Abstract: This disclosure describes techniques for controlling group access to a collaboration technology. The techniques include generating a shared encryption key among authorized producers of content associated with a collaboration technology. The techniques include receiving, by the authorized producers and from authenticated consumers, requests to access the content. The requests may be received in a partitioned manner, such that individual producers are serving a particular subset of the authenticated consumers. In response to receiving the requests, the techniques include sending the shared encryption key from the individual producers to the corresponding subset of authenticated consumers. The techniques include using the shared encryption key to encrypt content by the authorized producers, which may then be decrypted by the authenticated consumers using the shared encryption key, achieving end-to-end encryption of event content.

Abstract: Verifying that a user is using a device at a pre-specified location between a start time and an end time, including: calculating a challenge and an answer that is a function of the challenge; generating and storing in a blockchain, a commitment including an identity of the user, an identity of the device, the pre-specified location associated with the user, the start time of usage of the device, the end time of usage of the device, and the calculated challenge; generating a visual code of the device to carry the answer; encrypting the generated visual code with a public key of the device, wherein the encrypted visual code may only be decrypted with a private key of the device; and storing the encrypted visual code in the blockchain.

Abstract: A method for synchronizing transmitter and receiver initialization vectors includes: generating a key and providing the key to a transmitter and a receiver; initializing a transmitter initialization vector and a receiver initialization vector with an initialization vector; forming a transmitter partial counter from a counter of the transmitter initialization vector; encrypting a message using the key and the transmitter initialization vector; generating and transmitting a data packet containing the encrypted message and the transmitter partial counter; incrementing the counter; receiving a data packet with an encrypted message and the transmitter partial counter; extracting the transmitter partial counter from the data packet; forming a receiver partial counter from a counter of the receiver initialization vector; based on a comparison of the receiver partial counter and the transmitter partial counter, changing the counter of the receiver initialization vector; decrypting the message and incrementing the cou

Abstract: Systems and methods for performing multi-factor authentication using a smart ring are disclosed. An exemplary method includes performing a first authentication operation by: collecting, by sensors, gestural data representing a candidate gesture corresponding to ring movement; comparing the candidate gesture to an authentication gesture for a known user; when the candidate gesture matches the authentication gesture, generating a first signal indicating that a particular user has been identified and authenticated as the known user; and transmitting the first signal to a second device, wherein the second device controls access to a resource. The method also includes performing a second authentication operation by detecting contact between the ring and an external component; and generating and transmitting a second signal in response to detecting the contact, and when the second device receives the first and the second signals, causing the second device to grant the particular user access to the resource.

Abstract: A method for determining a behavior of a smart card, which may be implemented by a server. The method includes operations for obtaining a first reference time data corresponding to a time for setting a smart card clock, and a second reference time data corresponding to a time for reading a first time data from the clock, determining a time drift associated with the smart card based on the first reference time data and on the second reference time data, and determining a behavior of the smart card from the time drift.

Abstract: Traditional Media Access Channel (MAC) address filtering used to prevent a device from gaining access to a wireless network requires an operator to manually enter the MAC address of the undesirable device into the Dynamic Host Configuration Protocol (DHCP) server of the wireless network. However, the present invention does not require or permit manual entry of MAC addresses into the DHCP server. Instead, unique identifiers of devices seeking permission to join the wireless network are contained in a Candidate Joining Device (CJD) Record which resides on a distributed ledger technology infrastructure. The use of a distributed ledger infrastructure, prevents unauthorised users from modifying MAC address records in a DHCP server to grant an unauthorised device access to a wireless network, as any such modification to a CJD Record must be read from and accepted by the members of the distributed ledger infrastructure in accordance with the consensus mechanism thereof.

Abstract: A system and method for enabling secure device-to-device (D2D) communication between a plurality of user devices. The method includes providing public and private keys for each of the user devices, the private key arranged to decrypt data encrypted by the corresponding public key. A sender user device creates a digital signature using its private key. The sender double-encrypts a transmission using both the public keys of a recipient user device and a first relay user device. The transmission is transmitted from the sender to the recipient through a plurality of relay user devices. Each relay user device receives the transmission, decrypts a first layer of encryption with its private key, encrypts the transmission with the public key of a subsequent user device; and forwards the data transmission to the subsequent user device. The recipient authenticates the digital signature of the sender using the public key of the sender.

Abstract: A system for maximizing storage of encrypted content in a storage system includes one or more processors; and a storage medium storing instructions. When executed, the instructions may configure the one or more processors to: receive, from a first client device, a first data structure encrypted commutatively with a first key and a common key, the receiving system lacking access to the common key; receive the first key and a first segment identifier; receive, from a second client device, a second data structure encrypted commutatively with a second key and the common key; receive a second segment identifier; using the first key, partially decrypt the first data structure; storing the partially decrypted first data structure; and selectively storing a copy of the second data structure based on whether content of the first data structure corresponds to content of the second data structure.

Abstract: The embodiment of the disclosure provides an unlocking control method and related products, applied to an electronic device with a foldable and flexible display. The method includes: determining a current page to be unlocked; determining N target biometric recognition devices corresponding to the current page to be unlocked, N being a positive integer; acquiring a current multi-biometric recognition mode, wherein the current multi-biometric recognition mode comprises at least two recognition operations, each recognition operation corresponds to one kind of biometric recognition device; and adjusting the current multi-biometric recognition mode according to the N target biometric recognition devices. So, the current multi-biometric recognition mode is adjustable according to the biometric recognition devices corresponding to the page to be unlocked. Therefore, the problem that a foldable and flexible display is inconvenient to be unlocked in a folded state, can be solved.

Abstract: Embodiments are directed to a method for securely performing biometric authentication online. The method described can be used to securely perform biometric authentication on a mobile device. For protecting the privacy of the users biometric data, a cryptographic comparison protocol can be used to perform matching of encrypted templates. For example, the cryptographic comparison protocol may involve Fuzzy Extractors (FE), Homomorphic Encryption (HE), and/or Secure Multi-Party Computation (SMPC).

Abstract: A computer-based system and method for performing an offline login to a local device, including: generating a pair of an auxiliary (AUX) public key and an AUX private key; receiving a password at the local device; reconstructing a symmetric key from a first value stored on the local device and a second value stored on an authenticator; encrypting the password with the AUX public key to obtain a locally encrypted password; encrypting the AUX private key with the symmetric key to obtain an encrypted AUX private key; and deleting the symmetric key, and when performing the offline login: reconstructing the symmetric key; decrypting the encrypted AUX private key with the symmetric key to obtain the AUX private key; decrypting the locally encrypted password with the AUX private key to obtain the password; and using the password to perform the offline login.

Abstract: The present disclosure provides an authentication method, an authentication device, an electronic device and a storage medium. The authentication method includes: receiving target voice data; obtaining a first voiceprint feature parameter corresponding to the target voice data from a device voiceprint model library; performing a first encryption process on the first voiceprint feature parameter with a locally stored private key to generate to-be-verified data; transmitting the to-be-verified data to a server, so that the server uses a public key which matches the private key to decrypt the to-be-verified data to obtain the first voiceprint feature parameter, and performs authentication on the first voiceprint feature parameter to obtain an authentication result; receiving the authentication result returned by the server.

Abstract: A device can include an internal secure processing environment (SE) and communicate with a configuration system. The device may utilize a near field communications (NFC) radio. A mobile handset can connect with the SE in the device using NFC. The mobile handset can communicate with the configuration system and receive configuration data and a software package for the device. The SE can derive a PKI key pair and send the derived public key to the configuration system via the mobile handset. The SE and the configuration system can mutually derive an encryption key using the derived PKI key pair. The configuration data can be transmitted over the NFC radio, and the mobile handset can establish a Wi-Fi access point. The software package can be encrypted using the encryption key and transmitted to the device over the established Wi-Fi access point, thereby completing a configuration step for the device.

Abstract: A system and method for flexible writing of internal data of a regulated system can include generating a flexible write instruction, providing the flexible write instruction to the regulated system, and storing or committing data changes to the regulated system outside of the normal system operations, during runtime.

Abstract: Methods and systems for performing demographics filtering based on biometric information are disclosed. An access terminal can capture a biometric instance corresponding to a user, such as a fingerprint scan, iris scan, etc. The access terminal can determine demographics information from the biometric instance, such as the age, biological sex, or ethnicity of the user. The access terminal can compare the demographics information to demographics information stored on a group of mobile devices corresponding to a group of users, in order to identify candidate user mobile devices. Once candidate user mobile devices are identified, the access terminal can perform a biometric match between the biometric instance corresponding to the user and biometric instances stored on the candidate user mobile devices. Once a biometric match and the corresponding mobile device are determined, the access terminal can conduct a further interaction with the mobile device.

Abstract: Embodiments may provide distance computations on homomorphic and/or functional encrypted vectors while detecting whether the resulting distance has wrapped around due to the vectors having elements not in an allowed range. A method of user authentication processing may comprise receiving and storing enrollment information from a client computer system, the enrollment information comprising a template of authentication data and at least one additional encrypted vector, receiving an additional template to be used to authenticate the user from the client computer system, authenticating the user using the received additional template using the stored template and the stored at least one additional encrypted vector, and determining that authentication is successful when the received additional template matches the stored template and is valid based on the stored at least one additional encrypted vector.