Abstract: Systems, computer program products, and methods are described herein for network traffic routing and load balancing in an electronic network. The present disclosure is configured to identify, by an application layer, at least one website access request by a user account, wherein a website access request comprises a website identifier; transmit the website access request to a traffic routing layer; identify, by the traffic routing layer, a plurality of potential websites; determine, by the traffic routing layer, whether a routing identifier is present for the user account and in response to determining the routing identifier, pin the user account to a pinned website of the potential websites based on the routing identifier; and determine, by the traffic routing layer, whether the pinned website comprises an up attribute or down attribute, and to direct the website access request based on at least this up or down attribute.

Abstract: A method is presented for secure communication, the method including generating a signature using a private key, a nonce, and at least one of an identifier and a key component; and transmitting the signature, the nonce, a security parameter, and the at least one of the identifier and the key component, wherein the security parameter associates a user identity with a public key, the public key being associated with the private key.

Abstract: A system and method for homomorphic encryption in a healthcare network environment is provided and includes receiving digital data over the healthcare network at a data custodian server in a plurality of formats from various data sources, encrypting the data according to a homomorphic encryption scheme, receiving a query at the data custodian server from a data consumer device concerning a portion of the encrypted data, initiating a secure homomorphic work session between the data custodian server and the data consumer device, generating a homomorphic work space associated with the homomorphic work session, compiling, by the data custodian server, a results set satisfying the query, loading the results set into the homomorphic work space, and building an application programming interface (API) compatible with the results set, the API facilitating encrypted analysis on the results set in the homomorphic work space.

Abstract: An embodiment of the present application discloses an information processing method, device and apparatus, a medium, and a program.

Abstract: Digital certificates are generated for devices by a Certificate Authority (CA), which communicates with devices via another entity—registration authority (RA)—so that the CA and RA cannot associate certificates with devices. Each certificate is associated with a public signature key, and with a public encryption key used by CA to encrypt the certificate to hide it from the RA. Both keys are derived by CA from a single key. For example, the signature key can be derived from the public encryption key rather than generated independently. However, high security is obtained even when the CA does not sign the encrypted certificate. Reduced bandwidth and computational costs are obtained as a result. Other embodiments are also provided.

Abstract: A method including receiving, at a processor, credential requests for accessing the VPN environment from a first user device using a first interface and from a second user device using a second interface; transmitting, to the first user device, a first credential based at least in part on the first user device using the first interface; and transmitting, to the second user device, a second credential based at least in part on the second user device using the second interface, the first credential being different from the second credential. Various other aspects are contemplated.

Abstract: The present invention provides systems and methods for supporting encrypted communications with a medical device, such as an implantable device, through a relay device to a remote server, and may employ cloud computing technologies. An implantable medical device is generally constrained to employ a low power transceiver, which supports short distance digital communications. A relay device, such as a smartphone or WiFi access point, acts as a conduit for the communications to the internet or other network, which need not be private or secure. The medical device supports encrypted secure communications, such as a virtual private network technology. The medical device negotiates a secure channel through a smartphone or router, for example, which provides application support for the communication, but may be isolated from the content.

Abstract: Aspects of the subject disclosure may include, for example, a method that includes providing, by a processing system including a processor, a controller function for a user plane function (UPF) of a communication network; the controller function facilitates automated procedures for authentication, deployment, configuration, testing, and/or controlling availability of the UPF, independent of a source of the UPF. The method also includes providing, by the processing system, an interface to facilitate communication between the controller function and the UPF; the controller function uses the interface to facilitate the procedures. Other embodiments are disclosed.

Abstract: Systems and processes are described for a message service with distributed key caching for server-side encryption. Message requests are received by message handlers of the message service that cache data encryption keys used to encrypt and decrypt messages that are stored to message containers in back end storage. A metadata service obtains the data encryption keys from a key management service, caches the keys locally, and sends the keys to the message handlers upon request, where the keys are cached, again. The key management service may generate the data encryption keys based on a master key (e.g., a client's master key). The message handlers may send both message data encrypted using the data encryption key and an encrypted copy of the data encryption key to be stored together in the data store.

Abstract: An issuing device is configured to: respond to a challenge request by transmitting a challenge; and respond to a certification request including a public key and ownership information thereof by issuing a digital certificate certifying the ownership information. The ownership information includes counterparty identity information relating to a ledger of a distributed database. The digital certificate is issued if it is successfully verified that a valid response to the challenge has been posted to the ledger of the distributed database and is associated therein with the counterparty identity information of the certification request. The digital certificate facilitates proofing that an owner of a public key is a given counterparty to a blockchain ledger. Also, a corresponding requesting device and corresponding methods and computer program products for issuing and requesting a digital certificate are disclosed.

Abstract: Various embodiments of systems and methods are provided to bind a system identifier that uniquely identifies an information handling system (IHS) to the system platform, so that the identity of the IHS can be cryptographically verified. More specifically, the present disclosure provides methods to bind a unique system identifier to an IHS platform, and methods to cryptographically verify the identity of the IHS using the unique system identifier and a plurality of keys generated and stored with a Trusted Platform Module (TPM) of the IHS. Systems are provided herein to perform such methods. As such, the systems and methods disclosed herein enable system identity to be irrefutably verified, thereby preventing theft and misuse of system identity.

Abstract: An information processing method is executed by a processor of an apparatus, and includes a step of generating a public key of the apparatus based on a private key of the apparatus (S2), a step of generating a hash value based on the public key and a predetermined hash function (S3), and a step of determining an IP address of the apparatus based on the hash value (S6).

Abstract: A network device may select a first user plane function for establishing, with a user equipment, a protocol data unit session with a single flow and may receive an application function trigger associated with a first new flow for a first application of the user equipment. The network device may select a second user plane function for the first new flow and may create a first traffic filter for the first new flow. The network device may cause the first traffic filter to be provided to the user equipment so that first application traffic is routed, based on the first traffic filter, to the second user plane function and a first multi-access edge computing device associated with the second user plane function.

Abstract: Systems and methods are disclosed including techniques for rendering a 360-degree media content. Techniques disclosed include receiving a 360-degree media content and associated metadata that include a classification of a first spatial region from the received content. Techniques disclosed further include determining that a detected user movement is associated with a rendering of the first spatial region and determining whether the classification associated with the first spatial region complies with a stored user preference. If the classification violates the user preference, a path for gradually shifting the content rendering from a currently rendered spatial region to a spatial region that complies with the user preference is determined, and the received content is rendered according to the determined path.

Abstract: A device is configured to receive, from a controller, an instruction requesting data for the device and determine a comparison result value based on a comparison of the data for the device and a reference value. The device is further configured to determine whether to respond to the instruction based on the comparison result value and, in response to a determination to respond to the instruction, output, to the controller, the comparison result value, wherein, to output the comparison result value, the device is configured to refrain from outputting the data for the device.

Abstract: According to a first aspect of the disclosure, there is provided a method of accessing data from one or more destination transactions stored on a blockchain, wherein the method comprises selecting one or more hyperlinks linking to the destination transaction(s). According to a second aspect of the disclosure, there is provided a request-response protocol for requesting access to data from a destination transaction.

Abstract: A vehicle-to-everything terminal provides a vehicle-to-everything server with a security credential that can prove an identity of the vehicle-to-everything terminal, and requests the vehicle-to-everything server to apply for a certificate for the vehicle-to-everything terminal. The security credential may be a token preconfigured in the vehicle-to-everything terminal, or may be a digital signature of the vehicle. The vehicle-to-everything server performs identity verification on the vehicle-to-everything terminal based on the security credential. After the verification succeeds, the vehicle-to-everything server selects a proper certificate server to apply for a certificate for the vehicle-to-everything terminal.

Abstract: A method for collecting data from a group of entitled members. The method may include receiving, by a collection unit, a message and a message signature; validating, by the collection unit, whether the message was received from any of the entitled members of the group, without identifying the entitled member that sent the message; wherein the validating comprises applying a second plurality of mathematical operations on a first group of secrets, a second group of secrets, and a first part of the message signature; and rejecting, by the collection unit, the message when validating that the message was not received from any entitled member of the group.

Abstract: The present disclosure describes techniques that facilitate the encryption of data communications between a home and VPLMN, along with the verification of a content and origin of encrypted messages at each end of a data communication. In one non-limiting example, the process of verifying the content and origin of an encrypted message is facilitated partly by an exchange of network public keys between the HPLMN and VPLMNs. In another example, a network certificate aggregator (NCA) may act as a certificate authority (CA) by verifying the identities of interacting home and VPLMNs. The NCA may facilitate and exchange public keys between a home and VPLMN, whereby the HPLMN and VPLMNs need only trust and verify an identity of the NCA. Alternatively, the NCA may act as a conduit for data communications between the HPLMN and VPLMN.

Abstract: Security systems for microelectronic devices physically lock the hardware itself and serve as a first line of defense by preventing overwriting, modification, manipulation or erasure of data stored in a device's memory. Implementations of the security systems can respond to lock/unlock commands that do not require signal or software interactivity with the functionality of the protected device, and which therefore may be consistent across devices.

Abstract: An issuing authority (IA) may validate the identity of a user and issue a digital license to the user. IA may generate IA public-private key pair, and provide IA public key to the certification authority (CA). IA may sign the digital license with IA private key, and provision the signed digital license on the user device. IA may request CA to certify the digital license. CA may use IA public key to validate the digital license, and sign IA public key with CA private key, thereby generating a digital certificate associated with the issuing authority that is linked to the digital license. A relying party may use CA public key to validate the digital license. The relying party can retrieve the information from the digital license and trust that the retrieved information is legitimate.

Abstract: In accordance with an embodiment, a method for delivering a certificate to a vehicle comprising transmitting the certificate to the vehicle via near field coupling is provided. The near field coupling can be accomplished by transmitting data using a near field coupled antenna to a receiver. The near field coupled antenna can also be used for content delivery such as for example, a streaming video signal, a streaming webcast signal, non-streaming transfer of information, etc. The method can be used for location validation of land vehicles, marine vehicles, and pedestrians as well as content delivery, and payment mechanisms. In accordance with another embodiment a traffic control system is configured to control vehicles and pedestrians in an intelligent transportation system.

Abstract: A system, method, and computer-readable medium are disclosed for performing a data center connectivity management operation.

Abstract: A printer may include a controller configured to: in a case where a predetermined instruction is obtained from a user under a situation where a service state of the printer for receiving a print job providing service from a server is a disabled state, shift the service state from the disabled state to an enabled state; in a case where a registration instruction to register printer information related to the printer in the server is obtained, send the printer information to the server; in a case where the registration instruction is obtained under the situation where the service state is the disabled state, shift the service state from the disabled state to the enabled state without obtaining the predetermined instruction from the user.

Abstract: Techniques are disclosed to automate TLS certificate rotation. For example, a certificate rotation event may be detected from a certificate management tool. The certificate rotation event may be associated with a first certificate and may indicate that the first certificate is to be updated with a second certificate. An application server that is running on a host and to which the first certificate is bound may be identified. A certificate identifier for the second certificate may be provided to one or more agents running on the host. A distribution service may obtain certificate information, e.g., a public key, a private key, or a certificate identifier for the second certificate, from the certificate rotation tool. Some or all of the certificate information for the second certificate may be obtained by the one or more agents running on the host. The one or more agents may instruct the application server to bind the second certificate.

Abstract: A system allows a user to store his personally identifiable information (PII) on a personal device. When a third party wants to access the user's PII (e.g., to update the PII or to retrieve the PII), a notification will be presented to the user on the personal device seeking consent to the access. The notification may inform the user as to what information is being requested and which entity is requesting the access. The requested access will be denied unless the user consents to the access. In this manner, the user is given control over the dissemination of his PII. Additionally, the system alters or adjusts the PII that is stored in third-party servers so that even if these servers are breached, the user's actual PII is not exposed.

Abstract: Certain example embodiments relate to systems and techniques for a client device outside of a cloud infrastructure to securely access services in the cloud infrastructure by relying on one or more keys that are validated by the cloud infrastructure based on a heartbeat message received from the client device. The heartbeat message may be secured by a certificate generated for the client device.

Abstract: As part of a factory provisioning of an Information Handling System (IHS), a configuration certificate is stored that identifies a pre-boot configuration of the IHS resulting from the factory provisioning. Upon a transfer of control or ownership of the IHS, a pre-boot configuration of the IHS is identified and the configuration certificate is utilized to validate that the identified pre-boot configuration is the same as the pre-boot configuration of the IHS resulting from the factory provisioning. A security processor of the IHS may support boot code operations for generating additional configuration certificates that can be used to validate the integrity of any changes the IHS configuration, such as upon its next power cycle.

Abstract: A sending device may send data intended for a target device. An intermediate device may intercept the data sent from the sending device and forward the communications to the target device. Security data (e.g., a security certificate for authentication) along with an encrypted version of the security data may be sent at the application layer such that it passes from the sending device, through the intermediate device, and to the target device without being analyzed or modified by the intermediate device. The target device may use the encrypted security data and the security data to verify the identity of the sending device.

Abstract: A data synchronization method for a parachain includes a step of obtaining first block operation sequence information, synchronizing blocks of a main chain according to the first block operation sequence information to generate or update the parachain, wherein the first block operation sequence information is obtained by updating the first block after the main chain receives a plurality of transaction information sent by a client user terminal to perform consensus on the transaction information and to generate the first block and to record the operation serial number of the first block, wherein the first block operation sequence information includes an operation serial number and operation information of each block of the main chain, and an operation serial number and operation information of the block revoked by a node of the main chain when the block revoking is executed.

Abstract: Systems, methods, and computer-readable media for managing digital certificates and other security credentials. A routing and management server is communicatively connected to a certificate user device and to a plurality of certificate generators. The server performs operations that may include: optionally registering the certificate user device; receiving a request for one or more digital certificates from the certificate user device; analyzing the request to determine an appropriate certificate generator, from among the plurality of certificate generators, for producing the one or more digital certificates; optionally translating the request into a format required by the appropriate certificate generator; transmitting the request to the appropriate certificate generator; receiving the one or more digital certificates from the appropriate certificate generator; and providing the one or more digital certificates to the certificate user device.

Abstract: A method and a system for validating a proposed change to a configuration of an application are provided. The method includes: receiving a user request for changing a setting of one or more parameters of the configuration of the application; retrieving, from a memory, a set of rules that relate to permissible settings for the parameters; comparing the request to the retrieved rules; determining whether the request is acceptable based on a result of the comparison; and when the request is determined as being acceptable, validating the request. The rules may be applicable across an entirety of an organization or specific to a particular line of business. The parameters may relate to report formats or digital dashboards that are generated by executing the application.

Abstract: A process generates a certificate of authenticity for a virtual item. Further, the process sends, with the processor, the certificate of authenticity to a decentralized network of computing devices such that two or more of the computing devices store the certificate of authenticity. The two or more of the computing devices receive, from a user device that provides a virtual reality experience in which a virtual item is purchased, a request for authentication of the certificate of authenticity. In addition, the two or more computing devices authenticate the certificate of authenticity based on one or more consistency criteria for the certificate of authenticity being met by the two or more computing devices.

Abstract: A revocable lightweight group authentication method and system for an edge controller is described here. When the edge controller needs to be registered, an edge server generates a private key of the edge controller and sends the private key to the edge controller, and meanwhile adds the edge controller to a group list of the edge server; the edge server updates a certificate of the edge controller, adds the certificate to a certificate list of the edge server and sends the certificate to the edge controller so that the edge controller updates the private key according to the updated certificate; and then the edge controller generates a signature according to the updated private key, and sends the signature to the edge server so that the edge server authenticates the edge controller after determining that the signature meets preset requirements.

Abstract: An identity verification is managed by generating a workflow used by a control apparatus that controls a system in which a plurality of business entities manages attribute information in user information that identifies a user. The workflow is generated, based on a first list of target business entities that perform identity verification of the user, a second list of business entities indicating whether cooperation is performed among the business entities for the identity verification, a number of electronic certificates that certify the user information for completing the identity verification, and a procedure time taken by each of the business entities for the identity verification, so that the workflow minimizes a procedure time taken for completion of the identity verification by the target business entities, and that describes a distribution procedure of the electronic certificates that are used in the identity verification at each of the business entities.

Abstract: A computing system includes a server. The server is communicatively coupled to a data repository and is configured to store a data in the data repository. The server is further configured to create, via a visual information flow creation tool, at least one information flow object. The server is additionally configured to create, via the visual information flow creation tool, an electronic signature field in the at least one information flow object, and to provide the at least one information flow object to communicate an electronic signature request to an electronic signature system.

Abstract: Among other things, techniques are described for provisioning and authentication of devices in vehicles. In one aspect, a device in a vehicle establishes a communication session with a network server that manages provisioning of devices corresponding to an enterprise associated with the vehicle. The device receives instructions from the network server to generate cryptographic keys, and in response, generates a public and private key pair. The device sends, to the network server, a certificate signing request that includes the public key and an identifier of the device. In response, the device receives a digital security certificate for the device, and a security certificate of a signing certificate authority. The device authenticates the security certificate of the certificate authority using a known enterprise root certificate, and upon successful authentication, stores the device security certificate and the security certificate of the signing certificate authority.

Abstract: A bridge component is interposed between a content targeting portion of a computerized content management system and a security portion of the system. the content targeting portion has a plurality of targeting segments defined therein. The bridge component creates a plurality of corresponding security groups for at least a subset of the plurality of targeting segments for which pre-existing security groups have not been created. For the targeting segments, accessing, with the bridge component, underlying logic used by the content targeting portion to create the targeting segments, and use the logic to determine whether each potential group member matches the logic. Add at least those of the potential group members that match the logic, and are not already present, to an appropriate one of the corresponding security groups; remove those that do not match. Apply security to the resulting updated security groups with the security portion, and distribute content accordingly.

Abstract: Systems, computer program products, and methods are described herein for secure resource allocation communication with a network. The present invention may be configured to provide, to a device management system, a request for authentication and receive, from the device management system, a file including a link to a certificate system. The present invention may be further configured to provide, using the link, a certificate enrollment request to the certificate system and receive, from the certificate system, a signed certificate. The present invention may be further configured to establish, using the signed certificate, a wireless connection to a network. In some embodiments, the present invention may include a scanner device for processing instruments associated with resource allocations and a network device communicatively connected to the scanner device for enabling the scanner device to communicate wirelessly with the network.

Abstract: An apparatus receives data access parameters from an external device of a transmission destination, where the data access parameters includes an access ticket, a transmission condition to transmit data, and information on the transmission destination of the data, and the access ticket includes a first program accessible to the data whose utilization by others is authorized by a user. The apparatus generates a notice object corresponding to the information on the transmission destination, and transmits the notice object to the transmission destination. The apparatus executes the first program of the access ticket to acquire the data when the transmission condition is satisfied, and transmits the acquired data to the transmission destination to set the acquired data in the notice object.

Abstract: A certificate credential and an associated signature is received. The certificate credential and the associated signature are authenticated at an operating system level. Whether the certificate credential has expired is validated at an application level via an external certificate authority. Access to encrypted data is allowed based at least in part on the authentication and the validation of the certificate credential.

Abstract: In various examples, a computerized method for document-sharing conferencing is described. The method may include steps such as acquiring and saving an electronic document. The method may include receiving an active event indication and instructing the electronic document to be displayed on one or more displays during an active event. The method may further include receiving an active layer for the electronic document and instructing the active layer to be displayed on the electronic document during the active event. The method may also include saving the active layer with the electronic document.

Abstract: Disclosed in some examples are methods, systems, devices, and machine-readable mediums that detect evil twin and other anomalous access points in an IT infrastructure by detecting access points that are not in their expected locations based upon an analysis of access point reports from one or more computing devices.

Abstract: A system and techniques are described herein for providing authentication. The technique includes registering user authentication data such as biometrics data with a communication device. The authentication data is linked to an account or service provider, and is used to verify the identity of the user when accessing the account. The communication device may obtain a public/private key pair, for which the pubic key may be stored on a secure remote server. When the user attempts to access the account or service provider, the user may provide the authentication data to authenticate the user to the communication device. Thereafter, the communication device may sign an authentication indicator using the private key and send the authentication indicator to the secure remote server. Upon verification of the signature using the public key, the secure remote server may grant access to the user, for example, by releasing a token.

Abstract: To easily identify an invalid device certificate by means of a validity check when signing keys that are used to create device certificates are compromised, a piece of status information is provided for device certificates that comprises positive evidence of the existence and validity of the device certificate, and alternatively or additionally to apply a special validity model for device certificates, wherein the time of issue of the device certificate is documented by means of a signed electronic timestamp, and wherein a different signing key is used for signing the timestamp than for signing the device certificate. Additionally, all information that is required for the validity check of a device certificate is stored in a memory of the device or in a memory associated with the device, so that an identity check on the device can be performed at any time without fetching additional data.

Abstract: A system for communicating with multiple vehicles or other electronic devices that share a common media access control (MAC) or other address is disclosed. Upon receiving a certificate signing request (CSR) from a connected device and determining that the device does not have a unique address, the system will generate a unique address for the device and embedding the unique addresses in a certificate, sign the certificate, and transfer the certificate to the device. Then, when the system communicates with the device, the system may use that unique address to identify the device.

Abstract: Some embodiments provide a novel method of tracking connections in a network. The method receives an identification of a first network endpoint and a second network endpoint. The method then determines that the first network endpoint cannot directly address a packet flow to the second network endpoint. The method identifies an address translation rule of a network device that translates an address of the second network endpoint into a translated address. The method then determines that the first network endpoint can directly address a packet flow to the translated address. The method then identifies a route from the first network endpoint to the second endpoint through the network device that translates the address and displays the route including an identifier of the network device.

Abstract: A system performs digital notarization using a biometric identification service. A signature requesting service receives a request to validate a digital item with a signature for a person. The signature requesting service provides a payload that identifies the digital item and/or the person to an identity service. The identity service obtains one or more digital representations of biometrics for the person, determines an identity for the person, and returns a data structure including the payload and one or more identity attestations regarding the determined identity. The identity service encrypts at least a portion of the data structure using a private encryption key. A public encryption key for the identity service can then be used to decrypt the portion to verify that the data structure was generated by the identity service after determining the identity. In this way, validation can be verified to the full trust level of the identification service.

Abstract: An apparatus and methods are disclosed for monitoring the operation of an electrical power-transfer system and detecting and handling hazardous and undesirable system states. In accordance with one embodiment, an electrical signal is injected into the electrical power-transfer system. During or after the injection of the electrical signal, an electrical property between a first sensor and a second sensor are measured to obtain a measurement. The electrical power-transfer system is determined to be in a hazardous state based on the measurement, and in response to the determination one or more actions are performed to correct the hazardous state.

Abstract: A first apparatus performs a pairing providing process of displaying a provision string on the first apparatus and transmitting the provision string to a server apparatus, the provision string being of a given number of digits that changes every given amount of time in such a manner that, every given amount of time, the provision string is subjected to carrying and a new character is added to the rightmost digit of the provision string. A second apparatus transmits an acceptance string to the server apparatus, the acceptance string being input from the second apparatus based on the provision string displayed on the first apparatus. The server apparatus compares the provision string with the acceptance string, and determines that pairing is established between the first apparatus and the second apparatus when the provision string and the acceptance string match each other.