Abstract: A device includes a storage unit that stores generated challenges which are challenges previously generated, a determination unit that determines whether a newly generated challenge matches any of the generated challenges or not, an output unit that outputs the newly generated challenge as an unused challenge when the determination unit determines that the newly generated challenge does not match any of the generated challenges, and a registration unit that stores the newly generated challenge as a new generated challenge in the storage unit when the determination unit determines that the newly generated challenge does not match any of the generated challenges.

Abstract: For communication of a first participant with at least one additional participant in a communication system via multiple protocols, the protocols using at least two different certificate formats, the first participant uses different certificates with the respective certificate formats for the communication via the different protocols, the different certificates being based on a shared public key. The first participant holds a shared associated private key for the different certificates. Provision of the certificates for the first participant includes generating the public key and the associated private key, signing the public key for provision of the first certificate, and signing the public key for provision of the second certificate.

Abstract: A method for operating a security element, preferably in the form of a chip card, having a processor, and a memory. stores an operating system comprising an operating-system kernel and at least one additional operating-system module for supplying optional operating-system functionalities, and at least one access permission associated with the operating-system module and determining whether the operating-system module can be accessed during operation of the security element. The method comprises the step of changing the access permission for the operating-system module for supplying optional operating-system functionalities in reaction to the receiving of a message from a server. The message from the server may be an OTA message sent from the server to the security element via a mobile radio network.

Abstract: A key generating method and apparatus, where the method includes acquiring complete picture data of a complete picture; displaying a partial picture of the complete picture in a display window; capturing a first picture from the partial picture, and generating first picture data of the first picture; and generating a key according to the first picture data.

Abstract: Technical solutions are described for securely deploying a shrouded virtual server. An example method includes sending, by a host manager, authentication information of a hosting system to a client device in response to a request from the client device. The \method also includes receiving a request to deploy a virtual server using a shrouded mode. The method also includes deploying a preconfigured hypervisor on the hosting system, where the preconfigured hypervisor is deployed in an immutable mode that disables changes to security settings of the preconfigured hypervisor. The method also includes deploying, by the preconfigured hypervisor, a preconfigured boot image as an instance of the virtual server on the preconfigured hypervisor. The method also includes sending, by the host manager, an identifier of the virtual server for receipt by the client device.

Abstract: Disclosed is a content management system comprising: a server; a content database, configured within the server, within which are stored one or more channels, each channel comprising one or more stories, each story comprising a title and one or more files; and one or more user devices connected to the network, each user device being associated with a user, each user device being configured to allow the associated user to view one or more stories from a channel to which the associated user has viewing rights. The title of each story and the names of the files contained in the story are stored obfuscated in the content database, and the files are stored encrypted in the content database.

Abstract: In accordance with an embodiment, described herein is a system and method for deploying a service bus artifact from a local development environment to a service bus instance in a cloud environment. A deployment API can be plugged into the local development environment to perform a plurality of steps required for deploying the service bus artifact, including enabling communication from the local development environment to pass through a corporate firewall. The plurality of steps can be wrapped in a single service call to the service bus instance; and can include creating a session, uploading the service bus artifact, importing the uploaded service bus artifact, executing customization, and activating the session. In the event of a failure of any step, the service call can abort. The deployment API is generic and can be plugged into a plurality of development products.

Abstract: A technique for network authentication interoperability involves initiating an authentication procedure on a first network, authenticating on a second network, and allowing access at the first network. The technique can include filtering access to a network, thereby restricting access to users with acceptable credentials. Offering a service that incorporates these techniques can enable incorporation of the techniques into an existing system with minimal impact to network configuration.

Abstract: A computer implemented method, computer program product, and systems for enabling access of a client device to a remote desktop. The remote desktop is implemented within a remote virtual machine engine (302) selected from one or more virtual machines running on a virtual host (301). A connection management component receiving from the client device 200 a connection request wherein the connection request is directed to establishing a connection between the client device (200) and the remote virtual machine engine (302). If authorization data associated with the connection request complies with a predefined access data structure and corresponding access rules, the connection management component requests destination data of the remote virtual machine engine (302), the destination data allowing to interact with the virtual machine engine (302) and, in response, receiving the destination data.

Abstract: One embodiment of the invention is directed to a method comprising receiving a plurality of data packets including encoded data. The method further comprises determining a plurality of time delays between the plurality of data packets, and translating the plurality of time delays to obtain a decoding key for decoding the encoded data in the data packets. The decoding key may be used to decode the encoded data to obtain the data.

Abstract: A hash value generating device for generating a hash value based on the KECCAK algorithm includes a ? processing unit, a ? processing unit, a ? processing unit, a ? processing unit, and an processing unit for performing processing of five steps ?, ?, ?, ?, and included in round processing of the KECCAK algorithm. The ? processing unit receives input of data in units of planes and outputs data in units of sheets.

Abstract: A method for determining a permission of an application program is presented. The method for determining a permission of an application program in the present disclosure includes receiving an installation request of a first application, where the installation request carries a first permission list that the first application applies for and a first shared user identifier requested by the first application; searching, according to the first shared user identifier, for at least one second application that uses the first shared user identifier and is already installed in a system; and if the first application is a plug-in of the second application already installed in the system, determining a permission of the first application according to the first permission list that the first application applies for and a permission in a second permission list corresponding to the first shared user identifier.

Abstract: Embodiments are provided for securely visualizing and routing digital signatures in an electronic document generated by an application program executing on a computer system. The application program may generate an electronic document for receiving a signature graphic, and calculate a hash value from the electronic document and the signature graphic, and create a cryptographic signature from the hash value using a cryptographic encryption method. The electronic document is digitally signed by embedding the cryptographic signature therein. The application program may further collect and route digital signatures by automatically collecting signatures from individual signers, one-by-one, and identify the appropriate signature line for each signer to sign. The application program may further generate a user interface for creating and collecting digital signatures.

Abstract: A hypersphere-based multivariable public key signature/verification system includes signature and verification modules, wherein the signature module comprises a processor, an affine transformation inversion part I, a trap door part and an affine transformation inversion part II. Corresponding operations are sequentially executed on a message, one or more groups of solutions are produced after the processing of the trapdoor part, a group of solutions are randomly selected, then a signature is continuously produced by the various parts, and finally the signature, together with the message, is transmitted to the processor. The verification module comprises a processor and a public key transformation part, wherein the processor transmits a signature to the public key transformation part to execute an operation, and then judges whether the obtained data is equal to a message in a memory or not: if so, the signature is valid, otherwise the signature is invalid.

Abstract: This disclosure relates to remote control of dialysis machines. In certain aspects, a method includes receiving a request for a network connection from a dialysis machine and establishing the network connection with the dialysis machine. The method also includes receiving, from a client device, a request to access the dialysis machine, authorizing the client device to access the dialysis machine, receiving, from the dialysis machine, information pertaining to an operation of the dialysis machine, and providing, to the client device, the received information.

Abstract: In accordance with one embodiment, an apparatus is provided that includes a computer processor coupled with a call center device positioned to receive an input communication containing PII data and originating from a telephone caller, wherein the computer processor implements code to suppress at least a portion of the received PII data without requiring a physical interrupt of the input communication so that the received PII data is not conveyed to a call center agent or to a computer of the call center agent.

Abstract: Generalized Entity Network Translation provides new state of the art methodology for extending RKI techniques into a truly generalized framework capable of operating at exceptional levels of authenticity without the need for roots, certificate authorities, or other static points in an infrastructure. More astounding is its ability to create trusted authentic entity relationships that require no externally stored state outside of the shared context between discrete peers. The present invention provides, among other things, novel improvements to blockchain-derived systems and provides strong proof of ownership, renewal, roll-backs, and localized state and many blockchain systems more palatable choices for system integration.