Abstract: An embodiment of a method of providing identity services includes receiving identity data from an identity user, the identity data related to an identity of the identity user; receiving validation data from an identity provider, the validation data related to the identity data; if the validation data indicates that the identity data is valid, generating a transaction to store data related to the identity of the identity user on a blockchain of a blockchain system, the data to be stored including a representation of at least one of: the identity data, or the validation data; and transmitting the transaction to at least one distributed node of the blockchain system.

Abstract: Disclosed is a security authentication system for a membership login of an online website capable of ensuring a safe membership login without having to directly entering a membership ID and a password for a membership login of a certain online website on a user terminal being used in association with a smartphone for a private or public purpose, and a method thereof.

Abstract: There are provided systems and methods for a credential storage manager for protecting credential security during delegated account use. A first user that controls the account may delegate usage of the account to a second user through a credential manager of a transaction process that manages sensitive authentication information and delegates account usage. The credential manager may automatically fill authentication information for use of the account by the second user. A device fingerprint of a device of the second user may be used to provide risk prevention and access the account. The credential manager may prevent revealing of the credentials and navigation to sensitive data or processes with the account. Two-factor authentication may be performed by receiving a code in a message received by a device of the first user, scraping the code from the message, and entering the code to a device of the second user.

Abstract: Systems and methods for occupant authentication and trust using a blockchain are disclosed herein. The systems and methods can include receiving an occupant indicator and one or more occupant identifiers for an occupant in a vehicle. The one or more occupant identifiers can then be verified against identifying information stored in a blockchain ledger to authenticate the occupant. One or more occupant profile elements can then be collected for the occupant. Then, at least one of the one or more occupant identifiers and at least one of the one or more occupant profile elements can be recorded in the blockchain ledger.

Abstract: Multi-RAT UEs currently have 2 independent paths to authenticate with HSS (either via the MME or the 3GPP AAA Server causing repeated authentication messages to HSS. The use of one unified authentication path between the UE and HSS for Small Cell and Wi-Fi authentication is described. First, a new 3GPP EPC-TWAN interworking architecture has the MME manage all the authentication requests from multi-RAT UEs. Second, new unified authentication procedures are added, which allow the ISWN-based multi-RAT UE to be authenticated directly with the HSS, irrespective of its current access network (TWAN or HeNB). Third, new fast re-authentication procedures for Inter-RAT handover scenarios are done. Finally, the needed extensions to the various standard protocol messages to execute the authentication procedures are described.

Abstract: In one example in accordance with the present disclosure, a method is described. According to the method, a computing device acquires data related to a variable data component. The computing device then authenticates at least one of the computing device and the proper user of the computing device. Upon authentication of the computing device and/or proper user of the computing device, a downstream workflow is authorized. The downstream workflow is defined by the data associated with the variable data component and enabled via the authentication of the computing device and/or proper user of the computing device.

Abstract: Arrangements for dynamically authenticating multiple devices in a key network are provided. In some examples, registration information associated with a plurality of devices in a key network may be received. The registration information may include device attributes. Device keys including cross reference data may be generated and transmitted to the plurality of devices. A reference key including one or more starting points for executing one or more hop sequences based on generated hop counts in the reference key may be generated. A first authentication code may also be generated and a hash value of the first authentication code may be stored. Upon receiving a request for authentication, the reference key may be transmitted to the requesting device. The hop sequence(s) may then be executed by one or more of the computing devices in the key network to generate a comparison authentication code.

Abstract: Methods, apparatus, and systems for securing the interactions of a user with an application using a Bluetooth enabled authentication device are disclosed.

Abstract: There is provided an information processing device, an information processing method, and a program which are capable of appropriately restricting the use of content in a situation in which a certain user ends the use of the content. The information processing device includes: an acquiring unit configured to acquire information indicating an end of use of content of a free viewpoint by a first user, which is provided on the basis of sensing of a real space and shared by at least the first user and a second user; and a use restricting unit configured to set restrictions related to the use of the content of the free viewpoint on the basis of the information indicating the end of the use and first setting information.

Abstract: A networked device communication system can configure network devices (e.g., a primary and secondary database) to send and receive sequences of messages, such as replicated data, using one or more keypairs and wrapping keys. The sequences of messages can include an initial set of messages that are encrypted by a wrapping key, and further include another set of messages that are encrypted by a replaced staggered key. The sequence of messages can be configured to be decrypted without exporting keys of hardware security modules.

Abstract: Examples disclosed herein relate to a traceability identifier method comprising assigning a traceability identifier to a data element, wherein the traceability identifier comprises a plurality of identifier segments, receiving a request for the data element to be included in an analytics report, determining, according to the traceability identifier, whether the data element is permitted to be included in the analytics report, and in response to determining that the data element is permitted to be included in the analytics report, providing the data element for use in the analytics report.

Abstract: A method is provided that permits user to submit a password to the private key that is to be used to decrypt files either at the time of user account setup or at the time of submitting the files. The password is stored securely in the system, permanently or temporarily, and is used later to decrypt the files right before the system is ready to process the files.

Abstract: The present disclosure provides a method and a device for interception based on Local Break Out (LBO). The method includes: receiving, by a small base station, an interception task instructing the small base station to intercept an interception target; intercepting, by the small base station, LBO data of the interception target based on the interception task to obtain intercepted data; and transmitting, by the small base station, the intercepted data. The present disclosure can solve the problem in the related art that data of an interception target cannot be intercepted in an LBO scenario.

Abstract: In authenticating a first circuit by a second circuit, the second circuit selects one of a set of public values and sends to the first circuit a request for a secret value corresponding to the selected one of the set of public values. The first circuit derives the secret value from the selected one of the set of public values using a seed from set of seeds that is stored in a destructive fashion such that each use of a seed destroys that seed. The set of seeds is smaller in number than the set of public values. The second circuit determines whether the secret value matches the selected one of the set of public values using a one-way function. A positive authentication is generated based upon the determination of a match.

Abstract: A system described herein may allow for the masking of user input and/or sensor data, which could otherwise be used to uniquely identify and track a user. For example, user inputs (e.g., keyboard or mouse inputs) and/or sensor data (e.g., data from a touchscreen, pressure sensor, gyroscope, etc.) may be normalized and randomized. The normalization and/or randomization may include modifying metadata associated with user inputs or sensor data (e.g., modification of timestamps and/or modification of raw data) prior to outputting the user inputs or sensor data to an application, and/or to a service that attempts to uniquely identify users based on such metadata.

Abstract: A system may include transaction storage devices. Each transaction storage device may include a data store configured to receive, from a first entity, a request to push a detailed transaction corresponding to a secure identifier. The secure identifier may be generated, using an encoding function, from a user identifier of a user. The detailed transaction may identify at least one selected from a group consisting of products and services received by the user from the first entity. The data store may be further configured to store the detailed transaction based on a first determination to trust the first entity. The system may further include an access controller configured to perform the first determination by applying a first security rule corresponding to a type of the secure identifier to the request to push the detailed transaction, and a registry configured to store at least the first security rule.

Abstract: A processing system including at least one processor may obtain network traffic data of a network, including a first set of flow data associated with a first node, determine an anomaly factor of the first node from the network traffic data quantifying a deviation of the first set of flow data from a normal flow data associated with the first node, generate an exposure score of the first node in accordance with a measured influence of the first node in the network and the anomaly factor, generate a persistence score of the first node in accordance with a reputation measure of the first node and a measure of a recurrence of anomalous flow data associated with the first node, calculate a threat level of the first node from the exposure score and the persistence score, and reconfigure at least one aspect of the network in response to the threat level.

Abstract: An example operation may include one or more of generating, by a transaction initiator peer, a key pair for a transaction on a blockchain, querying, by the transaction initiator peer, a built-in account manager to discover webhooks of a plurality of blockchain peers, comparing, by the transaction initiator peer, query results from the plurality of the blockchain peers to ensure consistency, encrypting, by the transaction initiator peer, a transaction data with a key of the key pair based on the ensured consistency of the query results, committing, by the transaction initiator peer, the transaction data to the blockchain, and in response to a successful commitment of the transaction data, instantiating, by the transaction initiator peer, a client application executed on the transaction initiator peer to post a decryption key for the transaction data to webhook URLs of the plurality of the blockchain peers.

Abstract: A method of providing at least one communications service provider a connection to an Internet Protocol, IP, server in a perimeter network, the IP server providing a service over a public IP network, the method comprising the steps of detecting, in the perimeter network, an irregularity in IP traffic arriving at the perimeter network over the public IP network, disregarding, in the perimeter network, IP traffic arriving at the perimeter network over the public IP network, and enabling, in the perimeter network, a connection between the IP server and the at least one communications service provider for the service provided by the IP server over at least one private IP network.

Abstract: There is provided a system (1) comprising: a processing unit (11) equipped with execution modes including a non-secure mode (3) in which access to a protected region of a memory is prohibited by a support function (12) and a secure mode (2) in which access to the protected region is permitted; and a hypervisor (20) which runs in the secure mode. The hypervisor includes: a first setting unit (23) for setting a first operation condition (21), which includes enabling a first OS (30) running in the secure mode to access the protected region and the unprotected region of the memory; and a second setting unit (24) for setting a second operation condition (22a), which includes enabling a second OS (41) running in the non-secure mode to access the unprotected region, using the support function to prevent the second OS (41) from accessing the secure region, and enabling a transition to the secure mode by accessing of the second OS to a first device shared with the first OS.