Abstract: This disclosure describes methods, non-transitory computer readable storage media, and systems that provide secure password sharing across a plurality of users and client devices via a shared folder. For example, in one or more embodiments, the disclosed system retrieves a public key set including public encryption keys for client devices having access to the shared folder. The disclosed system provides the public key set to a client device requesting to share the shared folder. The disclosed system receives an encrypted payload for the shared folder and a shared encryption key that is utilized to encrypt the payload and is encrypted in the shared folder utilizing the public key set. The disclosed system also detects key rotation events and notifies one or more client devices to generate a modified shared encryption key and re-encrypt the payload for storage within the shared folder.

Abstract: Mechanisms to manage permissions to access user data in a distributed ledger trust network (“DLTN”) are described. A given user can share access to user data in a fine-grained way. Access to user data can depend on the category of the user data and/or the role of another user (e.g., whether the other user is recognized as a connection). Access to user data can be limited in duration. Permissions to access user data can be set proactively or reactively. A protocol allows a potential reviewer to request access to the user data of a given user, with the given user selectively approving or rejecting access by the reviewer. In this way, a given user can control access to user data in the DLTN, selectively granting (or revoking) access to some of the user data or all of the user data, by selected other users or by all other users.

Abstract: Some embodiments are directed to a system (100) for selectively disclosing attributes of a record. An issuer device (110) generates a digital signature on a message comprising the attributes and a secret record identifier. The record, secret record identifier, and signatures are provided to a selector device. The selector device (111) selectively discloses attributes of the record to a receiver device (112), proving authenticity by means of a zero-knowledge proof of knowledge of the signature on the attributes. The receiver device (112) verifies the proof with respect to the public key of the issuer and the received attributes.

Abstract: Systems and methods for enabling collection of signed data in a collaborative content sharing platform. One embodiment is a method including producing a form having one or more data entry components and at least one signature block component, selecting assignee users of the content sharing platform, providing the form to the selected assignee users, enabling these users to enter data and sign the form, and storing the assignee users' data in a data structure which is separate from the form, where the data structure includes a record for each assignee user, the record containing data entered by the user and electronic signature data for the user. The data structure is protected in the same manner as other data in the collaborative content sharing platform and may be accessible by some users, but not others, in accordance with their respective roles and authorizations.

Abstract: A method, system, and computer program product for managing user identification codes in an interne advertising environment. One aspect implements a system including a database engine to store a plurality of signals comprising characteristics and/or values received from a user device. A user ID generator calculates collision statistics and/or fragmentation statistics to form a first mapping function that is in turn used to generate a plurality of identification codes based at least in part a first set of selected signals. A calibration module produces measurements determined from collision quantities and/or fragmentation quantities using the first mapping function, wherein the measurements are determined by comparing the plurality of identification codes to entries in a known ID database. A sequencing module generates updated sequences of mapping functions.

Abstract: A communication device may: comprise an output unit configured to output first information obtained by using a first public key in a memory in a case where a predetermined instruction is inputted to the communication device; after the first information has been outputted, receive an authentication request in which the first public key is used from a terminal device; send an authentication response to the terminal device; establish a wireless connection between the communication device and an external device; and in a case where a predetermined condition is satisfied after the first information has been outputted, create a second public key different from the first public key and store the second public key in the memory. In a case where the predetermined instruction is inputted to the communication device again, the output unit may be configured to output second information obtained by using the second public key in the memory.

Abstract: Methods and systems as described herein may secure the electronic transfer of assets using two-way handshakes. A second device may initialize a transaction by transmitting a transaction request and a second biometric identifier to a first device. The first device may receive the transaction request and review the second biometric identifier. When the first device recognizes the second biometric identifier, the second biometric identifier may be approved. The first device then transmits a response, that includes a first biometric identifier, to the second device, via a server that may record the first device's approval. The second device may confirm the identity of the first device using the first biometric identifier. When the second device approves the first biometric identifier, the second device may transmit an approval to the server. After the server has received approval of both biometric identifiers, the server may execute the requested transaction.

Abstract: A stack of rotating discs drilled with randomized holes allow a light fluid L to rise into a chamber filled with heavier fluid H, as a randomized stream of bubbles. The two fluids are mutually non-soluble, and of different electric conductivity, hence the randomized stream of bubbles generates a randomized curve of electrical resistance within the chamber, over time; this output resistance curve is shared by all parties that have a duplicate of the contraption and apply the same activation settings. The physical complexity of the contraptions keeps the randomness secure against all parties not in possession of the contraption. Unlike Entanglement and BB84 solutions, this invention generates shared randomness without communicating the same between the parties.

Abstract: A system and method for trigger-based scanning of cyber-physical assets, including a distributed operating system, parameter evaluation engine, at least one cyber-physical asset, at least one crypt-ledger, a network, and a scanner that detects trigger conditions and events and performs scans of cyber-physical assets based on the trigger and any relevant stored scan rules before storing scan results as time-series data.

Abstract: A system and method of encrypting data using public key cryptography and certificate verification. The method includes receiving a request for a digital certificate. The method includes signing, by a processing device, the request using a second private key to generate a signed request. The method includes generating the digital certificate based on the signed request and a different private key. The method includes causing the digital certificate to be stored in a shared data storage available to a first client device. The method includes signing an encrypted secret using a first private key associated with the first client device to generate a signed encrypted secret, wherein the first private key is inaccessible to the first client device.

Abstract: A system includes a network device with a memory operable to store a secure data record that includes a plurality of secure data entries and a processor communicatively coupled to the memory. A first entry is generated in the secure data record that includes encrypted received data and a first key. A second key is provided to a user device in communication with the network device. The user device causes presentation of a user interface with one or more selectable file names, corresponding to data entries of the secure data record. An input is received corresponding to a selection of a first file of the one or more selectable files. The second key and a request for the first file are provided to the network device. The first file is then presented in the user interface.

Abstract: A method 1000 for authenticating operations within consent architecture includes obtaining an operation request 142 requesting a service application 140 to access a remote entity 130 to perform an operation (138). The method also includes issuing, by the service application, an authentication request 152 requesting an authenticator application 150 to obtain user authentication credentials 154 for authenticating a user 12 before the remote entity performs the operation. The method also includes encrypting, by the authenticator application, the obtained user authentication credentials using a public key 132 of the remote entity. The service application is restricted from obtaining the user authentication credentials in unencrypted form.

Abstract: A method for key agreement between a first party and a second party over a public communications channel, the method including selecting, by the first party, from a semigroup, a first value “a”; multiplying the first value “a” by a second value “b” to create a third value “d”, the second value “b” being selected from the semigroup; sending the third value “d” to the second party; receiving, from the second party, a fourth value “e”, the fourth value comprising the second value “b” multiplied by a fifth value “c” selected by the second party from the semigroup; and creating a shared secret by multiplying the first value “a” with the fourth value “e”, wherein the shared secret matches the third value “d” multiplied by the fifth value “c”.

Abstract: A tracking device can provide a hashed identifier to a mobile device, for instance within an advertisement packet. The mobile device can query each of a plurality of entities with the hashed identifier to identify an entity associated with the hash key used to generate the hashed identifier. In some embodiments, the mobile device can query a centralized key server, which in turn can query the plurality of entities to identify the entity associated with the hash key. The mobile device can then receive a public key from the identified entity, can determine a location of the mobile device, and can encrypt the location with the public key. The mobile device can then provide the hashed identifier and the encrypted location to the identified entity, which can provide the encrypted location to an owner of the tracking device for decryption using a private key corresponding to the public key.

Abstract: According to one embodiment, an information processing apparatus is allowed to access a storage device storing time-series data generated by a first device. The information processing apparatus includes a processor holding a first public key and a first private key. The processor is configured to acquire a program for correcting an error in first data on a first product from a first entity. The processor is configured to correct the correction target first data, using data in a predetermined range of the time-series data. The processor is configured to generate ground data indicating correction grounds for the corrected correction target first data, based on the data in the predetermined range, and add the ground data to the corrected correction target first data.

Abstract: A voiceprint recognition method includes: obtaining a target speech information set to be recognized that includes speech information corresponding to at least one object; extracting target feature information from the target speech information set by using a preset algorithm, and optimizing the target feature information based on a first loss function to obtain a first voiceprint recognition result; obtaining target speech channel information of a target speech channel, where the target speech channel information includes channel noise information, and the target speech channel is used to transmit the target speech information set; extracting target feature vectors in the channel noise information, and optimizing the target feature vectors based on a second loss function to obtain a second voiceprint recognition result; and fusing the first voiceprint recognition result and the second voiceprint recognition result to determine a final voiceprint recognition result.

Abstract: Systems, methods, circuits, and devices for data protection are provided. In one example, a data processing device incudes a Physical Unclonable Function (PUF) source that is configured to generate PUF values, a bus, a plurality of bus access components that are configured to access the bus, and a masking information generation circuit. The masking information generation circuit is configured to generate masking information for at least one pair of bus access components using at least one PUF value and to transmit said information to the bus access components. The pair is configured in such a way that one bus access component masks the data according to the masking information generated for the pair before the data is sent over the bus and the other bus access component de-masks the data received over the bus according to the masking information generated for the pair.

Abstract: Disclosed are a method and a system for processing public sentiment data, computer storage medium and an electronic device. The system includes: a network data integration platform configured to audit and analyze collected network public sentiment to acquire a sensitivity level of the network public sentiment, and send the network public sentiment and the sensitivity level of the network public sentiment to a big data cluster; the big data cluster configured to send the filtered network public sentiment to a business data integration platform; the business data integration platform configured to screen enterprise public sentiment from the filtered network public sentiment, and store an association relationship among the enterprise public sentiment, an acquired user account level and a sensitivity level of the enterprise public sentiment to a database server; and a data exhibition platform configured to exhibit the enterprise public sentiment with the target sensitivity level to an authenticated user.

Abstract: Disclosed are an access security system using a security card and a mobile terminal, and a security method for same. The present disclosure configures a mutual security function for storing an encrypted public key in a security card (E-card), and storing a private key, which can decrypt the encrypted public key, in a mobile terminal. Accordingly, a security function that is strengthened to the next level is achieved which: only allows secure access at an entrance by means of a mutual certification procedure through an NFC connection between the security card and the mobile terminal; increases the security efficiency of access management while preventing the security of a secure server from being neutralized by an information leak that has occurred due to the loss, theft, hacking, duplication, or the like of the security card; and in particular, fundamentally prevents abnormal connections by third parties to IoT equipment that can be connected to the secure server as a result of the neutralization of security.

Abstract: Identity systems, methods, and media for auditing and notifying users concerning verifiable claims are provided.

Abstract: There may be provided a method for block chain based facial recognition, the method may include receiving a request, by a controller and from a requesting entity, to utilize a facial recognition service that is block chain based; determining, by the controller, whether to fulfil the request or to reject the request; utilizing the facial recognition service to provide a response to the request and outputting the response when determining to fulfill the request; and rejecting the request when determining to reject the request.

Abstract: The present invention provides a processing device (1) including a storage unit (112) that stores device-specific information in association with device identification information for identifying each of a plurality of devices, an authentication key request reception unit (101) that receives an authentication key request including device identification information, an authentication key issuing unit (102) that issues an authentication key, a license key request reception unit (103) that receives a license key request including the device identification information and the authentication key, a license key issuing unit (104) that issues a license key, and a revelation control unit (108) that controls revelation of the device-specific information of each device based on issuance states of the authentication key and the license key.

Abstract: A system and method for granting access to network resources through access credentials given to an agent process running on each computer or machine where resource requesters reside. The system extends a traditional token-granting authorization system to the agent processes, where each agent has administrative access to machine information. The agent uses that access to acquire detailed information about resource requesters. Requester qualifications defined by the system limit requester access to resources, and are enforced both by the agent and by the central system on the network resource server. Resource requesters ask for a token for resource use from the agent, not the central system. The agent uses its credentials to get a token from the central system and then return the token to qualified requesters.

Abstract: A processor-implemented system and method for dynamically retrieving an attribute value of an identity claim for a user using a digitally signed access token that is digitally signed by a user device, at a relying party device associated with a relying party. The method includes (i) making an API call to retrieve at least one identity claim for the user, (ii) processing each identity claim of the user, with the relying party device, to identify if at least one by-reference identity claim that includes a URL of an endpoint, (iii) obtaining the digitally signed access token that is digitally signed by the user device, (iv) invoking the URL of the endpoint with the at least one by-reference identity claim and the digitally signed access token, and (v) dynamically retrieving the attribute value from the URL of the endpoint from an issuing party device associated with an issuing party.

Abstract: The present disclosure relates to a communication technique for convergence of IoT technology and a 5G communication system for supporting a higher data transfer rate beyond a 4G system, and a system therefor. The present disclosure can be applied to intelligent services (e.g., smart homes, smart buildings, smart cities, smart or connected cars, health care, digital education, retail business, and services associated with security and safety) on the basis of 5G communication technology and IoT-related technology. Disclosed are a method and an apparatus for securely providing a profile to a terminal in a communication system.

Abstract: The method provides an automated and scalable system for the generation, distribution, management of symmetric pre-shared keys (PSKs) to applications executing on headless and mobile devices. It helps achieve device protection, application security, and data protection with data authenticity and confidentiality in intra-device, inter-device, device-to-edge, and device-to-cloud communications. It helps Transport Layer Security (TLS) enabled applications dynamically acquire and renew PSKs and use identity hints for PSK based authentication ceremony during a TLS handshake. It helps client-server applications dynamically acquire and renew PSKs using keyed-hash message authentication code (HMAC) for data integrity and authenticity, content signing, and data encryption for confidentiality. It helps manage and distribute API shared secrets and API access tokens required for authenticated API requests and API security.

Abstract: A method for automatically attaching a purpose-built electronic device to a provider network includes steps of discovering, by a Wi-Fi module of the purpose-built electronic device, a wireless data network in operable communication with the provider network selecting, by the Wi-Fi module, the wireless data network, transmitting a primary authentication certificate from the Wi-Fi module to an authentication, authorization, and accounting server of the provider network, receiving, by an application server of the provider network, a secondary authentication certificate from a functionality module of the purpose-built electronic device authenticating, by the provider network, the primary and secondary authentication certificates, and attaching the purpose-built device to the provider network.

Abstract: A system and method for securing a private key transaction within blockchain that include receiving an input for initiating a financial transaction between a sender and a recipient. The system and method also include processing a secure wallet that is configured as an encrypted data packet that stores transaction data associated with the financial transaction and account information associated with the sender and the recipient. The system and method additionally include generating a first private key for the sender and a second private key for the recipient. The system and method further include generating a public key that includes encrypted data from the first private key and the second private key and includes the account information associated with the sender and the recipient that is used by at least one blockchain technology provider to pass the financial transaction through the blockchain.

Abstract: Providing an accurate and on-demand status of audit compliance is disclosed. A security policy, agreed upon by a service provider and a service user, is provisioned in a compliance log. A service provider requests to add a first update to the compliance log, the first update indicating that a compliance action has been taken. The first update is added to the compliance log, and a first computational digest of the compliance log is added after adding the first update. An auditor of the compliance action requests to add a second update to the compliance log. The second update is added to the compliance log, and a second computational digest of the compliance log is added after adding the second update. Thereby, the user is provided a more current view of audit compliance that that can be trusted based on the tamper-proof compliance log.

Abstract: A key exchange system in which a shared key is generated for executing encrypted communication between communication apparatuses according to an authenticated key exchange protocol using ID-based encryption, wherein each communication apparatus includes a memory and a processor configured to generate a short-term private key by using a private key of the communication apparatus; generate a short-term public key of the communication apparatus by using the short-term private key; generate private information on the communication apparatus by using the short-term private key, a short-term public key generated by another communication apparatus, and public information generated by the communication apparatus and said another communication apparatus or public information generated by a key delivering center; and generate the shared key for executing encrypted communication with said another communication apparatus by executing a pairing operation using the private key of the communication apparatus and the private

Abstract: A system includes at least a first computing device, at a financial institution, configured to generate a currency request and apply first-level signature(s) to the currency request. A minting request is generated from the currency request and the first-level signature(s). The system also includes at least a second computing device, at a currency management department, configured to apply second-level signature(s) to the minting request to generate a signed minting request. The system also includes a third computing device, at a director's office, configured to apply third-level signature(s) to the signed minting request. The system also includes a plurality of network nodes, implementing a distributed ledger, configured to verify the first-level signature(s), the second-level signature(s), and the third-level signature(s); and mint the digital currency when the first-level signature(s), the second-level signature(s), and the third-level signature(s) are successfully verified.

Abstract: A system, method, and computer-readable medium are disclosed for performing a security operation. The security operation includes: monitoring a plurality of actions of an entity, the plurality of actions of the entity corresponding to a plurality of events enacted by the entity; maintaining information relating to the monitoring within a user edge component; identifying an event of analytic utility; analyzing the event of analytic utility at the user edge component, the analyzing generating a security risk assessment; and, providing the security risk assessment to a network edge component.

Abstract: A device configured to identify a first digital document in a digital document repository, to identify a first graphical code that represents the first digital document, and to send the first graphical code to an approved user device. The device is further configured to obtain a second graphical code that represents a public encryption key for the organization and to extract the public encryption key for an organization from the second graphical code. The device is further configured to obtain a third graphical code from the approved user device. The third graphical code represents a second digital document comprising data and a digital signature that was signed using a private encryption key for the organization. The device is further configured to determine the third graphical code passes validation using the public encryption key for the organization and to store the second digital document in a digital document repository.

Abstract: A slave device continuously transmits a plurality of tuning blocks to a host device at intervals defined by a clock period between a plurality of data blocks at the time of transmitting the plurality of data blocks and by a clock period defined by a data structure of the plurality of tuning blocks.

Abstract: A method includes logging into a server and sending geolocation information to the server by a first device. The first device requests rights to decrypt a secure data file, and in response, the server sends a machine-readable optical label to the first device. The first device displays the machine-readable optical label. A second device logs into the server, and scans the machine-readable optical label displayed by the first device to create a scanned image. The second device decodes data from the scanned image to form decoded data. Geolocation information of the second device and the decoded data are submitted to the server. The decoded data and the geolocation information are validated by the server, and in response to successfully validating the geolocation information, a link completion status indicator is sent to the second device, and information to decrypt the secure data file is sent to the first device.

Abstract: The present invention relates to data rights management and more particularly to a secured system and methodology and production system and methodology related thereto and to apparatus and methodology for production side systems and are consumer side systems for securely utilizing protected electronic data files of content (protected content), and further relates to controlled distribution, and regulating usage of the respective content on a recipient device (computing system) to be limited strictly to defined permitted uses, in accordance with usage rights (associated with the respective content to control usage of that respective content), on specifically restricted to a specific one particular recipient device (for a plurality of specific particular recipient devices), or usage on some or any authorized recipient device without restriction to any one in specific, to control use of the respective content as an application software program, exporting, modifying, executing as an application program, viewing,

Abstract: A system and method are provided for identifying a browser instance in a browser session between a server hosting a web domain and the browser instance executing on a user computing device. The method conducted at the browser instance includes obtaining a private key and a public key of a key pair unique to a combination of a web domain and the browser instance being used to access the web domain. The method includes obtaining a browser certificate issued for the key pair and storing the private key at a storage provided by the browser instance for use by the browser instance during an active browser session with the web domain. The private key is stored as unextractable from the storage and with configuration for use by the browser instance during an active browser session with the web domain in signing or cryptographic operations without the private key being revealed.

Abstract: A system includes a centralized repository for tracking rule content and managing subscriptions to rule content by organizations and providers utilizing the system; a rule-evaluation server for receiving requests for rule-evaluations for specific patients, wherein the server determines content needing to be evaluated and retrieves the content to be used; a rule engine for performing the evaluations, wherein content, patient data, and rule evaluation parameters are provided to the engine, and the engine returns recommendations triggered by the evaluation, if any; an aggregator for aggregating recommendations from multiple sources, detecting and coordinating related recommendations, and applying configuration settings based on the patient and/or provider in context; and a client component for coordinating communication between an electronic health records system, the server, and the aggregator.

Abstract: Systems and methods that may be used to provide multitenant key derivation and management using a unique protocol in which key derivation may be executed between the server that holds the root key and a client that holds the derivation data and obtains an encryption key. In one or more embodiments, the derivation data may be hashed. The disclosed protocol ensures that the server does not get access to or learn anything about the client's derived key, while the client does not get access to or learn anything about the server's root key.

Abstract: Computing environments can enable user initiation of wire-transfer application functionalities according to some aspects described herein. For example, a selection by a user of an option in a graphical user interface can be detected. The option can be for initiating a selected functionality of a wire-transfer application in a computing environment, and the user may not be authorized in the computing environment to interact with the wire-transfer application outside of the graphical user interface. In response, a text file can be generated that includes data identifying the selected functionality. The text file can be stored in a predefined storage location that is monitored by the execution service. The execution service can automatically detect a presence of the text file in the predefined storage location. In response, the execution service can automatically issue a command to the wire-transfer application for causing the wire-transfer application to execute the selected functionality.

Abstract: A method for automatic pairing of two devices for wireless communication includes detecting, by a first device, that a second device is in a communicable range of the first device, where the first device has not been paired with the second device for wireless communication. The method may include determining, by the first device, by communicating with a third device, that the second device is paired with the third device. The first device and the third device are also paired previously. The method may include transmitting, by the third device, a key material to the second device. The method may include confirming, by the first device and by the second device, that the key material matches. The method may include establishing, by the first device, a communication link with the second device for wireless communication in response to the key material being a match.

Abstract: A method of processing a transaction between a customer and a merchant includes receiving from a mobile device of the customer or from another device of the customer an indication of consent to perform a cardless payment transaction with the merchant, receiving from the mobile device an indication that the customer is within a predetermined distance of the merchant, after receiving both the indication of consent and the indication that the customer is within the predetermined distance, sending to a computer system of the merchant an indication of the presence of the customer and personal identifying information for the customer, receiving data indicating a transaction between the customer and the merchant, and submitting the transaction to a financial service for authorization.

Abstract: A method comprises one or more of measuring metrics of a node during boot up, storing the metrics, generating a signature record from the stored metrics, and broadcasting the signature record when said node initializes a network connection.

Abstract: This disclosure relates to systems and methods for performing cryptographic operations in connection with the management of electronic content using multiple license services. In some circumstances, a content service may not wish to share unencrypted content keys with a single license service for a variety of security reasons. Embodiments of the disclosed systems and methods may use multi-party cryptographic methods in connection with the management of protected content keys and/or associated licenses and/or the distribution of content keys and/or licenses to authorized users and/or devices. In various embodiments, a content service may split a content key into a plurality of key shares and may transmit the key shares to a plurality of different license services. The license services may coordinate operations to generate a protected content key without revealing unencrypted content key to any of the participating license services.

Abstract: An apparatus includes a memory configured to store labels of virtual private networks (VPNs) in a first local label space. The apparatus also includes a processor to assign a first label block identifier (LBI) to a first block of labels in the first local label space and assign a first tuple to a first VPN. The first tuple includes the first LBI and a first label index (LI) that indicates a location of a first label of the first VPN within the first block of labels. The apparatus also includes a transceiver configured to provide the first tuple to routers that allocate second blocks of labels from second local label spaces based on the first tuple. The second routers store the first label at locations in the second label spaces indicated by the first LI.

Abstract: A computing system that is configured to receive requests to send computer executable programs to a data owner system associated with a data source for execution of the computer executable program by the data owner system. The data owner system may store to a blockchain a permitted list of programming functions, function libraries, function syntax definitions, and execution environment requirements. The computing system may be further configured to retrieve the permitted lists. The computing system may be further configured to evaluate the computer executable program using the permitted lists to determine if the computer executable program may be executed by the data owner system. The evaluation may be performed by generating an abstract syntax tree of the computer executable program. The computing system may be further configured to send the computer executable program to the data owner system if the computer executable program satisfies the conditions of the permitted lists.

Abstract: A system and method for checking the sanction status of an entity to determine whether the entity is prohibited from engaging in transactions with an organization. The system and method include receiving a request to form an agreement between an organization and an entity and maintaining, in a sanctioned entity blacklist, associations between a plurality of entities and a plurality of identifiers. Each identifier of the plurality of identifiers indicates that a respective entity of the plurality of entities has sanctioned entity status prohibiting the respective entity from engaging in a transaction with one or more organizations. The system and method include determining a sanctioned entity status associated with the entity based on a digital certificate and the sanctioned entity blacklist. The system and method include generating, responsive to determining the sanctioned entity status associated with the entity, an error condition indicating that the digital certificate failed validation.

Abstract: A carrier network may provide for asymmetric key exchange for end to end encryption between user equipment utilizing capability upload and discovery messages of the carrier network. For example, a carrier network may receive a capability upload message from a first user equipment. The carrier network may determine that the capability upload message includes a key bundle for end to end (E2E) encryption of communications. In response, the carrier network may store the key bundle in a key distribution center (KDC). The carrier network may also receive, from a second user equipment, a capability discovery message requesting capability information for the first user equipment. In response, the carrier network may request and receive the key bundle from the KDC and transmit the key bundle to the second user equipment.

Abstract: An exchange processing system may include multiple exchange components that are respectively included in multiple computing systems. A central exchange component may receive a request to enable access to secured data, the request having identity data encrypted via an identity encryption module and inquiry data encrypted via a first request encryption module. The central exchange component may decrypt the identity data via the identity encryption module, and decrypt the inquiry data via the first request encryption module. Response data may be generated from secured data that is selected based on the identity and inquiry data. The central exchange component may encrypt the response data via a second request encryption module and re-encrypt the identity data via the identity encryption module. The encrypted identity and response data may be provided to a second remote exchange module.

Abstract: Example embodiments relate to transaction authentication using biometric inputs from multiple users. The biometric inputs are input via a single computing entity simultaneously or within a configurable time period. The biometric inputs can be used to generate a transaction authentication record to authenticate the transaction.