Abstract: An Authorization Verification Service (AVS) is disclosed that may be provided by an IoT/M2M service layer to registrants of the service layer for Dynamic Context Aware Authorization. The AVS may allow the IoT/M2M service layer entities to define dynamic limits for authorizing access to services or data. The limits may be set, for example, in terms of the number of allowed accesses. When an IoT/M2M registrant makes a request for data or services for which it has dynamic context aware authorization, the AVS may maintain records of the remaining accesses available.

Abstract: Systems and methods for controlling data access through the interaction of a short-range transceiver, such as a contactless card, with a client device are presented. Data access control may be provided in the context of creating and accessing a secure memory block in a client device, including handling requests to obtain create and access a secure memory block via the interaction of a short-range transceiver, such as a contactless card, with a client device such that, once the secure memory block is created in memory of the client device, personal user data may be stored in the secure memory block, and access to the stored personal user data may only be provided to users authorized to review the data.

Abstract: One or more computing devices, systems, and/or methods for securely verifying devices such as protected are provided. A code may be generated for a first device. A short message service (SMS) message comprising the code may be transmitted to the first device at a mobile directory number of the first device. An entry may be created to associate the code with the mobile directory number. A determination may be made as to whether a first code within a message associated with the mobile directory number matches the code within the entry. In response to a match, the message may be processed and a status of the first device may be marked as valid, otherwise, the message may be rejected.

Abstract: A method includes storing a reference fingerprint for a first device in a database; operating a second device in an identity authentication mode; receiving, by the second device while operating in the identity authentication mode, a signal transmission from an unknown device; determining, by the second device, a fingerprint for the unknown device based on the signal transmission; responsive to the fingerprint of the unknown device matching the reference fingerprint for the first device, processing a data packet associated with the signal transmission; and responsive to the fingerprint of the unknown device not matching the reference fingerprint for the first device, ignoring the data packet associated with the signal transmission.

Abstract: In accordance with a first aspect of the present disclosure, an ultra-wideband communication node is provided, comprising: an ultra-wideband communication unit configured to transmit one or more messages to a plurality of external responder nodes and to receive one or more responses from said responder nodes; a processing unit configured to use a common cryptographic session key to encrypt said messages, wherein said common cryptographic session key is a key shared between the ultra-wideband communication node and all the external responder nodes; wherein the processing unit is further configured to use responder-specific cryptographic session keys to decrypt the responses and/or to encrypt further messages to the responder nodes, and wherein each individual one of said responder-specific cryptographic session keys is a key shared between the ultra-wideband communication node and one of the external responder nodes.

Abstract: The present disclosure provides computing systems in which respective quorums of computing nodes securely manage respective secrets associated with cryptographic ledgers according to threshold secret sharing schemes. In particular, membership in the quorums can be changed dynamically and unpredictability to improve security of the quorums against adversarial attacks in which adversaries attempt to compromise or gain control of the computing nodes. More specifically, by changing membership in the quorum dynamically and unpredictability, the ability of the adversary to control at any given time a threshold number of the current members of the quorum and gain access to the secret is dramatically reduced.

Abstract: Disclosed herein are embodiments of systems and methods that dynamically reconfigure a multi-tiered system of network devices and software applications in response to an ongoing and/or anticipated cyber-attack. The dynamic reconfiguration of the network devices may consist of a wide range of processes, which may include generating new network addresses for individual network devices; reconfiguring the network devices by creating firewalls, changing protocols between the network devices in a multi-tier reconfiguration solution, changing the cloud infrastructure provider of the network devices, even when the underlying network infrastructure ecosystem differs across cloud service providers (CSPs); and maintaining a secure and updated data model of a record of reconfigured network devices and their dependencies to allow legitimate users of the network devices to understand reconfiguration actions that are hidden from malicious users such as hackers and cyber-attackers.

Abstract: Embodiments of the disclosure provide a method for enhancing standard authentication systems to include risk-based decisions. Risk-based decisions can be selectively implemented within existing authentication systems to strategically modify and supplement security if an unacceptable risk is detected. Embodiments capture information pertaining to a user and user device. Information is stored to create a profile for the user and user device. A comparison between the stored information and live data can be performed within authentication systems to optimize security. If the results of the comparison demonstrate the presence of an acceptable risk, then the need for subsequent authentication can be reduced or eliminated, which improves a user experience.

Abstract: Various systems and methods for securely sharing private in formation are described herein. A mobile device comprises instruction to configured the mobile device to identify a verifier device having an available wireless connection, the wireless connection having a wireless connection strength; determine that a triggering event occurs, the triggering event based on the wireless connection strength; when the triggering event occurs: connect to the verifier device; transmit a digital credential to the verifier device, each of a plurality of data elements of the digital credential separately encrypted using distinct encryption keys; receive a request to access a requested data element of the digital credential; prompt a user of the mobile device for consent to share the requested data element; and transmit information to the verifier device when the user consents sharing the requested data element, the information used to decrypt only the requested data element.

Abstract: System and methods are disclosed that enable data sharing across networks, including peer-to-peer sharing of content over wireless networks using peer mobile devices. A database may store content associated with a first peer mobile device. A request from a requester peer mobile device for content associated with a user of the first peer mobile device may be received at a server. The encrypted request is transmitted by the server to the first peer mobile device which may decrypt the request. An authorization token may be transmitted by the first peer mobile device to the server which may then enable the requesting peer mobile device to access the requested content, which may be accessed from the first peer mobile device and/or a cloud storage system.

Abstract: One-time password (“OTP”) generation on a smartwatch is provided. OTP generation may include communication between an application on a smartwatch and an application on a smartphone. The request for an OTP may be received at the smartwatch. The smartwatch application may communicate with the smartphone application. An OTP may be generated within a third-party library within the smartphone application. The generated OTP may be transmitted from the smartphone application to the smartwatch application. The OTP may be displayed on the smartwatch.

Abstract: A system and method of security assessment of a network is described. The system may include one or more security assessment computers controlled by a security assessor, and connected to a network, and first executable program code for acting as an agent on a first end device on the network. The first executable program code is configured to be executed by a browser application of the first end device, and is configured to collect software information, hardware information, and/or vulnerability information of the first end device and transmit the same to a first security assessment computer of the one or more security assessment computers. The information may be transmitted as part of a domain name server (DNS) request. The DNS request may include information identifying the first end device to thus allow modification of the first end device in response to analysis of the collected information.

Abstract: Techniques described and suggested herein include various systems and methods for determining risk levels associated with transiting data, and routing portions of the data in accordance with the determined risk levels. For example, a risk analyzer may apply risk classifiers to transiting data to determine overall risk levels of some or all of the transiting data. A traffic router may route transiting data according to determined risk profiles for the data. A sandbox may be implemented to compare, for a given input, expected and observed outputs for a subset of transiting data, so as to determine risk profiles associated with at least the subset.

Abstract: Achieving certificate pinning security in reduced trust networks. A client receives a second certificate from a server over a first secured communications channel. The first secured communications channel is established based at least upon a first digital certificate associated with the first secured communications channel being certified by a pinned certificate. The client sends a request towards the server via a second communications channel with an untrusted computer system, and the request is received by the server. The server generates a response comprising a timestamp, a URI portion, and a signature that is generated using the second certificate. The server sends the response via the second communications channel. The client receives the response, and uses the second certificate to verify that the response is authentic and that the timestamp and URI portion are valid. The client then processes the payload.

Abstract: Embodiments of the present disclosure relate to anti-tamper computer systems, in particular to methods and systems which can embed protection code into software. Among other things, the protection code helps prevent (and make it more costly) to reverse engineer to tamper with the protected software with malicious intent, such as, but not restricted to: the removal of a license protection mechanism; the removal of code displaying advertisements; the injection of a malicious thread into the program memory space; illicit usage; or any other kind of unauthorized modification of the software.

Abstract: A method and apparatus provides for receiving a first connection reconfiguration message to configure at least one split bearer with a first logicalchannelidentity, terminated in the second cell group. A first security key for communication with the first cell group and a second security key for communication with the second cell group are applied. A second connection reconfiguration message is received, the second connection reconfiguration message including a counter having a count value for deriving a third security key for communication with the second cell group, wherein the third security key that was derived for communication with the second cell group is based on the count value of the received counter. The third security key is applied for communication with the second cell group, while continuing to use the first security key and the first MAC entity for communication with the first cell group, where continuing to use the first MAC entity includes not resetting the first MAC entity.

Abstract: Certain aspects of the present disclosure relate to methods and apparatus for optimizing delivery of a data to and/or from a UE in a connected but inactive state.

Abstract: A method comprises generating a signed blockchain transaction using a secure computing device arranged in a local area, and an apparatus set up for short-range communication. The method comprises associating the signed blockchain transactions with the local area, wherein the signed blockchain transaction indicates a presence of the apparatus in the local area.

Abstract: A method for securing a secret of a client using an escrow agent operatively connected to the client includes initiating enrollment of the client with the escrow agent, wherein the enrollment results the escrow agent generating a key pair comprising a public key and a private key, obtaining the public key from the escrow agent, wherein the private key is not shared with the client, encrypting the secret with the public key to obtain an encrypted secret, and storing the encrypted secret on the client.

Abstract: Localized content from at least one local merchant is provided to a user through a publicly accessible computer device. A server interfaces to one or more publicly accessible computer devices that are associated with a vendor. The computer devices interface to content sources through a network. A user access is detected and the identity of the user and the computer device is determined. These identities are provided to a server. The server then provides content to the computer device that is selected based on the identity of the user and the computer device. At least a portion of the content is advertising from a local merchant. Revenue is obtained from the local merchants and a portion is provided to the vendor associated with the particular computer device.