Abstract: A method may include obtaining a manifest file that includes various software definitions for various peripheral device functions. The method may further include determining whether the manifest file is signed by a predetermined cryptographic key. The method may further include obtaining, in response to determining that the manifest file is signed by the predetermined cryptographic key, a selection of a peripheral device function among the peripheral device functions in the manifest file. The method may further include performing the peripheral device function using a peripheral device in response to obtaining the selection of the peripheral device function.

Abstract: A computer-implemented method, according to one approach, includes: generating lookup tables for signatures during compile time, the lookup tables having cryptographic information. A secret key is used to encrypt the lookup tables, and the secret key is stored in a secure storage which is accessible only to a secure engine. Moreover, in response to experiencing an initial boot: the lookup tables are decrypted using the secret key, and the decrypted lookup tables are stored in the secure storage. Other systems, methods, and computer program products are described in additional approaches.

Abstract: The techniques herein are directed generally to a “zero-knowledge” data management network. Users are able to share verifiable proof of data and/or identity information, and businesses are able to request, consume, and act on the data—all without a data storage server or those businesses ever seeing or having access to the raw sensitive information (where server-stored data is viewable only by the intended recipients, which may even be selected after storage). In one embodiment, source data is encrypted with a source encryption key (e.g., source public key), with a rekeying key being an encrypting combination of a source decryption key (e.g., source private key) and a recipient's public key. Without being able to decrypt the data, the storage server can use the rekeying key to re-encrypt the source data with the recipient's public key, to then be decrypted only by the corresponding recipient using its private key, accordingly.

Abstract: The present disclosure generally relates to methods and user interfaces for authentication, including providing and controlling authentication at a computer system using an external device in accordance with some embodiments.

Abstract: A method for controlling access to a resource in an electronic device including a secure element with a permanent memory having an OTP area. The method includes the following steps performed first when the secure element or the electronic device boots: checking presence of at least one of a secret data and an initialization value in the permanent memory and, in a negative event, generating an initialization value and storing it into the OTP area, in a positive event, if the permanent memory includes secret data, decrypting, within the secure element, the secret data by using an algorithm using a cryptographic key and, if the permanent memory further includes an initialization value, the initialization value, and checking the integrity of the secret data by using a signature stored in the permanent memory and, on successful completion, providing access to the resource.

Abstract: A system is provided for intelligent automated simulation of penetration testing and isolation of vulnerable distributed electronic data registers. In particular, the system may extract metadata regarding one or more nodes or sections of a distributed register. Based on the metadata, the system may generate a knowledge graph that may indicate the vulnerabilities associated with particular nodes, blocks, and/or sections of the distributed register. Based on the knowledge graph, the system may compute vulnerability scores for the various nodes, blocks, and/or sections, and generate a vulnerability heatmap based on the scores. The system may further be configured to allow a user to perform automatic simulated penetration tests on the vulnerable portions of the distributed register and/or execute one or more remediation process on such vulnerable portions. In this way, the system provides an efficient way to identify and remediate vulnerabilities within a distributed register.

Abstract: Methods, systems, and apparatuses are described for identifying unauthorized (e.g., rogue) access points. Authorized access points can detect the presence of rogue access points by determining signal strengths associated with other access points. A detected variance from an expected signal strength can indicate a presence of a rogue access point.

Abstract: Techniques are provided for email protection using email signatures based on signing tokens. One method comprises obtaining a signed email from an email sender. The signed email comprises a second hash value generated using a source version of the signed email embedded with a signing token of the email sender. A data record stores a first hash value, based on the source version, and the second hash value. The second hash value is obtained from the signed email and compared to: (i) a copy of the second hash value obtained from the data record and/or (ii) a comparison value generated using a regenerated version of the source version embedded with the signing token of the email sender. A delivery of the signed email to an email recipient may be based on a result of the comparison.

Abstract: Systems and methods provide a password reset for a management controller, which is not exposed to the Internet. Upon receiving a request to reset the password, the management controller generates computer-readable information such as a barcode, where the computer-readable information indicates attributes of an information handling system associated with the management controller as well as a timestamp. A user can transmit the computer-readable information to a vendor application service via for example a mobile device that reads the computer-readable information. The vendor application service verifies the request and generates a temporary password from the timestamp and the attributes. Independently of the vendor application service, the management controller also generates the temporary password from the timestamp in the attributes. The vendor application service may then cause the temporary password to be sent to verified contact information.

Abstract: A method of operating a secure programming system is provided. The method can use the first authentication module as the root authentication module to authorize the second authentication module of the program burning system when the first authentication module fails to provide the private key. In this way, the second authentication module obtains the second certificate composed of the second digital signature and becomes the first relay authentication module authorized by the first authentication module to issue certificates on behalf of the first authentication module, so that the program burning system can perform burning operations and process operations. Therefore, the method of the present disclosure can not only achieve the purpose of signing the same certificate in a more secure manner, but also help the first authentication module to be more flexible in classifying the second authentication module according to different product application categories or methods.

Abstract: The present disclosure relates to an image sensor device (100). The image sensor device (100) has a data communication interface (110) configured to receive a hash value (112), a cryptographically secure storage (120) storing a cryptographic key (122) of the image sensor device, and a processor (140) configured to sign captured image data (132) or a processed version thereof and the received hash value (112) using the cryptographic key (122) to generate a signature (142) of the image data. The data communication interface (110) is configured to transmit the generated signature (142), the captured image data (132), and an identifier (150) of the image sensor.

Abstract: A non-transitory computer-readable recording medium storing an information management program for causing a computer to execute processing including: receiving distribution information obtained by attaching, to distribution content to be distributed by a user, attribute information on the user that includes signature information that is signed by an issuing authority that issues information regarding an attribute of the user and that proves that the issuing authority has issued the attribute information; verifying whether the attribute information on the user included in the distribution information is the attribute information issued by the issuing authority, by using the signature information; and outputting the distribution content, based on a verification result.

Abstract: The present invention relates to a personal awareness system that provides users physical health/wellness/welfare safety as well as online digital safety by blocking inappropriate digital content. The personal awareness system comprises a network protection appliance for use on a local area network (LAN), a software application that is used on a mobile computing device, a cloud-based remote data processing resource to administer the system, artificial intelligence (AI) information systems, and a monitor computing device that an observer can use to monitor, track, and receive alerts related to the user. The system can support many users individually as well as groups of users. In operation, sensors associated with the mobile computing device monitor the health, wellness, and location of users and digital filter rules suppress inappropriate digital content from user access providing digital safety. The mobile computing device seamlessly transitions between LAN environments and wireless mobile environments.

Abstract: A first user device can transmit an interaction request to a remote computer via a long range communication channel. The first user device can receive an authentication request message from the remote computer and can then transmit the authentication request message to a second user device via a short range communication channel. The first user device can then receive an authentication response message comprising a response value from the second user device via the short range communication channel. The first user device can then transmit the authentication response message to the remote computer causing the remote computer to verify the response value and perform further processing if the response value is verified.

Abstract: The following invention is directed towards user identity verification and utilizes enhanced abilities to detect both a user's identity and confirming that the user is in fact a person and not a bot. The device utilizes Universal Unique Identifiers (UUIDs) indicating the device's interaction with the various environmental and electronic devices located around it. These interactions can indicate if a user has human characteristics. As a user interacts with their device and that device interacts with the surrounding world, a UUID is created and is then stored upon a user's device as well as created in an online database. When a user wishes to access an online service, for example, social media, the user will make a request to that service. The online service may then ask for a list of UUIDs from the user device to verify that they are who they say they are. If these UUIDs satisfy the request, the user identity is confirmed.

Abstract: Embodiments of this application disclose a network configuration method and apparatus for an intelligent device. A terminal broadcasts a first discovery packet to the intelligent device. After the intelligent device receives the first discovery packet, the intelligent device broadcasts a first response packet in a short-distance transmission mode. In the short-distance transmission mode, a sending distance of the first response packet does not exceed a first safe distance. The terminal obtains information related to the intelligent device based on the first response packet, performs validity authentication on the intelligent device, and broadcasts an SSID and a password that are of a router and that are encrypted to the intelligent device after the terminal verifies that the intelligent device is valid. The intelligent device accesses the router based on the SSID and the password that are of the router and that are obtained through decryption.

Abstract: Technique and system protects documents at rest and in motion using declarative policies, access rights, and encryption. Methods, techniques, and systems control access to documents and use of content in documents to support information management policies. Documents are protected using centralized and discretionary policies. Control and protection functions of information or documents may be through one policy or multiple policies defined centrally. A policy server is an intelligent system that has the ability to decide if a single or multiple policies or subset of policies are applicable to a client.

Abstract: Some embodiments control access by applications to resources in a computing environment. An embodiment notes a request from an application to access a resource, determines a compliance status of the application based on access control policy compliance criteria, ascertains an authorization status of the request based on an authorization credential of the request and an authorization requirement of the resource, and responds to the request based on the compliance status and also based on the authorization status, thereby providing fine-grained access control. Access may also be controlled based on a request's beneficiary. An access request response may allow access, deny access, or ask for additional authorization. A compliance classifier reduces risk by dynamically updating compliance status after compliance criteria changes or attribute changes. An identity service access control architecture uses a compliance attribute to improve efficiency.

Abstract: A system and method for providing an authentication state of a function execution device to a communication terminal is described. In some examples, the authentication state indicates whether authentication information is needed from the communication terminal before the communication terminal can request performance of one or more functions performable by the function execution device. In other examples, the communication terminal may provide to the communication terminal the authentication information irrespective of whether the function execution terminal has previously provided its authentication state to the communication terminal.

Abstract: The subject system may be implemented by a processor circuit configured to transmit a request for a digital pass to a pass issuer server, receive issuer information associated with the pass issuer server, obtain a first key associated with the issuer information, and generate security data based at least in part on the first key, transmit, to the pass issuer server, the security data. The processor circuit may also be configured to receive the digital pass from the pass issuer server. The digital pass includes the security data.