Abstract: The present invention relates to a computer-implemented method for the collective signing of a file, preferably a PDF-based document, by a plurality of users, said method comprising the sequential realization of the following set of steps for each of said plurality of users: (a) providing the user with said file, and optionally with one or more existing identification strings belonging to said file; (b) determining an identification string belonging to said file based on at least said file and optionally based on said one or more existing identification strings; (c) establishing a document signature based on at least both said identification string belonging to said PDF-based document and a private key belonging to the user; (d) registering said document signature in a blockchain.

Abstract: There is disclosed in one example a computing apparatus, including: a hardware platform, including a processor and a memory; and executable instructions encoded in the memory to provide a client-only virtual private network (VPN) including a VPN client and a VPN server on a single physical device, wherein the VPN client is configured to communicatively couple to the VPN server and to provide proxied Internet protocol (IP) communication services via the VPN server.

Abstract: Systems, apparatus, methods, and techniques for facilitating privacy preserving secure communicating in a platoon of devices, such as, vehicles, roadside units, or the like is provided. A service initiator provisions a ring key-set as well as a public key-pair and distributes the keys to user equipment and service coordinators. During operation, user equipment can query, via a service coordinator, the existence of a platoon, form a platoon, or join a platoon with the ring key-set and the public key-pair. To form a platoon the service coordinator can generate a symmetric key and provide the symmetric key to the user equipment. Subsequently, user equipment can communicate using the symmetric key.

Abstract: Embodiments described herein provide systems and methods to prevent, or provide a countermeasure, to a co-existence attack, for example, that may occur in a Security Credential Management System (SCMS) where both regular butterfly key (RBK) protocol and unified butterfly key (UBK) protocol are supported. Embodiments described herein provide, support, employ, or implement hardware acceleration for a Hardware Security Module (HSM), for example, for cryptographic operations (e.g., block ciphers, digital signature schemes, and key exchange protocols).

Abstract: A method performed by an authentication server for provisioning a user equipment (1), UE. The method comprises: obtaining a message authentication code, MAC, based on a provisioning key specific to the UE to the UE and a privacy key of a home network (3) of the UE, wherein the provisioning key is a shared secret between the authentication server (14) and the UE and the privacy key comprises a public key of the home network; and transmitting the privacy key and the MAC to the UE. Methods performed by a de-concealing server and the UE, respectively are also disclosed as well as authentication servers, de-concealing servers and UEs. A computer program and a memory circuitry (13) are also disclosed.

Abstract: An example operation may include one or more of storing a first hashed timelock request in a first storage structure, where the first hashed timelock request is hashed based on a first secret, generating a second secret based on the first secret and a public key of a client, hashing the second secret to generate a hashed second secret, and transmitting a request for a second hashed timelock request to the client, where the request comprises the generated hashed second secret.

Abstract: Systems, methods, and computer-readable storage media are provided for automating personalized out-of-the-box and ongoing in-application settings. A triggering event is detected for an exchange of information between an information service and one or more application or service. A trust level and domain of information of the one or more application or service is determined. Based on the trust level and domain of information, information to be shared with the one or more application or service is identified and the identified information is shared. The information to be shared can be all of the requested information, some of the requested information, or none of the requested information.

Abstract: A computing device can perform operations to unlock encrypted volumes of the computing device while the computing device is in a recovery environment. In some examples, the computing device can work in conjunction with a test computing device to unlock the encrypted volumes using an unlock token and a PIN. In other examples, the computing device can perform operations without a test computing device. For example, the computing device can, while in the recovery environment, use credentials associated with a user of the computing device to obtain a recovery password to unlock keys for interpreting the encrypted volumes. In some examples, the computing device can use a shortened recovery password in conjunction with anti-hammering capabilities of a Trusted Platform Module in order to unlock keys for interpreting the encrypted volumes. These and other operations can facilitate secure unlock of volumes of encrypted data on a consumer device.

Abstract: According to the present invention, an information processing apparatus that verifies a signed token is provided. The apparatus comprises a holding unit for holding key information for verifying the signed token, an obtainment unit for obtaining new key information from a server that provides the key information, and holding the new key information in the holding unit, if the key information for verifying a received signed token is not held in the holding unit, and a verification unit for verifying the signed token using the key information if the key information for verifying the received signed token is held in the holding unit.

Abstract: Systems and methods performed for generating authentication information for an image using optical computing are provided. When a user takes a photo of an object, an optical authentication system receives light reflected and/or emitted from the object. The system also receives a random key from an authentication server. The system converts the received light to plenoptic data and uploads it to the authentication server. In addition, the system generates an optical hash of the received light using the random key, converts the generated optical hash to a digital optical hash, and uploads the digital optical hash to the authentication server. When the authentication server receives the upload, it verifies whether the time of the upload is within a certain threshold time from the sending of the random key and whether the digital optical hash was generated from the same light as the plenoptic data.

Abstract: Disclosed are methods and apparatuses for electronic signature. The method for electronic signature comprises obtaining a hash value of a first key created for a user and a user identifier of the user, generating a key certificate of the first key based on the obtained hash value, the user identifier and a current key, recording the key certificate on a public medium, which public medium ensures that information published thereon is not tampered with, signing a file with the first key and recording a resulting file signature and the file on the public medium, and recording the first key on the public medium only after the file is already on the public medium. With the technical solution of the disclosure, a key can be effectively utilized.

Abstract: The present disclosure is applied to the field of communication technology, and provides a method, device for authenticating an accessing terminal and a system. The method includes: receiving a connection request sent by the terminal, the connection request carrying first terminal operation information; obtaining pre-stored second terminal operation information, and matching the first terminal operation information with the pre-stored second terminal operation information according to a preset matching strategy; sending, when the terminal operation information matches the pre-stored second terminal operation information, authentication success information to the terminal, and establishing communication with the terminal.

Abstract: The present disclosure is directed to systems and methods associated with a communication infrastructure. The communication infrastructure includes a vehicle integration platform that includes a plurality of application programming interfaces configured to facilitate message communication among clients. The communication infrastructure includes a registration authority system configured to receive certificate signing requests from the clients and to generate client-specific credentials for establishing a predetermined time period of ability for client authentication within the vehicle integration platform. The communication infrastructure includes a certificate authority system configured to normalize requests received from the clients via the registration authority system such that the client-specific credentials are established according to an approved hierarchy of licensing certificates.

Abstract: A hash function is computed for each item of a partial string obtained by dividing a message received according to a group testing matrix representing combinatorial group testing relating to the message, and an authentication tag for the partial string is generated using a value obtained by a combining operation of individual hash values by a combiner, wherein the combiner performs the combining operation of the individual hash values, by using a hash value of an item of an empty string as an identity element of the operation.

Abstract: The present disclosure provides an approach for a certificate authority (CA) that is distributed among nodes of a network, such that only a portion of the network nodes are required to sign and issue a digital certificate. Each node of the network includes a partial private key, the partial private key having been obtained by sharding the full private key. The sharding may be performed by a process known in the art, such as Shamir Secret Sharing and Distributed Key Generation. Systems that are inherently distributed may use the techniques herein to create a CA that is not centralized. The techniques herein leverage a database in the form of a distributed blockchain to store issued certificates and status of the certificates.

Abstract: Method, system or Universal Integrated Circuit Card (UICC) for provisioning a UICC with a new key. The UICC contains an initial subscriber key shared between the UICC and an authentication center. A new key is exchanged between the UICC and the authentication center using a communication between the UICC and the authentication center authenticated using the initial subscriber key. The new key is used in place of the initial subscriber key for further communications with the UICC.

Abstract: A method and system for performing federated identity management are described. The method and system include receiving a communication for a data source at a wrapper. The wrapper includes a dispatcher and a service. The dispatcher receives the communication and is data agnostic. The communication corresponds to end user credentials for an end user. The method and system include providing the communication from the dispatcher to the data source and to the service. The method and system also use the service to authenticate the end user based on the end user credentials and utilizing federated identity management.

Abstract: Embodiments of the invention are directed to a method for reducing a computational burden of a blockchain provider. A data processing computer may facilitate an exchange of a data transfer message between respective applications of a first and second device. The data processing computer may maintain an electronic record according to the exchange. A net transfer value may be determined for the record and data comprising the net transfer value may be transmitted to a blockchain provider. Receipt of the data by the blockchain provider may cause the blockchain provider to update a ledger with the net transfer value.

Abstract: A system and method for of providing secure communication between a client device having a non-volatile read only memory and a first server is disclosed. One embodiment is evidenced by a method that comprises determining if a generation of a certificate is complete, the certificate generated in the client device and having a public key generated from a private key, providing the generated certificate to the first server to authenticate the client device if the generation of the certificate is complete, and retrieving a fallback certificate from the non-volatile read only memory and providing the fallback certificate to the first server to ephemerally authenticate the client device until the generated certificate is provided to the first server if the generation of the certificate is not complete.

Abstract: In some examples, a computing device may determine, based on sensor data, that the computing device is in a public environment. In response, the computing device may display an entry wheel to enable a user to enter a password. The entry wheel may include multiple input symbols arranged equidistant around a circle. In some cases, one or more geometric patterns linking a portion of the input symbols may be displayed. After receiving an individual character of the password, the computing device may display the entry wheel rotated a number of positions in either a clockwise or counter-clockwise direction and display zero or more of the geometric patterns. After all the characters of the password have been received, the computing device may determine if the password matches a previously stored password. If the password matches, the computing device may transition from a low power state to an active state.