Abstract: A method including: receiving, from an application executing on a computing device and by an authentication process executing on the computing device, data representative of user credentials corresponding to the application, the authentication process being isolated from the application; packaging, by the authentication process, the data representative of user credentials with a device identification assigned to the computing device and an indication that the user credentials correspond to the application, the device identification being hidden from the application; outputting for transmission, by the authentication process and to an authentication server, an authentication request containing the packaged user credentials and device identification; receiving, by the authentication process and from the authentication server, an indication of authentication of the user credentials; and forwarding the received indication from the authentication process to the application.

Abstract: A method includes: receiving selection of a document; correlating sequences of words, in the document, with a set of language signals; generating a set of document tags representing the set of language signals; and retrieving a first data access policy: associated with a particular document tag in the set of document tags; and including a set of identities permitted to access a document associated with the particular document tag; receiving selection of a recipient account of the document; and in response to detecting the set of identities excluding the recipient account, restricting access to the document by the recipient account.

Abstract: A computer-implemented method for data segmentation to improve security is described. The method includes receiving a request, from a client device of a user, for authentication information; parsing the request; based on the parsing, determining an authentication score that represents a likelihood that the request is from an authenticated device; determining, from the authentication score, a number of segments into which the requested authentication information is divided; and for each of the segments, assigning one or more portions of the authentication information to that segment, in which each segment is associated with one or more times at which to transmit information assigned to that segment, and at one or more times specified by that segment, transmitting one or more portions of the authentication information assigned to that segment to the client device.

Abstract: A method and system for securely verifying security compliance of a device on a network by generating a hash value for configuration data of the device, sending this value to a compliance service agent, comparing the hash value with hash value of default configuration data of the device, and reporting security non-compliance of the device when the generated hash value is same as the default hash values.

Abstract: An object is to provide an information providing system and an information providing method in which an information providing device can provide information personalized for a user without an input of identification information of the user into the information providing device. A server device receives, from a terminal device that has acquired device identification information identifying the information providing device, the device identification information and user identification information identifying a user. The server device transmits information for the user identified by the user identification information to the information providing device identified by the device identification information. The information providing device receives the information for the user. The information providing device provides information based on the information for the user.

Abstract: An access management system (AMS) is disclosed that includes SSO capabilities for providing users secure access to protected resources within an enterprise using encryption keys generated by a client application. The AMS receives a request from a client application for a user to access a protected resource. In certain examples, the request comprises a client application identifier, a session identifier and a client public encryption key. The AMS determines if the session identifier points to a valid session and upon determining that the session identifier corresponds to a valid session, transmits information associated with the valid session to the client application. In certain examples, the information associated with the valid session is encrypted using the client public encryption key. Based on information associated with the valid session received from the client application, the AMS determines whether to grant or deny a user access to a protected resource within the enterprise.

Abstract: Techniques for improving a natural language processing (NLP) system by providing controlled access to event data to third party systems. For example, the system may control access to event data in a secured way that allows for expanded functionality such as at home games using existing sensors/devices. The system may generate event data using sensor data received from the devices and may enable a customer to configure which devices/sensors a third party system is allowed to access. In addition, the system may only send event data after receiving permission from the customer, such as upon receiving a command to begin a game. The third party system may use the event data to provide additional functionality to the customer during a period of time, which ends at the conclusion of the game, a command from the user to end the game, and/or after a timeout even occurs.

Abstract: The present disclosure relates to implementations of physically unclonable functions (PUFs) for cryptographic and authentication purposes. Specifically, the disclosure describes implementations of systems using PUFs that may replace existing public key infrastructures (PKIs).

Abstract: A protection system and a protection method for software and firmware or information capable of encrypting and adding software and firmware or information to an electronic component, so that the software and firmware or the information is protected during the process of adding to the electronic component at a manufacturing end. Even if the encrypted software and firmware or information is obtained, the original content thereof cannot be acquired. When the electronic component is activated and used, the software and firmware or the information stored therein is then decrypted. In this way, the software and firmware or the information in the electronic component can be protected from being stolen, and the cost of the electronic component can be reduced and is easy to promote.

Abstract: A system for communicating with multiple vehicles or other electronic devices that share a common media access control (MAC) or other address is disclosed. Upon receiving a certificate signing request (CSR) from a connected device and determining that the device does not have a unique address, the system will generate a unique address for the device and embedding the unique addresses in a certificate, sign the certificate, and transfer the certificate to the device. Then, when the system communicates with the device, the system may use that unique address to identify the device.

Abstract: In the field of image encryption and decryption, in order to solve the problem of small key space in the encryption process caused by low dimension of one-dimensional chaotic map and few initial values and control parameters, the present disclosure provides an image encryption and decryption communication algorithm based on two-dimensional lag complex Logistic map, which expands the variables of one-dimensional Logistic map from the real number domain to the complex number domain, improves the dimension of the mapping system, increases the number of keys, and expands the mapping range, wherein the new mapping system is more sensitive to small disturbances of initial values and parameters, which can break the strong correlation between pixels in the original image, so that the pixels of the encrypted image are uniformly distributed in the whole plane, and the features of the original image are hidden.

Abstract: For a network including multiple computers acting as tunnel endpoints in a network, some embodiments provide a method for processing data messages in parallel using multiple processors (e.g., cores) of each computer. Each computer in some embodiments has a set of interfaces configured as tunnel endpoints connecting to multiple tunnels. In some embodiments, the multiple processors encrypt data messages according to a set of encryption parameters or multiple sets of encryption parameters that specify an encryption policy for data messages requiring encryption, an encryption algorithm, an encryption key, a destination network address, and an encryption-parameter-set identifier.

Abstract: A processing device sets a first flag that indicates whether a first critical security parameter (CSP) file exists. The first CSP file includes a first set of CSPs for a memory device. The processing device sets a second flag that indicates whether the first CSP file is valid. The processing device sets a third flag that indicates whether a second CSP file exists. The second CSP file includes a second set of CSPs for the memory device. The processing device sets a fourth flag that indicates whether the second critical security parameter file is valid. The processing device selects one of the first or second CSP file as an active CSP file based on an evaluation of the first, second, third, and fourth flags.

Abstract: Embodiments of the present disclosure provide methods, systems, apparatuses, and computer program products that are configured to provide authenticated access to a service application. The embodiments disclose an apparatus and system configured to launch an authenticated service application session in response to capturing authentication success rendering comprising visual authentication indicia. The authentication success rendering is a captured via a user device display, and includes visual authentication indicia. To facilitate rendering of the authentication success rendering, embodiments output a browser sign-in session request configured to launch a browser sign-in session associated with a browser application. Additionally, to facilitate capturing the rendering, embodiments initiate a display recorder module configured to capture, during the browser sign-in session and via the user device display, authentication success rendering comprising visual authentication indicia.

Abstract: A command to perform a data operation at a memory device is received. The command includes an encryption key tag. A first key table is accessed from local memory. The first key table includes a first set of key entries corresponding to a first set of encryption keys. The first key table is searched to determine whether it includes an entry corresponding to the encryption key tag. Based on determining the first key table does not include an entry corresponding to the tag, a second key table is accessed from RAM. The second key table includes a second set of key entries corresponding to a second set of encryption keys. A key entry corresponding to the encryption key tag is identified from the second key table. The key entry includes an encryption key corresponding to the encryption key tag. The command is processed using the encryption key.

Abstract: A system is disclosed for pre-registering authentication devices. A security key provider system may receive a request to pre-register a security key with identified applications from an enterprise. Responsive to receiving the request, the security key provider system instructs the security key to generate a unique authentication code for each of the applications. The security key provider system may generate pre-registration information based on the authentication codes and pre-register the authentication codes of the security key to the applications by providing the pre-registration information to the applications on behalf of the enterprise. The security key provider system may instead provide the pre-registration information to the enterprise to allow the enterprise to pre-register the authentication codes.

Abstract: A unique hardware key is recorded a secure hardware environment. A first logic circuit of the secure hardware environment is configured to generate a unique derived key from said unique hardware key and at least one piece of information. The at least one piece of information relates to one or more of an execution context and a use of a secret key. The secure hardware environment further includes a first encryption device that performs a symmetric encryption of the secret key using the unique derived key. This symmetric encryption generates an encrypted secret key for use outside of the secure hardware environment.

Abstract: The present disclosure describes techniques for dynamically monitoring and collating data associated with an agricultural operation for the purpose of demonstrating compliance with an agricultural compliance plan (ACP). More specifically, a decentralized governance compliance (D-GRC) controller is described that is configured to generate a distributed ledger that dynamically processes compliance of individual actions associated with an ACP. The distributed ledger may be configured to track regulatory compliance associated with a cycle of agricultural activities associated with an agricultural product. Agricultural activities may include an inventory inspection of agricultural products, a facility inspection of a facility used for an agricultural operation, or vehicle inspection of vehicles used to transport agricultural products.

Abstract: A system and method for identifying and authenticating a counterfeit article using digital fingerprints are disclosed. The system comprises a server with a processor and memory, and a database. The memory is configured to store a set of modules executable by the processor. The set of modules include, but not limited to, a digital image acquisition module, a comparison module, and a decision module. The digital image acquisition module is configured to extract analog identification indicium of the article from one or more images. The comparison module is configured to compare analog identification indicium with actual analog identification indicium of the article. The decision module detects the authenticity of the article based on the comparison results. The system further comprises an anti-counterfeiting network verification system in communication with the server, configured to securely protect the actual analog identification indicium of the article from unauthorized access and other potential crimes.

Abstract: Systems and methods for protection of data across multiple users and devices are disclosed. According to one embodiment, in privacy server comprising at least one computer processor, a method for protection of data across multiple users and devices may include: (1) receiving, from a first user device, a data sharing permission for the first user device and a data sharing permission for a second user device, the first user device and the second user device associated with the same user; (2) provisioning the data sharing permission for the second user device; and (3) communicating the provisioned data sharing permission to the second user device, wherein the second user device shares data with the first user device according to the provisioned data sharing permission.