Abstract: A method for password-protected physical transfer of password-protected devices including at a receiving location, generating at least one security file including an encrypted element generated using a one-way encryption function utilizing at least one secure code, transmitting the at least one security file to a shipping location at which the password-protected devices are located, at the shipping location, using at least one shipping location password, loading the at least one security file into at least one password-protected device, shipping the at least one password-protected device to the receiving location and at the receiving location, employing the at least one secure code to supply an input to the at least one password-protected device and employing the at least one security file to enable establishment of at least one receiving location password for the at least one password-protected device which replaces the at least one shipping location password.

Abstract: Embodiments relate to printing a three-dimensional (3D) article from a 3D design file describing a 3D design. A computer processor receives the design file in an encrypted format. The design file includes a design file identifier and a 3D printer identifier identifying a 3D printer capable of printing a 3D article in accordance with the design file. The processor constructs an authentication request for authenticating use of the design file with the printer and transmits the authentication request to an authentication server. The processor receives a response from the authentication server enabling printing of the article from the design file on the printer. The processor uses a decryption key included in the response to decrypt the design file including 2D contour data. The processor sends the decrypted design file to the printer associated with the printer identifier. The printer prints the article in accordance with the decrypted contour data.

Abstract: Provided is a cryptographic communication system including a first semiconductor device and a second semiconductor device. The first semiconductor device includes a common key generation unit that generates a common key CK(a) by using a unique code UC(a) and correction data CD(a), and an encryption unit that encrypts the common key CK(a) generated in the common key generation unit by using a public key PK(b) of the second semiconductor device. The second semiconductor device includes a secret key generation unit that generates a secret key SK(b) by using a unique code UC(b) and correction data CD(b), and a decryption unit that decrypts the common key CK(a) encrypted in the encryption unit by using the secret key SK(b).

Abstract: The present disclosure involves systems, software, and computer-implemented methods for managing access of device management systems in license management operations associated with purchase accounts of a bulk licensing system. An example method includes identifying a request for a license management operation associated with a purchase account of a bulk licensing system, wherein the request includes a licensing identity associated with the purchase account; in response to the identifying, determining that the license management operation is to be performed based on the licensing identity; and in response to the determining, performing the license management operation.

Abstract: Encryption/authentication circuitry includes an encryption portion having a first number of encryption lanes, each encryption lane including a plurality of encryption stages, and keyspace circuitry including a plurality of key lanes corresponding to a predetermined maximum number of channels. Each key lane has key storage stages corresponding to the encryption stages, and includes key memories for the predetermined maximum number of channels. Key channel selection circuitry for each stage selects a key from among the key memories at that stage. An authentication portion includes a second number of authentication lanes, hash key storage for the predetermined maximum number of channels, partial hash state storage for the predetermined number of channels, and hash channel selection circuitry.

Abstract: Disclosed is a function masking apparatus in a symmetric cryptographic algorithm for preventing side channel attacks, including: a controller creating lookup tables for one or more internal functions included in a high security and light weight (HIGHT) algorithm, respectively based on a plurality of non-linear functions, a plurality of linear functions, and a plurality of constants which are randomly generated; and a storage unit storing the lookup tables for one or more internal functions included in the generated HIGHT algorithm.

Abstract: The present disclosure discloses a method and a system for determining whether to use a local authentication server. Specifically, a first network device executing a first authentication server receives a request for authentication from a client device. The first network device determines whether the client device was previously successfully authenticated by a second authentication server executing on a second network device within a particular period of time. If so, the first network device attempts to authenticate the client device using the first authentication server. Otherwise, the first network device declines the request for authentication from the client device.

Abstract: The disclosed computer-implemented method for blocking push authentication spam may include (1) detecting an attempt by an unauthenticated source to gain access to a web resource protected by an MFA service, (2) issuing, to a mobile device of an authenticated user of the MFA service, a push authentication request to query the authenticated user about whether to allow the unauthenticated source's attempt, (3) determining, based at least in part on the push authentication request issued to the mobile device, that the authenticated user has not allowed the unauthenticated source's attempt, and (4) in response to determining that the authenticated user has not allowed the unauthenticated source's attempt, blacklisting the unauthenticated source such that the MFA service refuses to issue any subsequent push authentication requests in connection with the unauthenticated source. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Systems and methods of performing single sign-on authentication from multiple platforms when establishing a connection to a database are described. An application can securely access a database based on user credentials provided during a prior authentication. In an embodiment, single sign-on is accomplished by relying on existing and emerging authentication, security service, security mechanism, and wire protocols, enabling the creation of drivers to accommodate various platforms and databases. In another embodiment, a pure type 4 Java Driver is used, eliminating dependencies on native operating functionality.

Abstract: An electronic device includes an authentication section that authenticates a user of the electronic device, an operation section that includes a display section and operates the electronic device, a storage section that stores programs that each cause the electronic device to perform a job in accordance with a preliminarily set content, and a program processing section that generates a program associated with the user authenticated in the authentication section. Using the operation section, a first user specifies a program to be shared and a second user permitted to use the shared program. As such, the first user who permits to share the program shares the program with the second user.

Abstract: A method and system for managing data security in a computing environment. A processor at the gateway server receives, from a user device, at least one message. Each message requests that an encryption key be downloaded to the user device. The gateway server interfaces between the user device and a cloud that includes interconnected computing systems external to the user device. In response to the received at least one message, the processor generates at least one unique encryption key for each message and sends the at least one generated encryption key to the user device, but does not store any of the generated encryption keys in the cloud. For each encryption key having been sent to the user device, the processor receives each encryption key returned from the user device. For each encryption key received from the user device, the processor stores each received encryption key in the cloud.

Abstract: Method and system for providing device-specific operator data for an automation device in an automation installation, which automation device authenticates itself to an authentication server in the automation installation via at least one authentication credential, wherein if up-to-date device-specific operator data from the installation operator of the automation installation are available for the automation device, then the up-to-date device-specific operator data are tied to the authentication credential of the authentication device.

Abstract: A network environment includes a wireless access point providing access to a corresponding network. One or more mobile communication devices communicate with the wireless access point to access the network. In response to receiving a request from a mobile communication device to establish the wireless communication link, the wireless access point conveys communications between the mobile communication device and a remote server to authenticate the mobile communication device. During authentication, the wireless access point receives a policy assigned to the mobile communication device. The policy specifies how to route subsequent received data traffic from the mobile communication device. Subsequent to authentication, the wireless access point routes the subsequent data traffic received from the mobile communication device in accordance with the received policy.

Abstract: A random number generating device includes an uncertain circuit which outputs uncertain data, and a cipher processing device. The cipher processing device encrypts input data using a cipher function of the cipher processing device, and generates a random number including higher uniformity than data outputted from said uncertain circuit using the cipher function of the cipher processing device and the data outputted from the uncertain circuit.

Abstract: A computing resource service provider may receive, from a user client connected to an on-premises network, a security document specifying one or more user roles defining a level of access to customer resources within the on-premises network. In response, the service provider may generate and provide the user client with a cookie specifying the user roles and including an address for an interface within the service provider network. The service provider may receive a request from the user client to access one or more customer resources hosted by the service provider. The request may include the cookie previously provided to the user client. Accordingly, the service provider may extract the user roles from the cookie and determine, based at least in part on these user roles, whether to fulfill the user client request.

Abstract: A system and method for tunneling through a network separation device such as a firewall or a Network Address Translator including a first server receiving an access request from a client device to communicate with a host device, where the host device is behind the network separation device. The first server sending a message to a second server in response to receiving the access request, the message including host data for the host device. The second server is configured to send a notification to the host device, and the notification includes instructions for the host device to initialize a pass-through channel with the first server. The first server receiving a pass-through initialization request from the host device and establishing the pass-through channel for communication between the client device and the host device in response to receiving the pass-through initialization request.

Abstract: Systems and methods for normalization of physical interfaces having different physical attributes are provided. According to one embodiment, information regarding multiple network devices is presented to a network manager. The network devices have substantially identical function. Two physical interfaces of two network devices that are to be normalized are identified. The physical interfaces are normalized by creating a virtual interface (VI) to which both correspond. A policy applicable to the VI is received. Configuration files, in which policies or rules contained therein are expressed in terms of the VI, are created for the network devices while they are offline. Physical interface configurations for the physical interfaces are resolved during installation of the network devices by resolving references to the VI in the configuration files into the respective physical interfaces.

Abstract: The various technologies presented herein relate to analyzing a plurality of shares stored at a plurality of repositories to determine whether a secret from which the shares were formed matches a term in a query. A threshold number of shares are formed with a generating polynomial operating on the secret. A process of serially interpolating the threshold number of shares can be conducted whereby a contribution of a first share is determined, a contribution of a second share is determined while seeded with the contribution of the first share, etc. A value of a final share in the threshold number of shares can be determined and compared with the search term. In the event of the value of the final share and the search term matching, the search term matches the secret in the file from which the shares are formed.

Abstract: According to an embodiment, a communication device is connected to a first network and a second network. The communication device includes a generating unit and a converting unit. The generating unit is configured to generate a first set of route information that is route information of the first network. The converting unit is configured to convert the first set of route information, and generate a second set of route information that is route information of the second network.

Abstract: A data protection method and apparatus that can protect data through encryption using a Boolean function is provided. The data protection method includes applying an inverse affine transformation to data to be encrypted using a Boolean function; applying round operations of an Advanced Encryption Standard (AES) cryptographic algorithm to the inverse-affine transformed data; and producing ciphertext data by applying an affine transformation to the result of the round operations.