Abstract: Technology is disclosed herein for source-based authentication for a license of a license data structure. In at least one implementation, program instructions stored on one or more computer readable storage media, when executed by a processing system, direct the processing system to at least, responsive to a launch of an application, obtain a license file for the application, the license file comprising a user license. The processing system is further directed to determine authentication of the user license based on a source of the license file and, if the user license is authenticated, enable features of the application based on the user license and initiate presentation of the application in accordance with the enabled features.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for retrieving data from external data sources for processing within a blockchain network. One of the methods includes receiving a request for data that includes encrypted data, the encrypted data including access data that is encrypted using a service public key of a key management node; selecting a relay system node from a plurality of relay system nodes that share a service private key of the key management node; transmitting the request to the relay system node; receiving a response provided from the relay system node, the response including result data and a digital signature, wherein the digital signature is generated based on the result data and the service private key of the key management node; and transmitting the response to a client.

Abstract: The present disclosure provides a system for detecting and preventing the intrusion of malicious data flows in a software defined network (SDN). The system comprises at least one data storage or memory, configured to store flow states of data flows, and to share and update the flow states across the system, at least one shared-state forwarding element (FE) configured to block, forward, or replicate a received data flow based on a flow state of the data flow and/or a comparison of the data flow with predetermined patterns, and at least one inspection element (IE), configured to receive a replicated data flow, and to classify, whether the data flow is malicious or allowed. The IE is configured to alter the flow state of the data flow according to a classification result. The present disclosure provides a corresponding method for detecting and preventing intrusion of malicious data flows in a SDN.

Abstract: According to an aspect, a method performed by a first controller for providing security for multiple second controllers in an in-vehicle network, includes transmitting an inherent information request to a suspicious controller of the second controllers for inherent information of the suspicious controller, the inherent information request including a certificate assigned to the first controller, and receiving an encrypted inherent information of the suspicious controller from the suspicious controller, the encrypted inherent information having been encrypted with a public key associated with the certificate, and using a private key associated with the certificate for obtaining decrypted inherent information from the encrypted inherent information, and comparing the decrypted inherent information with pre-stored inherent information, and determining the suspicious controller to be an anomalous controller when the decrypted inherent information is different from the pre-stored inherent information.

Abstract: A system and method to filter potentially unwanted traffic from trackers, third-party cookies, malicious websites or other sources and present the aggregated results of said filtering to the VPN user. One of the embodiments enables a VPN user to opt-in or opt-out from the filtering activities while being able to access the aggregated information about filtering. In another embodiment, the user can choose to customize the filtering parameters to add or remove specific targets from the filtering policies.

Abstract: Examples associated with presence identification are described. One example includes detecting a presence identifier broadcast by a mobile device. The mobile device belongs to a user. A portion of the presence identifier is generated based on a one-time password seed. The portion of the presence identifier is provided to an identification server. Identifying information associated with the user is received from the identification server. The identification server uses the portion to identify the user based on the one-time password seed. An action is performed based on the identifying information.

Abstract: Examples of the present disclosure describe systems and methods for behavioral threat detection definition compilation. In an example, one or more sets of rule instructions may be packaged for distribution and/or use by a behavioral threat detection engine. As an example, a set of rule instructions is compiled into an intermediate language and assembled in to a compiled behavior rule binary. Event linking is performed, wherein other rules launched by the rule and/or events that launch the rule or are processed by the rule are identified, and such information may be stored accordingly. The behavior rule binary may be packaged with other rules associated with identifying a specific behavior. The packaged behavior rule is distributed to one or more computing devices for use with a behavioral threat detection engine. For example, the threat detection engine may execute the behavior rule using a rule virtual machine.

Abstract: Identifying and protecting against malicious apps installed on client devices. In some embodiments, a method may include (a) identifying client devices, (b) identifying apps installed on the client devices, (c) assigning each of the apps known to be a malicious app with a highest app suspicion score, (d) assigning each of the other apps as an unknown app with a lowest app suspicion score, (e) assigning each of the client devices with a device suspicion score, (f) assigning each of the unknown apps with an updated app suspicion score, (g) repeating (e), and repeating (f) with a normalization, until the device suspicion scores and the app suspicion scores converge within a convergence threshold, (h) identifying one of the unknown apps as a malicious app, and (i) protecting against the malicious app by directing performance of a remedial action to protect the client device from the malicious app.

Abstract: Authentication processing is provided which includes generating an authentication parameter as a function of a time-dependent input using a predetermined transformation having an inverse transformation. Multiple authentication modes are supported, with a bit-length of the time-dependent input of one authentication mode being different from a bit-length of the time-dependent input of another authentication mode. Generating the authentication parameter is dependent, in part, on whether the time-dependent input is of the one authentication mode or the other authentication mode. A time-dependent password including a character string is generated from the authentication parameter using another predetermined transformation having another inverse transformation. The time-dependent password is forwarded within the authentication system for authentication by an authenticator.

Abstract: An information processing device includes: a non-volatile storage; a communication interface; a processor; and a memory. The non-volatile storage is configured to store a private key. The memory stores computer-readable instructions therein. The computer-readable instructions, when executed by the processor, cause the information processing device to perform: acquiring the private key from the non-volatile storage; acquiring a certificate from a specific external device via the communication interface, the certificate including a public key corresponding to the private key, and the specific external device being different from the information processing device; converting specific data using the private key to generate converted specific data, the converting including one of encrypting the specific data and decrypting the specific data encrypted using the public key; and outputting the certificate.

Abstract: Embodiments are directed to methods, apparatuses, computer readable media and systems for authenticating a user on a user device across multiple mobile applications. The identity of the user is validated by encoding and subsequently validating cryptographically encrypted data in a shared data store accessible by the mobile applications tied to the same entity. Specifically, the application leverages the authentication process of a trusted mobile application (e.g. a banking mobile application) to authenticate the same user on a untrusted mobile application (e.g. a merchant mobile application).

Abstract: Systems and methods for generating and validating certified electronic credentials are disclosed. A certified electronic credential may comprise a computer-readable file representative of a credential bestowed upon a recipient, in which the file is protected with one or more document integrity and document usage security feature. A publisher may receive a certified electronic credential order from a credentialer and prepare a plurality of certified electronic credentials. The publisher may associate each credential with authentication information and a credential record, and retain a database of associated authentication information and credential records. The publisher may provide validation services, receiving a validation request through a credentialer's validation portal, and provide a response through the credentialer's portal indicative of the validity, additional information about the credential, and even an audit trail.

Abstract: A method for accessing content of encrypted data item(s) by a terminal device operating in a digital environment, according to which before the data item is being accessed by the terminal device, it is modified after being intercepted if found to be encrypted. The wrapper of the data item is modified or replaced by embedding a URL with a unique identifier and a message into the wrapper of the data item. If a supported terminal device attempts to accesses the modified data item, the client application natively consumes the data from the modified data item and ignores its wrapper. If not, the message and the URL are displayed on the terminal device and the user browses the URL. Then after authentication, a web server locates the modified data item using the unique identifier, retrieves and decrypts the modified item and converts the decrypted modified data item to a format that can be consumed by the browser.

Abstract: This disclosure relates to blockchain-based transaction verification. Some aspects include receiving, by a blockchain system, transaction data to be verified. The transaction data includes plaintext transaction information and at least one piece of verifier signature data. The plaintext transaction information includes a designated-verifier information set that identifies verifiers that have been designated to verify the plaintext transaction information and that includes, for each of one or more verifiers, a piece of designated-verifier information. Each piece of signature data includes a digital signature generated by one of the verifiers. The blockchain system obtains an authenticated information set by verifying each digital signature. The authenticated information set includes the piece of designated-verifier information for each verifier for which the digital signature is successfully verified.

Abstract: A system and method of enabling software features on medical devices uses a local server disposed at a medical facility and a license server remote from the local server. The method includes generating a software enabling indicator at the license server, the software enabling indicator comprising a numerical code representing a number of licenses to be allocated for a software feature. The method includes providing a digitally signed electronic document based on the software enabling indicator, transmitting the electronic document from the license server to the local server, and authenticating the license server at the local server using the electronic document. The method includes generating at the local server a plurality of second digital certificates based on the software enabling code, transmitting the second digital certificates to each of the medical devices, and enabling a software feature on the medical devices based on the second digital certificates.

Abstract: The disclosed embodiments can be used to manage access to a plurality of secure records, thus rendering access to the secure records more efficient and secure. In accordance with certain disclosed embodiments, the secure records access management system may be configured to grant and revoke access to secure records upon the occurrence of certain events. In some disclosed embodiments, a secure record may comprise a third-party mention to indicate to the system that a third party should be granted access to the secure record. After detecting such a third-party mention, the system may grant the third party temporary access to information in the secure record, where such temporary access comprises the same access permissions as other users having access to the same secure record. The system may revoke the third party's access to the secure record.

Abstract: An information processing system includes a data output apparatus and an information processing apparatus. The data output apparatus includes processors and memories to store instructions which cause the processors to receive a first authentication information, request authentication based on the first authentication information, and transmit the first authentication information authenticated in response to the authentication request and a transmission request of information indicating storage locations to store data output from the data output apparatus.

Abstract: Systems as described herein may include authorizing the sharing of data and sharing data between a variety of systems. A request to share data may be provided to a first system. The system may create sharing session data on a distributed ledger accessible by a number of systems. Sharing session data may be stored using a transaction stored on a distributed ledger. A second system may obtain the sharing session account and verify the sharing session. On verification of the sharing session, a variety of data may be shared between the systems identified in the sharing session data. The sharing session data may be established between two or more systems. The distributed ledger may be maintained by the systems themselves and/or a distributed network system. In a variety of embodiments, encrypted data may be stored and/or obtained using the distributed ledger.

Abstract: Disclosed is a cryptographic key management system implemented in access and tamper resistant circuitry. The circuitry includes processing circuitry to perform cryptographic processing based cryptographic keys. Cryptographic key registers include key portions and attribute portions. An interface receives commands from exposed circuitry that controls the processing circuitry to perform cryptographic processing based on the keys and associated attributes. The attributes indicate what operations may be performed on, or using, the associated keys. of the associated keys. The attributes indicate intended uses of the keys.

Abstract: Playlists comprising media objects can be modified by adding personalized supplemental media objects that can provide a customized entertainment experience. As an example, an application can overlay a playlist on a consumer's device and can call a user-configurable rules engine that can select a supplemental media object (e.g., a pre-recorded and/or dynamically synthesized media file) that is to be played with the media objects. In one example, the supplemental media object can be associated with a user-selected voice personality and can be streamed from a network storage device via a communication network coupled to the consumer device.