Abstract: Methods are provided for minting and distributing quantities of cryptographically generated data based on the quality of received biological datasets. Computer readable media, computing apparatuses, and systems are also provided.

Abstract: The system and method disclosed performs entity authentication through identification proofing. A relying party such as a corporation or other type of entity having a secure website, computer network and secure facility working a risk engine can determine the authenticity, validation and verification during registration of a user entity. The identification proofing is integrated with a risk engine. The risk engine is capable of using bio-behavior based information which may be continuously monitored.

Abstract: System and method for secure time synchronization in an industrial facility, wherein a synchronization request of a facility component is transmitted to a registration service of a certificate management of the facility and the synchronization request is examined by the registration service, where the synchronization request includes a signature of the requesting facility component, and where depending on an outcome of the examination, a synchronization response is then transmitted to the requesting facility component a system time of the facility component is matched to a system time of the registration service based on the synchronization response.

Abstract: Migration of a pairing of wearable device to a new companion electronic device is disclosed. In one embodiment, pairing migration is performed by syncing and verifying a migration key in the wearable and new companion device. Pairing migration includes moving settings and pairing data of the wearable to the new companion device in response to detecting the wearable is associated with the migration key, wherein the migration key establishes a validation of trust of the wearable relative to the companion device. The settings and pairing data can include configuration and protected data and one or more keys to establish a trust relationship between the wearable and new companion device. The settings and pairing data can also include device data such that the wearable can be discoverable by the new companion device.

Abstract: A relay device includes a communicator configured to transmit and receive a message to and from the communication device, and a processor configures to acquire a public key of a communication device that is a transmission source of the message from the node and authenticates a signature included in the message with the acquired public key, wherein the processor causes, when receiving a communication message including communication data to be transmitted to a second communication device by a first communication device, the processor to perform authentication on the communication message, and the communicator transmits the communication message to the second communication device when the authentication is successful.

Abstract: A given policy file is obtained at a publishing node of a decentralized system of nodes, wherein the given policy file defines a policy that applies to at least a subset of nodes in the decentralized system of nodes. The given policy file is sent to a decentralized storage network for storage therein. Storage metadata is received from the decentralized storage network, wherein the storage metadata represents address information associated with storage of the given policy file in the decentralized storage network. The publishing node generates policy file retrieval metadata based on the storage metadata received from the decentralized storage system. The policy file retrieval metadata is sent to a blockchain network for storage therein. One or more querying nodes of the decentralized system of nodes access the blockchain network to obtain the policy file retrieval metadata in order to then retrieve the policy file from the decentralized storage network.

Abstract: A system includes a control module and a local server. The server is programmed to transmit a command to perform an operation to a plurality of vehicles including a vehicle including the control module. The command including a digital signature that is common across the vehicles. The control module is programmed to receive a temporary value; receive the command; decrypt the digital signature in the command with the temporary value; upon verifying the decrypted digital signature, perform the operation; and upon a metric incrementing to a threshold value, prevent decryption of the digital signature with the temporary value.

Abstract: A communication device includes circuitry configured to acquire a digital certificate including information associated with a first attribute from a first device coupled to any of a plurality of devices sharing a distributed ledger having recorded therein a correspondence between an attribute of user information included in the digital certificate and a definition of the attribute, receive a request for information associated with a second attribute from a second device coupled to any of the plurality of devices, acquire a first definition associated with the first attribute, and a second definition associated with the second attribute, from any of the plurality of devices, and transmit a digital certificate including information associated with the first attribute to the second device together with a message notifying that the first attribute and the second attribute have the same definition, when the first definition and the second definition match.

Abstract: Disclosed herein is a computing device that includes a memory and a processor. The memory store processor executable instructions for an authentication system. The processor is coupled to the memory. The processor executes the authentication system to cause the computing device to generate a credential asset, which includes a unique name. The authentication system, also, fetches tokens for the credential asset using the unique name, calls a notification for each of the tokens, polls for a code of the credential asset, and utilizes the code for an authentication to run a job.

Abstract: A DNS server receives, from a client device, a DNS query for a resource record type at a domain name. The DNS server determines that the resource record type does not exist at the domain name and generates an answer that indicates that the queried resource record type does not exist at the domain name and also indicates that a plurality of other resource record types exist at the domain name regardless of whether those plurality of other resource record types actually exist at the domain name. The DNS server transmits the generated answer to the client device.

Abstract: A system is configured for managing a plurality of files containing sensitive information associated with an organization to be sent to a particular receiver. The system is further configured to determine whether the particular receiver is an internal receiver or an external receiver with respect to the organization. If the particular receiver is an external receiver, a CRC code generated from the personal information and location coordinates of an external server where the plurality of files will be accessed is added to the plurality of files. A security code is also added to the plurality of files to facilitate that they are secured from being exposed and disposed at a retention time set by the organization. The system generates a custom compressed file from the plurality of files, configures it to be decompressed by the personal information of the external receiver, and sends it to the external receiver.

Abstract: Embodiments of the present disclosure relate to methods, systems and computer program products for authorization of resource access. According to the method, a first token is assigned by one or more processing units to authorize a client to access at least one protected resource of a resource owner. The first token depends on an access session with the client. A second token associated with at least one long-term protected resource of the resource owner is assigned by one or more processing units to the client based on the assigning of the first token. The second token is independent from the access session. In response to receiving a request including the second token from the client, the at least one long-term protected resource is provided by one or more processing units to the client. In other embodiments, a further method and corresponding systems and computer program products are disclosed.

Abstract: A method and a system for providing access by an application to data stored in a security data zone of a cloud platform are provided. The method includes determining, in response to a query received from a querying application of the cloud platform, credentials for a security data zone based on determining whether a first access token included in the received query belongs to an application registered at an access manager module of the cloud platform, and whether the user specified in the received query is allowed to use the registered application. The method also includes determining a second access token to the querying application generated based on the determined credentials. The querying application uses a returned second access token to obtain access to data stored in the security data zone to be processed by the querying application.

Abstract: Disclosed herein are methods and systems that can be used by an end-user to verify both the identity of a remote service (4) and the authenticity of a response provided by the remote service (4), even if the first authentication arrangement (2) used to interact with the remote service (4) is compromised. The end-user requests the remote service (4) to provide evidence of its identity, in the form of potentially different authentication materials. The authentication materials are then verified independently on each additional authentication arrangements (6, 7) and used to determine the authenticity of the response from the remote service (4).

Abstract: This disclosure relates to systems and methods for managing access to data through enforcement of one or more associated rules. In various embodiments, a directory may be used to manage and/or otherwise record various relationships between objects, that may include governed objects such as data sets, and associated rules and rule sets. Access requests involving governed objects may be compared with relevant rules to determine whether the requested access should be allowed and what, if any, restrictions should be applied in connection with such access. Various embodiments of the disclosed systems and methods may allow for a data governance model that is flexible, allows for use across multiple complex organizations, and is highly extensible.

Abstract: A mechanism is provided for using triggered stimuli to enhance contextual information regarding detected risk events in a networked system. Embodiments monitor a system to identify risk-associated behavior, and upon detecting such behavior, can provide stimulus to a user associated with the risk-associated behavior to determine additional context behind the behavior, thereby initiating a two-way communication to acquire more information. If user response to the stimulus indicates a high risk associated with the behavior, then the system can trigger security measures to restrict the behavior. Some embodiments provide stimuli that are directly related to the nature of the risk-associated behavior, in order to better contextualize the behavior. In some embodiments, the stimuli are only applied if the risk-associated behavior presents a measure of risk above a predetermined threshold.

Abstract: Systems and methods for securely sharing and authenticating a last secret. A method includes generating a first key and a last secret. The method includes splitting the last secret into first second splits; signing the splits using a dealer signing key to attach a dealer signature to each of the splits; encrypting the first split using a first key of a first share-holder and encrypting the second split using a first key of a second share-holder; decrypting the first split using the first key of the first share-holder and encrypting the first split using a second key of the first share-holder; decrypting the second split using the first key of the second share-holder and encrypting the second split using a second key of the second share-holder. Encrypting maintains confidentiality of the last secret. The dealer signature can be verified to determine integrity and authenticity of the last secret.

Abstract: A cryptographic acceleration card generates, using an attribute unique to a blockchain integrated station that comprises the cryptographic acceleration card, an identity private key for the blockchain integrated station. The cryptographic acceleration card generates a private key ciphertext by encrypting the identity private key. The cryptographic acceleration card stores the private key ciphertext.

Abstract: Methods, system, and apparatus, including computer programs encoded on computer storage media for data processing are provided. One of the methods includes: establishing a logic contract of a blockchain and one or more data contracts corresponding to the logic contract; deploying the logic contract and the one or more data contracts in the blockchain; storing data of a target block in the blockchain into the one or more data contracts; computing a hash value of each of the one or more data contracts; and determining a hash value of the target block in the blockchain based on the hash value of each of the one or more data contracts.

Abstract: A method for securely connecting a watch to a remote server of a service provider including the following steps: authenticating the wearer of the watch authorizing access to use the functions of this watch, and selecting one of the functions from an input interface of the watch aiming at establishing a connection between the watch and the remote server; identifying the wearer of the watch from at least one biometric information element included in a portion of this wearer's skin; transmitting to the remote server an authentication element relating to the selected function once the wearer is identified, and carrying out an authentication of the wearer by the remote server from the authentication element in order to authorize an exchange of data between the watch and this remote server.