Abstract: An electronic device includes a communication interface and at least one processor configured for: transmitting to or receiving from a second electronic device over proximity-based communication channel an introduction message including a first encryption key; receiving, from a server via the at least one communication interface, a challenge notification providing notification of a challenge to be completed to initiate a data process, the challenge notification including or providing access to at least one data field associated with a verification challenge; identifying, from the at least one data field, an encrypted challenge response value; decrypting the encrypted challenge response value with a key corresponding to the first encryption key; and transmitting the decrypted challenge response value to the server to complete the challenge to initiate the data process.

Abstract: The disclosure provides an approach for implementing a distributed firewall within a data center. The firewall is implemented as a kernel space filter driver within the operating system of virtual machines. Each virtual machine hosts several user sessions. The firewall may be dynamically updated with new security policies, either by an administrator or a component of the data center.

Abstract: An information processing apparatus includes an authenticating unit, a transmitting unit, a detecting unit, and a determining unit. The authenticating unit authenticates a user who is holding a portable device. The transmitting unit transmits an action instructing signal for issuing an instruction to perform an action to a portable device that is associated with the user, via a radio communication line. The detecting unit detects a change of a status of the portable device that is being held by the user. The determining unit determines, by determining whether or not the change corresponds to the instructed action, whether or not the user is holding the portable device.

Abstract: The present disclosure relates to an electrical circuit system for performing a test. The electrical circuit system includes a first circuitry that transmits a test request signal; a second circuitry that receives a response signal including a test authentication key, generates a test authentication-related value by performing a first Exclusive-OR operation on the test authentication key and a security, and sends the generated test authentication-related value to a third circuitry; and the third circuitry that generates the test authentication key in response to the request for test authentication, send the test authentication key, to the second circuitry, receives the test authentication-related value from the second circuitry, create a verification key by performing a second Exclusive-OR operation on the test authentication-related value and the security key, and generates a test result by verifying whether the verification key is identical to the test authentication key.

Abstract: A method for cloud-platform authentication based on blockchain includes: in response to a cloud platform being created, generating a random character string and performing hash operation to the character string to obtain a first hash value; in response to creation of a user in the cloud platform, performing operation to obtain a unique user ID; acquiring information of a hardware-authentication key, generating a unique authentication ID according to the information, and binding the unique user ID and the unique authentication ID; in response to the user being created in the cloud platform, generating a first password and a second password, performing operation to obtain a second hash value; and in response to the hardware-authentication key being inserted into the cloud platform, comparing the acquired information with the hash chain table, the unique authentication ID and the unique user ID stored in the cloud platform for the authentication.

Abstract: A local buffer is integrated with a witness generator and a proof generator on a cryptographic processor and is separate from host memory accessed by a host processor operating with the cryptographic processor in a proving computing system. The witness generator: receives, from software program running on the host processor, compiled code of a zero-knowledge-proof (ZKP) program and specific input to the ZKP program; executes the ZKP program by way of executing the compiled code; records specific output generated from the ZKP program with the specific input, intermediate variable values, and the specific input, as a specific witness of executing the ZKP program; stores the specific witness in the local buffer. The proof generator: receives, from the software program running on the host processor, a proving key; accesses the specific witness in the local buffer; generates a specific zero-knowledge proof for executing the ZKP program with the specific input.

Abstract: A vehicle master device includes a decryption key storage unit that cannot be read from an outside and that stores a decryption key for generation of a security accesses key used to perform device authentication of a rewrite target electronic control unit. The vehicle master device acquires rewrite specification data from an outside, analyzes the rewrite specification data acquired, extracts a key derivation value corresponding to the rewrite target electronic control unit from an analysis result of the rewrite specification data, and by using the decryption key corresponding to the rewrite target electronic control unit stored in the decryption key storage unit, decrypts the key derivation value extracted, and generate a security accesses key.

Abstract: A method performs location-based multi-factor authentication. The method includes a mobile device that receives a first set of authentication credentials provided by a user, and transmits the first set of authentication credentials to an authentication server, which verifies the first set of authentication credentials. The authentication server transmits verified first factor authentication to the mobile device that sends a request for second factor authentication to an authentication system, which causes the mobile device to scan identifier information associated with a secure device, the secure device then sending a second set of authentication credentials to the authentication system. The authentication system verifies the second set of credentials system and transmits verified second factor authentication to the authentication server, which subsequently grants final authentication based on the verified first factor authentication and the verified second factor authentication.

Abstract: Apparatus and method for functionally securely transfer data in a two-sided data exchange of safety-related data between two communication partners (A, B), wherein a mapping is defined, which assigns to a consumer ID a provider ID of the same end point in the case of each bidirectional connection, and the mapping is made known to the two end points a priori, where the mapping could consist of the one's complement or alternatively of the two's complement, and wherein the connection between the data provider and the data consumer is established as described, the data consumer receives the address identification of the data provider via an additional side channel, for example, and after the connection has been established, the identification of the data provider can be securely checked.

Abstract: An integrated circuit includes, in part, a key management unit configured to generate a seeding key during a start-up phase, an encryption module configured to encrypt data using the seeding key and deliver the encrypted data to a second integrated circuit, and an encoder configured to encode the seeding key and deliver the encoded seeding key to the second IC. The second integrated circuit includes, in part, a decoder configured to decode the seeding key. Each of the integrated circuits further includes, in part, a linear-feedback shift register that receives the same clock signals and loads the seeding key.

Abstract: Disclosed is a computing cloud for monitoring physical environments. The computing cloud comprises at least one data storage unit that is configured to store project data, diagnostic data or environmental metric data. The computing cloud also comprises a system project application module that is configured to allow a user to graphically explore at least the project data, and to control graphical access to one or more application modules based on a user's credentials. The one or more application modules comprise a module that is configured to graphically facilitate the user's creation and manipulation of a virtual model of a physical environment.

Abstract: Disclosed herein is a system for providing a cryptographic platform for distributing data structures within a peer-to-peer network wherein encrypted messages are exchanged among nodes. The system provides for the creation and management of privately subspaced blockchains that include subspaces that are private, yet verifiable through the use of global state roots. The global state roots are updated based on subspace roots that are in term generated based on the data in that subspaces.

Abstract: A computer-implemented method of generating a one-time pad for use in encryption, the method comprising: determining a seed sequence and an ordered set of initial values; and for each initial value, computing a sequence of terms, wherein each term of the sequence is computed by combining at least one other term of that sequence with at least one term of a previous one of the sequences using modular arithmetic, the previous sequence being the sequence generated for the previous initial value or, in the case of the first initial value, the seed sequence. Rather than using the final sequence as a direct basis for the one-time pad, one or more additional steps are taken to disrupt the final sequence, in order to improve the security of the method and the resulting one-time pad.

Abstract: A method for establishing ad-hoc trust between a guide device and an invitee device to exchange sensitive guest data. The method includes: receiving, at a verification system, a request from the guide device for data pertaining to a specific guest profile at the verification system through an authorised first communication channel; transmitting, by the verification system, a guest booking confirmation to the guide device; receiving, by the verification system, a connection request from the invitee device through an internet browser accessible public access portal resulting in an unverified second communication channel; generating two unique and matching keys in response to the connection request; forming, by the verification system using the two unique and matching keys, a secure communication link spanning from the guide device to the invitee device over the first authorised communication channel; and associating, at the verification system, the secure communication link with the guest profile.

Abstract: Methods are provided for generating an enterprise key for access to an enterprise network via another access network, as part of a secondary authentication to an external data network through another access network. In these methods, an enterprise authentication device obtains, via a first access network, a request to authenticate a user device onto an enterprise network. The user device is connected to the first access network. The method further includes the enterprise authentication device authenticating the user device to obtain access to the enterprise network via the first access network and generating the enterprise key for the user device to provide access to the enterprise network via a second access network.

Abstract: Systems, methods, and devices for implementing secure views for zero-copy data sharing in a multi-tenant database system are disclosed. A method includes generating a share object in a first account comprising a share role. The method includes associating view privileges for the share object such that an underlying detail of the share object comprises a secure view definition. The method includes granting, to a second account, cross-account access rights to the share role or share object in the first account. The method includes receiving a request from the second account to access data or services of the first account and providing a response to the second account based on the data or services of the first account. The method is such that the underlying detail of the share object that comprises the secure view definition is hidden from the second account and visible to the first account.

Abstract: The disclosed technology includes systems and methods for determining secondary authentication of a user's log-in attempts by comparing received behavioral biometric data and/or received scenario-specific data to saved behavioral biometric data and/or saved scenario-specific data, respectively. Responsive to determining that the received behavioral biometric data and/or received scenario-specific data is above a predetermined threshold of similarity with respect to the saved behavioral biometric data and/or saved scenario-specific data, respectively, the systems and methods can determine that the corresponding log-in attempt is secondarily authenticated. of a user device via behavioral biometric data. Responsive to determining that the level of similarity is not above the predetermined threshold, the systems and methods can initiate a secondary authentication method and can associate the received behavioral biometric data with a second user model.

Abstract: A decentralized group signature method for an issuer-anonymized credential system includes (a) an initial system setup operation of defining elements of a group signature method and information that is generated and shared by each group member, (b) an initial group member setup operation, (c) a group member participation operation of adding a new group member to a group, (d) a group signature operation of putting a group signature on a specific message, (e) an operation of verifying the group signature, (f) an operation of removing anonymity from a group signature for a specific group member with agreement of group members, and (g) an operation of revoking a specific group member with agreement of the group members. Exclusive authority of a group manager is distributed to the group members.

Abstract: An integrated infrastructure secure communication system includes at least one chassis, and a plurality of computing devices that are located in the at least one chassis and that are coupled to each other. A first computing device included in the plurality of computing device receives a communication from a first component in the first computing device, retrieves a vendor-based key, and encrypts the communication using the vendor-based key to provide a first-level encrypted communication. The first computing device also generates a first random key, encrypts the first-level encrypted communication with the first random key to provide a second-level encrypted communication, and transmits the second-level encrypted communication to a second computing device that is included in the plurality of computing devices.

Abstract: A method including establishing a communication connection of a first Internet of Things device with a trusted device; acquiring a first communication key, the first communication key being provided to the first Internet of Things device and/or a second Internet of Things device via the trusted device; performing, on the basis of the first communication key, encrypted communication with the second Internet of Things device, thereby ensuring that the first Internet of Things device and the second Internet of Things device are capable of acquiring the first communication key, and performing encrypted communication on the basis of the first communication key, thus enhancing the security and reliability of communication between the first Internet of Things device and the second Internet of Things device.