Abstract: An example operation may include one or more of receiving a location of an output stored on a data structure of a blockchain, where the location comprises a path of hashes generated by a reduced-step hash instead of a full-step hash of the blockchain, performing an approximate hash verification on the path of hashes based on the reduced-step hash values to verify whether the output is unused, and in response to a determination that the output is unused as a result of the approximate hash verification, approving a use of the output by a client associated with the output.

Abstract: Each of the authentication apparatus and the authentication target device holds the last piece of authentication information subjected to an authentication process. When the authentication target device is reconnected to the authentication apparatus, the authentication apparatus collates the authentication information held in the authentication apparatus with the authentication information read out of the authentication target device. The authentication apparatus determines, based on the collation result, whether or not the authentication target device has been authenticated by a different authentication apparatus.

Abstract: Systems and methods for integrated communication security are described. One aspect includes a clock generator configured to generate a clock signal at a first frequency, and a circuit utilizing the clock signal. The circuit may include a port configured to receive an encryption sequence at the first frequency, and a first unidirectional data path between the port and a memory configured to permit data transfer from the port to the memory. The memory may be configured to access the encryption sequence from the port via the first unidirectional data path and store the data. The circuit may further include a clock divider configured to divide the first frequency by a divisor deriving another clock signal at a second frequency, and an encryption/decryption module configured to read a portion of the encryption sequence from the memory, process input using the portion of the encryption sequence, and generate output responsive to the processing.

Abstract: Methods and systems that allow a user to see the people or groups who have access to files that are maintained by a plurality of cloud content sharing services. In particular, the user may see what specific party has access to each particular file or directory, regardless of multiple cloud content sharing services involved. Moreover, a user interface and exposed application program interface allows the user to manipulate the permissions, e.g., granting access, to another person or group, to a file or directory. The user interface may also allow the user to terminate access to the file or directory for a person or group. The user's action to change a permission may be effected independently of the particular cloud content sharing service.

Abstract: Techniques for container-based cryptography hardware security module (HSM) management in a computer system are described herein. An aspect includes providing a cryptography work daemon container in a computer system, wherein the cryptography work daemon container in the computer system has privileged access to a cryptography HSM of the computer system. Another aspect includes receiving, by the cryptography work daemon container, a request for a cryptography function of the cryptography HSM from an application container in the computer system. Another aspect includes causing, by the cryptography work daemon container, the cryptography HSM to perform the cryptography function based on receiving the request.

Abstract: The present disclosure includes a system for re-establishing a Bluetooth Low Energy (BLE) pairing PIN key to repair a secure connection between a mobile device and vehicle. The system may detect an error state, and provide a prompt to the user to determine if they wanted to intentionally remove their account. Responsive to an affirmative response from the user that the removal of the connection credentials was intentional, the system may send a revoke request to a server associated with the vehicle. Responsive to a user input that indicates that the removal of the credentials was unintentional, the vehicle may fetch an encrypted PIN seed of the BLE pairing PIN from memory or request the PIN seed from the server. The PIN seed re-establishes the secured pairing of the mobile device and the vehicle infotainment system without undergoing a new device setup procedure.

Abstract: Systems and methods for authenticating client devices accessing a wireless communication network through an access point communicatively coupled with an authentication server are provided. The authentication server receives an authentication request, including a first message integrity code (MIC) of a client-specific pre-shared key, from the access point or a wireless local area network (LAN) controller that manages the access point, to establish an encrypted communication channel between a client and the access point. In response to receipt of the authentication request, the authentication server validates the first MIC by receiving various attributes from the access point or the wireless LAN controller and determining a second MIC based on the client-specific pre-shared key of the client known to the authentication server and the received attributes so that the client-specific pre-shared key is validated to be authentic when the first MIC matches with the second MIC.

Abstract: A method and device for verifying a key requester are described. The method may include a security function entity receiving a request message sent by a user management function (UMF) entity. The method may also include decrypting information in the request message by using a private key of the security function entity, and obtaining the information carried in the request message after signature verification on decrypted information using a public key in a certificate of the UMF entity succeeds. Furthermore, the method may include determining to provide a key of a user equipment (UE) for the UMF entity, when determining that a first verification parameter carried in the request message is valid and determining that an identifier which is of the UMF entity and which is carried in the request message is the same as an identifier of a UMF entity to which the UE attaches.

Abstract: A communication system includes housing equipment, a relaying apparatus that communicates with the housing equipment, and a management device that communicates with the relaying apparatus via a communication network. The management device is configured to store user identification information sent from a communication terminal that communicates with the management device via the communication network, and association information associated with identification information of the relaying apparatus sent from the relaying apparatus, and permit first communication via the management device between the communication terminal and the relaying apparatus that have been associated with each other in the association information.

Abstract: A method preventing relay attacks between first and second devices is disclosed. The method includes providing, by a first device, a command message, receiving a request message and providing a response message to a second device. The time period between the receipt of the command message and the transmission of the response message by the first device is compared to another time period between the time when the command message was sent and the response message was received by the second device. If those times substantially match, then the first device can have assurance that a relay attack is not occurring.

Abstract: A device may receive, from a network device, a user equipment (UE) parameter update request notification indicating an update to a UE parameter of a universal subscriber identity module (USIM), and may generate an encrypted UE parameter update request. The device may cause the encrypted UE parameter update request to be provided to the USIM to cause the USIM to update the UE parameter and to generate an encrypted UE parameter update response. The device may receive, from the network device, the encrypted UE parameter update response, and may verify an authenticity of content of the encrypted UE parameter update response based on whether the encrypted UE parameter update response is signed by the USIM. The device may provide, to the network device, a result indicating whether the UE parameter is updated and whether the authenticity of the content of the encrypted UE parameter update response is verified.

Abstract: An apparatus includes a memory to store subscription data for access to a network, the subscription data including at least terms and conditions information for the network; circuitry linked to the memory; and a connection component for execution on the circuitry to identify an access point connected to the network and automatically forward at least a portion of the subscription data to the identified access point in an association message. Other embodiments are disclosed and claimed.

Abstract: A system can include circuitry that processes a URL for information; circuitry that transmits at least a portion of the information via a network interface; circuitry that receives metadata via the network interface responsive to the transmission of at least a portion of the information; circuitry that associates at least a portion of the metadata with a short URL; and circuitry that transmits the short URL. Various other apparatuses, systems, methods, etc., are also disclosed.

Abstract: A computing system can include an interface that receives a URL responsive to activation of an Internet link by a remote device; circuitry that determines a geolocation of the remote device; and circuitry that, based at least in part on the geolocation of the remote device, generates a redirection link.

Abstract: The current invention relates to an encoder for converting a set of data words into a data block having a header section, a checksum section and a payload section; the encoder comprising: a header inserter arranged to insert a header pattern in the data block; a checksum calculator arranged to calculate a checksum of the set of data words; a data word converter arranged to convert the set of data words into a set of obfuscated data words being a result of applying an exclusive or operation between the set of data words and the checksum.

Abstract: Techniques for reduction and acceleration of a deterministic finite automaton (DFA) are disclosed. In some embodiments, a system, process, and/or computer program product for reduction and acceleration of a DFA includes receiving an input value; performing a reduced deterministic finite automaton lookup using a lookup key, wherein the lookup key comprises a current state and the input value; and determining a next state based on the lookup key.

Abstract: Methods, systems, and computer readable media for authenticating to a computer system. In some examples, a method includes receiving a request from a user device for authentication, the request specifying a username. The method includes determining grid information associated with the username by accessing a repository of grid information for usernames, the grid information specifying a color set. The method includes sending the color set to the user device, causing the user device to display a grid of colored tiles, each colored tile having a color specified by the color set. The method includes receiving a sequence of tile selections from the user device, each tile selection specifying a user selection of one of the colored tiles. The method includes granting or rejecting the request for authentication based on the sequence of tile selections and the grid information associated with the username.

Abstract: The invention is a secure logic chip with resistance to hardware Trojan induced data leakage. The invention solves the untrustworthy fabrication risk problem by introducing a secure logic chip design such that even when the design is entirely known to an attacker and a data leakage Trojan is injected subsequently, no useful information can be obtained. This invention contains several features including randomized encoding of binary logic, converting any combinational binary logic into one with randomized encoding, and partitioning a randomized encoded logic for split manufacturing.

Abstract: The invention is a secure logic chip with resistance to hardware Trojan induced data leakage. The invention solves the untrustworthy fabrication risk problem by introducing a secure logic chip design such that even when the design is entirely known to an attacker and a data leakage Trojan is injected subsequently, no useful information can be obtained. This invention contains several features including randomized encoding of binary logic, converting any combinational binary logic into one with randomized encoding, and partitioning a randomized encoded logic for split manufacturing.

Abstract: In accordance with some embodiments, an apparatus for privacy protection includes a housing arranged to hold a personal communication device. The apparatus further includes a remote communication device and a local communication device at least partially supported by the housing, where the remote communication device is operable to provide a remote communication channel between the apparatus and a remote device and the local communication device is operable to provide a local communication channel to the personal communication device. The apparatus additionally includes a security management controller operable to: (a) extract data from communication messages received via the remote communication channel; (b) scan the extracted data in order to identify a first type of extracted data; and (c) send the first type of extracted data to the personal communication device through the local communication channel.