Abstract: A wearable device-based identity authentication method and system, comprising: a user terminal initiates an authentication request to a target server and provides device information of the user terminal, the target server generates a temporary session, and sends a temporary session ID and the device information to a quantum key distribution network; the quantum key distribution network generates identification information, searches a wearable device bound to the user terminal, and sends the identification information to the wearable device; the wearable device receives and provides the identification information to the user terminal, the user terminal acquires the identification information, and sends verification information to the wearable device and then to the quantum key distribution network; the quantum key distribution network generates an authentication result and sends to the target server; and the target server generates an identification authentication result and sends to the user terminal.

Abstract: Systems, apparatuses, methods, and computer program products are disclosed for quantum one-time pad generation. An example method includes, among other operations, generating a first quantum one-time pad comprising a first set of entangled quantum particles. Subsequently, the example method includes storing the first set of entangled quantum particles in a first set of quantum storage cells. Each entangled quantum particle in the first set of entangled quantum particles may be stored in a respective quantum storage cell in the first set of quantum storage cells. Further, each entangled quantum particle in the first set of entangled quantum particles may be entangled with a respective entangled quantum particle in a second set of entangled quantum particles comprised by a second quantum one-time pad and stored in a second set of quantum storage cells.

Abstract: A service controller includes a network interface for coupling to a local area network of a hospitality establishment, and one or more processors coupled to the network interface. The one or more processors are configured to detect a device identifier of a user device on a local area network of a hospitality establishment, determine whether a guest of the hospitality establishment is associated with the device identifier, and automatically activate a service for the user device at the hospitality establishment in response to detecting the device identifier on the local area network when a guest of the hospitality establishment is determined to be associated with the device identifier.

Abstract: Techniques for providing data protection in an integrated circuit are provided. An example method according to these techniques includes determining that an unauthorized update has been made to software or firmware associated with the integrated circuit, and corrupting an anti-replay counter (ARC) value, maintained in a one-time programmable memory of the integrated circuit and used by the integrated circuit to protect contents of a non-volatile memory, responsive to determining that the unauthorized update has been made to the software or the firmware.

Abstract: A system for a secure connection includes an interface and a processor. The interface is configured to receive a request from a user of a tenant to enable a connection for a specific internal network application or service to an external network destination. The processor is configured to determine whether the connection is enabled for the specific internal network application or service for the tenant; and in response to determining that the connection is enabled, providing a token required for the connection to the external network destination.

Abstract: An authentication device authenticates a user using biometric information. The authentication device including: a storage unit, a first acquisition unit, a second acquisition unit, a controller, an authentication processing unit, and an update processing unit. When the first acquisition unit acquires identification information, and a combination for which the number of successes for the acquired identification information is greater than or equal to a predetermined number is present in combination information, the controller sets a threshold such that a false acceptance rate for erroneously authenticating a person other than a registered user becomes lower than when the combination is not present.

Abstract: A method and system for associating a unique device identifier with a potential security threat are described. In a method conducted at a remotely accessible server, a unique device identifier is received from a computing device. The unique device identifier is associated with a record and is usable in identifying the computing device. An interaction data element is received from the computing device. The received interaction data element is validated including confirming that the received interaction data element matches an expected interaction data element associated with the record. Based on determining that the received interaction data element is not valid, the record is updated to associate the unique device identifier with a potential security threat. The interaction data element is updated periodically according to a sequence. The expected interaction data element changes based on the sequence.

Abstract: A system for generating entity-specific security-related inquiries and determining a frequency for invoking the inquiries based on integration of external security-related data and internal security related data. Specifically, a security threat level is determined for an entity and the components which comprise the security threat are identified. The components signify areas of focus for generating the entity-specific security-related inquiries. In further embodiments of the invention analytics are implemented to logically analyze the external security-related data and internal security related data and the results of which further refine the generation of the entity-specific security-related inquiries and/or determination of the frequency for invoking the inquiries.

Abstract: A method for end-to-end transmission of a piece of encrypted digital information includes the following steps: selection, on the computer equipment of the transmitter, of a piece of digital information and a digital identifier of the recipient; temporary encryption of the piece of digital information by execution of a local encryption application on the computer equipment with the private key of the sender; decryption of the piece of information on the equipment of the sender and encryption of the piece of information with the public key of the recipient; transmission to the recipient, by the computer equipment, from the sender, of the piece of digital information encrypted with the public key of the sender, optionally by the intermediary of the transactional platform; and decryption by the computer equipment of the recipient of the piece of information with the public key of the sender.

Abstract: Techniques for providing a server-based Wi-Fi Protected Setup (WPS) PIN procedure are described. In an example, a computing device generates a PIN associated with a WPS-PIN procedure. The computing device encrypts the PIN to generate an encrypted PIN based on a public key associated with a server. Further, the computing device sends, to another computing device that is communicatively coupled with the server via an access point, a WPS probe request that includes the encrypted PIN. Based on the WPS probe request, the computing device receives, from at least one of the other computing devices or the server, a credential associated with the access point. The computing devices connects to the access point based on the credential.

Abstract: The present patent application discloses a distributed network system for communications via messaging based on blockchains. Utilizing blockchains for network messaging allows for various security systems to ensure that messages are not intercepted in a man-in-the-middle attack, or other form of hacking. An electronic message formed of a blockchain includes a genesis block containing as data an electronic message and identifying information of a sender terminal that generated the electronic message. The blockchain also includes a plurality of blockchain blocks containing identifying information of devices that transmitted the electronic message through a distributed network. The blockchain also includes a recipient block containing identifying information of a recipient terminal to which the electronic message was sent.

Abstract: Systems and methods may be used for establishing a link between user identifiers of different systems without disclosing specific user identifying information. One method includes generating a matching relationship based on double encrypted one or more first data sets of a first party system and double encrypted one or more second data sets of a second party system. The matching relationship indicates one or more links between match keys associated with the first party system and the match keys associated with the third party system. The method includes assigning bridge identifiers for user identifiers associated with the first party system and the user identifiers associated with the third party system based on the matching relationship.

Abstract: A data storage method comprises receiving, from a first blockchain node associated with a blockchain, a query for encrypted data stored in the blockchain, wherein the encrypted data is shared by a second blockchain node; determining, through one or more smart contracts, whether the first blockchain node has a permission to decrypt the encrypted data; if the first blockchain node has the permission: sending the encrypted data to an encryption device to decrypt the encrypted data and return data obtained from the decryption to the first blockchain node; determining, through the smart contracts, a reward value to be added to an account of the second blockchain node; and sending a node identifier of the second blockchain node and the reward value to blockchain nodes of the blockchain, enabling each of the blockchain nodes to store the node identifier and the reward value in the blockchain.

Abstract: According to an example aspect of the present invention, there is provided an apparatus comprising a memory configured to store an identifier of the apparatus, at least one processing core configured to obtain, from sensor information, a service identifier and a session identifier, compile a message addressed to a service provider associated with the service identifier, the message comprising the identifier of the apparatus and the session identifier, and cause transmission of the message toward the service provider.

Abstract: The invention relates to methods and devices for enabling authentication of a user based on biometric data. In an aspect of the invention, a method performed by a client device of enabling authentication of user of the client device with a network node over a secure communication channel based on biometric data is provided.

Abstract: Provided are a key generation device and an in-vehicle computer which is installed in a vehicle. The key generation device includes a vehicle interface, a key generation unit that generates first and second keys, a cryptographic processing unit that encrypts the first key with an initial key to generate first encrypted data and encrypts the second key with the first key to generate second encrypted data, an expected value calculation unit that calculates an expected value of stored data using the second key, and a verification unit that verifies a received measured value on the basis of the expected value, and the key generation device transmits the first and second encrypted data to the vehicle. The in-vehicle computer includes an interface unit, a cryptographic processing unit that decrypts the received first encrypted data, and decrypts the received second encrypted data, and a measured value calculation unit.

Abstract: A secure password-based single sign-on process enables a user to access a web application without the authorization credentials transmitted over a distributed computing network. A network directory service system utilizes an identity management system, outside of the client device, to execute a sign-on to a web-based resource in a Hyper-V container. The browser cookie from the sign-on process is returned to the client device in a sign-on script that the client-side browser uses to transition to the web portal or home page of the target web-based resource.

Abstract: Embodiments of the present invention provide systems and methods for thwarting attempts at the unauthorized access to the restricted resources within the target server in a multi-node system. Real-time detection of the user ID and thread ID associated with attempts to access the restricted resources within the target server in a multi-node system is achieved by analyzing causality, message queue, and event-driven patterns.

Abstract: Methods and apparatus for code-based asymmetric cryptosystem using Quasi-Cyclic Moderate-Density Parity-Check (QC-MDPC) error correcting codes. Specifically, the method and apparatus generalizes the framework of (QC-MDPC) Code-Based (CB) cryptography from the binary domain (Galois Field of two elements) to an arbitrary size of Galois Field and provides an apparatus for implementing the cryptosystem with a simplified computational complexity of key generation, encryption, and decryption components of the cryptosystems and reduced sizes of the public and private security keys.

Abstract: A device is provided that is used by a user that transmits an authentication request including a parameter for verification to a connected mobile terminal in a case where an operation request is generated, receives, from the mobile terminal, a response including signature data generated according to biometric authentication in the mobile terminal, and executes the operation request in a case where verification of the signature data using a public key received from a service provision system is successful.