Abstract: This application relates to an identity verification method performed at a computer device and a computer-readable storage medium.

Abstract: Authentication tokens, systems, and methods are described. An illustrative method is disclosed to include receiving an electronic file including a digital image, receiving biometric information that is associated with a person, modifying the electronic file with the biometric information such that one or more pixels in the digital image are replaced with the biometric information, and storing the modified electronic file as a digital authentication token to be used in connection with authorized publications of original digital work.

Abstract: The invention relates to securing of an article against forgery and falsifying of its associated data, and particularly of data relating to its belonging to a specific batch of articles, while allowing offline or online checking of the authenticity of a secured article and conformity of its associated data with respect to that of a genuine article.

Abstract: Techniques are described herein that are capable of dynamically failing over authentication traffic to a backup authentication system by a proxy system. An authentication request, which requests authentication of a principal, is received at the proxy system. The authentication request is directed to a primary authentication system. A determination is made, by the proxy system, that the primary authentication system is incapable of providing a valid response to the authentication request. The backup authentication system is caused, by the proxy system, to authenticate the principal using an authentication package received from the primary authentication system by dynamically routing the authentication request to the backup authentication system as a result of the primary authentication system being incapable of providing a valid response to the authentication request.

Abstract: Methods, apparatuses, and systems for intention based search techniques are described herein. An example method comprises receiving data indicative of an intent of a user to perform an action via at least one application, the data comprising a description of the action that is input via a client device application on a client device, identifying, by the computing device, the at least one application based on a comparison of the description of the action and one or more records, the one or more records being indicative of prior intents of one or more users to perform actions and indicative of at least one selection by the one or more users to perform the actions with a selected application, and providing, by the computing device, output to the client device to enable performance of the action via the at least one application.

Abstract: A system and method provides access to one or more web services requested from a web site by using an app on a smart device, such as a smart phone or tablet, or the smart device itself.

Abstract: Described herein are systems, methods, and software to manage the deployment and use of application identifier tokens in a distributed firewall environment. In one implementation, a computing environment generates tokens associated with application types executing on virtual nodes in the computing environment. After generating the tokens, the computing environment provides at least one token of the tokens to each of the virtual nodes based on at least one application type executing on the virtual node. When a communication is identified in the virtual node associated with an application, the virtual node may encapsulate the communication and a corresponding token in a packet and forward the packet via a virtual network interface associated with the virtual node.

Abstract: Embodiments include apparatuses, methods, and systems including one or more servers and one or more storage devices, coupled with each other, to provide virtual storage service to store a file and meta data of the file for a client computing device. The file and the meta data of the file may be encrypted by the client computing device before providing to the virtual storage service. The file may be encrypted with a secret key of the client computing device, and the meta data of the file may be encrypted with a shared session key between the client computing device and the virtual storage service. The encrypted file may be stored in the one or more storage devices, and the encrypted meta data of the file may be stored in one or more secured areas of the one or more servers. Other embodiments may also be described and claimed.

Abstract: Some implementations may provide a machine-assisted method for determining trustworthiness of a requested transaction, the method including: receiving, from a relying party, a request to determine a trustworthiness of a particular transaction request, the transaction request initially submitted by a user to access data managed by the relying party; based on the transaction request, summarizing the particular transaction request into transactional characteristics, the transactional characteristics devoid of source assets of the transaction, the source assets including credential information of the user, the credential information of the relying party, or information content of the requested transaction; generating first machine readable data encoding transactional characteristics of the underlying transaction as requested, the transactional characteristics unique to the particular transaction request; submitting a first inquiry at a first engine to determine an access eligibility of the user submitting the tra

Abstract: A decentralized property system and method allow ownership rights to be transferred directly from one party to another without requiring a central authority to operate or secure the system. Digital signatures provide a method to issue and transfer titles (“bitmarks”) within the system. Using a blockchain algorithm, distributed consensus on asset ownership can be achieved.

Abstract: A method for cryptographic processing includes: storing an initial value as the current value; implementing a predetermined number of first steps, including one involving obtaining second data by applying a first cryptographic algorithm to first data, the others each involving the application of the first cryptographic algorithm to the current value and the storage of the result as the new current value; implementation of the predetermined number of second steps, including one involving the obtaining of fourth data by applying, to third data, a second cryptographic algorithm that is the inverse of the first cryptographic algorithm, the others each involving the application of the second cryptographic algorithm to the current value and the storage of the result as the new current value; and verification of the equality of the first data and the fourth data, and of the equality of the current value and the initial value.

Abstract: A cryptographic module is switchable between a key-input mode and a data-input mode. In the key-input mode, the cryptographic module receives key data, key length information and first input data, combines an amount of the key data corresponding to the key length information with the first input data to produce combined data, wherein a key-influenced length of the combined data is the shortest length of the combined data that contains every data bit of the combined data whose value depends on the key data. It performs a cryptographic operation on the combined data to generate first output data and does not output any of the first output data until after the cryptographic operation has been applied to all of the key-influenced length of the combined data.

Abstract: There is disclosed in one example an enrollment over secure transport (EST)-capable gateway device, including: a hardware platform including a processor and a memory; a first network interface to communicatively couple to an external network, including an external DNS server; a second network interface to communicatively couple to a home network; a caching DNS server including a local DNS cache, and logic to provide DNS services to the home network; and an EST proxy to authenticate to a local endpoint on the home network, provision a DNS server certificate on the local endpoint, provision an authentication domain name (ADN) on the local endpoint, and provide encrypted domain name system (DNS) services to the local endpoint.

Abstract: An encoder including a computer readable storage medium storing program instructions, and a processor executing the program instructions, the processor configured to construct an encoded message using a message and a random element, construct a hash using a shared secret, and transmit the encoded message and the hash to a destination, through a network.

Abstract: A memory device comprises a memory array including memory cells, a communication interface to a host device, and a memory control unit operatively coupled to the memory array and the communication interface. The memory control unit is configured to generate a scrambler seed and a logical block address (LBA) for a block of write data received via the communication interface, scramble the block of data using the scrambler seed, encrypt the scrambler seed and the LBA using an encryption key, initiate writing a scrambled block of data and encrypted LBA and scrambler seed to the memory array, and change the encryption key in response to an erase command received via the communication interface.

Abstract: A blockchain management apparatus includes a block receiving part that receives a block including a block header that includes a hash value for reference information selected from a predetermined range in a ledger based on a predetermined rule established between blockchain management apparatuses; a block verification part that selects the reference information from the predetermined range in the ledger based on the predetermined rule and determines whether or not the hash value for the reference information included in the block has been generated based on the reference information, to verify that the block has been correctly generated; a consensus formation part that, if the block verification part verifies that the block has been correctly generated, forms a consensus with other blockchain management apparatuses to write the block to the ledger; and a ledger storage part that stores the block for which the consensus has been formed.

Abstract: A system for monitoring actual access to data elements in an enterprise computer network and providing associated data, the system including an at least near real time data element audit subsystem providing audit output data including at least one of a time stamp, identification of an accessor, user depository stored data regarding the accessor, accessed data element data, affected data element data, type of access operation, source IP address of access and access outcome data, in at least near real time, relating to actual access to data elements in the enterprise computer network, and an additional data providing subsystem receiving in at least near real time at least a part of the audit output data and utilizing the at least part of the audit output data for providing additional data which is not part of the audit output data.

Abstract: Methods are provided for producing an authenticated packaged product. A digital signature, dependent on unique message data for the product, is generated via a digital signature scheme using a secret signing key. The message data is provided on at least one of the product and packaging. The digital signature is provided on the other of the product and packaging, and the product is packed in the packaging. The digital signature can be generated via a fuzzy-message digital signature scheme having a verification algorithm for verifying the digital signature in relation to fuzzy data within a predetermined difference measure of the message data. Methods and systems for authenticating such packaged products are also provided.

Abstract: An approach is provided that uses multiple hashing algorithms to verify a password. The approach receives a password that corresponds to a user identifier. A set of hashing algorithms are retrieved with the retrieved set based on the received user identifier so that different user identifiers utilize different sets of hashing algorithms. Hashing the password using each of the hashing algorithms included in the set of algorithms with the hashing resulting in a hash result. An expected hash result that corresponds to the user identifier is retrieved and the approach then verifies the received password by comparing the hash result to the first expected hash result.

Abstract: Embodiments of the present disclosure provide method, system and computer program product for privacy preserving smart metering. According to one embodiment of the present disclosure, a plurality of customer-encrypted meter readings are received, each of the plurality of customer-encrypted meter readings being encrypted by a customer using a customer key, then a summation of customer keys is obtained, next the plurality of customer-encrypted meter readings are summed, and the summation of the plurality of customer-encrypted meter readings is decrypted based on the obtained summation of customer keys.

Abstract: Embodiments include method, systems and computer program products for validating an event record. The method includes securing, by a processor, a log of one or more events being performed a computer by adding tamper detection to the log. Securing includes generating, by the processor, a first event record in response to an event being performed by the computer and generating, by the processor, a second event record in response to the first event record being generated. The second event record includes a first signature and a second signature corresponding to the first event record. The processor, in response to a request to detect tampering of the first event record, validates the first event record based on the first signature and the second signature in the second event record.

Abstract: Disclosed are aspects of an untrusted decentralized computing platform that includes an untrusted decentralized database which participant computing systems within the platform reach consensus on an accepted representation thereof. Some aspects of the databased include one or more directed acyclic graphs, which may include cryptographic hash pointers. Some aspects include an untrusted decentralized database architecture that includes two constituent chains. Some aspects of a consensus layer of the untrusted decentralized computing platform alternate a proof of space with a verifiable delay function to reduce compute resource waste relative to systems reliant on compute sources for proofs of work. In some aspects of a consensus layer alternating the proof-of-space and the proof-of-time, a single difficulty factors may be determined by multiplying their difficulty factors together to generate a single variable which accounts for difficulty for both proofs.

Abstract: Systems and methods are provided for authenticating image files when network connections should not or cannot be used to transfer image files. A user device application may capture an image at a user device, generate an image file, and generate a hash file based on the image file. Instead of sending the image file to an authentication server for authentication, the application may send the hash file. If desired, the application may transfer the image file when a desirable network connection is available. Any alteration to the image file in the meantime will result in a different hash file for the altered image file, thus allowing detection of altered image files. This approach offers decreases the amount of data that is required to be transmitted in low or undesirable signal conditions, while maintaining an ability to detect alterations to image files that may have been made in the meantime.

Abstract: A system and method provides access to one or more web services requested from a web site by using an app on a smart device, such as a smart phone or tablet, or the smart device itself.

Abstract: Clients within a computing environment may establish a secure communication session. Sometimes, a client may trust another client to read, but not modify, a message. Clients may utilize a cryptography service to generate a message protected against improper modification. Clients may utilize a cryptography service to verify whether a protected message has been improperly modified.

Abstract: According to an aspect of an embodiment, operations may include obtaining a basis “A” that defines a lattice in an m-dimensional space. The operations may further include obtaining a target vector “y” that defines a particular location in the m-dimensional space. In addition, the operations may include generating an Ising model connection weight matrix “W” by multiplying a transposition of “A” (“AT”) by “A”. Moreover, the operations may include generating an Ising model bias vector “b” by multiplying a transposition of “y” (“yT”) by “A”. The operations may further include providing “W” and “b” to an annealing system configured to solve problems written according to the Ising model. Additionally, the operations may include obtaining an output from the annealing system that represents an output vector “x” of a particular point included in the lattice that is the closest point in the lattice to the particular location defined by “y”.

Abstract: Methods and apparatus to validate and restore machine configurations are disclosed herein. An example apparatus includes a context identifier to obtain first context information for a first set of configuration update events occurring on a computing device, a guest agent interface to transmit the first set of configuration update events to a security manager for generation of a policy, the policy including allowable configuration update events and responses to unallowable configuration update events, an event comparator to compare second context information of a subsequent configuration update event obtained by the context identifier to the policy received from the security manager, and an event handler to determine, when the subsequent configuration update event is not included in the policy, that the subsequent configuration update event is to be transmitted to the security manager for generation of an updated policy.

Abstract: Embodiments of this application disclose a resource scheduling method, an access network device, and user equipment, to reduce a quantity of times of applying for an uplink resource by using a random access process, reduce additional signaling overheads brought to the user equipment, and reduce power consumption of the user equipment. The method part in the embodiments of this application includes: determining, by an access network device, a target time interval in which user equipment monitors a downlink control channel; and sending, by the access network device, uplink resource scheduling information to the user equipment by using the downlink control channel in the target time interval.

Abstract: A first electronic network node (110) is provided configured for goo a key exchange (KEX) protocol, the first network node is configured to—obtain a shared matrix (A) shared with a second network node, entries in the shared matrix A being selected modulo a first modulus q, generate a private key matrix (SI), entries in the private key matrix being bounded in absolute value by a bound (s) generate a public key matrix (PI) by computing a matrix product between the shared matrix (A) and the private key matrix (SI) modulo the first modulus (q) and scaling the entries in the matrix product down to a second modulus (p).

Abstract: Implementations of the specification include receiving transaction data associated with the transaction, the transaction data comprising: data representative of a plurality of assets, a first commitment hiding a first random number and a transaction amount of the transaction, a second commitment that hides a second random number and a change, the transaction amount and a third random number both encrypted by a public key of the second node, the change and a fourth random number both encrypted by a public key of the first node, and a zero-knowledge proof (ZKP); determining, based on the ZKP, whether the transaction is valid based on determining if the first random number is equal to the third random number, the second random number is equal to the fourth random number, and the transaction amount hidden in the first commitment is equal to the transaction amount encrypted by the public key of the second node.

Abstract: In a threat management platform, a number of endpoints log events in an event data recorder. A local agent filters this data and feeds a filtered data stream to a central threat management facility. The central threat management facility can locally or globally tune filtering by local agents based on the current data stream, and can query local event data recorders for additional information where necessary or helpful in threat detection or forensic analysis. The central threat management facility also stores and deploys a number of security tools such as a web-based user interface supported by machine learning models to identify potential threats requiring human intervention and other models to provide human-readable context for evaluating potential threats.

Abstract: Technique for creating a strong authentication for a user using a portable electronic device held by the user. A central server requests an external authentication service provider, which provides a first set of user information, to authenticate the user. The user captures a still or moving image of a valid physical piece of user identification and the central server performs optical character recognition on the image, thereby obtaining a second set of user information. The central server compares the first and second sets of user information. In case the first and second sets of user information match, the portable electronic device is associated with the user and a piece of user-specific authentication information.

Abstract: Systems and methods for dynamic supply chain product tracking are provided. The method may include embedding IoT devices across a multi-stage supply chain. The method may include computing, via the IoT devices, a value impact of each stage of the multi-stage supply chain process. The method may also include transmitting, via the IoT devices, each value impact of a stage to blockchain database host systems. The method may also include constructing, via each of the blockchain database host systems, a new linked data block for each value impact of a stage. The method may also include computing a real value of the end product based on the linked data blocks in the blockchain database host systems.

Abstract: A system includes one or more processors to receive a registration request, the registration request comprising a representation of a username and a password, verify the username and the password and transmit a one-time-use password, receive the one-time-use password and first device identifier information from a mobile computing device, receive an access request from the mobile computing device comprising the representation of the username and the password, second device identifier information, and application key information, verify the username, the password, the second device identifier information, and the application key information, and transmit a token to the mobile computing device, and receive a resource request from the mobile computing device comprising the token and third device identifier information.

Abstract: Cameras for use in a video surveillance system that is controlled by a video management system (VMS) may have a variety of operating characteristics and capabilities. For a VMS to communicate effectively with each camera, a file must be created for use by the VMS to that specifies how to connect with and operate the camera according to the camera's available and functioning capabilities. The verification of the camera's available/functioning capabilities and the creation of the file is a resource-consuming process known as certification. Disclosed herein are systems and methods that automate the certification process to make certifying cameras more efficient and cost effective.

Abstract: An authentication system includes first and second terminals, and an authentication subsystem. The authentication subsystem: generates a first token based on reception of a code image authentication start request, generates and stores a code image key in association with the first token, generates and stores a code image including the code image key at a URL of the storage unit, transmits the first token and the URL to the first terminal, registers the received first token as a key in an information transmitting and receiving unit, checks whether a received ID of the second terminal is a unique ID, when the received unique ID of the second terminal is the unique ID, checks whether the received code image key is stored in the storage unit, and transmits a first response code to the information transmitting and receiving unit using, as a key.

Abstract: Systems and methods for authenticating a biometric device using a trusted coordinating smart device in accordance with embodiments of the invention are disclosed.

Abstract: A system and method provides access to one or more web services requested from a web site by using an app on a smart device, such as a smart phone or tablet, or the smart device itself.

Abstract: A method and a network system for communicating confidential measured data between a plurality of decentralized, measured data-generating producers and a consumer in an automation network is provided. The following is carried out on the part of the producers: measuring or providing measured data from a plurality of sensors and classifying the measured data into security levels; checking a reliability of consumer-generated processing instructions depending on the respective classified security level; and in the case of a positive check, processing the measured data on the basis of the processing instructions, proven to be reliable, to generate an analysis result data set; and transmitting the analysis result data set to the consumer.

Abstract: A server has a communication interface, a database, a biometric authentication means, a password specifying means, and a password transmission means. The database stores information in which, for each registrant, biometric information, identification information of an application and a password are associated with one another. The biometric authentication means is configured to, upon receiving biometric information and identification information of an application from an external processing apparatus, execute biometric authentication by using the received biometric information and biometric information of a registrant registered in the database. If biometric authentication is successful, the password specifying means refers to the database and specifies a password corresponding to the identification information of a successfully authenticated registrant. The password transmission means transmits the specified password to the external processing apparatus via the communication interface.

Abstract: A cloud data encryption and security system includes a central computing authority and a network of computing devices. At least some of the computing devices are pod computing devices physically hosted by an operator. The pod computing devices include a central processing unit and a computer readable storage media in data communication with the central processing unit. Data is encrypted in the computer readable storage media so that the owner can access the data but the operator cannot access the data.

Abstract: Documents or other files opened on a remote desktop are mirrored onto a mobile client device that allows a user to seamlessly work on such documents or files in either a stationary or mobile fashion. The mirrored files may be presented to the user on the mobile client device with the capacity for the user to sign his or her name—or otherwise mark—the mirrored document on the client device. Once signed, various techniques are executed that cause the signed version of the mirrored files to be communicated back to the remote desktop where the signed files are saved. Such techniques may operate transparent to a user, eliminating the need for the user to constantly have to save and transport signed files between multiple devices when working on the go.

Abstract: A system, method, and computer readable storage medium for accessing a data file shared by all computing nodes participating in a system based on a blockchain protocol. The data file includes transactions and blocks. The transactions are data to be stored in the blockchain and the blocks are records that confirm when and in what sequence certain transaction became journaled as part of the blockchain. A request is received to include a plurality of transactions each with additional data as a new block on the blockchain. Criteria that includes a settable period of time or a settable number of transactions received is used to determine how many transactions go into a new block. A directed acyclic graph (DAG) is accessed that is constructed based on inter-dependencies among the transactions. The transactions for the new block are divided into a set of two or more independent tasks that can be executed in parallel based on the DAG. The independent tasks that can be managed independently are executed.

Abstract: A system and method is provided for implementing platform security on a consumer electronic device having an open development platform. The device is of the type which includes an abstraction layer operable between device hardware and application software. A secured software agent is provided for embedding within the abstraction layer forming the operating system. The secured software agent is configured to limit access to the abstraction layer by either blocking loadable kernel modules from loading, blocking writing to the system call table or blocking requests to attach debug utilities to certified applications or kernel components.

Abstract: Systems and methods for obtaining and analyzing biological data are described. In some embodiments, a local user system may perform steps such as receiving a first message including an indication of a stimulus to be applied, applying the stimulus, detecting a biological response to the stimulus, generating first data including an indication of the detected biological response, and transmitting a second message comprising the first data.

Abstract: A system and method provides access to one or more web services requested from a web site by using an app on a smart device, such as a smart phone or tablet, or the smart device itself.

Abstract: Systems and methods for authenticating a biometric device using a trusted coordinating smart device in accordance with embodiments of the invention are disclosed.

Abstract: One or more DNS services are provided that are configured to not only tolerate some commonly observed DNSSEC misconfigurations (while still providing DNSSEC's security guarantees), but also provide a more intelligent DNS resolution process informed by DNSSEC.

Abstract: Disclosed herein are systems and methods for generating a signature on a card. The computer may present a user interface on a touch device having a bounding box that is specified by a width and height representative of a space on the card. The computer may receive signature data generated by an input stroke on the touch device. The computer may determine from the signature data coordinates of a signature represented by the input stroke. The computer may generate a set of points representing a curvature of the input stroke. The computer may scale the set of points such that the coordinates are maximized within the space. The computer may convert the scaled set of points from a vector format to a raster format. The raster formatted scaled set of points in the space may be imprinted on the card.

Abstract: Systems and methods for securing or encrypting data or other information arising from a user's interaction with software and/or hardware, resulting in transformation of original data into ciphertext. Generally, the ciphertext is generated using context-based keys that depend on the environment in which the original data originated and/or was accessed. The ciphertext can be stored in a user's storage device or in an enterprise database (e.g., at-rest encryption) or shared with other users (e.g., cryptographic communication). The system generally allows for secure federation across organizations, including mechanisms to ensure that the system itself and any other actor with pervasive access to the network cannot compromise the confidentially of the protected data.