Abstract: A system and method for sharing a digital key for a vehicle. The system includes a first digital key device having a digital key stored thereon, a second digital key device, and a vehicle server. The first digital key device sends a request to the vehicle server for a key sharing session. The vehicle server commences a key sharing session in response to the request. The first digital key device shares the digital key to a second digital key device. The vehicle server ends the key sharing session.

Abstract: The disclosure relates to a computed-implemented method, a computer program, and a computer system for selectively verifying personal data. The method comprises receiving, by an identity application of a client device, personal data of a user. The method further comprises computing, via a cryptographic hash function, one or more cryptographic hashes from elements of the personal data. The method further comprises storing the cryptographic hashes, an internal identifier and a timestamp as an entry in a distributed database. The internal identifier is unique within the distributed database. The method further comprises receiving a user request from the user. The method further comprises selecting one or more of the elements of personal data for verification. The method further comprises requesting verification of the selected elements of personal data. The method further comprises determining an authorization indication in response to the verification request.

Abstract: Disclosed is a device and method to secure software update information for authorized entities. In one embodiment, a device for receiving secured software update information from a server, the device includes: a physical unclonable function (PUF) information generator, comprising a PUF cell array, configured to generate PUF information, wherein the PUF information comprises at least one PUF response output, wherein the at least one PUF response output is used to encrypt the software update information on the server so as to generate encrypted software update information; a first encrypter, configured to encrypt the PUF information from the PUF information generator using one of at least one public key from the server so as to generate encrypted PUF information; and a second encrypter, configured to decrypt the encrypted software update information using one of the at least one PUF response output so as to obtain the software update information.

Abstract: A vehicle authentication apparatus includes first and second communication devices, first and second area determination devices, and a control execution device. The first communication device specifies a first area as a communication area. The second communication device specifies a second area as the communication area. The first area determination device determines whether the mobile devices are present at the first area based on a communication status of the first communication device with the mobile devices. The second area determination device determines whether at least one of mobile devices is present at the second area based on a communication status of the second communication device with the mobile devices. The control execution device executes predetermined vehicle control in response to determining no mobile devices being present at the first area; and determining at least one of the mobile devices being present at the second area.

Abstract: A device is suggested for processing input data including a hardware accelerator generating a first hash value based on a first portion of the input data and a second hash value based on a second portion of the input data, wherein the first hash value is generated based on a first configuration of the hardware accelerator and wherein the second hash value is generated based on a second configuration of the hardware accelerator. Also, a method for operating such device is provided.

Abstract: One or more embodiments of techniques or systems for session management, security scoring, and friction management are provided herein. Sessions may be monitored for commonalities or other attributes or aspects and closed, terminated, or a freeze placed on additional sessions from being initiated. A security score may be provided which is indicative of how secure a user is with respect to one or more ways the user interacts with a resource. One or more suggested actions or score improvement strategies may be suggested to facilitate improvement of a security score for a user. Friction management may be provided by having one or more additional layers of security applied to an account of a user or an entity based on suspicious behavior or other factors.

Abstract: This document describes techniques for rotating keys used to tokenize data stored in a streaming data store where data is stored for a maximum time [W]. In some embodiments, a data layer of such a data store can encrypt arriving original data values twice. The original data value is first encrypted with a first key, producing a first token. The original data value is encrypted with a second key, producing a second token. Each encrypted token can be stored separately in the data store. A field may be associated with two database columns, one holding the value encrypted with the first key and the second holding the value encrypted with the second key. Keys are rotated after time [K], which is at least equal to and preferably longer than [W]. Rotation can involve discarding the older key and generating a new key so that two keys are still used.

Abstract: The present disclosure relates to technology that performs encrypted communication via a network or a bus, and a communication method using a security key between nodes connected via a network or a bus includes setting a critical cluster among multiple nodes, selecting a primary message shared between the set critical clusters, and encrypting a message using a key generated to be valid for a preset period to enable communication between the critical clusters, wherein each of the critical clusters stores the primary message for the preset period according to a same key generation scheme to generate a block, and generates and possesses a new key based on the generated block and a currently used key, so that information about a previous message and a previous key is sequentially accumulated in the new key.

Abstract: A detection device which is suitable for receiving a service within a network assembly is provided, having the following: means for providing cryptographic security at or above the transport level of the communication protocol levels which can be used in the network assembly for at least one first existing communication connection between the detection device and a network access device which is arranged in the network assembly and which can be used to monitor data detected by the detection device and/or control an additional device within the network assembly using the data detected by the detection device, means for generating and/or determining network access configuration data for at least one additional second communication connection, which is to be cryptographically secured below the transport level, between the detection device and the network access device, means for providing the generated and/or determined network access configuration data to the network access device.

Abstract: A method of controlling and coordinating of processing steps in a distributed system is disclosed. The method may be implemented by a node in a cyclically-ordered set of nodes participating in a blockchain network. The method includes receiving, from an immediately subsequent node, values corresponding to combinations of possible outcomes of processing steps associated with nodes from that node through to a node immediately preceding a supervisor node. The values are based on public keys associated with the nodes corresponding to possible outputs and the supervisor's public key. State values are generated based on the values and public keys corresponding to the possible outcomes further to a processing step of the node and are shared with the supervisor and an immediately previous node. A blockchain transaction is prepared to transmit control of a resource from the node to the immediately subsequent node upon supply of one of a set of unlocking values corresponding to the received values.

Abstract: A system and method for integrating FIDO authentication systems and user verification systems. The system is provided in one configuration as a mobile app that allows access to highly sensitive information via a mobile device while simultaneously ensuring a highly secured environment authenticating both the mobile device and the user via a highly reliable authentication process.

Abstract: Systems and processes are described for establishing and using a secure channel. A shared secret may be used for authentication of session initiation messages as well as for generation of a private/public key pair for the session. A number of ways of agreeing on the shared secret are described and include pre-sharing the keys, reliance on a key management system, or via a token mechanism that uses a third entity such as a hub to manage authentication, for example. In some instances, the third party may also perform endpoint selection (e.g., load balancing) by providing a particular endpoint along with the token.

Abstract: An intention detection mechanism detects a target user accessing an operational context and accesses sensor data collected by a plurality of sensors encoding signals describing one or more characteristics of the target user and surroundings of the target user. The intention detection mechanism converts the accessed sensor data into a multi-channel sensor data time series, where each channel represents a characteristic of the target user. The intention detection mechanism compares the sensor data time series to a multi-channel intentionality template to determine whether the sensor data time series contains the multi-channel intentionality template. The multi-channel intentionality template describes characteristics indicative of an intent of a target user accessing the operational context. If the sensor data time series contains the multi-channel intentionality template, the intention detection mechanism communicates a signal confirming that the target user intended to access to the operational context.

Abstract: Structured access to volunteered private data disclosed. Access can be based on security and privacy constraint information (SPCI) that can be selected by the party volunteering the private data. The volunteered data can be stored in a protected portion of a public network. The SPCI can be correlated to the volunteered data. In response to receiving a request for access to the volunteered data, an attribute of the request can be determined to satisfy one or more rules related to the SPCI prior to facilitating access to a version of a portion of the volunteered data. The version of the portion of the volunteered data can be a redaction of the portion of the volunteered data. The version of the portion of the volunteered data can be aggregated with other portions of other volunteered data determined to satisfy corresponding SPCI related rules.

Abstract: Methods and systems for fictitious account generation on detection of account takeover conditions are described. A login attempt may be detected and determined to indicate fraud, such as when the login attempt is accompanied by many failed login attempts or is from an untrusted or known malicious endpoint. A fictitious account may be generated, which may include falsified account data and may limit account functionality to prevent unauthorized and fraudulent use of the account. The computing device that performs the login attempt may be routed and permitted to log in to the fictitious account, where the service provider or another computing entity may then monitor activity and usage of the fictitious account by the potentially malicious party. The fictitious account may be maintained so that other actors using the account may access the account and their activity also monitored.

Abstract: Embodiments provide methods, and systems for cryptographic keys exchange where the method can include receiving, by a server system, a client public key being part of a client asymmetric key pair from a client device; sending, by the server system, a server public key being part of a server asymmetric key pair to the client device; generating, by the server system, a random value master key and sending the random value master key encrypted using the client public key to the client device; and generating, by the server system, an initial unique session key and sending the initial unique session key encrypted under the random value master key to the client device. A unique session key from the set of the unique session keys is used by the client device to encrypt a session data for transmission to the server system per session.

Abstract: An example apparatus includes a scan manager to add a portion of a page of physical memory from a first sequence of mappings to a second sequence of mappings in response to determining the second sequence includes an address corresponding to the portion of the page of physical memory, and a scanner to scan the first sequence and the second sequence to determine whether at least one of first data in the first sequence or second data in the second sequence includes a pattern indicative of malware.

Abstract: This document describes techniques for rotating keys used to tokenize data stored in a streaming data store where data is stored for a maximum time [W]. In some embodiments, a data layer of such a data store can encrypt arriving original data values twice. The original data value is first encrypted with a first key, producing a first token. The original data value is encrypted with a second key, producing a second token. Each encrypted token can be stored separately in the data store. A field may be associated with two database columns, one holding the value encrypted with the first key and the second holding the value encrypted with the second key. Keys are rotated after time [K], which is at least equal to and preferably longer than [W]. Rotation can involve discarding the older key and generating a new key so that two keys are still used.

Abstract: Systems and methods for authentication may include a first device having an association with a first account, including a memory containing one or more applets, a counter value, and transmission data, a communication interface, and one or more processors in communication with the memory and communication interface. The first device may create a cryptogram based on the counter value, wherein the cryptogram includes the counter value and the transmission data. The first device may transmit, after entry of the communication interface into a communication field, the cryptogram, and update, after transmission of the cryptogram, the counter value. The first device may receive, via the communication interface, one or more encrypted keys and one or more parameters. The first device may decrypt the one or more encrypted keys and, after decryption of the one or more encrypted keys, switch an association from the first account to a second account.

Abstract: A distributed ledger and transaction computing network fabric over which large numbers of transactions are processed concurrently in a scalable, reliable, secure and efficient manner. The computing network fabric or “core” is configured to support a distributed blockchain network that organizes data in a manner that allows communication, processing and storage of blocks of the chain to be performed concurrently, with little synchronization, at very high performance and low latency, even when the transactions themselves originate from distant sources. This data organization relies on segmenting a transaction space within autonomous but cooperating computing nodes that are configured as a processing mesh. The nodes operate on blocks independently from one another while still maintaining a consistent and logically-complete view of the blockchain as a whole. Safe and performant transaction processing is provided using an optimistic concurrently control that includes a collision detection and undo mechanism.