Abstract: This application relates to an apparatus and a non-transitory computer readable medium applying to the internet of vehicles. Embodiments of this application implement a distributed authentication process, which including sending information used to indicate a to-be-authenticated device to the to-be-authenticated device. Compared with a centralized authentication mechanism, the authentication manner in the embodiments of this application reduces load of a device because one intermediate node does not need to perform authentication on a plurality of nodes. If the to-be-authenticated device fails to be authenticated, because the authentication is an authentication process related to a first service, the determined execution policy is an execution policy related to the first service, and the determined execution policy better meets a service requirement.

Abstract: Systems and methods of authenticating voice data using a ledger (blockchain). Examples include a scalable and seamless system that uses blockchain technologies to distribute trust of a conversation, authenticate persons in a conversation, track their characteristics and also to keep records of conversations. In some examples, smart phones, wearables, and Internet-of-Things (IoT) devices can be used to record and track conversations between individuals. These devices can each be used to create entries for the blockchain or a single device could be used to keep track of the entirety of the conversation. Fuzzy hashing may be used to compare newly created entries with previous entries on the ledger.

Abstract: A device includes an encoder and a decoder using physically unclonable functions. The encoder includes a first generator for generating a first hash value based on first input data; a first exclusive OR (XOR) operator for performing an XOR operation between second input data and a cryptographic value to generate a first operation value; a second XOR operator for performing an XOR operation between the first hash value and the first operation value to generate a second operation value; a second generator for generating a second hash value based on the first operation value; and an encoding component for encoding the first input data, the second operation value and the second hash value to output first to third encoded data. The decoder contains the same generators and XOR operators as the encoder. It additionally includes a decoding component and a comparator for checking a validity of first and second input data.

Abstract: A system and method are disclosed for allowing a plurality of augmented and/or virtual reality users to interact with higher dimensional virtual or augmented environment models in which a plurality of objects are placed throughout in a pseudorandom fashion. The placed plurality of objects are subsequently assigned values either in a predetermined or real time manner. The system and method enable security countermeasures, thereby protecting the higher dimensional environmental model from malicious users.

Abstract: An apparatus and method are described for aligning corresponding elements in multiple streams of elements. An apparatus is provided comprising both first generation circuitry to generate a first stream comprising first elements and second generation circuitry to generate a second stream comprising second elements. The first generation circuitry is arranged to insert a first element in the first stream to identify each occurrence of a corresponding second element in the second stream. Key generation circuitry is used to generate, for each instance of the first element to be included within the first stream, an associated key value determined from a set of key values, the set of key values being insufficient to allow unique key values to be generated for each instance of the first element. The first generation circuitry is then arranged to indicate within the first stream the associated key value for each instance of the first element.

Abstract: A system comprises one or more storage entities (SEs) each configured to store data for applications that rely on higher levels of data integrity, wherein each of the SEs has its own cryptographic identity in the form of a unique root identity key pair of public and private keys created at manufacturing time. Each SE generates one or more SE-specific asymmetric data owner keys upon invocation of a smart contract by a prospective data owner. The system further comprises a distributed ledger provisioned to the SEs and configured to maintain all public keys and/or public key certificates of the SEs. The system also comprises a key manager configured to hold all SE-specific data owner public keys and SE data access control keys, wherein the data stored on the SEs is protected by the SE-specific data access control keys wrapped by the SE-specific data owner keys based on current data ownership.

Abstract: A medical device of a medical system is configured for communicating with an external programmer over a wireless communications link. The medical device comprises a wireless communications module configured for receiving a first unencrypted version of a random number and a first encrypted version of the random number from the external programmer over the wireless communications link. The medical device further comprises control circuitry configured for performing an authentication procedure on the external programmer based on the first unencrypted version of the random number and the first encrypted version of the random number, and preventing the external programmer from commanding the medical device to perform an action unless the authentication procedure is successful.

Abstract: A method and system for securing data transmission in communication networks is disclosed. The method includes the steps of allocating a sequence ID (SQID) to each of a plurality of packets. The SQID is embedded in an Internet Protocol (IP) header of an associated packet from the plurality of packets. The method further includes grouping the plurality of packets into at least one cluster based on at least one of a distance amongst at least one IP attribute associated with destination address of each of the plurality of packets and variance in IP attributes associated with destination address of each of the plurality of packets. The method includes transmitting each of the at least one cluster to an associated destination address. Each cluster in the at least one cluster includes a set of packets from the plurality of packets and at least a domain-name is same in destination address.

Abstract: Methods and systems for secure authentication in an extended reality (XR) environment are described herein. An XR environment may be output by a computing device and for display on a device configured to be worn by a user. A first plurality of images may be determined via the XR environment. The first plurality of images may be determined based on a user looking at a plurality of objects, real or virtual, in the XR environment. The first plurality of images may be sent to a server, and the server may return a second plurality of images. A public key and private key may be determined based on different portions of each of the second plurality of images. The public key may be sent to the server to register and/or authenticate subsequent communications between the computing device and the server.

Abstract: A system provides cloud-based identity and access management. The system receives a request for an identity management service, authenticates the request, and forwards the request to a microservice configured to perform the identity management service, where the microservice is implemented by a microservice virtual machine provisioned by a provisioning framework, and the forwarding is according to routing information configured based on metadata information stored in a registry by the provisioning framework. The system then performs the identity management service by the microservice.

Abstract: A distributed file integrity checking system is described. The described peer integrity checking system (PICS) may negate an attack by storing a properties database amongst nodes of a peer-to-peer network of hosts, some or all of which co-operate to protect and watch over each other.

Abstract: The portable peripheral (100) of communication with the data network (105) utilizing the internet protocol, comprises: a connector (110) to mechanically connect and establish a removable wired connection between the peripheral and a portable terminal, a first means (115) of wired bidirectional communication with the portable terminal, a second means (120) of bidirectional communication with a data network and a unit security (122) protecting the communication between the first and the second means of communication, this communication being established between the first and the second means of communication, the security unit (122) comprising a system (127) of autonomous DNS management, the means of communication and the security unit being embedded in a unique housing (130) removable from the portable terminal.

Abstract: An example method includes, in response to receiving a byte array including process data, determining whether auxiliary data is to be transmitted from a field device based on a counter, the auxiliary data including an encryption key identifier and an initialization vector, when auxiliary data is to be transmitted, transmitting a first data packet including the auxiliary data to the remote device, and determining a value for a source bit based on a type of connection between the field device and the remote device, the source bit and the counter included in associated data. The method further includes generating a nonce value based on the source bit and the initialization vector, encrypting a payload including the byte array based on the encryption key identifier and the nonce value, and transmitting a second data packet to the remote device, the second data packet including the associated data and the encrypted payload.

Abstract: The present invention provides a storage device (100) which consists of multiple access levels to access data or information depending on its importance, usefulness, severity, criticality and vulnerability. Further, the storage device (100) ensures data protection through confidentiality, integrity and accessibility for information security by disabling any connection with external communication channels such as Wi-Fi, Bluetooth and so on. Further, the storage device (100) is designed to erasing all the credentials data after 5 unsuccessful attempts ensuring security of the data or information. Authenticated data or information stored on the device can only be accessed by the owner of the device thereby preserving the integrity of the stored data. Reminders may be set for authentication related data which helps change the authentication credentials in time.

Abstract: A method and an apparatus for providing a service using a kiosk by a service providing server by performing the steps of: receiving a device list of at least one kiosk having an ability to provide the service among a plurality of kiosks registered in a blockchain from a kiosk server; authenticating a first kiosk through a smart contract function embedded in the blockchain when a user requests the service through the first kiosk and determining whether the first kiosk is included in the device list; and providing the service to the user when the first kiosk is authenticated by the smart contract function and is included in the device list are provided.

Abstract: A verification apparatus for a vehicle-to-X (V2X) communication device, designed to verify received V2X messages and configured to conduct the verification of received V2X messages depending on a determined temperature value. A V2X communication device including the verification apparatus, a corresponding method and the use of the verification apparatus or communication device as also disclosed.

Abstract: In one embodiment, a method includes receiving an OSPF hello message including an attestation token from a second network apparatus, determining that the attestation token is valid for the second network apparatus at a current time, establishing an adjacency to the second network apparatus in response to the determination, computing, based at least on the attestation token, a trust level for a first link from the first network apparatus to the second network apparatus and a trust level for first prefixes associated with the first link, and sending an LSA comprising the trust level for the first link and the trust level for the first prefixes to neighboring network apparatuses, where the trust level for the first link and the trust level for the prefixes are used by the network apparatuses in the network to compute a routing table of the network.

Abstract: Systems, methods, and non-transitory computer-readable medium are disclosed includes for secure online credential authentication. One method includes receiving, over an electronic network, identification information from an identity provider; accessing, from a database, previously stored hashed identification information stored in association with a previous identity provider; comparing the identification information to previously stored hashed identification information; and storing the identification information in association with the identity provider that provided the identification information in the database when the hashed identification information does not match previously stored hashed identification information.

Abstract: When an access point associates with an electronic device, the access point may establish secure communication with the electronic device using a four-way handshake with the electronic device. Next, the access point may distribute secondary pairwise master keys (PMKs) to radio-frequency (RF)-neighbor access points of the access point in a wireless local area network, where the secondary PMKs facilitate fast basic service set (BSS) transitions with the electronic device when a handover occurs without using the four-way handshake to establish secure communication with the electronic device. Furthermore, when the access point receives information that indicates that the electronic device has associated with a second access point in the RF-neighbor access points of the access point, the access point provides instructions to delete the secondary PMKs at the RF-neighbor access points of the access point, and provides additional secondary PMKs to RF-neighbor access points of the second access point.

Abstract: There is disclosed in one example a network switching apparatus, including: a plurality ingress port; a plurality of egress ports; a ternary content addressable memory (TCAM) comprising a plurality of chunks, wherein the chunks can be atomically enabled or disabled; a switching circuit to switch traffic from the ingress port to a selected egress port according to an access control list (ACL) of the TCAM; and one or more non-transitory mediums having stored thereon instructions to atomically add or update two or more target rules, including: add the two or more target rules to one or more target-rule chunks; and atomically enable the target-rule chunks.