Abstract: Disclosed are a communication scheme and a system thereof for converging an IoT technology and a 5G communication system for supporting a high data transmission rate beyond that of a 4G system. A method and an apparatus for configuring a connection with a second device, which provides access to a network, by a first device in a communication system, is provided. The method includes discovering the second device supporting a neighbor awareness network (NAN) and located within a predetermined range from the first device, exchanging an ephemeral key of the first device for identifying the first device and an ephemeral key of the second device for identifying the second device, and performing a secure connection between the first device and the second device.

Abstract: A method for routing is disclosed. The method comprises provisioning an endpoint in a network with a reactive path selection policy; monitoring, by the endpoint, current conditions relating to various paths available to said end point for the transmission of traffic; and selectively applying, by the endpoint, at least a portion of the reactive path selection policy based on the current conditions of the available paths.

Abstract: Systems, methods, and non-transitory computer-readable medium are disclosed includes for secure online credential authentication. One method includes receiving, over an electronic network, identification information from an identity provider; accessing, from a database, previously stored hashed identification information stored in association with a previous identity provider; comparing the identification information to previously stored hashed identification information; and storing the identification information in association with the identity provider that provided the identification information in the database when the hashed identification information does not match previously stored hashed identification information.

Abstract: A virtualized copy-by-reference includes: receiving, from a first computer system, a request for reference information for source data within a source volume; providing, to the first computer system, the reference information, wherein the reference information corresponds to a metadata representation of the source data; receiving, from a second computer system, a request to write the source data to a target volume, and wherein the request to write the source data indicates the reference information; and copying, using the reference information, the metadata representation of the source data to the target volume.

Abstract: Example implementations relate to cryptographic evidence of persisted capabilities. In an example implementation, in response to a request to access a persisted capability stored in a globally shared memory, a system may decide whether to trust the persisted capability by verification of cryptographic evidence accompanying the persisted capability. The system may load the persisted capability upon a decision to trust the persisted capability based on successful verification.

Abstract: A method forms a key pair for a user. The key pair has a public key and a private key that is unique to the user and that is encrypted using a passphrase formed from an enterprise password of the user and an identification that uniquely identifies in the enterprise a device by which the user gains access. The method stores the private key in the user device and stores the public key in an enterprise server that is accessed by the user. The method provides the private key from the user device to a client, such as a SSH client, in conjunction with the password and the identification, decrypts the private key to obtain the decrypted password and the identification, and allows the user to access the enterprise server only if the decrypted password and the identification match the password and the identification provided with the private key.

Abstract: A master key update apparatus (400) acquires a master public key mpk including a basis B and a master secret key msk including a basis B* which is different from the basis B included in the master public key mpk. The master key update apparatus (400) updates the basis B included in the master public key mpk with updating information upk so as to generate a new master public key mpk?, and updates the basis B* included in the master secret key msk with the updating information upk so as to generate a new master secret key msk?.

Abstract: An apparatus for use in a digital messaging system includes a storage device and a processor coupled to the storage device. The storage device storing software instructions for controlling the processor that when executed by the processor configured the processor to: generate a first message comprising a payload portion; encrypt the payload portion of the message; derive a first session key from a domain-specific key; and sign the message using the first session key.

Abstract: Implementations for a secure remote kernel module signing are disclosed. In one example, the method includes receiving an indicator of a public key associated with a client computing device, determining that the public key associated with the client computing device is in common with a public key associated with a first server computing device, compiling the script, signing the compiled script with a private key that is associated with the public key that is in common with the client computing device and the first server computing device without generating a new private key, and sending the signed compiled script to the client computing device.

Abstract: A system for optimizing network traffic is described. The system includes a plurality of appliances. An appliance comprises one or more network interfaces and a secure session connection optimizer module. The one or more network interfaces are configured to facilitate secure communications between a client device and a server, wherein the secure communications involve a plurality of secure session connections comprising a first secure session connection between the client device and the appliance and a second secure session connection between the appliance and another appliance.

Abstract: The security of network connections on a computing device is protected by detecting and preventing compromise of the network connections, including man-in-the-middle (MITM) attacks. Active probing and other methods are used to detect the attacks. Responses to detection include one or more of displaying a warning to a user of the computing device, providing an option to disconnect the network connection, blocking the network connection, switching to a different network connection, applying a policy, and sending anomaly information to a security server.

Abstract: A method and system for single sign-on session management. Functions of session management and client log-in, normally handled by separate system servers, are incorporated as plug-in modules on individual web content servers. In this manner, network traffic to grant and validate client user credentials is reduced or minimized.

Abstract: This storage system has a plurality of modules that encode data being written to a storage medium and decode data being read from said storage medium. The storage system also has an adapter that controls the reading and writing of data from and to the storage medium such that, when an error is detected and determined to be the error of at least one of said plurality of modules, the adapter prevents the module(s) in question from being used to read or write data.

Abstract: A method and system for group-oriented encryption and decryption that supports the implementation of the designation and revocation functions of decryption users in a large-scale group.

Abstract: Various systems, mediums, and methods may involve a data engine with various components. For example, a system with the data engine may include a segmentation component, an asset preparation component, a clustering component, a variable generation component, and classification component. As such, the system may determine a number of assets associated with a number of activities of one or more accounts. Further, the system may determine various links associated with the number of assets. As such, the system may detect an attack and/or an attack trend associated with the one or more accounts based on the various links associated with the number assets. Further, the system may generate a notification that indicates the attack and/or the attack trend detected.

Abstract: A dynamic notary system having one or more processors, and one or more non-transitory computer readable medium coupled to the one or more processors with at least one of the computer readable medium being local to the one or more processors. The one or more non-transitory computer readable medium stores computer executable instructions, that when executed by the one or more processors cause the one or more processors to: (1) verify a notary with user identification information stored on the at least one computer readable medium local to the one or more processors, (2) retrieve a document to be notarized from the one or more non-transitory computer readable medium, (3) receive a signatory's electronic signature, (4) receive the notary's electronic signature, (5) apply a notary seal to the document, and (6) lock the document in an unchangeable format.

Abstract: In response to detecting a traffic event such as a motorcycle lane splitting or an accident, a vehicle broadcasts a notification over a V2V communication channel. Traffic events may be detected using sensor systems of the vehicle or in response to messages reporting the event. Notifications may be received from the vehicle over a cellular communication channel. Roadside infrastructure, such as DSRC or cellular communication installations receive the notification and may rebroadcast it to adjacent vehicles. A DSRC installation may broadcast the message by way of a cellular communication installation and vice versa. The vehicle may provide a cellular notification by way of a driver's mobile device connected to a controller of the vehicle.

Abstract: The invention relates to a management method for managing a communication session (SS_WS) between a terminal (1) suitable for exchanging application messages (MSG_WS) with at least one server (3) via the communication session (SS_WS).

Abstract: A method and apparatus for quantum key distribution comprised of a privacy amplification method and device for the quantum key distribution process as well as a data transmission method and system based on quantum keys is provided, wherein the quantum key distribution method includes the following process: obtaining a bit stream of the same basis vector by sending or receiving coding quantum states of random bit streams and comparing those measurements obtained with the measurement basis vector; in accordance with a preset manner, extracting parameter information associated with privacy amplification and initial key information from the bit stream of the same basis vector after error correction; and using the initial key as an input to implement the privacy amplification algorithm based on the parameter information and thereby obtain shared quantum keys.

Abstract: Method and software product for transferring data, plus equipment for controlling data transfer in a multimedia system that includes a group of participants' terminals, with which multimedia data generated by participants' terminals contained in the group are sent to one or more participants' terminals contained in the group and played back there. A central synchronization unit generates synchronization labels containing time information and sends them to the participants' terminals contained in the group, and the synchronization labels are used to play back information in modified time.

Abstract: This disclosure provides a system and method for secure communications. The method can enable secure machine-to-machine communications within discrete security groups having two or more communication nodes using a zero knowledge authentication process and related cryptography. A first node in the security group can encrypt payload data using a synchronized data set known to the member nodes of the security group and a parameter data set. A second node in the security group can decrypt the payload data using the seed and the parameter data set. The seed can be provisioned within each node of the security group. The seed can also be provided or changed by a node or another entity to modify the security group membership. Member nodes of the security group can be added or removed as needed. Nodes not having the SDS cannot communicate securely with security group member nodes.

Abstract: Exemplary methods, apparatuses, and systems include a proxy intercepting, from a client, a plurality of requests addressed to a first server. The proxy adds an entry for each of the plurality of requests to a data structure. Each entry includes data from one of the plurality of requests. The proxy forwards each of the plurality of requests to the first server. In response to detecting the first server was unavailable or otherwise failed, the proxy reconnects to the first server when the first server recovers or connects to a second server serving as a backup for the first server. The proxy transmits to the first or second server one or more commands using the entries of the data structure to restore state information for the client.

Abstract: Embodiment mutual authentication and security agreement (MASA) protocols may use independently generated integrity and/or encryption keys to securely communicate private information exchanged between UEs and various network-side devices (e.g., base stations, MMEs, HSSs, etc.). In particular, embodiment MASA protocols may use an initial authentication request (IAR) encryption key (KIARENC) to encrypt UE specific information (e.g., an IMSI, etc.) in an IAR message and/or an initial authentication response (IAS) encryption key (KIASENC) to encrypt private information in an IAS message. Additionally, embodiment MASA protocols may use an IAR integrity protection key (KIARINT) to verify the integrity of information in an IAR message and/or an IAS integrity protection key (KIASINT) to verify the integrity of information in an IAS message. The KIARENC, KIARINT, KIASENC, and/or KIASINT may be independently computed by the UE and a home subscriber server (HSS).

Abstract: the invention proposes a method and an associated system for authenticating a user, by means of the redundancy present between several images of a video, the method using garbled circuits, named variant garbled circuits, associated with the alternative bits between the images of the video and a garbled circuit named invariant garbled circuit, associated with the invariant bits between the images of the video, so that the invariant garbled circuit only needs to be evaluated a single time.

Abstract: In one embodiment, an apparatus includes a wireless controller, which may include a byte stream parser to receive a stream of data from one or more wireless devices and parse the stream of data to identify a first data packet associated with a first channel identifier associated with a trusted application, and a cryptographic engine coupled to the byte stream parser to encrypt a payload portion of the first data packet in response to the identification of the first data packet associated with the first channel identifier. Other embodiments are described and claimed.

Abstract: A parallelized method for authenticating and/or signing a DNS query using DNSSEC is disclosed. The method provides for obtaining, at a validating DNSSEC-aware DNS client, a DNS query for a resource record for a fully qualified domain name (FQDN); segmenting the FQDN into more than one specific sub-FQDN; providing, in parallel, a DNS query for a DNSSEC-related resource record for each of the more than one specific sub-FQDN to a respective authoritative name server or recursive resolver; obtaining, in parallel, the DNSSEC-related resource record for each of the more than one specific sub-FQDN; validating, in parallel, the DNSSEC-related resource record for each of the more than one specific sub-FQDN; combining each of the DNSSEC-related resource record for each of the more than one specific sub-FQDN; and verifying a chain-of-trust of the DNSSEC-related resource records.

Abstract: An image forming apparatus that performs an encrypted communication using a public key, and a method of controlling the same, determine the validity of a certificate in accordance with a certificate revocation list and/or the query to the certificate verification server. At a time of the determination of the validity of the certificate, it is selected whether to use any one of the certificate revocation list and the query to the certificate verification server, or both of the certificate revocation list and the query to the certificate verification server.

Abstract: Methods and apparatus are provided for user authentication using a Public Key Infrastructure (PKI) in an IP-based telephony environment, such as an IMS network. A user of a user device attempting to access an IP-based telephony network can be authenticated by obtaining one or more private keys of the user from a secure memory associated with the user device; generating an integrity key and a ciphering key; encrypting the integrity key and the ciphering key using a session key; encrypting the session key with a public key of the IP-based telephony network; and providing the encrypted session key, encrypted integrity key and encrypted ciphering key to the IP-based telephony network for authentication. A network-based method is also provided for authenticating a user in an IP-based telephony network.

Abstract: A mobile device, such as a cellular phone, can transfer an encrypted file from a server to a terminal, such as an automated teller machine. The server can specify delivery to a specific terminal. The mobile device can download an encrypted file and identity metadata from at least one server. The mobile device can connect to a terminal, such as wirelessly or via a wired connection such as a universal serial bus (USB). The mobile device can match an identity of the terminal to an identity associated with the identity metadata. For a USB connection, the identity metadata can include a vendor identifier (VID), a product identifier (PID), and a unique terminal identifier. If the identities match, then the mobile device can upload the encrypted file to the terminal. If the identities do not match, then the mobile device can prevent the encrypted file from uploading to the terminal.

Abstract: The present disclosure provides a method and system for generating a QR code by receiving an inputted document; pre-processing the inputted document so as to obtain desired content; encrypting the desired content; and generating one or more QR codes based on the encrypted desired content.

Abstract: The present embodiments relate to managing the operation of devices within a home or other property based upon received image data. According to certain aspects, a controller within the home may receive, with customer permission or consent, image data from image sensors disposed throughout the home. The controller may analyze the image data in combination with profile data for individuals associated with the home to determine that a certain individual is indicated in the image data. The controller may further determine an action to facilitate based upon the individual being detected in a certain location of the property, and may direct smart devices to perform that action. As a result, the present embodiments may facilitate providing occupant-location based (or occupant-presence or preference based) functionality, functions, or services, and/or directing operations of smart devices located about a property based upon occupant location, presence, preferences, and/or activities at the property.

Abstract: An instruction to be used to produce a message digest for a message is executed. In execution, a padding state control of the instruction is checked to determine whether padding has been performed for the message. If the checking indicates padding has been performed, a first action is performed; and if the checking indicates padding has not been performed, a second action, different from the first action, is performed.

Abstract: The present invention provides methods and systems to improve network searching for watermarked content. In some implementations we employ keyword searching to narrow the universe of possible URL candidates. A resulting URL list is searched for digital watermarking. A system is provided to allow customer input. For example, a customer enters keywords or network locations. The keywords or network locations are provided to a watermark-enabled web browser which accesses locations associated with the keywords or network locations. Some implementations of the present invention employ a plurality of distributed watermark-enabled web browsers. Other aspects of the invention provide methods and system to facilitate desktop searching and automated metadata gathering and generating. In one implementation a digital watermark is used to determine whether metadata associated with an image or audio file is current or fresh. The metadata is updated when it is out of date.

Abstract: A computer-implemented method for notifying a client application of an event by preventing the setup of a TLS (Transport Layer Security) secure connection between the client application and a destination server is provided. The method comprises receiving a client Hello message from a client application directed to the destination server, preventing the client Hello message from reaching the destination server, constructing a server Hello message such that the message appears to originate from the destination server, constructing a dummy certificate containing the event, constructing a Certificate message that includes the dummy certificate and appears to originate from the destination server, and transmitting the server Hello message and the Certificate message to the client application.

Abstract: The present technology monitors a web application provided by one or more services. A service may be provided by applications. The monitoring system provides end-to-end business transaction visibility, identifies performance issues quickly and has dynamical scaling capability across monitored systems including cloud systems, virtual systems and physical infrastructures. In instances, a request may be received from a remote application. The request may be associated with a distributed transaction. Data associated with the request may be detected. A distributed transaction identifier may be generated for a distributed transaction based on the data associated with the request.

Abstract: A radio receiver (300) includes: a decoding stage (301) configured to decode a downlink control channel (310) comprising an uplink grant and to derive a time budget (311) from a decoded uplink grant; a processing stage (302) configured to determine an amount of payload potentially generated for an uplink transport block (313) based on the time budget (311) and to generate a payload section (312) of the uplink transport block (313) based on the determined amount of payload; and an encoding stage (303) configured to generate a padding section of the uplink transport block (313) and to encode the uplink transport block (313) comprising the payload section (312) and the padding section.

Abstract: Methods and apparatus for secure registration to enable transactions between a first user and a vendor that is facilitated by a payment server are disclosed. The method may comprise storing a form soliciting customer information including a plurality of fields, wherein at least one of the plurality of fields is associated with an attribute. The method including receiving a copy of the form including customer data in all of the plurality of fields and transmitting a first subset of the customer data based on the attribute associated with the first subset of the customer data. The method including receiving a token in response to the transmission of the first subset of customer data and transmitting the token and a second subset of the customer data, wherein the second subset is based on the attribute associated with the second subset of customer data.

Abstract: A method and system are described for fragmented presentation of a media content, such as a digital picture. In an exemplary embodiment, the media content is rendered on a display of a recipient portable computing device, such as a smartphone. Simultaneously, a masking layer is rendered on the display “over the top” of the multimedia content. The mask layer obscures the presentation of the media content such that removal of the mask layer, one fragment at a time over a period of time, operates to present portions of the media content rendered below each fragment.

Abstract: This patent is generally directed to a transaction-based secure information delivery system and method referred to as “SEDS” herein. SEDS consists of secure method(s) and infrastructure to transmit sensitive information, such as but not limited to medical information. SEDS may be used instead of email, fax, removable media and other non-secure methods. SEDS also supports a sender/receiver risk-assessment based communication protocol.

Abstract: A method of generating a signature for a group of electronic messages that each include a plurality of characters comprises extracting a plurality of blocks of characters from each of the electronic messages, mathematically processing each of the blocks of characters from each electronic message, and generating a signature for the group of electronic messages based at least in part on the mathematically processed blocks of characters. In some embodiments a counting Bloom filter may be used to generate the signature. The signatures generated by these methods may be used to identify spam.

Abstract: A secure identifier is derived, using a secured microcontroller of a computing device, that is unique to a pairing of the computing device and a particular domain. Secure posture data corresponding to attributes of the computing device is identified in secured memory of the computing device. The secure identifier and security posture is sent in a secured container to a management device of the particular domain. The particular domain can utilize the information in the secured container to authenticate the computing device and determine a security task to be performed relating to interactions of the computing device with the particular domain.

Abstract: A computer system configured to improve security of server computers interacting with client computers, the system comprising: one or more processors executing instructions that cause the one or more processors to: select, from the plurality of detection tests, one or more first detection tests to be performed by a client computer; send, to the client computer, a first set of detection instructions that define the one or more first detection tests, and which when executed causes generating a first set of results that identifies a first set of characteristics of the client computer; receive the first set of results from the client computer; select one or more first countermeasures from a plurality of countermeasures based on the first set of characteristics identified in the first set of results; send, to the client computer, a first set of countermeasure instructions that define the one or more first countermeasures.

Abstract: An encryption/decryption apparatus and a power analysis protecting method thereof are provided. The encryption/decryption apparatus adapted to perform encryption/decryption operation on digital data includes a data encryption/decryption unit, a random number generator, and a power analysis protecting circuit. The data encryption/decryption unit receives the digital data and performs an encryption/decryption operation on the digital data. The random number generator is used to generate random number data, the random number data has N bits, and N is a positive integer. The power analysis protecting circuit generates M kinds of power signals having different levels according to each bit data of the random number data when the random number data is received by the power analysis protecting circuit, and M is equal to the Nth power of 2.

Abstract: Described are examples for authenticating a device including detecting an event related to communications with a trusted platform module (TPM) device, performing, in response to detecting the event, one or more security-related functions with the TPM device, such as generating and/or signing one or more digital certificates, which may be based on one or more keys on the TPM device.

Abstract: The migration of a communication session from one device to another device may include registering at least two devices, authenticating user credentials at the second device, determining whether transfer of the session is authorized, storing session information associated with the session, transmitting the stored session information to the second device, and receiving a request that incorporates the transmitted session information to restore the communication session on the second device. In addition, access to the system may be prohibited from the first device for a predefined period of time.

Abstract: An intermediate servant device connected in a daisy chain configuration with a set of devices is described. The intermediate servant device may be configured to receive, from a previous servant device of the set of servant devices, a request for data, a first response to the request for data, and authentication information for the first response to the request for data. The intermediate servant device may be further configured to generate a second response to the request for data and determine authentication information for the second response based on the authentication information for the first response, the second response, and a key assigned to the intermediate servant device. The intermediate servant device may be further configured to output at least the authentication information for the second response, the first response, and the second response.

Abstract: A method includes generating a display that includes an option to prohibit delivery of tangible items and, for each of a plurality of assets, information identifying the asset and an icon corresponding to an access platform associated with the asset. A first icon of a first asset is included in the display in response to determining that a first access platform associated with the first asset includes a delivery option. The first asset includes a tangible asset. The delivery option is associated with delivery of the tangible asset. The method also includes sending the display to a display device. The method further includes, in response to a selection of the option to prohibit delivery of tangible items, removing the association between the first access platform and the first asset and updating the display to reflect the removal.

Abstract: A system for generating symmetric cryptographic keys for communications between hosts. Hosts use associated devices to generate secret keys. Each key is generated based on a static seed and a dynamic seed. The dynamic seed is created from sensor data or auxiliary data. The secret key allows host machines to encrypt, or decrypt, plaintext messages sent to, or received from, other host machines.

Abstract: In one example, a system for transmitting encrypted data includes a processor to select a virtual channel to be encrypted between an application processor and an image sensor during an initialization process. The processor can also transmit a virtual channel command corresponding to the selected virtual channel to the image sensor. The processor can also poll a register in the image sensor to verify the image sensor has stored an encryption key corresponding to the selected virtual channel and detect image data from the image sensor via the virtual channel, the image data encrypted with the encryption key.

Abstract: Techniques and arrangements for providing kitchen display interfaces with in flight capabilities. In some examples, a kitchen display system presents, via a kitchen display user interface, a first order ticket associated with a first transaction between a merchant and a first customer and a second order ticket associated with a second transaction between the merchant and a second customer. The kitchen display system can then generate a list of items based at least in part on the first order ticket and the second order ticket. In some examples, the list of items includes items from the first order ticket and the second order ticket that are in an in progress state. After generating the list of items, the kitchen display system presents the list of items via the kitchen display user interface. In some examples, the kitchen display system further sends the list of items to another merchant device.