Abstract: A first apparatus may generate a set of Near Field Communication (NFC) Forum Data Exchange Format (NDEF) records, and each NDEF record of the set of NDEF records may include an NDEF record header and an NDEF record payload. The first apparatus may apply an authentication-encryption function to each NDEF record of the set of NDEF records based on the NDEF record header of each NDEF record, the NDEF record payload of each NDEF record, and a value associated with each NDEF record to obtain a set of authentication-encrypted NDEF record payloads respectively corresponding to the set of NDEF records. Each authentication-encrypted NDEF record payload may include an encrypted NDEF record payload and an authentication tag associated with a corresponding NDEF record. The first apparatus may transmit a protected NDEF message including the set of authentication-encrypted NDEF records to a second device.
Abstract: An approach is provided for embedding information into probe data. The approach involves retrieving a probe data set comprising a plurality of probe data points collected from a probe device. The approach also involves determining the information to embed, wherein the information is a bit string of a specified length. The approach further involves iteratively selecting at least one bit of the bit string to embed into at least one probe data point of the plurality of probe data points to generate an embedded probe data set until at least a predetermined portion of the bit string is embedded. The approach further involves providing the embedded probe data set as an output.
Abstract: A time-dependent blockchain based self-verification user authentication method of the present disclosure includes, a reservation registration step for registering reservation time which is obtained by adding a set time to an input time, and an authentication subject to a blockchain which is distributed and stored in a plurality of nodes; a reservation notification step for notifying a notification group, which is associated with the authentication subject, of a reservation registered in the reservation registration step; a verification step for verifying authentication request time and the reservation time, which has been registered to the blockchain, when there is an authentication request with respect to the authentication subject; and a step for granting authentication when the authentication request time is within a valid range of the reservation time in the verification step.
Abstract: Embodiments of the present invention disclose a method, a computer program product, and a computer system for providing a secure device relay between a data collection device and a server using a smart device. The present invention comprises transmitting to a server a unique identifier corresponding to a data collection device and a digital signature corresponding to a smart device. In addition, the present invention provides for receiving from the server a key pair and an exchange configuration defining access control to data stored on the data collection device. Moreover, the present invention includes transmitting to the data collection device a public key of the received key pair and the exchange configuration.
Type:
Grant
Filed:
March 8, 2019
Date of Patent:
June 14, 2022
Assignee:
International Business Machines Corporation
Inventors:
Corville O. Allen, Kim Eric Wegner, Michele Chilanti
Abstract: System comprising an authorisation server; a client device communicably coupled to the authorisation server and configured to execute an application program; and a remote server communicably coupled to the client device for providing an application feature to the application program. The application program is configured to, in response to receiving a user request to use an application feature: access a first private key; and transmit an access request signed with the first private key to the authorisation server. The authorisation server is configured to issue a signed security token signed with a second private key to the application program in response to receiving the signed access request. The signed security token has a finite lifetime within which the application program can access the requested application feature using the signed security token. The application program is configured to access the application feature from the remote server using the signed security token.
Abstract: A computer-implemented method is described for enabling recovery of one or more digital assets held on a blockchain by a user under a public key Pk after a corresponding private key Sk for accessing the one or more digital assets is lost. The computer implemented method comprises setting access for the one or more digital assets held on the blockchain under the public key Pk and accessible using the corresponding private key Sk of the user such that the one or more digital assets are also accessible using a private key x shared by a congress on the blockchain network, the congress comprising a group of users on the blockchain network, each member of the congress having a private key share xi, the private key share xi to be used in a threshold signature scheme in which at least a threshold of private key shares must be used to generate a valid signature through the combination of partial signatures of the congress to access the one or more digital assets on behalf of the user.
Abstract: There may be provided a computer-implemented method. It may be implemented using a blockchain network such as, for example, the Bitcoin network.
Type:
Grant
Filed:
April 9, 2018
Date of Patent:
May 31, 2022
Assignee:
nChain Licensing AG
Inventors:
John Fletcher, Thomas Trevethan, Marco Bardoscia
Abstract: A method for the confidential verification of an electronic identity includes applying block chain. The method allows an acting party to recognize a block-chain identity while at the same time a level of confidentiality of the respective identity and its identity attributes is maintained. A correspondingly adapted identity system and a computer program product with control commands are arranged to implement the method and/or operate the proposed system arrangement.
Abstract: Disclosed herein are an apparatus and method for achieving distributed consensus based on decentralized Byzantine fault tolerance. The apparatus may include one or more processors and an execution memory for storing at least one program that is executed by the one or more processors, wherein the program is configured to receive delegate request messages, each including a first transaction for requesting distributed consensus proposed by a client, and determine congress candidate nodes forming a consensus quorum, to be consensus nodes based on the delegate request messages, generate a prepare message that includes a second transaction for obtaining consent to results of determination of the consensus nodes, and send the prepare message to the consensus nodes, and receive commit messages, each including an electronic signature of a corresponding consensus node, from the respective consensus nodes, and broadcast a reply message indicative of results of verification of the electronic signatures.
Type:
Grant
Filed:
June 16, 2020
Date of Patent:
May 24, 2022
Assignee:
ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE
Inventors:
Jin-Tae Oh, Joon-Young Park, Ki-Young Kim, Dong-Oh Kim, Young-Chang Kim
Abstract: Systems, methods, and computer-readable media for authenticating access control messages include receiving, at a first node, access control messages from a second node. The first node and the second node including network devices and the access control messages can be based on RADIUS or TACACS+ protocols among others. The first node can obtain attestation information from one or more fields of the access control messages determine whether the second node is authentic and trustworthy based on the attestation information. The first node can also determine reliability or freshness of the access control messages based on the attestation information. The first node can be a server and the second node can be a client, or the first node can be a client and the second node can be a server. The attestation information can include Proof of Integrity based on a hardware fingerprint, device identifier, or Canary Stamp.
Type:
Grant
Filed:
February 6, 2020
Date of Patent:
May 24, 2022
Assignee:
CISCO TECHNOLOGY, INC.
Inventors:
Sujal Sheth, Shwetha Subray Bhandari, Eric Voit, William F. Sulzen, Frank Brockners
Abstract: A system for authenticating user identities and exchange data via a blockchain is described. Initially, first data related to a commitment being made by a user is obtained by a client device. The first data is partly based on information identificatory or a characteristic of the user. The first data is sent by the client device to a verification system. The verification system then verifies that the first data corresponds with second data generated using identification documentation of the user. The data representing the commitment to a blockchain is posted by the verification system responsive to a successful verification.
Abstract: A computer identifies capture device output that represents an aspect of a recorded event. The computer cryptographically processes the tracked portions of capture device output to produce a validatable master file which includes master file media data tracked portion from the capture device output, master tracked portion metadata of said master file media data tracked portion, and master file blockchain data. The master file blockchain data includes a master file block history portion, a master file signature key portion, and a signed hash of said master file media data tracked portion. The computer also modifies the master file media data tracked portion to produce a reference file media data tracked portion. reference files and distributable files. The computer verifies the authenticity of each of these files.
Type:
Grant
Filed:
July 30, 2020
Date of Patent:
May 3, 2022
Assignee:
International Business Machines Corporation
Inventors:
Al Chakra, Lama Chakra, Bryce Frey, Latrell D. Freeman
Abstract: An example operation may include one or more of receiving, by an orderer, a split transaction that contains configuration transactions for new channels, generating, by the orderer, a split block that includes a split transaction payload and a block header, and sending, by the orderer, the split block to participant nodes to form new channels based on a content of the split block.
Type:
Grant
Filed:
June 12, 2019
Date of Patent:
April 26, 2022
Assignee:
International Business Machines Corporation
Abstract: An aspect of the present disclosure generally relates to a computer system (100) and method (200) for securing data communication between a first computer (110) and a second computer (120).
Abstract: Disclosed embodiments include a server included in a network. The server is operable to determine a next block signer in a blockchain. The server includes processor(s) and memory containing instructions executable by the processor(s). As such, the server is operable to receive bids from nodes of the network and to select a bid from the received bids. The selected bid is provided by a node from the nodes of the network. The server is further operable to grant a right to sign a next block in a blockchain to the node that provided the selected bid.
Abstract: A method comprises: tokenizing, at a first device, a search query; creating search requests and send to delegate devices, each search request including a public key encrypted message containing the tokenized search query and index identifiers of indices to be searched; computing search responses to the search requests, each search response comprising a partial trapdoor computed per token per identifier; transmitting the search responses to the first device; recombining, at the first device, the search responses per identifier per token; performing a ranked set of queries against the indices; and returning the search results in order of relevancy.
Type:
Grant
Filed:
October 5, 2020
Date of Patent:
April 5, 2022
Assignee:
Atakama LLC
Inventors:
Joseph Oren Tysor, Erik A. Aronesty, Michael Krebs, Daniel Gallancy
Abstract: A network connection between a server group of a data intake and query system and each of one or more source network nodes is established. Source data at the server group is received from at least one of the one or more source network nodes via the respective network connections and transformed, by the indexer server, to timestamped entries of machine data. A model management server detects data constraints for a security model. Using the timestamped entries, the data constraints are validated to obtain a validation result, where validating the data constraints includes determining whether the timestamped entries satisfy the availability requirement set for the data element. The model management server determines a data availability assessment of the security model based on the validation result.
Type:
Grant
Filed:
April 28, 2020
Date of Patent:
April 5, 2022
Assignee:
Splunk Inc.
Inventors:
Marios Iliofotou, Bo Lei, Essam Zaky, Karthik Kannan, George Apostolopoulos, Jeswanth Manikonda, Sitaram Venkatraman
Abstract: A digital media authentication system comprises a media processing application executed by a mobile electronic device that computes a robust image hash for media data acquired by the mobile electronic device; a location attestation system that validates a location context of the media data, the location context determined in response to an object scene in a field of view of the mobile electronic device captured for conversion to the media data; and a blockchain network that maintains a ledger entry that includes the robust image hash, an immutable timestamp, and a location certificate validating the location context of the media data.
Type:
Grant
Filed:
April 15, 2020
Date of Patent:
April 5, 2022
Assignee:
Research Foundation of the City University of New York
Abstract: Systems and methods for providing access to media content by connecting, to a public device, a private device that has an installed application associated with the media content. A media guidance application may receive a communication from a private device, running a private interface application, requesting to access content using the public device. In response, the media guidance application may retrieve, at the public device, a public interface application associated with the private interface application, from a content provider of the content. The private interface application may be configured to control a graphical user interface of the public interface application. Accordingly, the user may be able to access content via the public device when the private device is within a predetermined proximity to the public device.
Abstract: A communication control method executed by a processor included in a communication control device that controls communication with a communication device, the method includes, when a communication access to the communication device is detected, specifying a related characteristic corresponding to the communication device by referring to a first memory that stores communication device-related characteristics, determining a security function corresponding to the specified related characteristic by referring to a second memory that stores executable security functions for the communication device-related characteristics, and executing the security function determined at the determining for the communication device of the communication access.
Type:
Grant
Filed:
January 22, 2019
Date of Patent:
March 22, 2022
Assignee:
FUJITSU LIMITED
Inventors:
Takeshi Ohtani, Ryuichi Matsukura, Jun Kakuta