Abstract: Disclosed herein are an apparatus and method for user authentication based on multiple pieces of biometric information. The apparatus may include one or more processors and executable memory for storing at least one program executed by the one or more processors. The at least one program receives multiple pieces of biometric information from the client device of a user, generates the personal identifier of the user using a neural network and a Bloom filter algorithm, and checks the similarity between the personal identifier of the user and each of personal identifiers previously registered in a database, thereby authenticating the user.

Abstract: Disclosed is an approach to implement an on-demand secure communications channel to a cloud-related resource that is located in a customer's on-premises data center, where the on-demand channel provides access to the resource to a cloud provider's operator employees. This creates on a temporary basis all of the infrastructure that is needed to allow the operational access to the customer system, which can then be destroyed once it is no longer needed.

Abstract: An apparatus for masking power consumption associated with one or more operations of a logic circuitry of a processor. The apparatus comprises power-complementing circuitry configured to provide a second power consumption to directly power-complementing the power consumption associated with the one or more operations of the logic circuitry. The second power consumption complements the power consumption associated with the one or more operations of the logic circuitry. The apparatus further comprises header circuitry configured to enable a common node to vary in voltage corresponding to the one or more operations of the logic circuitry. The power-complementing circuitry and the header circuitry are each coupled to the logic circuitry at the common node.

Abstract: A system and process for onboarding client devices to a key management server. In operation, a device generates an asymmetric key pair including a public key and a private key. The device obtains an access token from an identity management server after successfully authenticating with the identity management server. The device transmits a request including the access token and the public key to the key management server to onboard the client device. The device receives a response including encrypted bootstrap information from the key management server. The bootstrap information included in the response is encrypted using the public key of the asymmetric key pair. The device decrypts the encrypted bootstrap information using the private key of the asymmetric key pair to obtain the bootstrap information and then uses the bootstrap information for encrypting communications transmitted to the key management server or for decrypting communications received from the key management server.

Abstract: A system and method for providing remote access to a device is disclosed. The method comprises receiving an automatically expiring authentication token having encrypted authentication token data including a session key from the device, transmitting the authentication token to secure facility, receiving the decrypted authentication token data from the secure facility, signing a tool package with a package verification key derived at least in part from the session key, the tool package comprising processor instructions providing remote access to the device when executed by the processor, providing the signed tool package to the device. The device verifies the signed tool package using the package verification key and executes the tool package only if the signature of the tool package is verified.

Abstract: Described embodiments provide for provisioning devices securely using zero touch deployments. A controller application can receive a first authentication code from the controller. The controller application can establish, responsive to receiving the first authentication code, a short-range wireless connection with the device within a pairing range of the controller application using at least one of one or more short-range wireless communication types. The controller application can receive a second authentication code from the device via the short-range wireless connection. The controller application can determine that the first authentication code received from the controller corresponds to the second authentication code received via the short-range wireless connection.

Abstract: Methods, systems, and devices for supporting security for private data inputs to artificial intelligence models are described. A device (e.g., an application server) may receive a request to run an artificial intelligence model. The device may run the artificial intelligence model on a public data set and an extended set of data that includes both the public data set and a private data set. The device may determine a first set of outcomes based on running the artificial intelligence model on the public data set and a second set of outcomes based on rerunning the model on the extended set of data. The device may then compare the two sets of outcomes to determine whether a private data value is identifiable based on the second set of outcomes. If a private data value is identifiable, the device may obfuscate the results prior to transmitting the results to the requestor.

Abstract: The described techniques facilitate the secure transmission of sensor measurement data to an ECU by implementing an authentication procedure. The authentication procedure includes an integrated circuit (IC) generating authentication tags by encrypting portions of sensor measurement data. These authentication tags are then transmitted together with the sensor measurement data as authenticated sensor measurement data. The ECU may then use the authentication tags to authenticate the sensor measurement data based upon a comparison of the portions of the sensor measurement data sensor measurement data to the authentication tag that is expected to be generated for those portions of sensor measurement data.

Abstract: A streaming one time Pad cipher using rotating ports for data encryption uses a One Time Pad (OTP) to establish multiple secure point-to-point connections. This can be used to implement a streaming OTP point-to-point firewall, virtual private network or other communications facility for communicating secure information across one or more insecure networks.

Abstract: This document discloses a method and device for implementing secure communication, and a storage medium. The method for implementing secure communication includes: encrypting first information and second information of a data packet respectively to generate an encrypted message; wherein, a region in which the encrypted first information is located is a first encrypted region, and a region in which the encrypted second information is located is a second encrypted region; the first information is used for a receiving device to determine whether to acquire the second information; and sending the encrypted message.

Abstract: A computer-implemented method for submitting feedback for an entity to a blockchain is disclosed. The method, which is implemented at one of a plurality of participating nodes, includes: obtaining a first key, the first key being one of a fixed set of keys distributed to participating nodes that are eligible to submit feedback for the entity; generating first feedback (rj) of the entity for submission to the blockchain; encrypting the first feedback (rj) using at least the first key; and submitting the encrypted first feedback to a mixing service, the mixing service being configured to generate a mixed transaction based on the encrypted first feedback and at least one other encrypted feedback submission from one or more eligible participating nodes.

Abstract: An Authorization Verification Service (AVS) is disclosed that may be provided by an IoT/M2M service layer to registrants of the service layer for Dynamic Context Aware Authorization. The AVS may allow the IoT/M2M service layer entities to define dynamic limits for authorizing access to services or data. The limits may be set, for example, in terms of the number of allowed accesses. When an IoT/M2M registrant makes a request for data or services for which it has dynamic context aware authorization, the AVS may maintain records of the remaining accesses available.

Abstract: Systems and methods for controlling data access through the interaction of a short-range transceiver, such as a contactless card, with a client device are presented. Data access control may be provided in the context of creating and accessing a secure memory block in a client device, including handling requests to obtain create and access a secure memory block via the interaction of a short-range transceiver, such as a contactless card, with a client device such that, once the secure memory block is created in memory of the client device, personal user data may be stored in the secure memory block, and access to the stored personal user data may only be provided to users authorized to review the data.

Abstract: One or more computing devices, systems, and/or methods for securely verifying devices such as protected are provided. A code may be generated for a first device. A short message service (SMS) message comprising the code may be transmitted to the first device at a mobile directory number of the first device. An entry may be created to associate the code with the mobile directory number. A determination may be made as to whether a first code within a message associated with the mobile directory number matches the code within the entry. In response to a match, the message may be processed and a status of the first device may be marked as valid, otherwise, the message may be rejected.

Abstract: A method includes storing a reference fingerprint for a first device in a database; operating a second device in an identity authentication mode; receiving, by the second device while operating in the identity authentication mode, a signal transmission from an unknown device; determining, by the second device, a fingerprint for the unknown device based on the signal transmission; responsive to the fingerprint of the unknown device matching the reference fingerprint for the first device, processing a data packet associated with the signal transmission; and responsive to the fingerprint of the unknown device not matching the reference fingerprint for the first device, ignoring the data packet associated with the signal transmission.

Abstract: In accordance with a first aspect of the present disclosure, an ultra-wideband communication node is provided, comprising: an ultra-wideband communication unit configured to transmit one or more messages to a plurality of external responder nodes and to receive one or more responses from said responder nodes; a processing unit configured to use a common cryptographic session key to encrypt said messages, wherein said common cryptographic session key is a key shared between the ultra-wideband communication node and all the external responder nodes; wherein the processing unit is further configured to use responder-specific cryptographic session keys to decrypt the responses and/or to encrypt further messages to the responder nodes, and wherein each individual one of said responder-specific cryptographic session keys is a key shared between the ultra-wideband communication node and one of the external responder nodes.

Abstract: The present disclosure provides computing systems in which respective quorums of computing nodes securely manage respective secrets associated with cryptographic ledgers according to threshold secret sharing schemes. In particular, membership in the quorums can be changed dynamically and unpredictability to improve security of the quorums against adversarial attacks in which adversaries attempt to compromise or gain control of the computing nodes. More specifically, by changing membership in the quorum dynamically and unpredictability, the ability of the adversary to control at any given time a threshold number of the current members of the quorum and gain access to the secret is dramatically reduced.

Abstract: Embodiments of the disclosure provide a method for enhancing standard authentication systems to include risk-based decisions. Risk-based decisions can be selectively implemented within existing authentication systems to strategically modify and supplement security if an unacceptable risk is detected. Embodiments capture information pertaining to a user and user device. Information is stored to create a profile for the user and user device. A comparison between the stored information and live data can be performed within authentication systems to optimize security. If the results of the comparison demonstrate the presence of an acceptable risk, then the need for subsequent authentication can be reduced or eliminated, which improves a user experience.

Abstract: Disclosed herein are embodiments of systems and methods that dynamically reconfigure a multi-tiered system of network devices and software applications in response to an ongoing and/or anticipated cyber-attack. The dynamic reconfiguration of the network devices may consist of a wide range of processes, which may include generating new network addresses for individual network devices; reconfiguring the network devices by creating firewalls, changing protocols between the network devices in a multi-tier reconfiguration solution, changing the cloud infrastructure provider of the network devices, even when the underlying network infrastructure ecosystem differs across cloud service providers (CSPs); and maintaining a secure and updated data model of a record of reconfigured network devices and their dependencies to allow legitimate users of the network devices to understand reconfiguration actions that are hidden from malicious users such as hackers and cyber-attackers.

Abstract: Various systems and methods for securely sharing private in formation are described herein. A mobile device comprises instruction to configured the mobile device to identify a verifier device having an available wireless connection, the wireless connection having a wireless connection strength; determine that a triggering event occurs, the triggering event based on the wireless connection strength; when the triggering event occurs: connect to the verifier device; transmit a digital credential to the verifier device, each of a plurality of data elements of the digital credential separately encrypted using distinct encryption keys; receive a request to access a requested data element of the digital credential; prompt a user of the mobile device for consent to share the requested data element; and transmit information to the verifier device when the user consents sharing the requested data element, the information used to decrypt only the requested data element.