Abstract: Embodiments include a method for providing tokens which includes: receiving from a user system an encrypted data packet including user credentials and a request for an authentication token to access protected resources; extracting the user's security information; transmitting a data packet to a security and access management system, where the data packet includes the user's security information and a request for user validation; receiving, from the security and access management system, user validation and additional data; generating a thin token and a fat token; storing the thin token in association with the fat token; transmitting the thin token to the user system; receiving, from the user system, a request to access protected resources from a protected resource system, the request including the thin token; validating the received thin token; accessing the fat token associated with the thin token; and transmitting the fat token to the protected resource system.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for decentralized-identifier creation. One of the methods includes: receiving a request for obtaining a decentralized identifier (DID), wherein the request comprises an account identifier; obtaining, in response to receiving the request, a public key of a cryptographic key pair; obtaining the DID based on the public key; and storing a mapping relationship between the account identifier and the obtained DID.

Abstract: Methods, systems, and devices are described herein for delivering protected data to a nested trusted execution environment (TrEE), including a trustlet running on top of secure kernel, associated with a potentially untrusted requestor. In one aspect, a targeting protocol head, or other intermediary between a requestor and a key management system or other store of protected data, may receive a request for protected data from a potentially untrusted requestor, and an attestation statement of the secure kernel. The targeting protocol head may encrypt a transfer encryption key with a second encryption key derived from the attestation statement. The targeting protocol head may retrieve the protected data, and encrypt the protected data with the transfer encryption key and an authentication tag, which binds the requestor with the trustlet ID. The targeting protocol head may provide the encrypted transfer encryption key, the encrypted protected data, and encrypted authentication tag to the requestor.

Abstract: The invention relates to a method for generating a cryptographic key for applying an access control method to a resource of a server (20) by a client-terminal (10), the method comprising the following steps: (E1) receiving a test biometric datum (DBtest), (E2) applying a decoding method to the test biometric datum (DBtest) and of a reference datum (Dref) for obtaining a cryptographic key (K?) such that: if the test biometric datum (DBtest) corresponds to the reference biometric datum (DBref), the cryptographic key generated (K?) is the legitimate cryptographic authentication key (Kl), otherwise, the generated cryptographic key (K?) is an illegitimate cryptographic authentication key (Ki) not allowing authentication of the client-terminal (10) at the server (20) during an access control, and (E3) using the generated key for applying an access control method (F3) to a resource of the server (20) by the client-terminal (10).

Abstract: This disclosure relates to secret sharing data exchange for generating a data processing model. In some aspects, first data party device determines respective values of first coefficients based on a first share of service data. The first coefficients are corresponding coefficients of respective target variables in different terms of a polynomial expression and the target variables are variables that are in the polynomial expression and associated with the first share of the service data. A second data party device determines respective values of second coefficients based on a second share of the service data. The second coefficients include coefficients other than the first coefficients in the different terms of the polynomial expression. The first data party device secretly shares respective values of the different terms in the polynomial expression in parallel based on the respective values of the first coefficients.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for decentralized-identifier creation. One of the methods includes: receiving a request for obtaining a decentralized identifier (DID), wherein the request comprises an account identifier; obtaining, in response to receiving the request, a public key of a cryptographic key pair; obtaining the DID based on the public key; and storing a mapping relationship between the account identifier and the obtained DID.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for training a multi-party secure logistic regression model (SLRM). One of the methods includes receiving, at a plurality of secure computation nodes (SCNs), a plurality of random numbers from a random number provider; encrypting, at each SCN, data stored at the SCN using the received random numbers; iteratively updating a secure logistic regression model (SLRM) by using the encrypted data from each SCN; and after iteratively updating the SLRM, outputting a result of the SLRM, wherein the result is configured to enable a service to be performed by each SCN.

Abstract: According to an embodiment, an information processing apparatus includes one or more processors. One or more processors acquire first distinctive information of a first piece of software to be executed. When a whitelist that specifies distinctive information of pieces of software that are permitted to be executed records the distinctive information indicating the first distinctive information, one or more processors distinctively identify, as second distinctive information, the distinctive information of a second piece of software that represents another piece of software relating to the first piece of software in the whitelist.

Abstract: The present invention relates to a method for managing a document on the basis of a blockchain by using an unspent transaction output (UTXO)-based protocol, and a server using the same. Specifically, the purpose of the present invention is to manage a document, and the present invention relates to: a method for preparing a document, that is, a method for issuing a document; a method for using the prepared document, that is, a method for reading the prepared document; and a method for handling the prepared document, particularly, a method for destroying the prepared document.

Abstract: Facilitation of out-of-band pseudonym provisioning for a subscriber of a device is provided herein. In one embodiment, a method comprises: receiving, by a device comprising a processor, one way authentication data from a secure server; transmitting, by the device, to the secure server, via a secure communication channel, an identifier for a subscriber of the device, wherein the transmitting is performed based on the receiving the one way authentication data from the secure server; and receiving, by the device from the secure server, a pseudonym, wherein the pseudonym enables access by the device to an authentication device at a first time.

Abstract: Systems, methods, and devices of the various embodiments provide for header extension preservation, security, authentication, and/or protocol translation for Multipath Real-Time Transport Protocol (MPRTP). Various embodiments include methods that may be implemented in a processor of a computing device for MPRTP transmission of Real-Time Transport Protocol (RTP) packets. Various embodiments may include receiving an RTP packet in which the received RTP packet may be part of an RTP stream that may be protected using secure RTP (SRTP), and applying an authentication signature to the RTP packet to authenticate an MPRTP header extension separate from a body of the RTP packet. Various embodiments may include sending and/or receiving MPRTP subflows of an MPRTP session in which a same security context may be applied across all MPRTP subflows of the MPRTP session.

Abstract: In accordance with an aspect of the present disclosure, a method for encrypting/hiding or decrypting/unhiding a target object on a device is provided. The method comprises binding with a binding module; detecting an operation instruction for the target object; analyzing the detected operation instruction; outputting information to be confirmed for encrypting or hiding the target object if the detected operation instruction for the target object is a preset encryption instruction or a preset hiding instruction; and encrypting or hiding the target object after receiving a confirmation input.

Abstract: This document discloses a solution for enabling biometric authentication of a station. According to an aspect, the solution comprises transmitting, from the station, a trigger to include biometric data of a user of the station in authentication; a logic at a network node to handle the trigger and cause execution of an authentication procedure that employs the biometric data when performing said authentication procedure in a wireless access network; and indicating a result of the authentication to the station.

Abstract: A management device includes a counter that counts the first number of times authentication of a first communication device has been successful, a generating unit that generates a first password based on the first number of times, and a sending unit that sends a registration request that requests registration of the first password. The first communication device includes a counter that counts the second number of times authentication of the first communication device has been successful, a generating unit that generates a second password based on the second number of times, and a sending unit that sends a connection request that includes the second password. A second communication device includes a receiving unit that receives the registration request and the connection request and a determination unit that compares the first password with the second password and determines whether authentication of the first communication device is successful.

Abstract: Improved pseudonym certificate management is provided for connected vehicle authentication and other applications. Temporary revocation of a certificate is enabled. With respect to Security Credential Management Systems (SCMS), linkage authorities can be eliminated without compromising the system security. Other embodiments are also provided.

Abstract: A dynamic blockchain system includes: at least one complete asset node server, including a complete asset manager and a complete asset storage; a plurality of hash asset node servers, each including a hash asset manager and an asset blockchain and; a dynamic blockchain management server, including a blockchain manager, a representation calculation function, and an asset map with a plurality of map records; and a blockchain management device; such that the dynamic blockchain management server validates a digital asset by lookup in the at least one complete asset node server and by verification of the digital asset by a random sampling in a statistically representative number of hash asset node servers in the plurality of hash asset node servers.

Abstract: Embodiments for controlling a remote sensing device by one or more processors are described. Facial information associated with a plurality of organisms is received. A remote sensing direction for a remote sensing device is selected based on the received facial information. A signal representative of the remote sensing direction is generated.

Abstract: Hardware acceleration supports complex software processes. In particular, a hardware security module provides encryption support for transaction chains. In one implementation, the security module circuitry provides high-speed security features and acceleration of the security features for blockchain processing.

Abstract: A CPU package includes an encryption and decryption module disposed in a communication path between an instruction path of a processor core and a data register that is externally accessible through a debug port, and a key store accessible to the module. The module is configured to encrypt and store data in the data register for each of a plurality of processes being handled in the instruction path, wherein data owned by each process is encrypted and decrypted by the module using an encryption key assigned to the process. The key store is configured to store the encryption key assigned to each of a plurality of processes, wherein the key store is inaccessible outside the CPU package. The data is only decrypted for a requesting process having a process identifier that matches the process identifier stored in the processor data structure along with the requested data.

Abstract: In general, aspects of the disclosure are directed towards techniques for initiating an authorization flow with a user to enable a user interface-limited client computing device to obtain access to protected resources hosted by a resource service. In some aspects, a computing device comprises at least one processor. The computing device also comprises a short-range wireless communication module operable by the at least one processor to receive, using short-range wireless communication, an authentication request from a client device. The computing device also comprises an authorization module operable by the at least one processor to receive authorization to provide at least one security credential to the client device, wherein the authorization module is further configured to, responsive to receiving the authorization, send an indication of the authorization to an authentication service.