Abstract: A method includes receiving input data that includes a plurality of input parts, wherein the input data corresponds to a data schema, wherein the data schema includes a plurality of schema parts, wherein each schema part specifies a set of one or more possible values, and wherein each input part satisfies a respective schema part. The method further includes generating an intermediate numeric value that represents the input data, generating, using a format-preserving encryption algorithm, an encrypted numeric value based on the intermediate numeric value, determining a number of possible values that satisfy the data schema, determining whether the encrypted numeric value satisfies a threshold criterion based on the number of possible values that satisfy the data schema, and responsive to determining that the encrypted numeric value satisfies the threshold criterion, generating, based on the encrypted numeric value, output data that conforms to the data schema.

Abstract: In a system that controls access to resources via tokens, a system includes an application that generates ephemeral authorization tokens from partner tokens, to increase confidentiality and security, in embodiments. Responsive to a request, received by an application provider, for a protected resource, a federated ID/authorization provider is caused to receive a request for access/ID tokens that the ID/authorization provider provides (in any of various ways) to the application. The application validates and stores the tokens, nests the access/ID tokens within an ephemeral token document having a unique ID and shortened expiration, encrypts the nested ephemeral token using at least resource-specific encryption and causes the encrypted nested token to be sent to the protected resource provider that decrypts and validates the ephemeral token, causes the Access/ID token(s) within the ephemeral token to be validated, and provides the protected resource for valid tokens.

Abstract: A client device receives media content from a server remote from the client device. During playback of the media content, the client device transmits, to a player proxy remote from the client device, a play position of the media content. The play position of the media content is used by the player proxy at the application server to continue providing the media content. The play position is transmitted repeatedly to the player proxy while playback of the media content continues. The client device transmits the media content for display at a display device that is coupled to the client device.

Abstract: The risk evaluation apparatus evaluates the risk of a machine learning model. The risk evaluation apparatus includes a recording unit, a loss function regression model acquirer, an attack noise addition unit, an error acquisition unit, and an evaluation unit. The recording unit records a set of predetermined loss functions and a set of pairs of data and labels predetermined. The loss function regression model acquirer determines a regression model of the loss function in the vicinity of data by nonparametric regression. The attack noise addition unit creates attack data that is an Adversarial Example using the regression model. The error acquisition unit determines the error between the output of the machine learning model when the data is input and the output of the machine learning model when the attack data is input. The evaluation unit evaluates the risk based on a set of errors.

Abstract: Embodiments relate to systems for generating identity records (e.g., authentication certificates) at a server for validating broadcast messages. The server may receive a request to generate an identity record, where the request may include a public key of a named entity device that is configured to broadcast messages. The server may generate the identity record using the private key of the server and transmit the generated certificate to a namespace server for storage. A policy consuming device configured to receive a broadcast message, which may be signed using the private key of the named entity device, subsequently accesses the namespace server for the identity record including the public key of the named entity device. The policy consuming device validates the authentication certificate using the server's public key and validates the broadcast message using the named entity device's public key.

Abstract: An information sending method, a key generation method, and an apparatus, where a core network element first determines whether a terminal device needs to perform a key activation procedure, and then sends a first message to an access network element, where the first message indicates whether the access network element needs to send, to the terminal device, a second message to trigger the terminal device to perform the key activation procedure. After receiving the first message, the access network element determines, based on the first message, whether the second message needs to be sent to the terminal device, and sends the second message to the terminal device when the second message needs to be sent to the terminal device.

Abstract: Methods and systems for consensus-based online authentication are provided. An encryption device may be authenticated based on an authentication cryptogram generated by the encryption device. The encryption device may transmit a request for security assessment to one or more support devices. The support devices may individually assess the encryption device, other security devices, and contextual information. The support devices may choose to participate in a multi-party computation with the encryption device based on the security assessments. Support devices that choose to participate may transmit one or more secret shares or partial computations to the encryption device. The encryption device may use the secret shares or partial computations to generate an authentication cryptogram. The authentication cryptogram may be transmitted to a decryption device, which may decrypt the authentication cryptogram, evaluate its contents, and authenticate the encryption device based on its contents.

Abstract: A machine data validation system can track and validate the integrity of machine data generated by machines. The system can generate hashes for the items and batch hashes that can be validated using an immutable data store, such one or more blockchains in a tiered blockchain structure. The system can store machine data and additional associated data in a first lightweight blockchain, and store grouped sets of the data in a second robust blockchain. The system can implement the tiered blockchain structure to efficiently store and reference the hashes to validate the machine data at different times or upon request from an end-user.

Abstract: Discussed is a mutual authentication protocol, and systems, methods and devices implementing the same. Such a protocol may be used, as a non-limiting example, by devices coupled by low throughput connections for speedy authentication to establish a secure communication session.

Abstract: The subject disclosure relates to methods for assessing cyber-security risks, and in particular for calculating a risk-index for multiple users of a computer network. In some implementations, a process of the disclosed technology includes steps for determining a privileged index for each of a plurality of network users, determining a vulnerability index for each of the plurality of network users, calculating a threat score for one or more cyber-security attacks directed at each of the plurality of network users, and calculating a risk-index for at least one network user from among the plurality of network users, wherein the risk-index is based on the privileged index, the vulnerability index, and the threat score associated with each of the network users. Systems and machine-readable media are also provided.

Abstract: A method of determining whether a received message at a communications device is from a legitimate second device may include building a message intended for a legitimate second device, generating a time delay using a secret key known to the device and the legitimate second device, sending the built message to the legitimate second device, starting a timer at the time of sending the built message, receiving a response to the sent message, determining a response time of the received response based on a time value of the timer, determining an acceptable receive window of time based on the generated time delay, determining whether the determined response time is within the determined acceptable receive window of time, and when the determined response time is within the determined acceptable receive window of time, recognizing the received response as a legitimate message from the legitimate second device.

Abstract: Provided is a method, performed by an electronic device, of safely and quickly transmitting a remote control command to a target device. The method includes: obtaining information related to encryption based on a mutual authentication process between the electronic device and the target device; providing, to a framework and from a digital key applet installed on a secure element of the electronic device, the information related to encryption; encrypting a remote control command by using the information related to encryption; and transmitting the encrypted remote control command to the target device.

Abstract: Public-key cryptography allows putting into practice concepts of digital signatures and public-key key exchange; methods used on a daily basis in digital systems. A method generates a protected secret value k? used as a first operand in a cryptographic group operation involving a base group element G of order n and including: generating random positive integers k1 and k2, that are strictly smaller than the order of the group element G due to a cryptographically secure random number generator, such that the generated random positive integers k1 and k2 do not share any divisor with the order n other than 1; generating the protected secret value k? based on the generating random positive integers such as k?=k1*k2, the protected secret value k? being used as a second operand in the group operation.

Abstract: A system and method for facilitating device and application authentication between an external device and an implanted medical device (IMD), wherein a therapy application executing on the external device is operative to communicate with the IMD via wireless telemetry communications. A device authentication parameter may be decomposed into two key components, wherein one component may be stored in a cloud key vault and the other component may be distributed to the external device as an obfuscated portion embedded in the therapy application. Upon receiving the therapy application, the external device is operative to separately retrieve both key components and reconstitute the original authentication parameter therefrom, which may be presented to the IMD for authentication.

Abstract: A method and a user apparatus for the protection of confidential data, wherein the apparatus includes an image sensor and a processor configured for: capturing a plurality of images by way of the image sensor, generating a sensor fingerprint on the basis of the plurality of images, encoding at least a portion of the sensor fingerprint using an algorithm of random projections in such a way as to generate a compressed fingerprint, encrypting and/or decrypting the confidential data using the compressed fingerprint as a key.

Abstract: Key management for encrypted data. A node, such as a storage device, obtains a shared key to be used in cryptographic operations. The obtaining includes using an identifier of another node, such as a host of the computing environment, and a unique identifier of the shared key to obtain the shared key. The obtained shared key is then used in one or more cryptographic operations.

Abstract: A system and method are provided for providing trusted links between applications. The method is executed by a registry server device.

Abstract: One embodiment provides a method, including: receiving, in an application on an information handling device, a password reset request from a user; accessing, subsequent to the receiving, a data store comprising a list of answers that are responsive to a list of security questions; constructing, using the data store, a temporary password, wherein the temporary password consists of at least one answer selected from the list of answers; and providing, to the user, a prompt containing an indication of the temporary password, wherein the prompt comprises at least one security question, from the list of security questions, that corresponds to the at least one answer. Other aspects are described and claimed.

Abstract: A device for authenticating an organisation requesting access to user data, comprising: network interface circuitry configured to communicate over a network, and processing circuitry configured to: receive, via the network interface circuitry, encrypted user data from an information processing apparatus; generate a unique identifier to associate with a decryption key used for decrypting the encrypted user data; provide the encrypted user data and the unique identifier to a publically available database for storage immutably therein or thereon; store the decryption key in association with the unique identifier; receive, via the network interface circuitry, a request to access the user data from an organisation; establish that the requesting organisation is an approved organisation; and in the event that the requesting organisation is an approved organisation; transmit, via the network interface circuitry, the decryption key to the requesting organisation.

Abstract: A system, apparatus, method, and machine readable medium are described for binding verifiable claims. For example, one embodiment of a system comprises: a client device; an authenticator of the client device to securely store authentication data including one or more verifiable claims received from one or more claim providers, each verifiable claim having attributes associated therewith; and claim/attribute processing logic to generate a first verifiable claim binding for a first verifiable claim issued by the claim provider; wherein the authenticator is to transmit a first signature assertion to a first relying party to authenticate with the first relying party, the first signature assertion including an attribute extension containing data associated with the first verifiable claim binding.