Abstract: Various embodiments relate to a method performed by a processor of a computing system. An example method includes generating a symmetric content encryption key. Content is encrypted using the content encryption key to generate cipher text. A hash of the cipher text is generated. Each of the hash and the content encryption key is signcrypted using each of a signcrypting party public key, a signcrypting party private key and a recipient public key to generate a signcrypted envelope message. The cipher text is embedded in a component of the signcrypted envelope message. The signcrypted envelope message is transmitted to a recipient. The recipient can unsigncrypt the signcrypted envelope message using each of the recipient public key, a recipient private key, and the signcrypting party public key to retrieve the content encryption key and hash of the cipher text. The recipient can decrypt the cipher text using the content encryption key.

Abstract: Systems and methods for securely sharing and authenticating a last secret can include generating, by a cryptographic module on a first network node, a seed configured for deriving or recovering a last secret, the last secret providing access to a secure entity and being a last cryptographic element controlling access to the secure entity, creating, by the cryptographic module, an envelope for the seed, enveloping the seed by the envelope, and transmitting, by the cryptographic module, the seed to a computing system on a second node different than the first node, the computing system being configured to decrypt the envelope of the enveloped seed to recover the seed, and obtain the last secret based on the seed, where the cryptographic module is prevented from deriving the last secret.

Abstract: Examples described herein relate to systems, apparatuses, methods, and non-transitory computer-readable medium for recovering a session object associated with a secure session established by a security protocol server, including receiving, by a recovery server, an encrypted session object from the security protocol server, wherein the encrypted session object is unique to the secure session, generating, by the recovery server, a recovery key based on a first initial key and a recovery key sequence number, wherein the recovery key sequence number corresponds to a number of times that secure sessions have been established since the first initial key is received by the security protocol server, and decrypting, by the recovery server, the encrypted session object using the recovery key to generate the session object associated with the secure session.

Abstract: Systems and methods in accordance with present implementations can include decrypting, by one or more processors, a data packet using a session key to recover a decrypted data packet, the data packet comprising a data element encrypted with a first content-specific key associated with a shared secret, the data packet encrypted with the session key, and decrypting, by the one or more processors, the data element of the decrypted data packet using a second content-specific key corresponding to a data type of the data element, to recover a decrypted data element.

Abstract: A biometric electronic signature authenticated key exchange (“BESAKE”) token processing system. The system includes a storage location having a plurality of biometric reference templates. The system further includes an authentication computing system having a processor and instructions. The instructions configured to cause the authentication computing system to receive a signing party identifier and the BESAKE token from a signing party. The BESAKE token having a biometric sample encrypted using an encryption key. The instructions further configured to generate a decryption key and decrypt the encrypted biometric sample from the BESAKE token. The instructions further configured to match the biometric sample with a biometric reference template and transmit to a biometric service provider computing system a match request. The instructions further configured to determine a signing party identity via a binary match value.

Abstract: Systems, methods, and apparatuses of creating a repair token for a distributed ledger are provided. A method includes identifying an error in the distributed ledger via a computing system. The error is associated with a first block on the distributed ledger. The method further includes creating the repair token having content of the first block and a correction to the error via the computing system.

Abstract: A method includes receiving an update biometric reference sample and a user identifier by a computing system and retrieving a previous biometric reference template record in a storage location based on the user identifier by the computing system. The previous biometric reference template record includes a previous biometric reference template generated using a previous biometric reference sample. The method further includes comparing the update biometric reference sample to the previous biometric reference template by the computing system and, responsive to determining that a biometric data type of the update biometric reference sample is different than that of the previous biometric reference template, generating an update biometric reference template by the computing system. The method further includes generating an update biometric reference template record by the computing system.

Abstract: A unique transaction key (Tk) is established amongst multiple entities using a common hardware security module (HSM) with a common HMAC key (HK) and transaction scheme name (T). The transaction key (Tk) can be used for various cryptographic functions (e.g. encryption, MAC, HMAC, key management) with one or more messages at the transaction or session level.

Abstract: Example implementations include a method for using tokens between two entities including a client device and a server, by generating, by a first one-way function of the client device, a first intermediate value from a transaction count corresponding to a number of transactions involving an original data, the first intermediate value being unique to a first verification transaction at a server, generating, by a second one-way function of the client device, a second intermediate value from the first intermediate value, the second intermediate value being unique to a second verification transaction at the server, sending, by the client device, a first token based on the first intermediate value to the server to execute the first verification transaction, and sending, by the client device, a second token based on the second intermediate value to the server to execute the second verification transaction.

Abstract: A method for controlling unauthorized use of digital content includes identifying digital content for validation. Characterizing information is generated that designates the identified digital content, and usage rights for the identified digital content are determined based on the characterizing information, for example, based on a comparison of the characterizing information that designates the identified digital content to a plurality of characterizing information. Usage of the identified digital content may also be controlled based on the determined usage rights. Related systems, methods, devices, and computer program products are discussed.

Abstract: A method of remotely activating a non-native IP multimedia subsystem (IMS) application of an electronic device. The method may include receiving at least one of a general IMS availability registration from the electronic device or a native IMS application registration from the electronic device; identifying the non-native IMS application using a database that associates IMS applications with corresponding electronic devices; transmitting an activation trigger for the non-native IMS application to the electronic device; and receiving an IMS application registration for the non-native IMS application and registering the non-native IMS application.

Abstract: Mobile phone users can subscribe to a notification for new content by creating a profile of user preferences on the operator or manufacturer's website on a server. When new content matching the profile becomes available, the server will send to the mobile phone a WAP push message containing a link to the content. The user can access and download the new content by pressing a dedicated key on the mobile phone and following the link in the WAP push message.

Abstract: A portable communication device having a touch screen user interface is configured to provide mobile web browsing that makes use of hyperlink targets having modified size, display format and/or position. The modified hyperlink targets are more distinct to avoid incidental hyperlink activation while scrolling on a web page within a display window of the portable communication device.

Abstract: A method for controlling unauthorized use of digital content includes identifying digital content for validation. Characterizing information is generated that designates the identified digital content, and usage rights for the identified digital content are determined based on the characterizing information, for example, based on a comparison of the characterizing information that designates the identified digital content to a plurality of characterizing information. Usage of the identified digital content may also be controlled based on the determined usage rights. Related systems, methods, devices, and computer program products are discussed.

Abstract: A method of remotely activating a non-native IP multimedia subsystem (IMS) application of an electronic device. The method may include receiving at least one of a general IMS availability registration from the electronic device or a native IMS application registration from the electronic device; identifying the non-native IMS application using a database that associates IMS applications with corresponding electronic devices; transmitting an activation trigger for the non-native IMS application to the electronic device; and receiving an IMS application registration for the non-native IMS application and registering the non-native IMS application.