, network traffic and calculating a percentage of the network traffic as being productivity software layer 7 protocols every first time interval. Detecting a zombie server can also include marking the server as a zombie server based on the percentage every second time interval and processing the network traffic at the server to perform a number of actions by the productivity software.

Abstract: Systems and methods for secure team-based communication on existing wireless mesh networks are disclosed. In an example network with multiple network nods, a headend system designates a first network node and a second network node as a sub-group of nodes, generates a sub-group encryption key that is unique to the sub-group of nodes, and transmits the sub-group encryption key and the sub-group node list and to the first node and the second node. The first node encrypts an application layer message with the sub-group encryption key and sends the message to the second node. The second node decrypts the application layer message with the sub-group encryption key and performs an action based on the message.

Abstract: A method in the embodiments of the present invention includes: when the wearable device receives an instruction of a user or an electronic device, obtaining, by the wearable device, an image that includes access information of a Wi-Fi network; and analyzing, by the wearable device, the image, obtaining the access information of the Wi-Fi network, and sending the access information of the Wi-Fi network to the electronic device, so that the electronic device accesses the corresponding Wi-Fi network according to the access information of the Wi-Fi network; or sending, by the wearable device, the image to the electronic device, so that the electronic device accesses the corresponding Wi-Fi network according to the image. The present invention is applied to a procedure of accessing a wireless network.

Abstract: A computing system controls access between components. A token issuer issues an access token to a requesting component, that is requesting access to a requested service component, based at least in part on an access policy. The requesting component sends the token to the requested service component, which includes a token authentication module that validates the access token and authorizes the requesting component to access a requested service component, and receives the authorization to access the requested service component.

Abstract: An optimized approach to whitelisting includes, at a domain name service server, determining whether a first domain and a second domain resolve to a same Internet Protocol (IP) address, and in response to a request from a domain name service proxy as to whether the first domain resolves to an IP address shared by another domain, notifying the domain name service proxy that the first domain resolves to an IP address shared by another domain. The method further includes the domain name service proxy receiving from the domain name service server a response that indicates that the first domain resolves to an IP address shared by another domain, and storing, in memory, the IP address and an indication that the IP address is shared by another domain. A data flow associated with a shared IP address is subjected to further scrutiny even if the IP address is on a whitelist.

Abstract: A method and system for managing an electronic mail. A command list of a communication electronic mail transmission protocol is partitioned into command sub-lists using recursive parameters appearing in the command list prior to the partitioning of the command list. Each recursive parameter is a command that is repeated in respective command sub-lists as a result of the partitioning. Each command sub-list includes at least one command pertaining to a receiver or sender of the electronic mail. Each command sub-list is individually selectable for subsequent use of the at least one command in a subsequently selected command sub-list in implementing the electronic mail. A selection of at least one of the command sub-lists viewable in a user interface is received. Each command of the at least one command specifies a respective aspect of how to implement the electronic mail in a subsequent implementation of the electronic mail.