Abstract: A modular valuable media recycling device is presented. The valuable media recycling device includes a media infeed module, a validator module, an escrow module, a plurality of media feeder/stacking modules, and a plurality of cassette modules. When a module handles a valuable media item along a media transport path, the module's identifier and security information are passed as a message to a next module that is to handle the media item in a processing path for the media item. Each module independently validates the authenticity of the message received from a previous module. The number of media feeder/stacking modules and cassette modules are scalable based on the transaction terminal that the modular valuable media recycling device is integrated into.

Abstract: A system for creating authenticating a user from user information, hardware profile, and combinations thereof, where the hardware profile includes user generated data stored on an electronic device.

Abstract: An example technique involves sending, from a user device associated with a particular user, a request for a confirmation message setting. The request may include an indication of an identity of the particular user. The example technique involves determining that an operation included in a predetermined set of operations has been cued. The example technique involves receiving a response comprising an indication of a confirmation message setting for the cued operation prior to performing the cued operation. The confirmation message setting may be based on data generated responsive to the sent request. The confirmation message setting for the cued operation may include an indication of whether or not to output a confirmation message. The example technique involves determining, based on the received response, whether to prompt the particular user via a user interface of the user device for a response to a confirmation message prior to performing the cued operation.

Abstract: A method for creating a virtual SIP user agent by use of a webRTC enabled web browser comprises a user logging in to a web application server via a webRTC enabled web browser. The web application server uses the logged on user identity to lookup an associated SIP user identity along with a registrar server address and the web application server initiates a SIP registration procedure using its IP address as the registered contact.

Abstract: A data update computing device is provided. The data update computing device receives, from one of a user computing device and a first relying party computing device, a first access authorization message, wherein the first access authorization message identifies (i) a first relying party and (ii) a first user data element of the user to be shared with the first relying party. The data update computing device generates a first globally unique identifier (GUID), wherein the first GUID is uniquely associated in a first record in a GUID database table with the first user data element and the first relying party; receives an updated value of the first user data element of the user; stores the updated value of the first user data element in the first record, and flag the first record as updated in the GUID database table; and transmits the first GUID to the first relying party.

Abstract: Software for preventing fraud in digital content licensing and distribution using a distributed ledger technology. The software performs the following operations: (i) receiving a request for a license of a digital asset, wherein a record of the digital asset is stored in a first distributed ledger; (ii) verifying a consensus for the request of the license of the digital asset; and (iii) responsive to verifying the consensus for the request of the license of the digital asset: storing a transaction settlement record in a second distributed ledger, creating a sharded copy of the digital asset including a plurality of shards of the digital asset, and storing at least one shard of the sharded copy of the digital asset in the second distributed ledger with sharding instructions for reconstructing the digital asset from the sharded copy.

Abstract: A method of a digital identity system generating a sharing token for authenticating a bearer to a validator, wherein a data store of the digital identity system holds a plurality of attributes of the bearer, the method comprising implementing by the digital identity system the following steps: receiving at the digital identity system from a bearer an electronic sharing token request, wherein the token request identifies at least one of the bearer's attributes in the data store selected for sharing with a validator; in response to the electronic token request, generating a sharing token, which is unique to that request, for presentation by the bearer to a validator; associating with the unique sharing token at the digital identity system the identified at least one bearer attribute; and issuing to the bearer the unique sharing token; and wherein later presentation of the unique sharing token to the digital identify system by a validator causes the at least one bearer attribute associated with the sharing token

Abstract: A switching method, an electronic device, and a storage medium are provided. The switching method includes detecting whether a triggering condition is satisfied in a first mode of an electronic device, and in response to the triggering condition being satisfied, switching from the first mode to a second mode. The first mode enables acquisition and output of analysis data. The second mode enables acquisition of the analysis data and non-output of at least one part of the analysis data. The analysis data are related to historical data of one or more of the electronic device, an application in the electronic device, and an owner of the electronic device.

Abstract: A system and method for a self-authenticating identity. A self-authenticating identity is a digital identity created in an embodiment by aggregating a user's verified identity information and its public key, both of which are digitally signed by the user and an identity provider. This cryptographic binding allows the user to prove it is in fact the true party that the identity was issued to, without the need for a third party to be directly involved. The identity may also contain information that conveys how the identity was verified.

Abstract: A system and method is disclosed for transporting application data through a communications tunnel between a host device and a guest device that each includes networked processors. The application data may be transported between the host device and the guest device through an allowed port of the host device, the communications tunnel, and a port of the guest device. Based on logon credentials, the guest device can be authenticated by a security server and a role may be determined. The role can include allowed ports and associated applications on the host that the guest is allowed to access. Remote access from the guest device to host devices or remote devices may be enabled without needing prior knowledge of their configurations. Secure access may be facilitated to remote host devices or remote devices, according to security policies that can vary on a per-session basis and takes into account various factors.

Abstract: A method for producing linkage values to be contained within pseudonym digital certificates of a security credential management system for connected vehicles, including the following steps: providing a linkage value function that expresses linkage values as a function of a number of input parameters that include a linkage seed input from a pseudonym certificate authority processor entity and a plurality of inputs from a registration authority processor entity including a vehicle identifier and at least one index relating to a time period for the linkage value; producing a Boolean circuit representative of the function for a particular combination of the number of input parameters; and executing a garbled circuit protocol on the Boolean circuit between the registration authority processor entity and the pseudonym certificate authority processor entity, whereby the pseudonym certificate authority processor entity privately derives a linkage value for the particular combination of the number of input parameters.

Abstract: Methods for machine-learned detection and removal of malicious software within a network are provided. Methods may record environment behavior of an application and a plurality of components. The plurality of components may touch the application. Methods may generate a baseline dataset based on the recorded environment behavior. Methods may schedule snapshots of the application. Methods may take snapshots of the application and the components based on the scheduling. Methods may store the snapshots in a repository. Methods may monitor the application and the components, using the stored snapshots, for any deviation in the environment behavior. Methods may detect a deviation in the behavior of the application or components. Methods may take a snapshot, outside of the scheduling, of the application and components upon detection of the deviation. Methods may determine that the deviation is unwarranted. Methods may revert the application and components back to a previous version.

Abstract: A computer implemented method of authenticating a user accessing a secure terminal, comprising obtaining identification information stored in a personal machine readable storage medium exclusively associated with an accessing user attempting to access a secure system, retrieving authentication information exclusively associated with the accessing user from a remote network resource using the identification information, operating one or more privately directed user interfaces to exclusively present to the accessing user a requested alteration to a challenge request generated based on the authentication information and presented via another user interface, receiving a response to the challenge request from the accessing user and granting the accessing user access to the secure terminal in case the response matches the altered challenge request and denying access in case of no match.

Abstract: A storage system receives one or more records from a host system. The records are compressed in a first compression format that is native to the host system. The storage system identifies an incompatibility between the first compression format and a first operation of the storage system. In response to the identified incompatibility, the storage system decompresses the received records. The decompression is based on the first compression format. The storage system compresses the decompressed records in a second compression format. The storage system stores the secondarily compressed records onto a storage medium.

Abstract: Described is a low power system for mobile devices that provides continuous, behavior-based security validation of mobile device applications using neuromorphic hardware. A mobile device comprises a neuromorphic hardware component that runs on the mobile device for continuously monitoring time series related to individual mobile device application behaviors, detecting and classifying pattern anomalies associated with a known malware threat in the time series related to individual mobile device application behaviors, and generating an alert related to the known malware threat. The mobile device identifies pattern anomalies in dependency relationships of mobile device inter-application and intra-applications communications, detects pattern anomalies associated with new malware threats, and isolates a mobile device application having a risk of malware above a predetermined threshold relative to a risk management policy.

Abstract: Techniques for providing an intelligent-interaction honeypot for IoT devices in accordance with some embodiments. In some embodiments, a system/process/computer program product for providing an intelligent-interaction honeypot for IoT devices includes receiving a request from an attacker sent to an IP address that is associated with a honeypot instance for Internet of Things (IoT) devices; determining a response to the request using a data store that stores a plurality of responses and associated IoT device information, wherein the plurality of responses and associated IoT device information is generated based on automated machine learning of active probing of physical IoT devices on the Internet; and sending the response from the honeypot instance for IoT devices to the attacker, wherein the attacker is unable to detect that the response is associated with an emulated IoT device.

Abstract: A method for secure boot includes, in a processor, retrieving from a memory device a firmware boot code for bootstrapping a firmware of the processor. The firmware boot code is authenticated using an authentication key. In response to failing to authenticate the firmware boot code using the authentication key, an attempt is made to authenticate a recovery firmware code, which has reduced functionality relative to the firmware boot code, using a recovery key. Upon successfully authenticating the recovery firmware code using the recovery key, the firmware boot code is restored from a host, the restored firmware boot code is authenticated by executing the recovery firmware code, and the firmware is bootstrapped using the authenticated firmware boot code.

Abstract: There is provided methods and apparatuses for secure updating of firmware/software. The methods and apparatus can be enabled by making use of the Online Certificate Status Protocol (OCSP) to request the revocation status of certificates in the certificate chain. In particular, a method called ‘OCSP stapling’ can ensure the validity of the certificates or verify authenticity of the software/firmware. By virtue of features of the OCSP stapling, the user device does not need to contact CAs directly for the purpose of verifying the status of the certificates that ensure authenticity and integrity of the delivered software/firmware and thus is not required to open an extra communication channel to obtain status of certificates. This process can also reduce the burden on CAs because the CAs are neither required to keep a large volume of CRLs nor to maintain connection with user devices for which the CAs are responsible.

Abstract: The present disclosure includes an electronic device for selecting a credential based at least in part on location information. The electronic device can include a secure transaction subsystem and a processor. The secure transaction subsystem can be configured to store a plurality of credentials. The processor can be communicatively coupled to the secure transaction subsystem and configured to receive the location information from one or more radios. Further, the processor can be configured to determine that a distance between the electronic device and a terminal is less than a predetermined distance based on the location information. In response to determining the distance between the electronic device and the terminal is less than the predetermined distance, the processor can be configured to select the credential from the plurality of credentials based at least in part on the type of terminal.

Abstract: A cryptographic system (100) is provided for distributing certificates comprising a certificate authority device (110) and multiple network nodes (140, 150, 160). A network node (140) sends a public key to the certificate authority device. The certificate authority device (110) generate a certificate comprising the public key, forms an identifier by applying an identity forming function to the certificate and generates local key material specific for the network node by applying a local key material generation algorithm of an identity based key pre-distribution scheme on the identifier, and sends the local key material encrypted to the network node. The network node may be authenticated implicitly through its access to a shared key obtainable from the local key material.