Abstract: This application relates to devices and a method to establish a secure wireless link for communication between a first and a second device over a wireless physical channel, wherein a paring protocol requires sending over the wireless channel identifying information by the first device, identifying information being data suitable for identifying the device sending the identifying information or a user thereof wherein the first device encrypts and transmits the identifying information by using a public key information of the second device and random information, the second device receives the encrypted identifying information and using private key information associated with the public key information it extracts the identifying information. The devices use a secret uniquely related to the identifying information to derive a session key and then use the session key to establish the secure wireless link.

Abstract: Systems and methods for managing keys in a computer memory are described. In some embodiments, location addresses are determined for two key elements. A periodic time interval that is based on a time duration for performing a transaction involving a distance between the key elements is determined. One key element may be stored at a location address and then relocated to another location address after the periodic time interval has passed. In some embodiments, areas the computer memory may remain static during relocation of the key element.

Abstract: A first user device can transmit an interaction request to a remote computer via a long range communication channel. The first user device can receive an authentication request message from the remote computer and can then transmit the authentication request message to a second user device via a short range communication channel. The first user device can then receive an authentication response message comprising a response value from the second user device via the short range communication channel. The first user device can then transmit the authentication response message to the remote computer causing the remote computer to verify the response value and perform further processing if the response value is verified.

Abstract: A process for securely pairing devices. A host device receives an input indicating a user credential for logging into the host device and initiates a scanning process for discovering target devices available for pairing with the host device. During the scanning process, the host device receives wireless pairing information from a target device. The wireless pairing information includes a unique device identifier associated with the target device and an electronic signature generated as a function of a signature key stored at the target device and the unique device identifier. The host device compares the electronic signature with a run-time signature generated at the host device as a function of the user credential received at the host device and the unique device identifier. The host device then initiates a pairing process to establish a short-range communication link with the target device when the electronic signature matches with the run-time signature.

Abstract: Provided is a method for anonymizing datasets having sensitive information, including the steps of determining a dataset of records to be assigned to aggregation clusters; computing an average record of the dataset on the basis of a predefined repetition counter; finding a most distant first record to the average record using a distance measure; finding a most distant second record from the first record using the distance measure; forming a first aggregation cluster around the first record and a second aggregation cluster around the second record; and generating a new dataset by subtracting the first cluster and the second cluster from the previous dataset.

Abstract: Embodiments are disclosed that allow encrypted data to be sent between a Bluetooth enabled device and a virtual device associated with a corresponding physical device. In particular, a Bluetooth implementation on the physical device may include one or more raw interfaces to facilitate endpoint to endpoint secure Bluetooth cryptography. Using these raw interfaces, an encrypted Bluetooth channel may be established directly between the virtual device and the Bluetooth enabled device using the radio of the physical device, where data may be encrypted and decrypted at an endpoint of the Bluetooth communication channel (such as at the virtual device or the Bluetooth enabled device) and passed through a Bluetooth implementation on the physical device without any additional encryption or decryption being performed on that data.

Abstract: Embodiments described herein provide a service to enable a user to track a variety of even when those devices are not connected to the internet by either Wi-Fi or cellular. One embodiment provides techniques to enable a pairing registration for a wireless accessory device that enables a server-mediated pairing process to be performed between the wireless accessory device and a companion device.

Abstract: Various examples are provided related to software and hardware architectures that enable a lightweight incremental encryption scheme that is implemented on a System-on-chip (SoC) resource such as a network interface. In one example, among others, a method for incremental encryption includes obtaining, by a network interface (NI) of a sender intellectual property (IP) core in a network-on-chip (NoC) based system-on-chip (SoC) architecture, a payload for communication to a receiver intellectual property (IP) core; identifying, by the NI, one or more different blocks between the payload and a payload of a previous packet communicated between the sender IP core and the receiver IP core; and encrypting, by the NI, the one or more different blocks to create encrypted blocks of an encrypted payload.

Abstract: An encrypted sequence that includes an authentication key may be received. A base key stored at a device may be identified and the encrypted sequence may be decrypted with the base key to obtain the authentication key. A challenge value may be received and the authentication key may be combined with the challenge value to generate a device ephemeral key. An authentication result may be generated for the device based on a combination of the device ephemeral key and the challenge value. Furthermore, the authentication result may be transmitted to a mobile network to authenticate the device.

Abstract: Embodiments include devices and methods for providing secure communications between a first computing device and a second computing device are disclosed. A processor of the first computing device may determine in a first application software first security key establishment information. The processor may provide the first security key establishment information to a communication layer of the first computing device for transmission to the second computing device. The processor may receive, in the first application software from the communication layer of the first computing device, second security key establishment information received from the second computing device. The processor may determine a first security key by the first application software based at least in part on the second security key establishment information. The processor may provide the first security key to the communication layer for protecting messages from the first application software to the second computing device.

Abstract: A method for providing information to be stored includes computing a storable first secret for generating a random value based on a random function. The information to be stored is provided as a chunk which is divided into blocks each having an element. A storable second secret comprising a random element is computed. A tag is computed for each block such that the tag for the j-th block of the i-th chunk is computed using: an output of the random function, the j-th block, and a representation of the second secret. The information to be stored is provided together with an information tag comprising the computed tags of each block of each chunk.

Abstract: According to one embodiment, a wireless communication apparatus includes a transmitter. The transmitter transmits, in a first period, a first information frame. The first information frame includes first, verification information and a first key usable in the first period. The transmitter transmits, in the first period and after transmitting the first information frame, a data frame including first data. The transmitter transmits, in the first period and after transmitting the first information frame, a second information frame. The data frame includes a fourth key usable in a second period following the first period. The transmitter transmits, in the second period, a third information frame including third verification information and the fourth key.

Abstract: Disclosed are an electronic device and a method of performing digital key provisioning of an electronic device. The electronic device according to an embodiment includes a communication unit, a memory that stores programs and data for performing digital key provisioning, and a processor configured to, by executing the programs stored in the memory, perform device authentication on a target device by performing short-range communication with the target device, identify a digital key service access right of the target device through a server by obtaining user information, and control generation and storing of a digital key in response to a digital key generation request from the target device.

Abstract: Example implementations relate to transposed passwords. A computing device may comprise a processing resource; and a memory resource storing machine-readable instructions to cause the processing resource to: receive an entered password; generate, based on the entered password, a transposed version of the entered password; compare the transposed version of the password to a stored password; and grant access based on the comparison.

Abstract: A system configured controls access to data associated with a venue-centric event. The system may include one or more hardware processors configured by machine-readable instructions. The processor(s) may be configured to receive from a first remote server a set of first data items associated with a first authenticated event application and store the set of first data on the local appliance. Second data items are received from a second remote server, at least some of the second data items are different from the first data items and thereby form a set of third data items. A request for at least one of the second data items is received from the first authenticated event application and validated. The request may be received after the predetermined start time and before the predetermined end time. The requested at least one second data item is communicated to the first authenticated event application.

Abstract: During a pairing process between a connecting device and a server, a shared certificate is translated into a graphical scene by a validating client device of the server and the connecting device and the corresponding graphical scenes are independently displayed on each device for visual comparison by an operator of the validating client device. A validation word or code is also presented on the connecting device. When the validation word or code is correctly entered into a pairing validation interface on the client device by the operator, the server permits the connecting device to pair/connect with the server. In an embodiment, even single bit differences between the shared certificate expected by the server creates significant differences in the graphical scene depicted on the connecting device from that which is depicted on the client device.

Abstract: There is disclosed in one example a computing apparatus, including: a hardware platform, including a processor and a memory; and executable instructions encoded in the memory to provide a client-only virtual private network (VPN) including a VPN client and a VPN server implementation on a single physical device, wherein the VPN client is configured to communicatively couple to the VPN server and to provide proxied Internet protocol (IP) communication services.

Abstract: Systems and methods for anonymous collection of malware-related data from client devices. The system comprising a network node configured to (i) receive a first data structure from a client device, wherein the first data structure contain an identifier of the client device and an encrypted data that includes an identifier of a user of the client device and/or personal data of the user, and wherein the encrypted data was encrypted by the client device with a public key of the client device, wherein the public key was provided to the client device by an independent certification authority, (ii) transform the received first data structure by replacing the identifier of the client device with an anonymized identifier, and (iii) transmit the transformed first data structure containing the anonymized identifier and the encrypted data to a server.

Abstract: An authentication device management device includes a generating unit, a registration unit, a transmission unit, and a responding unit. The generating unit generates a pair of a first key to attach a signature with respect to an authentication result obtained by an authentication device that performs personal authentication of a user, and a second key to verify the signature attached to the first key. The registration unit registers, in association with each other, the key identifier that identifies the generated key pair and user identification information. The transmission unit transmits the first key generated by the generating unit to the authentication device used by the user. When the responding unit accepts a transmission request for the second key related to the authentication device in which the first key transmitted by the transmission unit has been set, the responding unit responds by instructing the authentication server to transmit the second key.

Abstract: Systems and methods for anonymously transmitting data in a network are provided, in which a request data structure is received by a network node from a client device. A first substructure containing personal data (PD) and a second substructure not containing PD are identified in the request data structure, by the network node. The first substructure is encrypted, by the network node, and is transmitted along with the second substructure to a server. A response data structure is received, by the network node, from the server. The first encrypted substructure and a third encrypted substructure are identified, by the network node, in the response data structure. The first encrypted substructure is decrypted, by the network node, and is transmitted along with the third encrypted substructure to the client device. The third encrypted substructure can be decrypted and viewed by the client device.