Abstract: This application provides a verification method, apparatus, and system that are used for network application access, and the method includes: performing, by a verification server, user identity verification on a terminal, where the user verification request includes first location information; generating, by the verification server, an encrypted token according to the first location information in the user verification request after determining that the terminal succeeds in the user identity verification; and sending, by the verification server, the encrypted token to a control device. It may be determined whether a terminal that performs content access is a terminal used by a user on which user verification is performed. Therefore, this can effectively avoid an application-layer-based network attack such as an MITM attack, and further effectively improve security of the network application access.

Abstract: An authentication device is used to create a secure connection between an Internet of Things (IoT) device and a service provider, so that the IoT device is not limited to only the services of one specific provider or the specific services of the provider of the IoT device. In addition, multiple IoT devices purchased from several different providers can all be connected to the same service provider.

Abstract: Optimizations are provided for completing a transaction event using authentication information. In particular, a presence of a transaction processing device is initially detected. Then, transaction information is received from the transaction processing device. The transaction information corresponds to a current transaction event. After receiving the information, a communication link is established with an on-body device. This device includes authentication information that is necessary to complete the current transaction event. The authentication information is then received from the on-body device. This information has a time-limited use availability. Finally, the received authentication information is used to complete the current transaction event.

Abstract: Disclosed are systems and methods for performing entry access over two or more networks. The two or more networks are leveraged to accelerate the entry access and provide redundancy. Performance over each of the two or more networks is tracked in order to allow a mobile device to exchange entry access messaging over the particular network providing fastest start-to-unlock time. The mobile device can alternatively exchange the entry access messaging simultaneously over the two or more networks to create a race condition whereby the fastest start-to-unlock time is obtained without monitoring network performance. Performing the entry access messaging exchange over the two or more networks also ensures reliability in the event a particular network is down or congested, an authorization device on a particular network is down or overloaded, a radio of a mobile device communicating over a particular network is disabled or slow performing.

Abstract: Access to documents by parties can be controlled as follows. First, access can be controlled in accordance with access counters associated with the parties, where the documents have one or more versions. Second, access can be controlled in accordance with access levels associated with the parties. The access level of each party is one of a first access level, a second access level, a third access level, or a fourth access level. The first, second, third, and fourth access levels are ordered from the first access level to the fourth access level such that the first access level provides a greatest degree of access to the documents and the fourth access level provides a least degree of access to the documents. Third, access can be controlled in accordance with placement of organizations within a hierarchy of organizations, where the parties are organized over the organizations.

Abstract: A series terminal for an automation system, having an insulating housing, which has an electrical contact on at least one side of the housing with which the series terminal can be connected with a data bus of an automation system. The series terminal comprises an integrated electronic processing unit which is connected to the at least one contact device and is designed for transmitting and/or receiving data via the data bus. In this case, the integrated electronic processing unit is set up to query a configuration of the automation system and, based on the configuration, to generate an individual cryptographic key for the automation system in conjunction with a secret cryptographic key stored in the series terminal.

Abstract: A method for authenticating a password may include receiving a first entered password and determining a difference value between the first entered password and a stored password. The difference value may result from comparing the first entered password to the stored password. The method may also include determining that the difference value does not meet an acceptability standard, denying access to a restricted element, and determining a new acceptability standard.

Abstract: Systems, methods, and devices for authenticating vehicle-to-vehicle communication are disclosed. A method includes receiving sensor data from a first vehicle and receiving secondary sensor data from a second vehicle. The method includes extracting, based on the sensor data and the secondary sensor data, an authentication comprising one or more of: a proximity of the second vehicle to the first vehicle or a common object identified by the sensor data and the secondary sensor data. The method includes determining whether the authentication satisfies a trust threshold of the first vehicle.

Abstract: A method and apparatus with an adaptively updated enrollment database (DB) are provided. A method with an adaptively updated enrollment database (DB) includes extracting an input feature vector from an input image, determining whether the input feature vector is included in a changeable enrollment range, with the changeable enrollment range being determined based on a threshold distance from each of plural enrolled feature vectors in the enrollment DB, and with the enrolled feature vectors corresponding to enrolled images, determining whether to enroll the input feature vector in the enrollment DB in response to the input feature vector being determined as being included in the changeable enrollment range, and in response to a result of the determining of whether to enroll the input feature vector being to enroll the input feature vector, selectively enrolling the input feature vector in the enrollment DB.

Abstract: Embodiments of the invention include techniques for implementing a network security framework for wireless aircraft communication, where the techniques include receiving a key index sequence over a first communication link, and transmitting a subset of the key index to one or more nodes. The techniques also include generating a random encryption key based at least in part on the subset of the key index sequence, encrypting data using the random encryption key, and transmitting the encrypted data over a second communication link.

Abstract: A disclosed managing apparatus and image forming apparatus management system ensure confidentiality of information in an image forming apparatus while usability is maintained. An image forming apparatus acquires IC card identifying information with an IC card reader. A management server acquires a user ID associated with the acquired IC card identifying information and use limit information concerning use of the image forming apparatus. A process is performed in the image forming apparatus in accordance with the use limit information.

Abstract: An electronic device may include a memory configured to store applications each associated with an initial identity provider (IDP) address for a remote single sign on (SSO) process. A controller may execute the applications, operate a local IDP server having a localhost IDP address associated therewith, and update the initial IDP address of the applications with the localhost IDP address. The local IDP server may, upon receipt of the request for IDP authentication from an application, determine whether an authentication token from a remote IDP server is stored in the memory, and when so, communicate the authentication token to the application, otherwise, obtain the authentication token from the remote IDP server, store the authentication token in the memory, and communicate the authentication token the given application for IDP authentication to permit the application to perform the remote SSO process.

Abstract: Disclosed embodiments relate to systems and methods for identifying computing processes on automation servers and authorizing computing processes to grant access to secure resources. Techniques include receiving an access request, obtaining process data, identifying a cryptographic key, generating a digital signature, sending the digital signature, and receiving authorization data from a security server. Further techniques include receiving process data, receiving a digital signature, accessing a cryptographic key, validating the signature with the key, verifying the process, and transmitting authorization data to an automation server to complete an authentication process.

Abstract: A system and method for authenticating an application that employs cryptographic keys and functions is provided with white box cryptography employed to secure the application, and to secure communications with the application. The white box includes a transformation of the application and the keys. A secure channel between the white box and a crypto token is used for communications. In some cases, the transformed keys can be employed in authenticating the white box to the crypto token. The presence of a valid crypto token can be periodically determined. In the presence of a valid crypto token, the white box can provide a verifiable message to a remote server. The remote server can verify the message and initiate a service.

Abstract: Systems for decoupling and updating pinned certificates on a user device are disclosed. A mobile application having a hardcoded pinned certificate may be installed on a user device. The pinned certificate may be decoupled from the mobile application and stored on the user device. In response to the mobile application attempting to establish a secure connection with a server, the system may check whether the decoupled pinned certificate is current by querying a certificate repository. In response to determining that the pinned certificate is out of date, the system may transmit the current certificate to the user device to update the decoupled pinned certificate.

Abstract: This disclosure relates to anonymous transactions based on ring signatures. In one aspect, a method includes receiving a remittance transaction. The remittance transaction is generated by a client device of a remitter by assembling unspent assets in an account corresponding to the remitter and masked assets in an account corresponding to a masked participant. Key images are obtained from a linkable spontaneous anonymous group (LSAG) signature of the remittance transaction. Values of the key-images are based on a private key, a public key, and unspent assets of the remitter. The LSAG signature is verified. The LSAG signature is generated by the client device of the remitter based on the private key and the public key of the remitter, and a second public key of the masked participant. The remittance transaction is executed when a transaction execution condition is met.

Abstract: Computer-implemented methods for privacy attribute based credentials include issuing a privacy-preserving attribute-based credential, which is signed with a private key and has a unique credential handle; updating an accumulator in a tamperproof log to incorporate the credential handle; and facilitating providing access to a service in response to a zero-knowledge proof that the accumulator contains the credential handle. The methods also include generating revocation conditions and initial revocation information; submitting the initial revocation information and the revocation conditions to the tamperproof log; revoking a credential by adding a credential handle of the credential to the initial revocation information; and submitting the updated revocation information to the tamperproof log. Further, the methods include writing to the tamperproof log an audit token that contains an encrypted credential handle, which is encrypted by an auditor's public key that is published on the tamperproof log.

Abstract: Disclosed are examples of searching for content associated with multiple applications. In various examples, a first application can obtain a search query and maintain a list of applications available to provide content. The first application can send a request to a second application identified in the list, the request including a key that indicates the first application is authorized to request the second application to search for content. The first application can obtain a search result from the second application based on the request and present the search result in a user interface in the first application.

Abstract: A technique for use by a first system of computers sharing a common IP address, the technique including the following operations: (i) transferring a first software bundle of files to a public repository (PR); (ii) requesting a current version of the first file list from the PR; (iii) receiving the current version of the first file list from the PR; (iv) generating a current version file list file (CVFLF) based on the current version of the first file list; and (v) storing the CVFLF at a first storage location from which the CVFLF can be downloaded.

Abstract: Technical solutions are described for securing data by a communication apparatus. An example computer-implemented method includes receiving, by an encryption engine, a request to apply cryptography to input data. The computer-implemented method also includes generating metadata for the input data, where the metadata identifies characteristics of content included in the input data. The method further includes applying a cryptographic technique to the input data to generate output data, and outputting the output data and metadata in response to the request.

Abstract: This application describes systems and methods for using a physical unclonable function (PUF) to authenticate a device, which may include circuitry for generating PUF values that may uniquely identify the device. According to one aspect, the device may provide enrollment PUF values to an authentication device. The device may later be authenticated if PUF values generated by the device are within a threshold distance of the enrollment PUF values. Since the PUF values are compared using a distance, it may not necessary to apply an error correcting code to the PUF values. The enrollment values and/or the calculated distance may be adjusted to compensate for time variations in the PUF values due to circuit aging. Systems and methods are also described herein for authenticating the device without revealing new PUF values to any second party, for example using a cryptographic technique known as a garbled circuit.

Abstract: In one embodiment, an apparatus includes: a bioimpedance sensor to generate bioimpedance information based on bioimpedance sample information from at least some of a plurality of electrodes to be adapted about a portion of a person; at least one biometric sensor to generate biometric information based on biometric sample information from at least some of the plurality of electrodes; at least one environmental sensor to generate environmental context data; and an integration circuit to receive the bioimpedance information, the biometric information and the environmental context data and to adjust the bioimpedance information based at least in part on a value of one or more of the biometric information and the environmental context data. Other embodiments are described and claimed.

Abstract: A disclosed managing apparatus and image forming apparatus management system ensure confidentiality of information in an image forming apparatus while usability is maintained. An image forming apparatus acquires IC card identifying information with an IC card reader. A management server acquires a user ID associated with the acquired IC card identifying information and use limit information concerning use of the image forming apparatus. A process is performed in the image forming apparatus in accordance with the use limit information.

Abstract: Device, system, and method of accessing electronic mail. For example, a computerized method includes: receiving an identifier of an email account, and a password; if the password matches a first reference password previously stored in association with said email account, then authorizing a substantially full access to said email account; if the password matches a second reference password previously stored in association with said email account, then authorizing a restricted access to said email account.

Abstract: A method and apparatus for data security incorporating device state. The method includes encrypting sensitive data written to an electronic device while the electronic device is in a locked state using a public key of an asymmetric master key pair. The method also includes, in response to detecting that the electronic device enters an unlocked state, converting asymmetric encryption of the sensitive data into symmetric encryption of the sensitive data using a symmetric master key. Encrypting of the sensitive data may include encrypting the sensitive data using a data encryption key (DEK) and encrypting the DEK using the public key. Converting of the asymmetric encryption of the sensitive data into the symmetric encryption may include decrypting the encrypted DEK using a private key of the asymmetric master key pair and re-encrypting the DEK using the symmetric master key without decrypting and re-encrypting the sensitive data.

Abstract: Various embodiments are directed to securely generating and managing passwords using a near-field communication (NFC) enabled contactless smart card. For example, a secure password may be generated by generating a random number via a random number generator of the contactless smart card and converting the random number to one or more human-readable characters. In another example, a secure cryptographic hash function of the contactless smart card may generate a hash output value, which may be converted to one or more human-readable characters. The human-readable characters may be used as the secure password or it may be transformed to add more layers of security and complexity.

Abstract: Provided are a client system authentication method, a client device, and an authentication server. The client system authentication method includes acquiring a shared key to be shared between a client system and an authentication server in cooperation with the authentication server, generating a virtual address of the client system using identification information of the client system and the shared key, transmitting registration request information including the virtual address to the authentication server, and receiving an authentication key for the client system from the authentication server.

Abstract: Disclosed is an electronic document, a body of which includes an inlay, a part of which forms a spotface of a cavity, and which includes a connection land formed on the part forming the spotface, and a module of which includes an electrical circuit that includes both a first subcircuit configured to electrically connect a port of a chip to the connection land and a second subcircuit configured to electrically connect the connection land to an external electrical contact land of a carrier of the module.

Abstract: A communication device may receive a specific signal from a first external device; after the specific signal has been received from the first external device, cause an output unit of the communication device to output specific information obtained by using a public key; after the specific information has been outputted, receive an authentication request in which the public key is used from the first external device; in a case where the authentication request is received from the first external device, send an authentication response to the first external device; after the authentication response has been sent to the first external device, receive connection information from the first external device; and in a case where the connection information is received from the first external device, establish, by using the connection information, a wireless connection between the communication device and a second external device.

Abstract: In accordance with one embodiment, an access control system is disclosed. The access control system comprises an access control panel including a touchable surface, a multi-dimensional touch sensor under the touchable surface, and a processor coupled to the multi-dimensional touch sensor. The multi-dimensional touch sensor captures a multi-dimensional motion signal including a micro-motion signal component representing neuro-mechanical micro-motions of a user touching the multi-dimensional touch sensor. The processor performs signal processing of the multi-dimensional motion signal to obtain the micro-motion signal component; and extracts unique values of predetermined features from the micro-motion signal component to form a neuro-fingerprint (NFP) that uniquely identifies the user. The NFP can be used as a gatekeeper to control entry into homes, offices, buildings, or other real properly typically protected by access control.

Abstract: A method of operating a security token to authenticate a user in a multi-factor authentication system is disclosed. The method includes: monitoring user custody of the token, the token having an identifying characteristic representing a possession factor for use through possession factor authentication; during a period of continuous user custody of the token based on the monitoring, obtaining a knowledge factor from a user having the continuous user custody; caching the knowledge factor in a memory of the token; and in response to a second authentication request, retrieving the knowledge factor from the memory to demonstrate to an authentication system knowledge of the knowledge factor, during the period of continuous user custody.

Abstract: A scalable configurable universal full spectrum cyberspace identity verification test for determining whether or not one specific tested person if the same person as one specific known person.

Abstract: One example method of operation may include receiving a request, from an entity, for one or more tokens based on one or more attributes, encrypting and masking the one or more attributes, adding the encrypted and masked one or more attributes to the one or more tokens, and transmitting the one or more tokens to the entity.

Abstract: An information processing apparatus includes: a non-volatile memory; and a hardware processor that controls the non-volatile memory, wherein the hardware processor determines whether communication speed of a communication path to the non-volatile memory is equal to or less than a threshold value and encrypts the data transmitted to the non-volatile memory when the communication speed is determined to be equal to or less than the threshold value.

Abstract: The present invention relates to a method for distributing digital keys. The method includes the steps of a first database storing a plurality of keys relating to a plurality of products; for each product, transferring keys from the first database to a corresponding cache in a second database; in response to a request for a key for a product, retrieving and distributing a key from the corresponding cache; and refreshing the corresponding cache by transferring further keys from the first database to the corresponding cache. A system for distributing digital keys is also disclosed.

Abstract: Described herein is a system and universal access control device that may be installed in proximity to, or within, an access control system to enable a user to use a user device to gain access to a secure area or resource. In some embodiments, a user may submit a request for access to a remote server and may be provided with an access token. The user may relay the received access token to the universal access device via a wireless transmission means on his or her user device. The universal access device may verify the authenticity of the access token by relaying the access token information to the remote server. Once the access token has been authenticated, the universal access control device may retrieve a credential stored in memory and provide that credential to the access control system to enable the user to gain entry to a secure area.

Abstract: Techniques for automatically generating an integrity check hash value for a content asset served by a third-party server when the content asset is added to a template in a user interface. The techniques include displaying, by the user interface, a visual layout of web content, the UI configured to receive modifications to a component of the web content. The component comprising a template for generating hypertext markup language (HTML) embodying the component. The techniques further include receiving a modification to the component of the web content, wherein the modification includes instructions to include a content asset in the component of the web content and detecting that the content asset is hosted on a third-party server. Additionally, the techniques include generating HTML for the web content, the HTML including an integrity hash value for the content asset based on the template.

Abstract: A system, method and one or more wireless earpieces for authenticating functionality of one or more wireless earpieces. A request that requires authentication is received through the one or more wireless earpieces. Biometric readings are performed for a user utilizing sensors of the one or more wireless earpieces. The biometric readings are analyzed to determine whether the user is authorized for the one or more wireless earpieces to fulfill the request. The request is authenticated in response to determining the biometric readings performed by the one or more wireless earpieces authorize fulfillment of the request.

Abstract: A portable electronic device, a wearable device and methods for operating the same are provided. The portable electronic device includes a display; a communication interface configured to communicate with a wearable device using wireless short-range communication; a processor; and a memory storing instructions, which when executed by the processor, cause the portable electronic device to establish, via the communication interface, a connection between the portable electronic device and the wearable device, identify a security status of the connected wearable device, limit access to at least one predefined setting item among a plurality of setting items and control the display to display an indication of the identified security status if the identified security status corresponds to a lock status, wherein the at least one predefined setting item relates to a passcode, and allow access to the at least one predefined setting item if the identified security status corresponds to an unlock status.

Abstract: An agent inserts one or more hooks into a sub-execution runtime environment that is configured to include a script and/or targeted to include the script. The agent including the one or more hooks monitors a behavior of the sub-execution runtime environment and/or the script. The agent subsequently obtains context information regarding the sub-execution runtime environment and/or the script so that it can control the runtime of at least the sub-execution runtime environment. Related systems, methods, and articles of manufacture are also disclosed.

Abstract: Systems and techniques are provided for restricted accounts on a mobile platform. A request to create a restricted account may be received. The restricted account may be a user account with a restriction. Credentials for the restricted account may be received. A restriction for the restricted account may be received. The restriction may include an access restriction or a lifetime restriction. An access restriction may prevent an application from accessing the restricted account and a lifetime restriction may limit the lifetime of the restricted account. The restricted account may be stored with the credentials and the restriction. A request may be received for a list of user accounts from an application. The restricted account may be determined to include an access restriction that prevents the application from accessing the restricted account. The list of user accounts may be sent to the application and without an identifier for the restricted account.

Abstract: A method providing use of an application may include providing a session for a user of the application, wherein the session is provided based on a credential for the user. While providing the session, image data for the session may be obtained, and responsive to the image data for the session, authentication may be performed based on a determination whether the image data for the session includes a facial image that matches the user credential. Responsive to success of the authentication based on the image data for the session, the session for the user of the application may continue to be provided. Related devices and computer program products are also discussed.

Abstract: An embedded modem for an unattended host device that provides improved cellular communications capabilities to the unattended host device. The embedded modem detects the occurrence of a signal effectiveness event reflective of the reliability of a cellular communication session, and upon detecting the occurrence of a signal effectiveness event, issues commands to improve the reliability of the cellular communications. The signal effectiveness event data can be communicated by the embedded modem on channel that is different from a channel provided for the host device to communicate its own data with an associated remote computer system.

Abstract: Example implementations relate to configuration based operation modes. In some examples, a mobile computing device may include an integrated physical keyboard and an integrated display. The mobile computing device may include a memory resource comprising executable instructions to determine a configuration of the mobile computing device. The mobile computing device may include a memory resource comprising executable instructions to disable the integrated display and enable an operation mode permitting utilization of the physical keyboard with a non-integrated display based on the configuration.

Abstract: Trusted, privacy-protected systems and method are disclosed for processing, handling, and performing tests on human genomic and other information. According to some embodiments, a system is disclosed that is a cloud-based system for the trusted storage and analysis of genetic and other information. Some embodiments of the system may include or support some or all of authenticated and certified data sources; authenticated and certified diagnostic tests; and policy-based access to data.

Abstract: A key fob includes: communicator(s), a battery, memory, and processor(s) configured to: find signal strengths of received polls; determine, based on the signal strengths, that the received polls have: (a) increased, (b) decreased, (c) leveled off; and if (a), issue a poll response; if (c), not issue the poll response.

Abstract: A method for optimizing and preventing failure of Sender Policy Framework (SPF) lookups by dynamically generating and returning flattened SPF records, recorded on computer-readable medium and capable of execution by a computer, the method comprising the steps of: requesting a regular SPF Record; receiving a SPF Record that includes an entry that points to a Proxy Server; the SPF Proxy server looking up a canonical SPF record optionally containing many included domains; and the SPF Proxy server flattening the canonical record into IP addresses and optionally sub records depending on the length of the flattened response.

Abstract: A technique for secure network storage includes generating, by a trusted execution environment in a first device, an encryption key and a certificate for a document, wherein the certificate comprises expiry information for the document and the encryption key, encrypting, by a general execution environment in the first device, the document with the encryption key, transmitting the encryption key to a remote key manager, and transmitting the document to a remote network storage device, wherein a second device is allowed to decrypt the document based on the expiry information.

Abstract: Continuous sensitive content authentication is described. In one example, a request to open content, such as a photograph, spreadsheet, or text-based document, among other types of content, is received. Based on a sensitivity level or access profile rule associated with the content, an individual can be prompted to perform an authentication procedure before the content is displayed. The content can be displayed in response to a verification using the authentication procedure or removed (or not displayed) in response to a rejection using the authentication procedure. Additionally, the authentication procedure can be continuously polled to confirm the verification while the content is displayed. While the content is being displayed, the content can be removed from display at any time if the authentication procedure no longer produces the verification result. In some cases, the content can also be deleted after a rejection is detected using the authentication procedure.

Abstract: In accordance with an embodiment, described herein is a system and method for use with a digital media content environment, such as a music streaming service, for providing real-time media consumption data. As users interact with the digital media content environment using media devices, usage data that describes the characteristics of media content being streamed for playing by the media devices, is collected by a counter processor, and associated with buckets indicative of periods of time within a plurality of time windows. The usage data associated with each time window can be processed, for example to generate real-time rankings, or other type of media consumption data, for use by a reporting server. The real-time media consumption data which is reported can be used, for example, by artists, managers, media content publishers, or other type of content providers, to evaluate fast-changing media consumption trends.