Abstract: Apparatus and associated methods relate to a 3rd Party Asset Verification module (3PAV module) embodied in a computer system configured to: (1) transmit a unique access code to at least one entity, the unique access code (1a) associated with a user and the user's asset information, and (1b) permits access to the user's asset information stored in the controlled access data store, and (2) in response to a request for data from a broadcasted receiver of the unique access code, the request including the unique access code, returning the user's asset information stored in the controlled access data store. In an illustrative example, the unique code may be generated upon the user providing authorization, over a network, for other parties to access the user's asset information. Various implementations may provide for secure and controlled access to the user's trusted asset data, which may increase efficiency in a consumer-dealer-lender transaction.

Abstract: A cloud system and a device associate cloud user authentication information and local user authentication information with each other and manage the cloud user authentication information and the local user authentication information. The local user authentication information and the execution request are transmitted to the device, and the cloud user authentication information and an execution result are transmitted to the cloud system.

Abstract: This application discloses a method and an apparatus for multimedia communication. A session page is loaded by using a browser kernel integrated in a local client, and a script on the session page is executed by using the browser kernel, to perform the following operations: exchanging a control parameter with a peer client by using a signaling server; establishing a data channel between the local client and the peer client; collecting multimedia data and transmitting the multimedia data to the peer client through the data channel, so that the peer client plays the multimedia data by using a media stream parameter of the local client; and receiving, through the data channel, the multimedia data collected by the peer client, and playing the multimedia data on the session page according to a media stream parameter of the peer client. In this way, cross-client multimedia communication is implemented.

Abstract: At least one aspect is directed to improving the performance of real-time verification of online identity. The issuer computing system can receive a request to generate a composite token, the composite token configured to authorize certain verifying parties to authenticate a first-party token comprising information about a client. The issuer can generate a composite token using cryptographic keys and distribute it to the client, who can distribute it to other content item networks. The verifying parties can receive the composite token from the content item networks, use a cryptographic key verify the authenticity of the token corresponding to the client device, and use the token to further process content item operations. The system can distribute the cryptographic keys prior to the generation and verification of the composite token, and as such allow the parties to verify the composite token in real-time without contacting outside verification parties.

Abstract: The present disclosure describes techniques that improve upon the use of authentication tokens as a means of verifying a user identity. Rather than facilitating the issuance of authentication tokens as bearer tokens, whereby any user may present an authentication token to a secure service provider for access to secure service, this disclosure describes techniques for generating recursive authentication tokens that are digitally signed by an Identity Service Provider (IDP) and the entity that purports to present the authentication token to the service provider. Additionally, a recursive token application is described that is configured to nest preceding authentication tokens that trace back to an initial secure service request. For example, a recursive authentication token received by a second service provider may include, nested therein, the first service provider recursive authentication token and a preceding client recursive authentication token that is associated with the initial secure service request.

Abstract: In an embodiment, an HSM may provide a cryptographic signature service. The HSM may maintain key/token pairs for various users/entities and for a first entity for which signature may be desired. The HSM may ensure that the requirements for the entity's signature are met, and then may apply the entity's signature. In an embodiment, the HSM may augment the private token for the first entity with the public keys of users/entities which are to approve the entity's signature. As the approvals are received, the HSM may record the approvals and may apply the signature once the approvals are received.

Abstract: Disclosed herein are systems and methods for blocking network connections. In one aspect, an exemplary method comprises, intercepting a certificate from the server when establishing a protected connection between a server and a client, determining whether the intercepted certificate is similar to one or more forbidden certificates, the determination of whether the intercepted certificate is similar to one or more forbidden certificates comprising transforming the intercepted certificate in accordance with a method of determining similarities between certificates and a method of saving forbidden certificates in a database of forbidden certificates, and blocking the connection when the intercepted certificate is similar to the one or more forbidden certificates.

Abstract: A key generation apparatus includes a memory, a communication interface, and a processor. The memory stores a first private key corresponding to a first public key. The communication interface communicates with a peer apparatus that stores the first public key. The processor generates a second public key and a second private key in response to a key update request from the peer apparatus, generates a digital signature by encrypting data including the second public key with the first private key, and sends a message including the data and the digital signature to the peer apparatus. In addition, the processor switches the first private key to the second private key.

Abstract: A system is provided for distribution of device key sets over a network in a protected software environment (PSE). In the system, a client device includes a connection interface for receiving a crypto hardware (CH) token belonging to a user, untrusted software, a quoting enclave, and a PSE for generating a provisioning request for a device key set. An attestation proxy server (APS) receives the provisioning message using a first network connection, and transmits the provisioning message to an online provisioning server (OPS) using a second network connection. The OPS constructs a provisioning response and an encrypted device key set, and delivers the provisioning response to the untrusted software using the first and second network connections. The PSE decrypts the encrypted device key set to obtain the device key set, re-encrypts the device key set with a local chip-specific key, and stores the re-encrypted device key set.

Abstract: A set of secret, indexed keys is generated and used in requests from a signing entity to a signing server for digital signature of messages. The signing server maintains a counter as well as a hash tree that aggregates requests during a round into a root value that is stored in an append-only data structure in a repository. Each signing entity is associated with a leaf of the hash tree. After a signature is formed, the counter for the requesting signing entity is incremented, whereby the secret key that was used cannot be used again.

Abstract: A device may receive a request for a contract associated with a project. The request may include a blockchain identifier for an organization associated with the project and a set of project requirements for the project. The device may generate the contract using information included in the request. The contract may include one or more conditions that are associated with the set of project requirements. The device may create one or more blocks in a blockchain using the one or more conditions of the contract and the blockchain identifier. The device may receive multimedia data associated with completion of a phase of the project. The device may verify whether the phase of the project is complete using metadata associated with the multimedia data. The device may perform one or more actions based on verifying whether the phase of the project is complete.

Abstract: A memory device can include a memory, and an interface to receive a memory command sequence. A message authentication code MAC is provided with the command sequence. Control circuits on the device include a command decoder to decode a received command sequence and to execute an identified memory operation. A message authentication engine includes logic to compute a value of a message authentication code to be matched with the received message authentication code based on the received command sequence and a stored key. The device can store a plurality of keys associated with one or more memory zones in the memory. Logic on the device prevents completion of the memory operation identified by the command sequence if the value computed does not match the received message authentication code.

Abstract: Content with in a memory device (e.g., a DRAM) may be secured in a customizable manner. Data can be secured and the memory device performance by be dynamically defined. In some examples, setting a data security level for a group of memory cells of a memory device may be based, at least in part, on a security mode bit pattern (e.g., a flag, flags, or indicator) in metadata read from or written to the memory device. Some examples include comparing a first signature (e.g., a digital signature) in metadata to a second value (e.g., an expected digital signature) to validate the first value in the metadata. The first value and the second value can be based, at least in part, on the data security level. Some examples include performing a data transfer operation in response to validation of the first and/or second values.

Abstract: The invention relates to a method for validating message strings through a decentralized network. Said method also makes it possible to manage the validations of messages relating to a message chain in a unitary and asynchronous manner thus rendering the process unlimited in terms of performance. The method also allows enhanced security and confidentiality, in particular by integrating the number and geolocation constraints of message validations. The method thus makes it possible, through a decentralized network of trusted third parties with limited confidence, to restore real trust to the users.

Abstract: Techniques are provided to manage security artifacts. Specifically, a security management system is disclosed for implementing security artifact archives to manage security artifacts. A security artifact archive may include information for managing one or more security artifacts that can be referenced or included in the security artifact archive. The security management system can create, edit, read, send, and perform other management operations for security artifact archives. Objects can be bundled in an object-specific security artifact archive. Security artifact archives may be named, versioned, tagged and/or labeled for identification. Security artifact archives may be transmitted to a destination (e.g., a service provider or a client system) that provides access to an object whose access is dependent on security artifacts. The destination may can manage access to the object using a security artifact archive that includes relevant and current security artifacts for the object.

Abstract: Methods, non-transitory computer readable media, attack mitigation apparatuses, and network security systems that maintain an application context model for a protected application based on ingested logs. The application context model includes a map of network infrastructure associated with the protected application. Using the application context model, potential attack(s) against the protected application are identified and possible mitigation action(s) to take in response to one or more of the identified potential attack(s) are scored. A stored policy is executed to evaluate the possible mitigation action(s) based on the scoring. One or more of the possible mitigation action(s) are initiated on the identified potential attack(s) based on the evaluation. With this technology, malicious network activity can be more effectively and quickly detected and mitigated resulting in improved network security.

Abstract: A security accelerator device stores a first credential that is uniquely associated with the individual security accelerator device and represents a root of trust to a trusted entity. The device establishes a cryptographic trust relationship with a client entity that is based on the root of trust, the cryptographic trust relationship being represented by a second credential. The device receives and store a secret credential of the client entity, which is received via communication secured by the second credential. Further, the device executes a cryptographic computation using the secret client credential on behalf of the client entity to produce a computation result.

Abstract: A computer-implemented method includes receiving a respective indication of each of two or more clouds. The two or more clouds are added to a user account. A first file is received for storage in the user account. The first file is split into a plurality of data blocks. The plurality of data blocks of the first file are distributed across the two or more clouds. An indication of a respective location of each data block of the first file is saved.

Abstract: Embodiments of the invention provide system and method for storage and management of confidential information. The system comprises at least one electronic device, wherein each electronic device is configured to store confidential information, and execute a service request using the confidential information stored therein; a control system configured to provide power supply to any one of the at least one electronic device, which is connected to the control system, and communicate a service request from a specific user to an electronic device in connected state which is associated with the specific user; and an enclosure configured to house the at least one electronic device, and the control system.

Abstract: There are provided measures for enabling detecting malware. A method includes generating a copy of a first node, configuring a sandbox environment by using the generated copy, executing an electronic file or a URL in the sandbox environment configured with the copy, providing a result of the malware analysis of the electronic file or the URL, identifying the electronic file or the URL as malicious or suspicious on the basis of the provided result, and taking further action for protecting the first node from the electronic file or the URL identified as malicious or suspicious.