Abstract: A cyber security method using intelligent agents (IAs) includes: watching, by the intelligent agent (IA), over a network, a software program running on a system; receiving, by the IA, results generated by the software; presenting, by the IA, the results; categorizing the results, by the IA, for efficient storage and efficient future retrieval; saving, by the IA, the categorized results; using the categorized results, by the IA, inferring new knowledge; categorizing the new knowledge, by the IA, for efficient storage and efficient future retrieval; saving, by the IA, the categorized new knowledge; and using one or more of the saved categorized results and the saved categorized new knowledge, by the IA, configuring the software.

Abstract: The techniques herein are directed generally to a “zero-knowledge” data management network. Users are able to share verifiable proof of data and/or identity information, and businesses are able to request, consume, and act on the data—all without a data storage server or those businesses ever seeing or having access to the raw sensitive information (where server-stored data is viewable only by the intended recipients, which may even be selected after storage). In one embodiment, source data is encrypted with a source encryption key (e.g., source public key), with a rekeying key being an encrypting combination of a source decryption key (e.g., source private key) and a recipient's public key. Without being able to decrypt the data, the storage server can use the rekeying key to re-encrypt the source data with the recipient's public key, to then be decrypted only by the corresponding recipient using its private key, accordingly.

Abstract: The present disclosure describes techniques that improve upon the use of authentication tokens as a means of verifying a user identify. A server is described that receives a service request to access a secure service provided by another service provider. The server may determine whether an additional secure service is required from a third-party server, and if so, generate a recursive authentication token for delivery to the third-party server. The recursive authentication token is intended to authenticate an identity of the server to the third-party server.

Abstract: Content within a memory device (e.g., a DRAM) may be secured in a customizable manner. Data can be secured and the memory device performance by be dynamically defined. In some examples, setting a data security level for a group of memory cells of a memory device may be based, at least in part, on a security mode bit pattern (e.g., a flag, flags, or indicator) in metadata read from or written to the memory device. Some examples include comparing a first signature (e.g., a digital signature) in metadata to a second value (e.g., an expected digital signature) to validate the first value in the metadata. The first value and the second value can be based, at least in part, on the data security level. Some examples include performing a data transfer operation in response to validation of the first and/or second values.

Abstract: A monitoring service monitors performance of an authentication application that authenticates a user or service and securely communicates a status of the authentication application to a service application providing a software service. The monitoring service generates a token using a private key. The token is stored in a secure datastore writable only by the monitoring service and is also provided to the service application. The service application validates a signature of the token using a public key and determines an authenticity of the token by comparing the received token to the stored token in the secure datastore. In doing so, there is a high degree of confidence that the token, or an associated encrypted message, originated from the monitoring service and properly identifies the status of the authentication application.

Abstract: The techniques herein are directed generally to a “zero-knowledge” data management network. Users are able to share verifiable proof of data and/or identity information, and businesses are able to request, consume, and act on the data—all without a data storage server or those businesses ever seeing or having access to the raw sensitive information (where server-stored data is viewable only by the intended recipients, which may even be selected after storage). In one embodiment, source data is encrypted with a source encryption key (e.g., source public key), with a rekeying key being an encrypting combination of a source decryption key (e.g., source private key) and a recipient's public key. Without being able to decrypt the data, the storage server can use the rekeying key to re-encrypt the source data with the recipient's public key, to then be decrypted only by the corresponding recipient using its private key, accordingly.

Abstract: The techniques herein are directed generally to a “zero-knowledge” data management network. Users are able to share verifiable proof of data and/or identity information, and businesses are able to request, consume, and act on the data—all without a data storage server or those businesses ever seeing or having access to the raw sensitive information (where server-stored data is viewable only by the intended recipients, which may even be selected after storage). In one embodiment, source data is encrypted with a source encryption key (e.g., source public key), with a rekeying key being an encrypting combination of a source decryption key (e.g., source private key) and a recipient's public key. Without being able to decrypt the data, the storage server can use the rekeying key to re-encrypt the source data with the recipient's public key, to then be decrypted only by the corresponding recipient using its private key, accordingly.

Abstract: A computerized method for implementing a secure and private customer service automation platform. No customer data (like Name, Email, TaxID, Phone, other sensitive attributes) is stored on the customer support system (CSS). It is determined that a user queries for information. A client browser sends the request to API gateway. An application programming interface (API) gateway sends a request to an appropriate backend system after an authentication process; with the backend system.

Abstract: A method for performing key exchange for a security operation in a storage device includes generating, by a trusted third party (TTP), a first certificate based on a first user ID and first public key and generating a second certificate based on a second user ID and second public key. While the storage device is accessed by the first user ID, a first verification is performed on the second certificate based on a third certificate. When the first verification is successfully completed, a ciphering key is derived based on a first private key and the second public key. While the storage device is accessed by the second user ID, a second verification is performed on the first certificate based on the third certificate. When the second verification is successfully completed, the ciphering key is derived based on a second private key and the first public key.

Abstract: When a user activates an app, user authentication by a PIN code or the like is first executed. When the user authentication is successful (that is, when it is confirmed that a party operating the app is a user), function limitation of the IC chip is released and a mode in which a function provided by the IC chip can be used is set. The app creates an electronic signature with a private key using the function of the IC chip. When the electronic signature and the user ID are sent to a server of an online service, the server verifies the electronic signature using the corresponding electronic certificate. When the user ID is confirmed to be a user ID sent from a valid user, the user is permitted to use the online service.

Abstract: According to some embodiments, in a Vehicular-to-Everything (V2X) communications environment where vehicles can exchange messages with other entities, including nearby vehicles and pedestrians, systems and methods are provided to implement a mechanism or technique based on hash chaining that allows a large sequence of messages from the same source to be validated by verifying a single digital signature.

Abstract: In one embodiment, an apparatus includes a storage element, and a processing element configured to verify an asymmetric digital signature in order to authenticate a data item signed with the asymmetric digital signature, upon successful verification of the asymmetric digital signature, generate a symmetric MAC of the data item and store the symmetric digital in the storage element, and retrieve and verify the symmetric MAC in order to authenticate the data item.

Abstract: According to embodiments of the present disclosure, there is provided an edge authentication node, a central authentication node, a method implemented in each node, a system including each node, and a corresponding computer-readable storage medium for license authentication. The method implemented in the edge authentication node includes: receiving a license authentication request from a client node, the license authentication request includes client fingerprint information associated with the client node; decrypting, based on the client fingerprint information, a license certificate associated with the client node generated by the central authentication node, so as to obtain license information associated with the client node; and transmitting a license authentication response to the client node based at least partially on the license information obtained.

Abstract: A user authentication system includes an image capture device and a controller communicatively coupled to the image capture device. The controller receives first image data associated with user identification information and generates a first set of biometric data based on the first image data. The controller also receives second image data associated with a first user action in response to the first set of biometric data approximately matching a first set of authenticated biometric data. The controller further generates a second set of biometric data based on the second image data and receives third image data associated with a second user action. The controller also generates a third set of biometric data based on the third image data. The controller further grant access to a user account in response to the second and third sets of biometric data approximately matching second and third sets of authenticated biometric data, respectively.

Abstract: Disclosed herein are an apparatus and method for managing personal information.

Abstract: The disclosed embodiments are related to the generation of a personal identifier within a memory device. In one embodiment, a method is disclosed comprising generating an asymmetric key pair from a physically unclonable function (PUF), the asymmetric key pair including a public key and a private key; generating a certificate signing request (CSR) for the public key, the CSR including a user identifier and a customer public key; requesting a digital certificate of the public key from a certificate authority (CA), the certificate authority storing a mapping between the customer public key and the user identifier; receiving a message from a host device; signing the message using the private key; and transmitting the signed message and the digital certificate to a computing device.

Abstract: A method of verifying partial data based on collective certificate is provided. A provider-end computer apparatus receives a request of data, retrieves a data cluster, executes a fingerprint process on the unrequested part of the data cluster for obtaining an unrequested data fingerprint, and transfer the requested part of the data cluster and the unrequested data fingerprint to a request-end computer apparatus. The request-end computer apparatus retrieves a trusty collective data fingerprint, executes the fingerprint process on the requested part of the data cluster for obtaining a requested data fingerprint, merges the unrequested data fingerprint and the requested data fingerprint into a merged collective data fingerprint, and determines that the requested part is correct if the merged collective data is consistent with the trusty collective data fingerprint. The present disclosed example can effectively verify correctness of the requested part of data.

Abstract: A method of performing validation of an access token under OAuth 2.0 protocol includes: providing, by an authorization server, the access token for service to a client in response to a request for the access token; adding, by the client, a client signature to at least the access token; forwarding, by the client, the access token as part of a service request to a resource server; and validating, by the resource server, whether the client is a valid owner of the access token, wherein the validation is based on at least the client signature of the access token. The validation is based on a hash of a combination of the service request, the access token and a shared secret key common to the client and the resource server, the output of which hash is added to the service request, and the resource server validates the hash.

Abstract: A security accelerator device stores a first credential that is uniquely associated with the individual security accelerator device and represents a root of trust to a trusted entity. The device establishes a cryptographic trust relationship with a client entity that is based on the root of trust, the cryptographic trust relationship being represented by a second credential. The device receives and store a secret credential of the client entity, which is received via communication secured by the second credential. Further, the device executes a cryptographic computation using the secret client credential on behalf of the client entity to produce a computation result.

Abstract: The technology relates to a technique for representing a unique physical asset such as a smartphone with a unique (singular) digital asset such as a non-fungible token (NFT). The NFT and related metadata can be stored on a blockchain to verify ownership of the digital asset. In one example, the NFT is produced based on a unique identifier (IMEI) for the smartphone. Other examples of physical assets with unique identifiers include automobiles, real property, etc.