Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for claim verification. One of the methods includes: receiving, from a first entity, a request for verifying a verifiable claim (VC) that comprises a digital signature; obtaining, based on the VC, a public key associated with a second entity; determining that the digital signature is created based on a private key associated with the public key; and verifying the VC based on the determination.

Abstract: Method and system for recording data describing a first entity, the data endorsed by a second entity comprising the second entity validating data describing the first entity, wherein an identifier is associated with the data, the identifier being generated from a public key of the first entity. Cryptographically signing data corresponding with the data describing the first entity using at least a private key of the second entity. Posting a transaction to a block chain including the cryptographically signed data. Method and system for obtaining data describing a first entity the data endorsed by a second entity comprising. Receiving an identifier of data describing the first entity. Retrieving an entry from a block chain based on the received identifier. Authenticating the entry using a public key of the second entity. Extracting the data describing the first entity from the retrieved entry.

Abstract: Autonomous devices and systems, methods, and program products for authorizing and performing autonomous devices transactions are disclosed. The device can generate and transmit to the transaction computer system a first signed electronic transaction request comprising first transaction data comprising a sending account identifier associated with the autonomous device, a destination account identifier, a transaction amount, and a timestamp. The device can digitally sign the transaction request using a private key of an asymmetric key pair.

Abstract: Systems and methods for controlling access to one or more computing resources relate to generating session credentials that can be used to access the one or more computing resources. Access to the computing resources may be governed by a set of policies and requests for access made using the session credentials may be fulfilled depending on whether they are allowed by the set of policies. The session credentials themselves may include metadata that may be used in determining whether to fulfill requests to access the one or more computing resources. The metadata may include permissions for a user of the session credential, claims related to one or more users, and other information.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for claim verification. One of the methods includes: receiving, from a first entity, a request for verifying a verifiable claim (VC) that comprises a digital signature; obtaining, based on the VC, a public key associated with a second entity; determining that the digital signature is created based on a private key associated with the public key; and verifying the VC based on the determination.

Abstract: A computer-implemented method of information presentation on multiple devices is provided. The method may include presenting a first barcode on a webpage. The first barcode may be encoded with first data based on a uniform resource locator of the webpage. The method may also include generating second data based on a user interaction with the webpage and altering a configuration of the webpage based on the user interaction without leaving the webpage. The method may also include generating a second barcode encoded with the first data and the second data. The method may further include presenting the second barcode on the webpage with the altered configuration.

Abstract: A server, a control method thereof, and an electronic apparatus are provided. The method of operating a server may include: transmitting question information to a first user terminal in response to receiving an authentication request from the first user terminal; receiving first response information in response to the question information from the first user terminal; transmitting the question information and first response information received from the first user terminal to an electronic apparatus; and determining whether the first user terminal is authenticated based on a confirmation result for the first response information being received from the electronic apparatus.

Abstract: Methods and arrangements for monitoring and flagging distinct flows in an evolving network. There is identified a locality comprising at least two nodes in a graph of nodes and edges, wherein the edges represent interactions between nodes. At least one target source-destination node pair is identified in the locality for monitoring, and at least one monitoring rule is generated. An interaction is flagged upon a detected violation of at least one monitoring rule, and there is updated, in response to the detected rule violation, at least one of: the identified locality; the at least one target source-destination pair; and the at least one monitoring rule.

Abstract: Generally systems and methods for simultaneous file exchange are disclosed. In some embodiments systems and methods for the simultaneous exchange of electronic files are disclosed, wherein the systems and methods employ one or more storage object, and wherein one or more entities are associated with the one or more storage object.

Abstract: A method of securely serializing product units to provide a trusted basis for the recording of transaction events reflecting distribution actions within and between supply chain participant vendors. The method involves receiving vendor data including vendor public data descriptive of a given product unit, generating a unique serial number to be securely associated with the given product unit, the unique serial number including a public serial number and a unique nonce, generating a cryptographic hash of the unique serial number and the vendor public data, generating a cryptographic signature of the cryptographic hash using a predetermined private key, and returning marking data including the public serial number.

Abstract: The present disclosure describes devices and methods that allow for authenticating a firmware settings input file. The devices and methods of the present disclosure provide for receiving a firmware settings input file and a code associated with the firmware settings input file. The firmware settings input file is configured for updating firmware settings within the computer system. The devices and methods further generate a first value based on the firmware settings input file, and decrypt the code with an encryption key to obtain a second value from the code. The devices and methods further compare the first value and the second value to authenticate the firmware settings input file based on whether the first value and second values satisfy one or more conditions. When the conditions are satisfied, the firmware within the computer system can be updated based on the firmware settings input file.

Abstract: Methods and systems allow a user to log in to a device so that a number of apps become accessible on the device without the user repeatedly logging in to each different app as the user launches multiple apps. A mechanism of providing a master token with a quality score and providing sub-tokens for each app that can use the sub-token and the score quality to evaluate the level of security provided by the initial login allows each app to skip its own login process and provides a level of enhanced efficiency and convenience for the user. A method includes authenticating a user; creating a master token on the user device; creating a sub-token of the master token for an app launched on the device; the app skipping the login process of the app in response to the sub-token so that the app proceeds directly to validating a transaction.

Abstract: A method for separately registering a user and a mobile device for use of a mobile wallet account includes registering, by a registration terminal of a mobile wallet provider, a user for use of the mobile wallet account, including assigning one or more user-provided settings to the mobile wallet account. The method also includes receiving, by a computing system of the mobile wallet provider, a request from a mobile device to register the mobile device for use as a mobile wallet, identifying, by the computing system, the mobile wallet account of the registered user based on the request, and registering, by the computing system, the mobile device for use of the identified mobile wallet account, including associating the one or more user-provided settings with use of the mobile device.

Abstract: A method of the present disclosure includes a host system authenticating a user of the user device to access secure host information associated with the user in a database. A request may be transmitted to a third-party system to access secure third-party information stored by the third party based on third-party authentication information. The host system may receive the secure third-party information and store the secure third-party information in a memory location of the database that is associated with a different memory location including the secure host information. The memory location and the different memory location may be associated in the database based on a common information type. The host system may generate a graphical user interface that positions the secure host information and the secure third-party information in the graphical user interface based on their respective location in the database.

Abstract: An apparatus has a processor and a memory connected to a bus. The memory stores instructions executed by the processor to receive an electronic document from a network. Image processing segments are formed. The image processing segments are processed to generate classification data including text strings. Image processing segments are also processed to identify signing items such as signature lines, date and text fields, checkboxes, and radio-buttons. Each signing item is categorized as an electronic-sign item or a wet-sign item. A first electronic document is produced with pages from the electronic document that have electronic-sign items and a second electronic document is produced with pages from the electronic document that have wet-sign items. The first electronic document is augmented with metadata characterizing locations of and any conditional logic associated with the electronic-sign items.

Abstract: A system and method to support authentication or device pairing. A respective indication is received from a respective output of each respective contact element within a plurality of contact elements. The respective output indicates a touching of the respective contact element. Based on receiving the respective indication, a respective state associated with the respective contact element is changed. The respective contact element is controlled to change its respective visual state to correspond to its respective state. Based on receipt of the respective indication, it is determined whether the respective states of the plurality of contact elements match a determined pattern. Based on a determination that the respective states of the plurality of contact elements match the determined pattern, access to an operation is authorized.

Abstract: According to one exemplary embodiment, a method for dynamic generation of payment token ratings is provided. The method includes receiving a token request, whereby the token request includes a plurality of metadata. The method also includes analyzing the received plurality of metadata based on at least one predefined rule set. The method further includes generating a token in response to receiving the token request. The method then includes determining an assurance rating for the generated token based on the analyzed received plurality of metadata, whereby the assurance rating indicates a risk of fraud associated with the generated token. The method finally includes assigning a token rating to the generated token based on the determined assurance rating.

Abstract: According to one exemplary embodiment, a method for dynamic generation of payment token ratings is provided. The method includes receiving a token request, whereby the token request includes a plurality of metadata. The method also includes analyzing the received plurality of metadata based on at least one predefined rule set. The method further includes generating a token in response to receiving the token request. The method then includes determining an assurance rating for the generated token based on the analyzed received plurality of metadata, whereby the assurance rating indicates a risk of fraud associated with the generated token. The method finally includes assigning a token rating to the generated token based on the determined assurance rating.

Abstract: Apparatus and methods for binding a wearable device for use with the wearable device, a terminal, and a server are presented. The method executed by the wearable device includes providing device information to the terminal, receiving a device certificate from the server, and storing the device certificate for performing payment using the corresponding user account. The method executed by the server includes receiving a binding request from the wearable device via the terminal, generating a device certificate of the wearable device based on the device identification, and providing the device certificate to the wearable device. The method executed by the payee device includes acquiring a transaction certificate of a wearable device and sending a payment collection request to a server including the transaction certificate of the wearable device and payment sum information.

Abstract: A method, system, and non-transitory computer readable medium are described for providing a sender a plurality of ephemeral keys such that a sender and receiver can exchange encrypted communications. Accordingly, a sender may retrieve information, such as a public key and a key identifier, for the first receiver from a local storage. The retrieved information may be used to generate a key-encrypting key that is used to generate a random communication encryption key. The random communication encryption key is used to encrypt a communication, while the key-encrypting key encrypts the random communication key. The encrypted communication and the encrypted random communication key are transmitted to the first receiver.

Abstract: The invention relates to a method for securing access to a website which includes, in series: a step (202) of a first user terminal accessing said site; a step (206) of entering a message with the user terminal on a page of the site; a step (208) of transmitting the message to a server of the website; a step (210) of the server of the website encrypting the message in order to form a visible code; a step (212) of displaying the visible code on a display screen of the first user terminal; a step (216) of taking an image of the visible code using a second user terminal, optionally identical to the first user terminal; a step (218) of decrypting the code using the second user terminal; and a step (220) of providing the user with the message decrypted by the second user terminal.

Abstract: The invention provides various systems and methods for establishing an identity confidence scoring system. The method includes gathering identity information about the customers from physical locations and from remote locations. The method updates the identity profiles with the gathered identity information, and based on the gathered identity information, generates an identity confidence score associated with each identity profile.

Abstract: A method of authorizing a secure electronic payment from a payer to a payee. At a digital identity system, an electronic message is received, which comprises a payer credential and identifies a payee system, and a digital identity associated with the payer credential is accessed, the digital identity comprising: 1) at least one identity attribute or data for deriving at least one identity attribute, and 2) a payment token or data for obtaining a payment token, the payment token for effecting an electronic payment from the payer to a recipient of the payment token. At least one electronic message is transmitted from the digital identity system to the payee system to render the identity attribute and the payment token available to the payee system, for determining, based on the identity attribute rendered available to the payee device, whether to use the available payment token to effect the electronic payment.

Abstract: An authenticated network having a plurality of nodes is disclosed. Each node includes a transaction unit and an identification core. The identification core includes a key generator. The key generators of the identification cores generate a plurality of unique pairs of secret and public keys. The public key serves as a logical address of the transaction unit. Another authenticated network having a plurality of nodes is also disclosed, in which the identification core further includes a private key. The key generators of the identification cores generate a plurality of public keys from the private keys of the identification cores. Each public key serves as a logical address of the transaction unit of a corresponding node. One of the public keys and one of the private keys form a unique pair. Thus, the transaction unit manages the information communication among the plurality of nodes. The identification core manages an authentication of the nodes.

Abstract: A hearing device includes: a processing unit configured to compensate for hearing loss of a user of the hearing device; a memory unit; and an interface; wherein the processing unit is configured to: receive a connection request for a session via the interface; obtain a session identifier; transmit, via the interface, a connection response comprising a hearing device identifier and the session identifier; receive, via the interface, an authentication message comprising an authentication key identifier and client device data; select a hearing device key from a plurality of hearing device keys in the memory unit based on the authentication key identifier; and verify the client device data based on the selected hearing device key.

Abstract: In a method for efficient password based public key authentication between a first user device and a second user device, a shared password is received by a first user device which generates a first hash value of the shared password and a first value, wherein the first value is composed of at least a product of the first hash value and a first unique security constant associated with the first user. The first user device then generates a first random value generated using data from a generator element, and a first blind public key associated with the first user device, wherein the first blind public key is generated using a first public key. The first user device concurrently sends the first value and the first blind public key to the second user device for authentication.

Abstract: A method and apparatus includes a determining unit configured to determine whether a device entering a network should be allowed access and an executing unit configured to execute a configuration protocol between the registrar and the device and to a shared unique configuration key between the registrar and the device. If the device provides a privileged service, the configuration protocol enables the device to advertise the privileged service or if the device is a control point, the configuration protocol enables the device to advertise that it is able to control certain privileged services. The registrar also includes a controlling unit configured to obtain a controller key, if the registrar is to become controller of the new device and a service unit configured to execute a credential service that allows devices providing privileged services to delegate issuing of access control credentials to the registrar, wherein other devices may use the credential service to obtain credentials for privileged services.

Abstract: A plurality of payload messages (502, 505, 508) is communicated on a radio link of a cellular network between a terminal (130) and an access node (112) of the cellular network. Each one of the plurality of payload messages (502, 505, 508) includes a data packet (501) encoded according to a given redundancy version (371-373). The number of the plurality of payload messages (502, 505, 508) may be dynamically and flexibly adjusted in some embodiments. Examples are given which may be applied for coverage enhancement in the Internet of Things or Machine Type Communication domain.

Abstract: Systems and methods are described herein for provisioning mobile devices to wireless access points to provide 911 and other emergency services to the mobile devices via communication networks, such as wireless communication networks. For example, the systems and methods provide a mobile device with the functionality to determine cell sites are unavailable at a location or and provision one or more access points for 911 and emergency communications.

Abstract: A method and an apparatus for verifying identity of a direct communication message using asymmetric keys in a wireless communication network comprising a plurality of electronic devices is provided. The method includes distributing a public key associated with a second electronic device among a plurality of electronic devices by a Device-to-Device (D2D) server. The method includes receiving the direct communication message from the second electronic device at a first electronic device. The direct communication message comprises a digital signature generated using a private key associated with the second electronic device. Further, the method includes verifying the identity of the direct communication message using the public key associated with the second electronic device.

Abstract: Generally systems and methods for simultaneous file exchange are disclosed. In some embodiments systems and methods for the simultaneous exchange of electronic files are disclosed, wherein the systems and methods employ one or more storage object, and wherein one or more entities are associated with the one or more storage object.

Abstract: Apparatuses and methods associated with multi-level authentication are disclosed herein. In embodiments, a method includes authenticating a physical object of a plurality of physical objects that together form an aggregate physical object; storing in a database system relationship information reflecting a relationship between the aggregate physical object and the plurality of physical objects; attempting to authenticate a target physical object; responsive to matching the target physical object to the aggregate physical object based on the attempt to authenticate the physical target: identifying in the database system a database record corresponding to the aggregate physical object; storing in the database record authentication data reflecting the match between the target physical object and the aggregate physical object; and storing an indication of a re-authentication of the physical object in the database system based on the relationship information. Other embodiments may be disclosed or claimed.

Abstract: Systems and methods are described that allow users to continue utilizing their user accounts and user devices associated with a first authorization entity for transactions conducting with a second authorization entity. A processor server computer may translate a first data set including first account identifier and a first verification value associated with a first authorization entity during authorization processing into a second data set including a second account identifier and a second verification value that can be processed by a second authorization entity. The processor server computer may modify an authorization request message based on the translated data set. The processor server computer may also enable the authorization request message to be routed to an appropriate authorization entity during authorization processing.

Abstract: A method for verifying the source of an authorization request includes: storing an integrated circuit card (ICC) master key; receiving an authorization request for a transaction, wherein the request includes an ICC dynamic number, and the ICC dynamic number is extracted from signed data, based on the ICC master key, generated by a payment card during combined data authentication (CDA); verifying the authenticity of the ICC dynamic number using the stored ICC master key; and transmitting the authorization request to a third party. A method for transmitting an authentic authorization request includes: storing payment card data, the data including an ICC master key associated with the payment card; authenticating the card data using CDA to generate signed data; extracting, from the signed data, an ICC dynamic number based on the ICC master key; and transmitting an authorization request for a transaction, the request including the extracted ICC dynamic number.

Abstract: An exemplary specifically programmed electronic communications exchange which includes at least the following specifically programmed components: a specifically programmed computer processor that is configured to at least perform, in real-time, the following: causing, via a computer network, to display a company personalized communications set-up graphical user interface configured to allow a representative of a company to dynamically define a plurality of company communications attributes; causing, via the computer network, to display a consumer communications set-up graphical user interface configured to allow a consumer to dynamically define a plurality of consumer communications preference attributes; automatically matching the company to the consumer based at least in part on: the plurality of company communications attributes and the plurality of consumer communications preference attributes; and automatically and electronically delivering a plurality of electronic communications, from or on behalf of t

Abstract: Systems, methods, and non-transitory computer-readable media can receive a password from a user. A first password hash is generated based on the password and a first salt. A second password hash is generated based on the first password hash and a second salt. The first salt, the second salt, and the second password hash are transmitted to a third party.

Abstract: Methods and apparatus for validating paper forms are provided. A node can receive paper-form data from a paper form that has first and second data items (DIs). The node can: determine first and second metadata for the first and second DIs respectively, determine respective first and second validation entities (VEs) to validate respective values of the first and second DIs based on the respective first and second metadata, where the first and second VEs can differ, provide a user interface (UI) including a display of the first DI, receive a validation status for the first DI via the first UI from the first VE, select a first distributed storage system (DSS) associated with the first DI, and record the value of the first DI and the validation status in the first DSS. The node can generate an output related to the paper-form data based on the first DSS.

Abstract: A method for deterring information copying, includes: combining a watermark serial number incorporate in a given medium with a content serial number to create a combined serial number, the watermark serial number uniquely identifies the given medium, and the content serial number uniquely identifies a content stored on the given medium; creating a digital signature by encoding the combined serial number using a private key of a public/private key pair; imprinting the content serial number and the digital signature on the given medium; decoding the digital signature imprinted on the given medium using a public key of the public/private key pair to obtain the combined serial number; comparing the decoded combined serial number with the watermark serial number and the content serial number imprinted of the given medium; and in response to determining that both match the combined serial number, determining that the content is authentic.

Abstract: An electronic transaction method, funds transfer apparatus and method for facilitating a funds transfer. The methods comprise sending information from a purchaser or payor to a funds transfer system separate from a vendor system or payee, validating and confirming personal financial information at the funds transfer system, and transferring funds from a purchaser or payor account to the vendor or a payee account without exposing either party's financial and account information to the other. Additionally, a funds transfer apparatus is disclosed comprising connections to a payor and payee system and mechanisms for receiving and validating party and transaction information and a mechanism for transferring funds from one party to the other.

Abstract: A novel code signing system, computer readable media, and method are provided. The code signing method includes receiving a code signing request from a requestor in order to gain access to one or more specific application programming interfaces (APIs). A digital signature is provided to the requestor. The digital signature indicates authorization by a code signing authority for code of the requestor to access the one or more specific APIs. In one example, the digital signature is provided by the code signing authority or a delegate thereof. In another example, the code signing request may include one or more of the following: code, an application, a hash of an application, an abridged version of the application, a transformed version of an application, a command, a command argument, and a library.

Abstract: Systems of a vehicle and the operations thereof are provided. The vehicle can associate sensitive information for a user of the vehicle. Then, the vehicle can automatically provide the sensitive information for either the driver and/or passenger to a third party in an interaction with the third party. As such, user employ the automated systems of the vehicle for interactions with third parties.

Abstract: An identity verification application receives data encapsulating a request to verify an identity of a user that includes user-provided identification data. Thereafter, the identity verification application then hashes the user-provided data and traverses a decentralized ledger including a data structure comprising a plurality of linked segments to identify a match of the hash of the user-provided identification data. The identity verification application then provides verification data that either (i) confirms the identity of the user if the hash of the user-provided identification data has a match in the decentralized ledger, or (ii) rejects the identity of the user if the hash of the user-provided identification data does not have a match in the decentralized ledger. Related apparatus, systems, techniques and articles are also described.

Abstract: A method of the present disclosure includes a host system authenticating a user of the user device to access secure host information associated with the user in a database. A request may be transmitted to a third-party system to access secure third-party information stored by the third party based on third-party authentication information. The host system may receive the secure third-party information and store the secure third-party information in a memory location of the database that is associated with a different memory location including the secure host information. The memory location and the different memory location may be associated in the database based on a common information type. The host system may generate a graphical user interface that positions the secure host information and the secure third-party information in the graphical user interface based on their respective location in the database.

Abstract: The disclosed computer-implemented method for managing encryption keys for single-sign-on applications may include (1) receiving, from an identity service, notification of a request to access encrypted data on a cloud service, the notification including a session key for encrypting and decrypting a master key for decrypting cloud service keys, (2) deriving the master key, (3) decrypting, using the master key, a cloud service key for decrypting data on the cloud service, (4) storing the master key, encrypted using the session key, (5) receiving an additional notification of an additional request to access encrypted data on an additional cloud service, the notification including the session key, (6) without again obtaining the authentication element from the user, decrypting the master key, and (7) decrypting, using the master key, an additional cloud service key for decrypting data on the additional cloud service. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A device may receive information associated with a particular entity and trigger, based on the information, a status for the particular entity. The device may transmit, based on triggering the status, a list of a plurality of mobile devices and may receive an identified set of mobile devices from the list of the plurality of mobile devices. The device may further receive, from a selected mobile device, a request to perform an action and receive a string of characters from the selected mobile device. The device may further transmit, based on receiving the string of characters, an instruction command to the selected mobile device when the string of characters matches a verification string of characters.

Abstract: Various embodiments are generally directed to an apparatus, method and other techniques for activating a payment account for a vehicle electronic wallet component and to associate the payment account with a vehicle. In various embodiments, a request for payment for a transaction may be received over a contactless communication link when the vehicle is in proximity to a payment processing entity and authentication information to approve the request for payment may be received. Payment information corresponding to the payment account may be transmitted over the contactless communication link to the payment processing entity to enable payment for the transaction.

Abstract: Information concerning a plurality of identified threats provided by a plurality of preselected sources is stored in memory. An e-mail message may be received over a communication network. The received e-mail message is separated into a plurality of components. The stored information is searched to identify a reputation score associated with each of the plurality of components. It is then determined whether the e-mail is a threat based on the identified reputation score of each of the plurality of components. The determination is sent to a designated recipient.

Abstract: Methods and devices for creating a secure log of security events may include receiving a historical digest representing approved historical security events associated with a trusted network of devices. The methods and devices may include receiving one or more new security events. The methods and devices may include calculating, when a period of time has expired, a hash based on at least the historical digest and the one or more new security events and determining if a value of the hash is less than a value threshold. The methods and devices may include storing a new security event digest corresponding to a respective hash having a respective value less than the value threshold, wherein the new security event digest is confirmed by one or more trusted devices in the trusted network of devices.

Abstract: The present invention relates to a method and system for managing profiles for use with touch systems. A user logs into a communal device using a pointer paired with a mobile device. The communal device is authenticated and retrieves the user's profile. The user profile is used to setup a workspace on the communal device. The workspace is granted access to the user's content on a content server. When the communal device has multiple users, each workspace may be shared or not depending on the user's requirements. Each pointer is individually identified to a particular user and workspace.

Abstract: Systems and methods are provided for secure offline transactions using a mobile device. The mobile device may include an encrypted data store in which encrypted payment processing data is stored, a risk assessment engine configured to retrieve the encrypted payment processing data and determine, based on the encrypted payment processing data, whether an offline payment is authorized, and a transaction pool configured to store the offline payment after the offline payment has been provided to a recipient. The mobile device may provide the offline payment that has been performed to a payment provider server for completion and/or funding when the mobile device obtains a network connection to the payment provider server following the offline payment.