Abstract: A method for manufacturing and executing single-use systems. Invention provides provably secure system design, instantiated in heterogeneous hardware that exists solely for the lifetime of a mission. More specifically, the present invention provides a functional mission analysis, formal specification and mathematically rigorous machine-checkable representation of a hardware mission instantiation to significantly reduce the vulnerabilities of a mission.

Abstract: The present document describes a communication session resumption mechanism. A client computer system establishes a communication session to a server computer that is a member of a set of related server computers. As a result of establishing the communication session, the server computer identifies the set of related server computers to the client computer system. The set of related server computers share communication session information with each other, allowing the client computer system to resume the communication session with another server computer belonging to the set of related server computers. The communication session may be specified to the other server computer by the client computer system by providing a session identifier or a session ticket.

Abstract: A processor-implemented method facilitates identity exchange in a decentralized setting. A first system performs a pseudonymous handshake with a second system that has created an identity asset that identifies an entity. The second system has transmitted the identity asset to a third system, which is a set of peer computers that support a blockchain that securely maintains a ledger of the identity asset. The first system transmits a set of pseudonyms to the third system, where the set of pseudonyms comprises a first pseudonym that identifies the first system, a second pseudonym that identifies a user of the second system, and a third pseudonym that identifies the third system. The first system receives the identity asset from the third system, which securely ensures a validity of the identity asset as identified by the first pseudonym, the second pseudonym, and the third pseudonym.

Abstract: Embodiments are described for securing access to a debug port of an FPGA (Field Programmable Gate Array) card installed within an IHS (Information Handling System). A remote access controller determines the status of the FPGA card debug port via a query to a management controller of the FPGA card. The remote access controller generates a passcode for the debug port and disables the debug port via a message to the management controller. The management controller detects a request, that includes a requestor password, for access to the debug port. The remote access controller authorizes the requestor's access to the debug port if the requestor password matches the generated passcode. The remote access controller disables the debug port upon each power cycle of the FPGA card or upon detecting removal of a device from the debug port.

Abstract: A license for software distributed to multiple users can be validated using a peer-to-peer network, asymmetrical cryptography and an essentially hack-proof public data store of licensing information, avoiding the need for a licensing server or central coordination by servers or host computers. Instances of the licensed software are implemented on the nodes of the peer-to-peer network. A distributed, immutable data store where each segment of data of the series of segments in the data store include a hash of the previous segment. Licensing transactions can be recorded and validated using the distributed, immutable data store. Licensing transactions can include but are not limited to provisioning, de-provisioning, activation and deactivation transactions.

Abstract: Various embodiments for resolving customer communication security vulnerabilities are provided. Customer traffic data is stored in a database and analyzed to identify problem traffic. A report of a first user device and a usage history for the first user device is obtained. Similarities between the usage history of the first user device and the problem traffic are searched for to identify an issue. A first vulnerability is remedied on the first user device by a first remote action in response to the issue being identified. A second user device that is in a same account as the first user device and that has engaged in similar problematic communications as the first user device is identified. A second vulnerability is proactively remedied on the second user device by a second remote action.

Abstract: In some embodiments, an apparatus includes one or more communication sub-systems; and an identity mirror component in communication with the one or more communication sub-systems. In response to selection, on an another device, of the apparatus from among a plurality of devices, receive, from the another device, carrier user identity information and carrier authentication key information associated with the carrier user identity information. Cause the one or more communication sub-systems to connect to a carrier network using the carrier user identity information and the carrier authentication key information, wherein to connect to the carrier network is conditioned on the another device being disconnected from the carrier network and the another device is to retain the carrier user identity information and the carrier authentication key information in an Internet protocol (IP) multimedia services identity module (ISIM).

Abstract: A white-box system and method for producing a digital signature of a message m, including: a white-box implementation of a symmetric cipher configured to produce a deterministic nonce value by encrypting the message m using a secret key; and a digital signature algorithm configured to produce a digital signature of the message m based upon the deterministic nonce, the message m, and a secret signing key.

Abstract: A processing apparatus includes: a process execution unit that executes a process according to a user instruction; a first communication unit that performs wireless communication with a mobile device moved in a predetermined communication area; a recognition unit that recognizes existence/non-existence of use intention; an authentication processing unit that executes a user authentication process in cases where the first communication unit receives a user ID maintained in the mobile device and the recognition unit recognizes that the user who possesses the user ID attempts to cause the process execution unit to execute the process; and a process execution permission unit that permits the process execution unit to execute the necessary authentication process in a case where the reception user ID is recognized as the user ID possessed by the user who has the authority to cause the process execution unit to execute the necessary authentication process.

Abstract: Various embodiments include composite security interconnect devices and methods. One method embodiment that may be performed by a composite security interconnect device, also referred to herein as a security controller, includes decrypting a first encrypted input received from a peripheral device with a first encryption key to obtain clear text. The first encryption key may be an encryption key established between the security controller and the peripheral device. The method further includes encrypting the clear text with a second encryption key to obtain second encrypted input, the second encryption key being a key of an encryption key pair established with a transaction processing host.

Abstract: A technique is introduced that can securely displaying decrypted images while preventing these decrypted images against an attempt to capture such. Some aspects of the technique include loading a cryptographic shader into a graphics processor unit (GPU) in the recipient's computer device separate from the CPU in the recipient's computer device. In some embodiments, the cryptographic shader that is loaded includes instructions that implement a white-box cryptographic algorithm to decrypt encrypted images. A cryptographic key is integrated within the white-box cryptographic algorithm so that the cryptographic key is protected from extraction. When the GPU receives the encrypted images, the cryptographic shader can perform decryption processes to generate decrypted images. The decrypted images are loaded by the GPU directly from the GPU into a frame buffer such that the decrypted images are to be displayed without any portion of the decrypted images passing through the CPU.

Abstract: The various embodiments described herein include methods, devices, and systems for providing secure access to network resources. In one aspect, a method is performed at a trust broker system. The method includes: (1) receiving, from a client system, a request to access network applications and resources hosted by a server system; (2) identifying a domain providing the requested network applications and resources; (3) determining whether the client system is authorized to access the domain; (4) identifying a particular server containing the domain; (5) identifying a proxy server assigned to the particular server; and (6) in accordance with a determination that the client system is authorized to access the domain: (a) transmitting an identification value for the client system to the identified proxy server; and (b) after transmitting the identification value to the identified proxy server, transmitting, to the client system, contact information for connecting to the identified proxy server.

Abstract: In one embodiment, the invention provides a portable wireless personal communication system for cooperating with a remote certification authority to employ time variable secure key information pursuant to a predetermined encryption algorithm to facilitate convenient, secure encrypted communication. The disclosed system includes a wireless handset, such as PDA, smartphone, cellular telephone or the like, characterized by a relatively robust data processing capability and a body mounted key generating component which is adapted to be mounted on an individual's body, in a permanent or semi-permanent manner, for wirelessly broadcasting, within the immediate proximity of the individual, a secret or private key identifying signal corresponding to a time variable secure key information under the control of the certification authority.

Abstract: A device 2 is connected to server 34 using encryption exposed at the application layer of device 2. The encryption takes place using a mobile telephony standard encryption. An authentication module is provided in device 2 comprising an IMSI and software to connect to a mobile telephony-like home location register using conventional mobile telephony protocols, except that the mobile telephony-like home location register is adapted simply to authenticate the device 2 and deliver a communication key Kc using the mobile telephony standard without also authorising access to a mobile telephone network.

Abstract: Embodiments of the invention generally relate to apparatus, systems and methods for authenticating an entity for computer and/or network security and for selectively granting access privileges and providing other services in response to such authentications.

Abstract: A method, computer program product, and system for providing verification processes associated with a commitment-based authentication protocol are described. A request by a user for access to one or more resources is received, and a presentation policy is transmitted to the user indicating required credentials. A commitment to a revocation handle is received, including an indication of an associated Sigma protocol executed by the user. A challenge value selected from a challenge value set associated with the associated Sigma protocol is transmitted to the user. Based on the selected challenge value, a presentation token and a value parameter that is distinct from the presentation token are received from the user. Based on a determination as to whether the presentation token and value parameter are valid in accordance with the associated Sigma protocol, access for the user to the one or more resources is granted to the user or prevented.

Abstract: A method includes using a direct memory access controller, transferring first data from a memory to an input/output control circuit via a first bus and transferring the first data from the input/output control circuit to an authentication processing circuit via a second bus, without using the first bus. The method includes using the authentication processing circuit, generating authentication data based on the first data and transferring the first data from the input/output control circuit to a cryptography processing circuit via a third bus, without using the first bus. Responsive to authentication of the first data by a first CPU coupled to the first bus, the method includes using the cryptography processing circuit, decrypting the first data, and using the direct memory access controller, transferring the decrypted first data from the input/output control circuit to the memory via the first bus.

Abstract: The present invention is directed toward an automatic connected vehicle demonstration method and system for automatically designating any registered vehicle as a demonstrator vehicle, and further allowing for the demonstrator vehicle to also have one or more subscription-based events based on demonstrator vehicle status. In one more embodiments, a computer implemented method provides for registering, deregistering, and managing a dealer's inventory of demonstration vehicles.

Abstract: Privacy management techniques for communication systems are provided. In one or more methods, one or more cryptographic key pairs are provisioned in a home network of a communication system for utilization by subscribers of the home network to conceal subscriber identifiers provided to access points in the communication system. The cryptographic key pairs are managed utilizing an element or function in the home network of the communication system. In one or more other methods, one or more public keys associated with one or more cryptographic key pairs are stored in user equipment, the cryptographic key pairs being provisioned by a home network of a communication system for use by subscribers of the home network to conceal subscriber identifiers provided to access points in the communication network. An element or function of the home network of the communication system is interfaced for management of the public keys stored in the user equipment.

Abstract: In a method for generating a cryptographic key in a system-on-a-chip having a hardware-programmable logic unit, a circuit region of the hardware-programmable logic unit is configured in such a way that a first physical unclonable function is executed in the circuit region in order to generate a first cryptographic key, and the circuit region is reconfigured in such a way that (i) a further physical unclonable function is executed in order to generate a further cryptographic key or (ii) another functionality that does not encompass a physical unclonable function is executed.