Abstract: Example embodiments include a method for receiving, at a user device from a home access point, a first digital certificate for a residential wireless roaming mode, wherein the residential wireless roaming mode provides the user device remote access to a wireless local area network corresponding to the home access point, and wherein the first digital certificate is issued by a certificate authority of a service provider associated with the home access point; transmitting at least one probe request message to at least one public access point, wherein the probe request message includes at least the first digital certificate; receiving from the at least one public access point a probe response message including information for remotely accessing the wireless local area network via a virtual private network connection established between the public access point and the home access point.

Abstract: Systems and methods for creating a consistent blockchain including block commitment determinations are disclosed herein. An example method includes receiving a request for blockchain data from an application or a user, receiving proposed canonical heads from a plurality of blockchain nodes, receiving votes to determine a correct state for a consistent blockchain that includes a canonical head, the blockchain data being included in the consistent view of a blockchain, determining the canonical head based on the votes, determining a commitment level for at least one block in the consistent view of the blockchain, providing the consistent view of the blockchain to the application or the user, and exposing the commitment level for the at least one block.

Abstract: Techniques are disclosed for providing backup protection. A first subnet is established for replication in a first cluster that includes a plurality of host devices. Each of the host devices includes a respective controller virtual machine, which together form a virtual local area network for replication. Each of the controller virtual machines is assigned an Ethernet interface. A replication Internet Protocol address is assigned to each of the Ethernet interfaces of the controller virtual machines. Route tables and firewall rules of the controller virtual machines are modified to allow communications between nodes of the first subnet. The first subnet is configured with information related to a second subnet for replication in a second cluster. A dedicated communication channel is generated for replication between the first cluster and the second cluster based on the configuring.

Abstract: At least one non-transitory computer readable medium, that at least one non-transitory computer readable medium stores instructions for (a) generating master keys by a keys security entity (KSE) that is established within a KSE; (b) generating one-time connection session keys, by the KSE, based on the master keys; (c) outputting, by the KSE, the one-time connection session keys to a Connection Security Entity (CSE) enclave in which a CSE is established, over a secure communication link; and (d) preventing access, by the KSE, to the master keys.

Abstract: A method of tenant user management in cloud database operation can be implemented. The method can receive an original job request from a user for a database service, wherein the original job request can include a login credential of the user. The method can authenticate the login credential of the user by a scheduler, verify the user has privileges for the original job request by the scheduler, create a modified job request from the original job request by the scheduler based on a predefined role corresponding to the privileges of the user, send the modified job request from the scheduler to a database service platform, and allocate an instance of database service to the user in response to the modified job request.

Abstract: The present disclosure provides systems, methods, and computer readable storage devices for validating that a software release has successfully completed multiple development stages of a development process without alteration. To illustrate, as software (e.g., one or more files or artifacts) completes at least a portion of a development process including the development stages, data components are generated. Digital signatures are generated based on the data components and a private key, and the digital signatures are stored in a secure data structure, such as a blockchain or a tree structure. Upon receipt of the data components (e.g., as validation data of a software release) by a node device, the node device generates validation signatures based on the data components and a public key and compares the validation signatures to the digital signatures stored in the secure data structure to validate the software before processing the software.

Abstract: Systems and methods for protected verification of user information are provided. Multiple computing systems may transmit or receive communications from one or more other computing systems as part of the protected user information verification. For example, a user may utilize a verification service to independently verify the user's information to third-party systems without the verification service actually storing, receiving, accessing, or otherwise coming into contact with the user-specific information that it is verifying. In this way, the system can protect a user's personal information while streamlining the user's verification with one or more third parties.

Abstract: This disclosure relates to systems and methods for management of information, including environmental information, obtained by a variety of sensors associated with one or more distributed mobile sensor platforms. In certain embodiments, the geographically transitory nature of a mobile sensor platform may be leveraged to facilitate collection of environmental information over a larger geographic area than that of a fixed sensor platform. Embodiments disclosed herein provide for information consistency and/or quality checking of information obtained by mobile sensor platforms. Further embodiments may be used to incentivize the collection and/or acquisition of certain data via point and/or credit-based compensation.

Abstract: Systems and methods for obfuscating data. The technology herein can be used to produce an obfuscated output that exhibits no easily discernible pattern, making difficult to identify or to filter using regular expressions, signature matching or other pattern matching. The output nevertheless can be reversed and the original data recovered by an intended recipient with a relatively low-cost of processing, making it suitable for low-powered devices. The obfuscation is stateless and does not require encryption.

Abstract: A method of a local bundle assistant (LBA) negotiating a certificate with a secondary platform bundle manager (SPBM) in a wireless communication system including: transmitting a request message requesting information of certificates supported by a secondary secure platform (SSP) to a secondary platform bundle loader (SPBL) of the SSP; receiving the information of certificates supported by the SSP including information of certificate issuers corresponding to a family identifier from the SPBL; transmitting the information of certificates supported by the SSP to the SPBM; and receiving a certificate of the SPBM for key agreement, information of public key identifiers of certificate issuers to be used by the SSP, and information of the family identifier from the SPBM.

Abstract: This application relates to a graph data processing method performed by a distributed computer node cluster including a plurality of computer devices, each computer device distributed on a respective computing node of the distributed computer node cluster, the method including: obtaining subgraph data divided from to-be-processed graph data; performing a computation task on the subgraph data to obtain corresponding global data and local data; writing the global data to a blockchain network, the global data of the blockchain network being updated by the distributed computing node cluster; obtaining latest global data from the blockchain network; and iteratively performing, according to the obtained latest global data and the local data, the computation task on the subgraph data without obtaining a computation result until an iteration stopping condition is met.

Abstract: A method to generate a trusted certificate on an endpoint appliance located in an untrusted network, wherein client devices are configured to trust a first Certificate Authority (CA) that is administered by the untrusted network. In this approach, an overlay network is configured between the endpoint appliance and an origin server associated with the endpoint appliance. The overlay comprises an edge machine located proximate the endpoint appliance, and an associated key management service. A second CA is configured in association with the key management service to receive a second certificate signed by the first CA. A third CA is configured in association with the edge machine to receive a third certificate signed by the second CA. In response to a request from the appliance, a server certificate signed by the third CA is dynamically generated and provided to the appliance.

Abstract: Systems and methods for improving reliability in blockchain networks using sharding are disclosed herein. An example method includes assigning a unique identifier to a user, applying a deterministic function, such as a consistent hashing algorithm, to the unique identifier to select a unique set of nodes that are assigned to a shard for the user, wherein the nodes are a subset of available nodes, receiving a request for blockchain data from the user, generating a response to the request using a consistent view of a blockchain obtained from the unique set of nodes, and transmitting the response to the request to the user.

Abstract: A communication system includes a transmitting device configured to transmit information, and a receiving device configured to receive the information, the receiving device includes a determination unit configured to determine whether or not an electronic certificate of the transmitting device used for a communication with the transmitting device is an EV certificate, and a process that is performed is varied according to a determination result of the determination unit.

Abstract: A method of authenticating a network device may include receiving an authentication message from a third party server, the authentication message identifying a network device. The method may also include receiving a zero touch provisioning request comprising a certificate from the network device. The method may additionally include, determining the network device is associated with a third party that manages the third party server based on the certificate. The method may include transmitting a redirect message comprising a root certificate chain indicating that the network device is to send the zero touch provisioning request to the third party server.

Abstract: A system and a method are disclosed for enabling pictorial content to be added to a secure document. In an embodiment, a secure document tool receives a request, from an administrator of the secure document, to enable modification of a region of the secure document with an addition of pictorial content, the secure document configured to prevent modification of contents of the secure document by a signer, the secure document enabled to accept a signature on the secure document by the signer. The secure document tool receives, from the signer, a command to add pictorial content to the region, and responsively adds the pictorial content to the region. The secure document tool receives from the signer, a signature on the secure document, and responsively disables the secure document from accepting further modifications.

Abstract: One or more computing devices, systems, and/or methods for data fragmentation and reconstruction are provided. Random number generation information, indicating a number of fragments into which data stored by a client device is to be fragmented, is received. The data is fragmented according to the number of fragments as a set of fragments. Authentication data is incorporated with the set of fragments. A set of entities capable of storing the set of fragments with the authentication data is identified. The set of fragments with the authentication data are stored across the set of entities.

Abstract: Systems and methods for managing a compromised autonomous vehicle server are described herein. A processor may obtain an indication of a first server configured to control an autonomous vehicle being compromised. The autonomous vehicle may have previously been provisioned with a first public key. The first public key may be paired with a first private key. A processor may compile command information. The command information may include a command for the autonomous vehicle and a digital certificate of a second server configured to control the autonomous vehicle in the event of the first server being compromised. The digital certificate may include a second public key and may be signed with the first private key. The command may be signed with a second private key associated with the second server. The second private key may be paired with the second public key.

Abstract: A method of registering a person as an authorized user of a portable device includes acquiring biometric data or a combination of pieces of biometric data of a person, encrypting the acquired biometric data or the combination of pieces of biometric data, generating a code from the encrypted biometric data or the combination of pieces of biometric data, inserting the code in an extension field of a public key certificate stored in the portable device, generating a private key and a public key that corresponds to the private key, based on the public key certificate, wherein the private key contains the code, and transmitting the public key to a remote entity, thereby enabling the remote entity to register the person as an authorized user of the portable device. The extension field of the public key certificate further contains a code associated with identification information of the person.

Abstract: A method of registering a person as an authorized user of a portable device includes acquiring biometric data or a combination of pieces of biometric data of a person, encrypting the acquired biometric data or the combination of pieces of biometric data of the person, generating a code from the encrypted biometric data or the combination of pieces of biometric data of the person, inserting the code in an extension field of a public key certificate stored in the portable device, generating a private key and a public key that corresponds to the private key, based on the public key certificate, wherein the private key contains the code, transmitting the public key to a remote entity that is in communication with the portable device, thereby enabling the remote entity to register the person as an authorized user of the portable device, and modifying the public key to generate a modified public key configured to be used in case that the remote entity is disconnected from a service providing server.

Abstract: A method of authenticating a user includes: logging into a first system that includes a token-based authentication system (TBAS); creating, at the TBAS, a cookie based on a token from the TBAS; requesting access, by the user, to a second system that includes at least one windows-hosted web application (WHWA); and decoding and validating the token, thereby granting the user access to the second system based only on the user logging into the first system.

Abstract: A certificate management system includes an electronic device and a server. The electronic device is configured to transmit a certificate application request. The server is configured to sign a device certificate corresponding to the electronic device through an intermediate certificate device after receiving the certificate application request, and transmit the device certificate and the Internet address of the server to the electronic device. The electronic device stores the device certificate and the Internet address of the server to complete the certificate issuance operation.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to reduce false crediting of exposure to video-on-demand media assets. Example apparatus disclosed herein include a signature matcher to compare a sequence of monitored media signatures to sequences of reference signatures representative of corresponding reference media assets, the sequence of monitored media signatures included in monitoring data reported by a media device meter, the sequences of reference signature stored in a library of reference signatures. Disclosed example apparatus also include a matched assets counter to determine a count of ones of the reference media assets represented by corresponding ones of the sequences of reference signatures determined to match the sequence of monitored media signatures. Disclosed examples further include a credit determiner to determine whether to credit media exposure to a first one of the reference media assets based on the count.

Abstract: A method consistent with embodiments of the present disclosure may begin with retrieving a message to be electronically transmitted. The method may proceed with digitally securing the message by generating a first digital signature for the message. The first digital signature may be added to a list of digital signatures for inclusion in the message. A list of allowed anticipated changes may be retrieved. In accordance to embodiments disclosed herein, the message may be pre-signed for the allowed anticipated changes. Pre-signing the message may comprise editing the message with each allowed anticipated change, generating a subsequent digital signature for the message edited with the allowed anticipated change, and adding the subsequent digital signature to the list of digital signatures for inclusion in the electronic message. This process may be repeated for each allowed anticipated change in the allowed anticipated changes.

Abstract: A method of creating and applying a self-authenticating digital identity for a user having an identity is described.

Abstract: An identity management server can be used to provide identity-based authentication and access control mechanism for devices trying to connect to a network or other devices on the network. The identity management server may authenticate a user associated with a device based on the past behavior information of the user received from another device associated with the user. The identity management server may generate a trust score based on multiple attributes associated with the user and the device, and authenticate the user if the trust score is within an acceptable limit. The identity management server may also generate access permissions for the device, which can be used by a network device to grant or deny access to the network.

Abstract: There is provided a wireless communication device that includes a communication unit that performs wireless communication with a connection device, and a control unit that encrypts a wireless communication channel with the connection device on the basis of a digital certificate issued by a certificate authority server. The communication unit receives payment information and a valid type of payment from the connection device via the encrypted wireless communication channel. The control unit determines a payment server on the basis of the valid type of payment and causes the communication unit to transmit a payment request based on the payment information to the payment server.

Abstract: A lifecycle management system for Controlled Objects is disclosed using a plurality of distinct databases in a plurality of domains. Methods for associating identifiable data records with identifiable Controlled Objects are disclosed. Methods and apparatus are disclosed for authorizing, recording and discontinuing use of a Controlled Object, including pairing of a plurality of Controlled Objects.

Abstract: Technologies for accelerated orchestration and attestation include multiple edge devices. An edge appliance device performs an attestation process with each of its components to generate component certificates. The edge appliance device generates an appliance certificate that is indicative of the component certificates and a current utilization of the edge appliance device and provides the appliance certificate to a relying party. The relying party may be an edge orchestrator device. The edge orchestrator device receives a workload scheduling request with a service level agreement requirement. The edge orchestrator device verifies the appliance certificate and determines whether the service level agreement requirement is satisfied based on the appliance certificate. If satisfied, the workload is scheduled to the edge appliance device. Attestation and generation of the appliance certificate by the edge appliance device may be performed by an accelerator of the edge appliance device.

Abstract: A method to generate a trusted certificate on an endpoint appliance located in an untrusted network, wherein client devices are configured to trust a first Certificate Authority (CA) that is administered by the untrusted network. In this approach, an overlay network is configured between the endpoint appliance and an origin server associated with the endpoint appliance. The overlay comprises an edge machine located proximate the endpoint appliance, and an associated key management service. A second CA is configured in association with the key management service to receive a second certificate signed by the first CA. A third CA is configured in association with the edge machine to receive a third certificate signed by the second CA. In response to a request from the appliance, a server certificate signed by the third CA is dynamically generated and provided to the appliance.

Abstract: A data communication network comprises Provider Edge (PE) circuitry and Customer Edge (CE) circuitry. The PE circuitry boots a trusted PE processor that transfers a hardware-trust hash and receives a hardware-trust certificate. The CE circuitry boots a trusted CE processor that transfers a hardware-trust hash and receives a hardware-trust certificate. The trusted PE circuitry and the trusted CE circuitry exchange and validate the hardware-trust certificates to establish a Trusted Execution Environment (TEE) across the network edge. The trusted PE circuitry and the trusted CE circuitry encrypt and exchange trusted user data in the TEE across the network edge.

Abstract: Systems and methods for managing a compromised autonomous vehicle server are described herein. A processor may obtain an indication of a first server configured to control an autonomous vehicle being compromised. The autonomous vehicle may have previously been provisioned with a first public key. The first public key may be paired with a first private key. A processor may compile command information. The command information may include a command for the autonomous vehicle and a digital certificate of a second server configured to control the autonomous vehicle in the event of the first server being compromised. The digital certificate may include a second public key and may be signed with the first private key. The command may be signed with a second private key associated with the second server. The second private key may be paired with the second public key.

Abstract: Systems and methods for managing a compromised autonomous vehicle server are described herein. A processor may obtain an indication of a first server configured to control an autonomous vehicle being compromised. The autonomous vehicle may have previously been provisioned with a first public key. The first public key may be paired with a first private key. A processor may compile command information. The command information may include a command for the autonomous vehicle and a digital certificate of a second server configured to control the autonomous vehicle in the event of the first server being compromised. The digital certificate may include a second public key and may be signed with the first private key. The command may be signed with a second private key associated with the second server. The second private key may be paired with the second public key.

Abstract: Various embodiments are generally directed to techniques to form secure communications between two computing devices in which the chain of trust of those communications is extended to a particular application routine executed by one of the two computing devices. An apparatus includes a processor component; a verifying component to verify a link attestation credential received from a server to verify an ability of the server to form a secure pipeline, and to signal an application routine with an indication of a result of the verification by the verifying component; and a hash component to generate a return hash of a return signature associated with the application routine to indicate to the server that the application routine has also verified the link attestation credential to form the secure pipeline between the server and the application routine. Other embodiments are described and claimed.

Abstract: Systems and methods for server authentication in a content delivery network are provided. Various embodiments include a content delivery network obtaining multiple digital certificates from multiple certificate authorities. When a client attempts to access the content delivery network, the network serves the client a digital certificate and then monitors the authentication of the certificate. If the authentication fails, the content delivery network serves the client another digital certificate that was issued from a different certificate authority. In other embodiments, the content delivery network constantly monitors the function of each certificate authority. The content delivery network constantly pings each certificate authority. If any one of the certificate authorities fails to respond to the pings, the content delivery network will presume the certificate authority is non-operational and will stop using certificates from the non-operational certificate authorities until they resume operation.

Abstract: An embodiment of the present invention is directed to a translation layer that intercepts a token and converts new group names into old entitlement verbiage based on data loaded at start-up (e.g., hash map, etc.) from a configuration file. The old entitlement verbiage may be loaded into the User Session just as it would have been if the entitlements had come from within the old application authorization structure. The remainder of the application is unaware that the authorization source has changed.

Abstract: The present disclosure involves a sidechain testing system and method for improving security and stability of a smart contract.

Abstract: A system for committing event data includes an interface and a processor. The interface is configured to receive input data and receive a client key. The processor is configured to generate an Nth sequence number; determine an Nth event hash using the input data, an N?1 signature, and the Nth sequence number; encrypt the Nth event hash with the client key to generate an Nth signature; generate an Nth event from the input data, the N?1 signature, the Nth sequence number, and the Nth signature; and, in response to an aggregate N?1 of one or more prior events being valid, apply Nth event onto the aggregate N?1.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for providing certifications.

Abstract: A method for managing a post-hoc device registration in an ecosystem is provided. The method includes assembling an electronic device, having a system on a chip (SoC) integrated therein. The method further includes activating/onboarding the device, receiving, by a CA from the device, a communication containing at least one keypair, validating, from the CA to the device, the at least one keypair, triggering, by the CA, data capture of validation data. The validation data includes user registration data, and manufacture/status data for least one of the device and the SoC. The captured validation data is stored in a database of the CA, and then aggregated, along with the received at least one keypair, from the CA database into a billing invoice to the device assembler. The registration data is referenced to the at least one keypair and other validation data by the CA.

Abstract: Implementations of the present disclosure provide techniques to improve security in blockchain networks. In some implementations, a linking request is received from a node. The node requests to be linked to a blockchain network. The linking request includes a digital code. One or more consensus verification messages are received from one or more blockchain nodes of the blockchain network. Each consensus verification message indicates whether a respective blockchain node approves or denies the linking request. A consensus verification result is determined based on the one or more consensus verification messages. In response to determining that the linking request is approved by the one or more blockchain nodes, the digital code is stored into the blockchain network as a digital certificate of the node.

Abstract: Implementations of the present disclosure provide techniques to improve security in blockchain networks. In some implementations, a linking request is received from a node. The node requests to be linked to a blockchain network. The linking request includes a digital code. One or more consensus verification messages are received from one or more blockchain nodes of the blockchain network. Each consensus verification message indicates whether a respective blockchain node approves or denies the linking request. A consensus verification result is determined based on the one or more consensus verification messages. In response to determining that the linking request is approved by the one or more blockchain nodes, the digital code is stored into the blockchain network as a digital certificate of the node.

Abstract: Disclosed herein are systems and methods for enabling the automatic detection of executable code from a stream of bytes. In some embodiments, the stream of bytes can be sourced from the hidden areas of files that traditional malware detection solutions ignore. In some embodiments, a machine learning model is trained to detect whether a particular stream of bytes is executable code. Other embodiments described herein disclose systems and methods for automatic feature extraction using a neural network. Given a new file, the systems and methods may preprocess the code to be inputted into a trained neural network. The neural network may be used as a “feature generator” for a malware detection model. Other embodiments herein are directed to systems and methods for identifying, flagging, and/or detecting threat actors which attempt to obtain access to library functions independently.

Abstract: A technique includes receiving a request from a first electronic device to connect to a network and receiving a first part from the first electronic device. The technique includes regulating onboarding of the first electronic device. Regulating the onboarding includes authenticating the first electronic device. Authenticating the first electronic device includes communicating with a plurality of electronic devices that are connected to the network to receive a set of second secret parts; constructing a first secret from the first secret part and the set of second secret parts; and comparing the first secret to a second secret. Regulating the onboarding of the first electronic device includes allowing the first electronic device to connect to the network based on a result of the comparison.

Abstract: A method of a local bundle assistant (LBA) negotiating a certificate with a secondary platform bundle manager (SPBM) in a wireless communication system including: transmitting a request message requesting information of certificates supported by a secondary secure platform (SSP) to a secondary platform bundle loader (SPBL) of the SSP; receiving the information of certificates supported by the SSP including information of certificate issuers corresponding to a family identifier from the SPBL; transmitting the information of certificates supported by the SSP to the SPBM; and receiving a certificate of the SPBM for key agreement, information of public key identifiers of certificate issuers to be used by the SSP, and information of the family identifier from the SPBM.

Abstract: Methods and apparatuses for retrieving blockchain data are disclosed. One method comprises: receiving a data retrieving request that comprises a target transaction identifier; identifying a transaction storage location that corresponds to the target transaction identifier as a target transaction storage location based on a pre-stored correspondence between transaction identifiers of transactions recorded on a blockchain associated with the blockchain network and transaction storage locations of the transactions; and retrieving data from the target transaction storage location in the blockchain.

Abstract: There is provided a method to playback content in a ROM having a ROM ID. The method includes copying the content from the ROM to a RAM having a RAM ID, copying the ROM ID to a memory accessible to a RAM controller, transmitting a license request from the RAM controller to a license server, the license request comprising a RAM controller ID, the ROM ID and a request for a content license to play back the content from the RAM; receiving the content license including a right for the playback of the content from the RAM, and a content key, decrypting the content license by the RAM controller, according to the RAM controller secret associated with the RAM controller ID, to recover and provide the content key to a playback module, decrypting the content using the content key to generate a decrypted content, and playing back the decrypted content.

Abstract: Using electronic devices (such as cellular telephones) that communicate wirelessly, two individuals can make person-to-person payments. In particular, an individual using an electronic device may identify another proximate electronic device of a counterparty in a financial transaction, and may provide an encrypted payment packet to the other electronic device that includes: a financial credential for a financial account of the individual, a payment amount, and a payment sign. When the other electronic device receives the encrypted payment applet, the counterparty may accept the payment in the financial transaction specified by the encrypted payment packet. Then, the other electronic device may provide the encrypted payment packet and another encrypted payment packet (with a financial credential for a financial account of the counterparty, the payment amount and the opposite payment sign) to a third party that completes the financial transaction.

Abstract: Embodiments of the present application provide a certificate management method and apparatus in an NFV architecture. The certificate management method includes: determining, by an MANO, a storage network element, where the storage network element is configured to store a certificate of a VNFC, and the storage network element is different from the VNFC; creating, by the MANO, storage space in the storage network element, where the storage space is used to store the certificate of the VNFC; and sending, by the MANO, an address of the storage space to the VNFC, so that the VNFC accesses the address of the storage space, obtains the certificate of the VNFC, and directly communicates with another network element by using the certificate stored in the storage network element. The VNFC does not locally store the certificate.

Abstract: The present disclosure provides a storage data encryption and decryption method, including: providing a true random number generator configured to generate a plurality of keys; providing a data memory configured to store data and a key memory configured to store keys, and writing the keys into the key memory; and providing a data reading and writing interface module configured to read and write data, and providing a data encryption and decryption module configured to read the keys and perform encryption and decryption operations. The data written by the data reading and writing interface module is encrypted by the data encryption and decryption module and written into the data memory. The data read from the data memory is decrypted by the data encryption and decryption module and read to the data reading and writing interface module.