Abstract: A communication system is disclosed in which a communication device and a base station initially communicate using a first bandwidth. The communication device monitors for control data transmitted, by the base station, using a first control resource set conveyed in the first bandwidth. The communication device and the base station switch to using a second bandwidth, wherein the second bandwidth is different to the first bandwidth, and the communication device monitors for control data transmitted, by the base station, using a second control resource set that is conveyed in the second bandwidth.

Abstract: The present invention provides a method for transmitting or receiving data in a wireless communication system, and an apparatus therefor. Specifically, a method for receiving data by a user equipment (UE) in a wireless communication system may comprise the steps of: receiving control information related to a first codeword and a second codeword; and on the basis of the control information, receiving the first codeword and the second codeword via a physical layer, wherein it is recognized on the basis of a pre-defined rule that the first codeword and the second codeword correspond to the same transport block within a higher layer of the physical layer.

Abstract: Provided are a configuration method, a communication node, and a storage medium. The configuration method includes: acquiring transmission indication information; and determining a spatial relation associated with an uplink control channel corresponding to the transmission indication information during repeated transmssions of the uplink control channel.

Abstract: Aspects of the present disclosure relate to cross-component carrier (CC) activation of joint downlink (DL)/uplink (UL) transmission configuration indicator (TCI) states. In one aspect, the apparatus receives, from a base station, an activation of a joint DL and UL TCI state for a CC, the joint DL and UL TCI state indicating a common beam for communication in DL and UL. The apparatus applies the joint DL and UL TCI state to multiple CCs in response to receiving the activation of the joint DL and UL TCI state for the CC.

Abstract: A base station transmits configuration parameters of a cell to a wireless device. In an embodiment, the configuration parameters include bandwidth part (BWP) parameters of a first BWP and a default BWP, a first timer value associated with a cell deactivation timer, and a second timer value associated with a BWP inactivity timer. The base station may also transmit a downlink control information (DCI) indicating an activation of the cell for the wireless device, to the wireless device. In response to transmitting the DCI, the base station may further activate the cell for the wireless device and start the cell deactivation timer based on the first timer value. In response to activating the cell, the base station may activate the first BWP of the cell for the wireless device. The bast station may also start the BWP inactivity timer based on the second timer value.

Abstract: This disclosure provides systems, devices, apparatus, and methods, including computer programs encoded on storage media, for wireless energy transfer. A network entity may obtain a report indicative of a capability of a UE to transmit an energy transfer signal on at least one of a downlink band of an FDD configuration or at least one of a downlink symbol or a downlink slot of a TDD configuration, and output at least one of the TDD configuration or the FDD configuration for the energy transfer signal. The TDD configuration may include the at least one of the downlink symbol or the downlink slot and the FDD configuration may include the downlink band. The UE may receive the configuration for downlink resources in at least one of time or frequency and transmit an energy transfer signal on one or more of the downlink resources.

Abstract: An in-vehicle communication system includes: an optical coupler; a first in-vehicle device group composed of a plurality of in-vehicle devices connected to a first end of the optical coupler; and a second in-vehicle device group composed of a plurality of in-vehicle devices connected to a second end of the optical coupler. The in-vehicle devices in the first in-vehicle device group are communicable with the in-vehicle devices in the second in-vehicle device group via a common transmission path in the optical coupler. The in-vehicle devices in the second in-vehicle device group are communicable with the in-vehicle devices in the first in-vehicle device group via a common transmission path in the optical coupler.

Abstract: A method includes: a first network device obtains a synchronization mode indication and synchronization information, where the synchronization mode indication indicates a target network device to perform synchronization based on the synchronization information. The first network device sends the synchronization mode indication and the synchronization information through a network that supports FlexE. A second network device receives the synchronization mode indication and the synchronization information through a network that supports FlexE. The second network device performs synchronization based on the synchronization mode indication and the synchronization information.

Abstract: A method includes providing a reference clock signal having a reference period, providing a sampling clock signal having a sampling clock period shorter than the reference period of the reference clock signal, measuring the first subperiod as a first ratio of the first subperiod to the period of the sampling clock signal, measuring the second subperiod as a second ratio of the second subperiod to the period of the sampling clock signal, detecting a starting edge of a clock signal having a clock period greater than the reference period, producing a reconstructed reference signal based on the first ratio, the second ratio, and the detected starting edge, comparing the clock period of the clock signal with a period of the reconstructed reference signal to obtain a differential signal indicating a difference therebetween, and providing the differential signal to user circuitry for calibrating the clock signal.

Abstract: A concurrent multistandard detection receiver with prepacket transmission detection capabilities is disclosed. In one aspect, a receiver is configured to switch between two different wireless protocols, alternately listening for incoming messages on one then the other protocol. For at least one listening period, the receiver uses two pretransmission detectors that are configured to detect predictable pretransmission emissions. A third detector may detect traditional transmissions. On detection of a signal that matches a predictable pretransmission emission or a traditional transmission, the receiver confirms that an incoming signal according to that standard is being received and acts in accordance with that signal. If no such emission or transmission was received, or if after trying to confirm the presence of an incoming signal fails, the receiver switches back to listening according to the other protocol.

Abstract: The invention relates to a cryptographic method and variants thereof based on homomorphic encryption enabling the evaluation of real-valued functions on encrypted data, in order to allow carrying out homomorphic processing on encrypted data more broadly and efficiently.

Abstract: A method of operating on encrypted data can be performed by receiving ciphertexts at a server that is configured to operate on the ciphertexts generated using a 3rd generation RGSW based fully homomorphic encryption system, operating on the ciphertexts received at the server in response to requested operations to generate respective input ciphertexts including ciphertext polynomials and ciphertext integers that are representative of the input ciphertexts, and processing the input ciphertexts in a server processing-in-memory device, that is operatively coupled to the server, to perform operations on the input ciphertext using the server processing-in-memory device, in-situ.

Abstract: A computer-implemented method according to one aspect includes creating an initialization vector, utilizing an instance of plaintext and a secret key; encrypting the instance of plaintext, utilizing the initialization vector, the secret key, and the instance of plaintext; combining the initialization vector and the encrypted instance of plaintext to create a ciphertext string; and outputting the ciphertext string.

Abstract: The present application relates to an electronic test equipment and an optional function configuring method. A ciphertext decryption authentication unit performs a decryption authentication operation according to a function option key and a function option ciphertext, performs a corresponding operation on a function device corresponding to the function option ciphertext according to an authentication result signal, and outputs the authentication result signal to an operation control unit, such that the operation control unit operates, according to the authentication result signal, a target function corresponding to the function option ciphertext.

Abstract: Methods and systems described herein may implement non-fungible tokens that implement a programmable grammar-based syntax in a variety of environments. In an embodiment, a first non-fungible token that implements a programmable grammar-based syntax standard and includes a first updatable programmable section is generated. The first non-fungible token includes at least one of first executable instructions or first data, and a first portion of the at least one of the first executable instructions or the first data is stored, according to the grammar-based syntax standard, in the first updatable programmable section. The first non-fungible token may then be stored at a first blockchain address on a blockchain, and the first portion of the at least one of the first executable instructions or the first data in the first updatable programmable section of the first non-fungible token is subsequently changed to at least one of second executable instructions or second data.

Abstract: A method to allow a client to communicate with a server, specifically to conduct a key management service, in order to obtain encryption/decryption keys for data-at-rest, wherein the method comprises: causing the client to use Authenticated Encryption with Associated Data (AEAD) to encrypt data according to a moving target design and causing the client, at a later time, to use AEAD to check the integrity of the data and decrypt the data according to the moving target design.

Abstract: Described herein, in certain embodiments, are computer-implemented memory protection systems comprising: a memory; and circuitry comprising an encryption algorithm and configured to perform operations comprising: encrypt, using the encryption algorithm, write operations to the memory; and decrypt, using the encryption algorithm, read operations from the memory. Further provided herein, in certain embodiments, are computer implemented method for memory protection.

Abstract: Systems, devices, and methods for updating computerized devices. Functions and operations can include: obtaining a filter data structure (e.g., a bloom filter data structure) that may include hash values corresponding to each of the computerized devices to be updated; determining whether a computerized device is to obtain a device update based on a hash value associated with the computerized device matching a hash value of the filter data structure; and providing the device update to the computerized device when there is a match. The provided device update may modify the operation of the computerized device that receives it.

Abstract: Disclosed herein is a data storage device. A data port transmits data between a host computer system and the data storage device. A non-volatile storage medium stores encrypted user content data and a cryptography engine connected between the data port and the storage medium uses a cryptographic key to decrypt the encrypted user content data. Multiple manager device records each comprise a first key identical for each of the records, and a second key that different for each of the records. The controller generates an authorization request using the first key and receives a response to the request generated by a manager device. The response is specific to that manager device. The controller uses the response to locate the record; decrypts the located manager device record to obtain key data; and generates configuration data based on the key data to register the device.

Abstract: Secure exchange of information over an unauthenticated communication channel between a sender and a receiver can be implemented as computer-implemented methods, media, and systems. In response to receiving an identifier (ID) of the receiver, a sender provides a symmetric key to the receiver that matches the ID. The symmetric key is configured for use by the receiver to decrypt encrypted information provided by the sender. The sender receives a plurality of heartbeat calls from a receiver to notify the sender of availability to receive encrypted information. Each call of the plurality of heartbeat calls includes a checksum of the symmetric key. In response to determining that the received plurality of heartbeat calls comply with one or more verification rules for confirming an identity of the receiver, the sender sends the encrypted information for decryption by the receiver using the symmetric key.

Abstract: A computing system can associate a customer device of a customer with a financial transaction record and the merchant, the financial transaction record indicative of a first purchase from the merchant by the customer, transmit a first query to the customer device prompting the customer to input information regarding an aspect of the first purchase, the first query including a description of a predetermined product parameter of the financial transaction record indicative of the first purchase from the merchant by the customer, authenticating, by the computing system, the first request by determining that the customer-input response to the first query corresponds to the established aspect of the first purchase in accordance with a predetermined accuracy threshold, and authorizing, by the computing system, connection of the customer device to the network provided by the merchant based at least in part on the first request being authenticated.

Abstract: Systems, apparatuses, methods, and computer program products are disclosed for session authentication and random number generation. An example method includes receiving, by decoding circuitry and over a quantum line, a set of qubits generated based on a first set of quantum bases. The example method further includes decoding, by the decoding circuitry and based on a second set of quantum bases, the set of qubits to generate a decoded set of bits. In this example method, the first set of quantum bases is determined without reliance on the second set of quantum bases and the second set of quantum bases is determined without reliance on the first set of quantum bases. The example method further includes generating, by random number generation circuitry, a number comprising the decoded set of bits.

Abstract: A crypto-method of securely communicating a message; the method comprises the steps of selecting a ring R? of bi or multi variate multinomials; generating a private key which has a multinomial f; generating a public key which has a multinomial h; encrypting by representing said message as a multinomial m in R?, selecting a random multinomial r, and computing an encrypted message; and decrypting said message using said private key.

Abstract: An encryption system according to an embodiment is an encryption system for performing encryption and decryption using functional encryption using a quadratic function having n (where n is a predetermined integer of 2 or more) arguments, which includes a setup unit configured to generate a master secret key of the functional encryption using a master secret key of function concealed inner product functional encryption composed of pairing calculation and a master secret key of multi-input function concealed inner product functional encryption obtained by extending the function concealed inner product functional encryption to multi-inputs, an encryption unit configured to generate n pieces of ciphertext obtained by encrypting n pieces of data using the master secret key of the function concealed inner product functional encryption, the master secret key of the multi-input function concealed inner product functional encryption, and the master secret key of the functional encryption, a key generation unit configu

Abstract: This disclosure relates to, among other things, systems and methods for the secure management and verification of data. Certain embodiments disclosed herein provide for a trusted data management platform that may interact with a trusted assertion service to securely record assertion information relating to the generation and/or processing of data managed by the platform. Data consumers interact with the trusted assertion service to authenticate and/or otherwise verify the provenance, chain-of-handling, and/or other information associated with data managed by the trusted data management platform and/or associated data marketplaces.

Abstract: This disclosure relates to protocols and systems for generating random bit strings by amplifying weak bit strings using certified quantum random bit strings generated by measuring a quantum state of entangled photons. Some disclosed systems include a quantum apparatus comprising one or more quantum systems configured to generate entangled photons and measure their quantum state. Certain disclosed systems include one or more security tests, wherein at least one security test evaluates the quantum nature of the measurements using a Bell inequality. A randomness extractor can amplify the randomness of weak random strings using random strings certified by the security tests. The generated random bit strings may be used as cryptographic keys.

Abstract: A system uses information submitted in connection with a request to determine if and how to process the request. The information may be electronically signed by a requestor using a key such that the system processing the request can verify that the requestor has the key and that the information is authentic. The information may include information that identifies a holder of a key needed for processing the request, where the holder of the key can be the system or another, possibly third party, system. Requests to decrypt data may be processed to ensure that a certain amount of time passes before access to the decrypted data is provided, thereby providing an opportunity to cancel such requests and/or otherwise mitigate potential security breaches.

Abstract: The present invention is a platform and/or agnostic method and system operable to protect data, documents, devices, communications, and transactions. Embodiments of the present invention may be operable to authenticate users and may be operable with any client system. The method and system are operable to disburse unique portions of anonymous related information amongst multiple devices. These devices disburse unique portions of anonymous information and are utilized by the solution to protect sensitive data transmissions, and to authenticate users, data, documents, device and transactions. When used for authentication, login-related information is not stored in any portion of the solution, users and devices are anonymously authenticated. The solution also permits a user to access secured portions of the client system through a semi-autonomous process and without having to reveal the user's key.

Abstract: This application provides a trusted computing-based local key escrow method, apparatus, device and medium. The method includes: determining an executable file associated with an untrusted environment and a dynamic link file associated with a trusted environment in response to acquiring an enclave interface definition file from a local internal memory; determining an environment access interface based on a container identifier indicated by the trusted environment in response to loading the dynamic link file based on the executable file; reading sealed data file obtained by encrypting serialized data based on a local key in the untrusted environment in response to accessing an enclave container in the trusted environment through the environment access interface; and decrypting the sealed data file using the local key and deserializing the decrypted sealed data file in the enclave container to obtain service data for loading into a trusted internal memory indicated by the enclave container.

Abstract: An electronic device is provided. The electronic device includes a wireless communication circuit, a memory, and a processor. The processor may be set to establish a device-to-device connection with an accessory device by using the wireless communication circuit, obtain device information about the accessory device through the device-to-device connection, transmit the device information about the accessory device to at least one server, receive state information about the accessory device from the at least one server, transmit location information about the electronic device to the at least one server in response to the state information, and transmit, to the accessory device through the device-to-device connection, a control command that causes the accessory device to operate in a low power mode.

Abstract: Disclosed herein is a social media platform profile identification feature. Social media profiles are identified by digital objects instead of or in addition to more traditional indexing methods such as real names or screen names. Associating a digital object as a Social Media avatar, or as a profile detail enables the social media platform to index the digital object and enable users to search for the subject user with the digital object or descriptions thereof. A digital object generator builds unique digital objects based on the user specific input. The unique digital objects are part of a graphic presentation to users.

Abstract: A token transaction comprising a first token output, the first token output comprising a first token locking script and a first token amount, wherein the first token locking script comprises a variable component and a constant component, wherein the variable component comprises a first payment address, embedded in a payment template, and wherein the constant component comprises a token mechanics sub-component.

Abstract: An electronic apparatus includes a communication interface configured to communicate with one or more nodes of a blockchain network and an external device; one or more memories configured to store one or more instructions; and one or more processors configured to execute the one or more instructions to: receive a registration request for a token for a date from the external device; register the token to correspond to the date based on the registration request; and transmit posting information associated with the date to the external device, wherein the posting information includes a display attribute of an entry corresponding to the token, wherein the registration request includes date indication information indicating the date, and token identification information identifying the token.

Abstract: Provided here are systems and method for non-intrusive authentication of a user. Such systems and methods may include in an embodiment a waveform generator to generate a message, encrypt the message, and transmit the encrypted message to one or more transmitters. The system may include a decryption engine to receive a bone conduction signal from one or more receivers, process the bone conduction signal, decrypt the processed bone conduction signal, and separate a bone conduction token portion from the decrypted bone conduction signal. The system may include an authentication engine to analyze the bone conduction signal, authenticate a user for the operation detected based on a comparison of the analyzed bone conduction signal and the pilot portion of the message exceeding a preselected threshold, and verify bone conduction signal authenticity via the bone conduction token portion and the token portion.

Abstract: Systems and methods include a computer-implemented method for verifying blockchain transaction. A request is received in a blockchain for a user to use an application. A three-blockchain cluster verification process is performed in response to receiving the request. Verification that the application is authorized is performed using a nodes blockchain cluster in the blockchain based on user-application data pre-verified by at least two administrators and stored in the nodes blockchain cluster. Verification that the user exists and is authorized is performed using a users/objects blockchain cluster in the blockchain different from the nodes blockchain cluster, where the verifying is based on the user-application data pre-verified by the at least two administrators and stored in the users/objects blockchain cluster.

Abstract: According to an aspect, a method for accessing a computing device includes receiving, by the computing device, an authentication credential for recovery access to the computing device, the authentication credential being different from an authentication credential used to access encrypted data on the computing device, obtaining, in response to receipt of the authentication credential for recovery access, a first key portion stored on the computing device, transmitting, over a network, a request to receive a second key portion, receiving, over the network, a response that includes the second key portion, recovering a decryption key using the first key portion and the second key portion, and decrypting the encrypted data on the computing device using the decryption key.

Abstract: The invention is directed to computer-based method and a computer system for generating a blockchain address. The method comprises receiving a request for a new blockchain address for a user, the request including a public key, which has an associated private key, and identification information for the user, and generating the address based on a combination of the public key and the identification information.

Abstract: Described herein is a paging technique that can be implemented in any accelerator with attached memory and support for operating on encrypted data when the CPU is not within the trusted compute base (TCB). Memory storing data that is encrypted using hardware physical address (HPA)-based encrypted can be paged out of accelerator device memory by decoupling encryption from the hardware physical address and re-encrypting the data for page-out. Upon page-in, the data is decrypted, the integrity and authenticity of the data is verified, then the data is re-encrypted using HPA-based encryption.

Abstract: A system for securely transmitting data between two devices is disclosed. Each device comprises an interface, an encryption module, a decryption module and a message authentication code (MAC) generator. The encryption and decryption modules may utilize a stream cipher, while the MAC generator utilizes a hashing algorithm. A MAC is transmitted after a predetermined amount of time, regardless of the amount of activity on the interface. The device receiving the MAC compares it to the MAC that it generated to ensure that they match. This guarantees that a breach of integrity can be detected in a reasonable amount of time and addressed accordingly. This system may utilize an interface having bidirectional data signals or unidirectional data signals.

Abstract: An apparatus comprises a processing device configured to obtain, at a given one of a plurality of computing sites in a supply chain associated with a given computing device, one or more component verification data records associated with the given computing device. The component verification data records are obtained from a distributed ledger maintained by the plurality of computing sites in the supply chain. The component verification data records characterize provisioning actions performed on the given computing device by computing sites in the supply chain. The processing device is also configured to generate component verification data characterizing a current configuration of hardware and software components of the given computing device.

Abstract: A system and method for digital petition management utilizing the establishment of a universal, secure identity for online communications, interactions, and exchanges that uniquely associates an image, sound, or other digital asset with a person's identity using non-fungible tokens (NFTs). A digital signature associated with an individual who wants to sign a digital petition is obtained and verified using one or more mechanisms to ensure that each digital signature is associated with only one individual and to maintain compliance with rules and regulations governing petitions. Links to the petition (also herein called “calls to action” or CTAs) can be customized via an online platform such that interaction with a given link or type of link initiates automated petition signature acquisition. In some implementations, the digital signature is a personal NFT (PNFT) which can be verified using a unique identifier to match with existing PNFTs stored in a distributed ledger.

Abstract: The disclosed exemplary embodiments include computer-implemented systems, devices, apparatuses, and processes that dynamically implement and manage consent and permissioning protocols using container-based applications. By way of example, a device may receive, through a programmatic interface, a first request for an element of data generated by an executed application program. When the first request is consistent with consent data associated the executed application program, the device may obtain the requested data element and a digital signature applied to the requested data element by a computing system. Based on a verification of the applied digital signature, the device may generate and present a representation of the requested data element within a digital interface, along with an interface element that confirms the verification of the digital signature.

Abstract: A method includes verifying a digital signature on a dual-signed message by a relying party computing system. Verifying the digital signature on the dual-signed message includes generating a cryptographic hash of content identified in the dual-signed message and signing the cryptographic hash using public key of a signing party computing system to generate a verifying hash. Verifying the digital signature on the dual-signed message further includes comparing the verifying hash to a value of the dual-signed message. Verifying the digital signature on the dual-signed message further includes, responsive to the verifying hash matching the value of the dual-signed message, determining that the digital signature on the dual-signed message is valid. The method further includes identifying an attribute of the dual-signed message by the relying party computing system.

Abstract: An electronic apparatus includes a communication apparatus communicating with an external apparatus, a memory storing a message, and a processor generating a digital signature for the message, wherein the processor generates a first signature ciphertext and a message ciphertext by encrypting each of first signature information and the message by using a homomorphic encryption public key, obtains encrypted third signature information generated using second signature information, an element value corresponding to the second signature information, the first signature ciphertext, and the message ciphertext, and calculates a first digital signature value included in the digital signature by using the first signature information and the second signature information, calculate a second digital signature value included in the digital signature by decrypting the encrypted third signature information, and generate the digital signature by using the calculated first digital signature value and second digital signature v

Abstract: A method involves a vehicle certification authority and a control device certification authority having a respective infrastructure for public keys based on an asymmetric pair of is established. The respective private key remains in the certification authority and the public key is distributed to the participants. The control device has initial cryptographic material by a control device-individual pair of keys being generated for the control device and the identity of the control device and its public key are transmitted to the control device certification authority, after which a control device-individual certificate is generated there for the transmitted data using the private key of the control device certification authority and transmitted back to the control device. The public key of the vehicle certification authority is stored in a tamper-proof manner in the control device. The vehicle identity belonging to the identity of the control device is determined and stored in a tamper-proof manner.

Abstract: Techniques are disclosed relating to determining identity information of a user associated with a blockchain address. An application of a first user can receive information indicative of a blockchain address of a second user. This information either includes or is usable to retrieve a certificate of the second user, which is signed by a private key of a certificate authority (CA), and which includes identity information of the second user. The application of the first user can verify the certificate using a public key of the CA. The application of the first user can then cause identity information of the second user to be included in a user interface presented to the first user. This information allows the first user to have more information about the second user before commencing an irreversible blockchain transaction with that user.

Abstract: A process of issuing a limited-use electronic certificate. In operation, a public key infrastructure (PKI) device receives a request for an electronic certificate from an end entity. The PKI device detects an anomaly with respect to the request received from the end entity. The PKI device generates, based on the detected anomaly, a limited-use electronic certificate. The PKI then issues the limited-use electronic certificate to the end entity. When the end entity determines that the issued certificate is a limited-use certificate with limited-use attributes such as a shortened validity period or lowered assurance level, the end entity provides a visual and/or audio prompt indicating the issuance of the limited-use certificate and further including one or more corrective actions to be performed to eliminate the anomaly prior to sending a new request for an electronic certificate to the PKI device.

Abstract: The present disclosure is related to a device and method for publishing a certificate. The method includes receiving an RPC message including an publishing method from a client; when the client includes request authority, generating a wrapper for each certificate of a bundle and storing the generated wrapper in a database; when the certificate is not a final certificate, initializing a location and counter of a next certificate to be fetched; transmitting a certificate fetching request from the location; when the certificate is a newly fetched certificate, updating the location of the certificate, incrementing a count variable, generating a certificate wrapper for the certificate, and adding the generated certificate wrapper to the database; and when the certificate is reliable, transmitting an RPC response message to the client.

Abstract: A method at an Intelligent Transportation System (ITS) Transmitting Entity, the method including: generating an ITS message; augmenting the ITS message with an Integrity Report generated by an integrity detection function at the ITS Transmitting Entity to create an augmented ITS message; signing the augmented ITS message with an Authorization Certificate or Ticket, the Authorization Certificate or Ticket including an assurance indication from an Audit Certificate Authority for the integrity detection function; and sending the signed, augmented ITS message to an ITS Receiving Entity.

Abstract: Disclosed herein is a data storage device. A data port transmits data between a host computer system and the data storage device. A non-volatile storage medium stores encrypted user content data and a cryptography engine connected between the data port and the storage medium uses a cryptographic key to decrypt the encrypted user content data. The access controller generates a challenge for a manager device. The challenge comprises a blinded public key of an ephemeral unlock key pair that is blinded by an unlock blinding key. The challenge further comprises the unlock blinding key in encrypted form. The access controller further provides the challenge to the device to be authorized for sending the challenge to the manager device; receives a response to the challenge; decrypts the unlock blinding key and calculates a shared secret; and upon determining that the response indicates approval of registering the device, registers the device to be authorized as an authorized device.