Abstract: Data processing device, in particular, for a control unit, the data processing device including at least one computing device, a memory device, a hardware security module and at least one cryptography module.

Abstract: Example implementations described herein are directed to systems and methods for selecting appropriate data samples and features in an access and privacy restricted system. Example implementations involve selection of appropriate samples (e.g. patients) which have enough data sources bringing highly important factors based on the experienced risk factors at other facilities, which is stored as metadata. The risk factor management puts more prioritization on some patients which have more data in the required data source than the other patients among all data sample candidates. The similarity of the training data sample can be a criteria to select new sample sets. Further, the risk factor management selects valuable features effectively based on metadata derived from other facilities. Example implementations help improve machine learning accuracy as part of daily system management in a facility, and can be deployed across facilities without compromising access or privacy restrictions of the data.

Abstract: The subject matter of this specification can be implemented in, among other things, methods, systems, and computer-readable storage media. A method can include receiving a first request to retrieve an identifier token associated with a user account. The method can further include generating a first alphanumeric sequence associated with the user account and performing a randomization procedure on the first alphanumeric sequence to generate a second alphanumeric sequence. The method can further include generating the identifier token for a subscriber associated with the user account to provide to a second device. The method can further include receiving, from a third device, a second request including a second identifier token having a third alphanumeric sequence, the second request being associated with performing an action using sensitive data associated with the user account. The method can further include sending data including the second request to the third device.

Abstract: Disclosed herein is a method of performing a password challenge in an embedded system. The method includes receiving a password, scrambling the sub-words of the password pursuant to scramble control codes, retrieving a verification word, scrambling the sub-words of the verification word pursuant to the scramble control codes, and comparing the scrambled sub-words of the password to the scrambled sub-words of the verification word. Access to a secure resource is granted if the scrambled sub-words of the password match the scrambled sub-words of the verification word. The scramble control codes cause random reordering of the sub-words of the password and sub-words of the verification word in a same fashion, and insertion of random delays between the comparison of different sub-words of the password to corresponding sub-words of the verification word.

Abstract: A dynamically obfuscated scan chain (DOSC) includes a control module designed to control memory loading, a linear feedback shift register (LFSR), a dynamic Obfuscation Key generator configured to use LFSR to generate a ?-bit protected Obfuscation Key, in order to confuse and change the test data into an output scan vectors when the Obfuscation Key update is triggered. The DOSC also includes a shadow chain, configured to input the ?-bit protected Obfuscation Key generated by the LFSR, and output k??×??-bit protected Obfuscation Keys, and obfuscated scan chains. The DOSC operating method includes: loading control vectors to LFSR from control module during initialization; generating the Obfuscation Key at an output of the LFSR; generating the Obfuscation Key bit by bit based at least in part on the shadow chain and the Obfuscation Key during a first scan clock after reset in order to confuse test patterns.

Abstract: A method and system of protecting user sensitive information from an application program of a user device are provided. The application program to be installed is received on the user device. Permissions to resources of the user device for the application program are identified. For each permission, mapping the permission to one or more sections of a code of the application program. For each mapped section of the code, a recipient of user sensitive information facilitated by the permission is determined. For each recipient, it is determined whether the recipient should be restricted. Upon determining that the recipient should not be restricted, the user sensitive information facilitated by the permission is provided to the recipient. However, upon determining that the recipient should be restricted, alternate information to the recipient.

Abstract: Techniques are disclosed for accelerating online certificate status protocol (OCSP) response distribution to relying parties using a content delivery network (CDN). A certificate authority generates updated OCSP responses for OCSP responses cached in the CDN that are about to expire. In addition, the certificate authority pre-generates cache keys in place of CDNs generating the keys. The certificate authority sends the OCSP responses and the cache keys in one transaction, and the CDN, in turn, consumes the new OCSP responses using the cache keys.

Abstract: A system for signing transactions. The system includes a first module with a communication interface to a public network; and a controller to handle a transaction with a Blockchain network or a transaction server accessible at the public network. The system also includes a second module with a random number generator; and a secure controller to generate seed words and private keys. The system further includes a bridge module with a controller; and a switch to selectively connect the data interface of the bridge module to either the data interface of the first module or the data interface of the second module such that the data interface of the first module is never connected with the data interface of the second module.

Abstract: A computer implemented system for electronic verification of credentials including at least one processor and data storage is described in various embodiments. The system includes cryptographic mechanisms and electronic communication between one or more computing systems that in concert, provide verification of a prover's credentials in accordance to logical conditions of a verifier's policy without providing additional information to a verifier entity.

Abstract: A method includes, with a computing system associated with a first local identity provider of a plurality of local identity providers, receiving a first authentication request from a first web application of a user device. The method further includes, with the computing system, redirecting a browser associated with the first web application to a server system associated with a master identity provider. The method further includes, with the computing system, receiving from the browser, a master session identifier provided by the master identity provider, the master session identifier identifying a master single sign-on session that is available to the plurality of local identity providers. The method further includes, with the computing system, establishing a first local single sign-on session between the first local identity provider and the browser.

Abstract: A fully digital integrated circuit apparatus (200) and method (300) are provided for generating a test mode enable signal with a digital non-resettable state retention storage circuit (210) connected to store an authentication control pattern for authorizing test mode access to a secure circuit, a digital safety interlock gate circuit (220) connected to store a safety interlock gate setting that may be accessed independently from a test mode enable signal, and combinatorial logic circuitry (205) for generating the test mode enable signal only when the interlock safety gate setting is set to a first value and the digital non-resettable state retention storage circuit stores the authentication control code.

Abstract: Techniques for rapid secure authentication and communications through multitenant components in a provider network are described. A main database cluster can request a burst cluster from a burst service, which can provide the main cluster with a shared secret associated with only a selected burst cluster. The main cluster can use the shared secret to encrypt a value that can be passed, via a proxy, to the selected burst cluster in a connection request. The selected burst cluster can validate that the connection request was truly originated by the main cluster by validating the encrypted value using the shared secret.

Abstract: The generation of hash values become popular with the storage of pin code by an authentication server, since the authentication server knows only the result of the hash function and not the pin code itself. Each time an authentication is requested, a hash function is executed on the received pin code and then compared with the stored reference hash value of the initial pin code. In order to improve the security of the hash value, it is proposed a method to produce a secure hash value (R) from a plaintext (P), said method comprising: —producing a first result (H) using an hash function of the plaintext (P), —obtaining an initial floating value (U0) by converting the first result (H) into a floating number representation of the first value (H), —updating a floating value (Un) by executing at least once a Transcendental function (TF) on the initial floating value (Un?1), —obtaining the secure hash value (R) by mixing the first result (H) with the updated floating value (Un).

Abstract: According to an example aspect of the present invention, there is provided an apparatus comprising a memory configured to store access control parameters, and at least one processing core, configured to replace a first access control mechanism in a remote node with a second access control mechanism which is defined by the access control parameters, the access control parameters comprising references to a mathematical operations database, the references comprising mathematical operation identifiers, and at least one connector defining a sequence of mathematical operations.

Abstract: An authentication device is provided with: a plurality of attribute-dependent score calculation units each calculating an attribute-dependent score dependent on a prescribed attribute for input data; an attribute-independent score calculation unit for calculating an attribute-independent score independent of the attribute for the input data; an attribute estimation unit for performing attribute estimation for the input data; and a score integration unit for determining a score weight of each of a plurality of attribute-dependent scores and of the attribute-independent score using the result of the attribute estimation and calculating an output score using the attribute-dependent scores, the attribute-independent score, and the determined score weights.

Abstract: A system, method, and apparatus for secure router operation and initialization. A router may require at least two sets of credentials at different phases of initialization, thereby adhering to a multi-layered security approach. In a first phase of a router initializing for operation, a boot loader of the router may require a first authentication in order to unlock the full-disk encryption and commence booting into firmware. In a second phase, the firmware of the router may require second authentication to continue the initialization and to unlock the file-based encryption and access the settings of the router, after which the router may be fully operational.

Abstract: An electronic whiteboard system includes at least one information processing system and at least one electronic whiteboard communicably connected to the information processing system. The information processing system stores, in a memory, one or more content management information records in each of which content data, user information, and information on a period of time are associated with each other. The electronic whiteboard reads, from a terminal of a user, ID corresponding to user information identifying the user, transmits, to the information processing system, the ID and information on a time at which the ID is read, receives, from the information processing system, content data included in a content management information record that includes a period of time within which the time at which the ID is read is included and user information identical to the user information corresponding to the ID, and displays the content data.

Abstract: Disclosed are a protection method and a protection system of system partition key data and a terminal. The protection method includes: obtaining a verification table corresponding to key data carried in a system partition file when a bootloader is started, and decrypting a digital signature by using a preset public key or a private key to obtain a first verification value; generating a second verification value according to a block address and a hash value, and comparing the first verification value with the second verification value; and starting a system if the first verification value is consistent with the second verification value.

Abstract: The invention provides a decryption method for a trunking group call and a user equipment. The method includes: monitoring group call data in a current cell and obtaining a hyper frame number being a first hyper frame number; when switching from the current cell to a target cell, obtaining the group call data and obtaining an interval range of a hyper frame number of the target cell according to the first hyper frame number, the hyper frame number of the target cell being a second hyper frame number; traversing the second hyper frame number according to the interval range of the second hyper frame number, obtaining a plaintext, and comparing group call session information contained in the plaintext with the group call data of the current cell; and if consistent, decryption by traversing the second hyper frame number being successful, carrying out a decryption operation according to the second hyper frame number.

Abstract: A fingerprint recognition method and apparatus, and a touchscreen terminal with a fingerprint recognition module includes, when a fingerprint authentication module is in a disabled state, a touch operation used to trigger an application program is received, if fingerprint authentication is not required for execution of the application program, the fingerprint recognition module is kept in a disabled state, and after the application program has been executed for specific duration, the fingerprint authentication module is enabled again, to perform the fingerprint authentication.