Abstract: Verifying caller identification information is described. A query to verify a first communications connection associated with an observed caller ID is received. Using a second communications channel, a message to a device associated with the observed caller ID is transmitted. A response to the message is received. The message is evaluated to perform a security determination. The security determination is provided as output.

Abstract: Systems and methods for securing objects in a computing environment. Objects are encrypted using keys that are also encrypted after encrypting the objects. In order to access the objects, a master key that is unknown to the service storing the objects and/or managing the keys is used to decrypt the keys so that the objects can be decrypted with the decrypted key. Thus, a key is needed to access the key needed to access the object. The master key is typically maintained separately from all of the encrypted objects and corresponding encrypted keys.

Abstract: Disclosed is an authentication apparatus using a public key encryption algorithm. An apparatus according to an embodiment generates a first instant public key through a random number generation process in response to an electronic signature generation request corresponding to a message. Further, the apparatus calculates and uses a first instant private key making a pair with the first instant public key, using the first instant public key.

Abstract: Embodiments are directed to methods and systems to increase flow and throughput of particular data through the use of a machine readable code with portion analysis. The machine readable code may be generated by a transaction processing network and correspond with one or more resource provider computers. When data is received by the transaction processing network that corresponds with one of the resource provider computers, a portion of the machine readable code that is proportional to a size or measurement of the data may be provided in exchange for the data. The recipient of the portion of the code and, once the recipient collects a predetermined number of machine readable code portions to complete the machine readable code, the complete machine readable code may be scanned and transmitted back to the transaction processing network to be exchanged for additional information or to initiate further processing.

Abstract: Methods, systems and apparatus for binding an authenticated user with a wireless device are disclosed. One method includes receiving local environment information from the wireless device, receiving local information from a computing device of the authenticated user, comparing the local environment information of the wireless device with the local information of the computing device, binding the wireless device with the computing device based on the comparison of the local environment information of the wireless device with the local information of the computing device, and communicating information to a wireless device cloud management system that indicates that the binding between the wireless device and the computing device has occurred.

Abstract: Tracking, identifying and article management systems and methods for reliably and repeatedly determining one or more physically uncopiable attribute instances (of the same or varying types) from or inherent in an article of manufacture, using the selected physical uncopiable attribute(s) to produce an unforgeable identity for the article, and then integrating that unforgeable identity into computer-based tracking systems in a way that permits the tracking system to track and monitor articles for which identity information is known. Applications include documents, fashion accessories, artwork, and other objects.

Abstract: A method for operating an aggregator in a private stream aggregation (PSA) system has been developed. The method includes receiving a plurality of encrypted messages from a plurality of clients, each encrypted message corresponding to a vector in a learning with errors (LWE) public key, adding, the plurality of encrypted messages to generate an aggregate data set, extracting a summation of a plurality of error vectors in the plurality of encrypted messages from the aggregate data set, decrypting the summation of the encrypted data contained in the plurality of encrypted messages using a private key stored in the memory of the aggregator to generate a plaintext sum of noisy data generated by the plurality of clients, and generating, with the processor, an output of the plaintext sum of noisy data that preserves differential privacy of each client in the plurality of clients.

Abstract: A first request from a client using a first protocol is translated into one or more second requests by a servicer using a second protocol through a virtual request using the first protocol. A client may use parameters of the first protocol to pass virtual request components to the servicer. A format agreement between the client, servicer and/or authentication service may allow the servicer and/or authentication service to translate the virtual request components over the first protocol to one or more second requests using the second protocol. Virtual request components may also prove the authenticity of the virtual request received by the servicer to an authentication service. Once satisfied the virtual request is valid, the authentication service may issue a credential to the servicer to send the one or more second requests to an independent service. Virtual requests may be included in various protocols, including credential-based protocols and certificate exchange-based protocols.

Abstract: A method includes identifying workload performance requirements of a workload, and identifying an endpoint hardware configuration that satisfies the workload performance requirements, wherein the endpoint hardware configuration includes a selected mode of a multi-mode component. The method further includes configuring selected endpoint hardware with the identified endpoint hardware configuration including applying the selected mode to the multi-mode component included in the endpoint hardware, and placing the workload on the selected endpoint hardware having the identified endpoint hardware configuration including the multi-mode component operating in the selected mode.

Abstract: A system and method for exchanging data with a network including an authorized UE that is authorized to exchange the data with the network, and an unauthorized UE that is not authorized to exchange the data with the network. The unauthorized UE operable to receive an authorization credential, and to exchange the data with the network using the received authorization credential.

Abstract: Described herein is a system in which temporary aliases may be associated with, and maintained with respect to, cryptocurrency addresses. In some embodiments, the system enables a temporary alias to be used by a mobile application (e.g., a wallet application) in a cryptocurrency transaction. In some embodiments, temporary aliases may be assigned from a pool of procedurally-generated aliases. In some embodiments, the temporary alias may be valid for a predetermined amount of time or number of transactions. For example, the system may assign a new temporary alias to a cryptocurrency address for each transaction and/or after a predetermined amount of time has elapsed.

Abstract: Systems and techniques are disclosed for detecting whether a wearable computing device is worn by a user or not. The detection can be made based on whether the device is secured to a user or based on a sensor. A device worn by a user may be operated in a private mode such that the user wearing the device is provided information that is useful while wearing the device. For example, the user may receive message notifications, news updates, telephone call information, or the like. A wearable computing device maybe operated in a public mode while not being worn by a user. While in the public mode, the device may provide non user specific information such as a current time, media items, or the like.

Abstract: An information processing apparatus according to an embodiment includes a processing circuit configured for: acquiring information of 3D printing devices which are competent to a 3D print task, where the information includes attribute features of the 3D printing devices that can be used for an attribute-based decryption; determining, based on the acquired information, an encryption attribute set or a decryption logic setting for performing an attribute-based encryption on data of the 3D print task, where the encryption attribute set or the decryption logic setting covers a specified number of the 3D printing devices and has a low encryption overhead for the data; performing the attribute-based encryption on the data using the determined encryption attribute set or decryption logic setting to obtain encrypted data; and performing control to release the encrypted data as a 3D print task.

Abstract: In some implementations, a system can transmit communications indicating an occurrence of a particular type of safety incident experienced by a user. Registration information that indicates that a plurality of safety devices of different types are to be registered with the user is initially obtained. Sensor data from the plurality of safety devices of different types are obtained. An occurrence of a particular type of safety incident experienced by the user is then selected from among a plurality of types of safety incidents. The selection may be based at least on the obtained sensor data and the obtained registration information. A communication is then provided to another user to indicate the occurrence of the particular type of safety incident experienced by the user in response to selecting the occurrence of the particular type of safety incident.

Abstract: A system and method of enabling software features on medical devices uses a local server disposed at a medical facility and a license server remote from the local server. The method includes generating a software enabling indicator at the license server, the software enabling indicator comprising a numerical code representing a number of licenses to be allocated for a software feature. The method includes providing a digitally signed electronic document based on the software enabling indicator, transmitting the electronic document from the license server to the local server, and authenticating the license server at the local server using the electronic document. The method includes generating at the local server a plurality of second digital certificates based on the software enabling code, transmitting the second digital certificates to each of the medical devices, and enabling a software feature on the medical devices based on the second digital certificates.

Abstract: Methods And Apparatus For Direct Communication Key Establishment Methods (100, 200, 300) and apparatus (400, 500, 600, 700, 800, 900) are disclosed for establishing a key for direct communication between a User Equipment device, UE, and a device. The methods and apparatus cooperate to form a system for securing direct communication between a UE and a device over an interface. The system comprises a UE (20), a device (30) and a Direct Communication Element (40). The Direct Communication Element (40) is configured to obtain a shared session key and Generic Bootstrapping Architecture Push Information, GPI, to derive a direct communication key from at least the shared session key, and to send the direct communication key and the GPI to the device (30). The device (30) is configured to send the GPI to the UE (20). The UE (20) is configured to derive the shared session key from at least the GPI and to derive the direct communication key from the shared session key.

Abstract: In one example, an enrollment device, such as a smart phone with an enrollment application executing thereon, obtains in situ enrollment information from at least one or more target device of a plurality of target devices in a network. The enrollment device provides the in situ enrollment information that is obtained from the at least one target device, to a security management device, such as a public key certificate generator (e.g., a certification authority) for the network, to facilitate target device configuration certificate generation for the at least one target device. The security management device uses the in situ enrollment information and other device specific information as well as operational information that is desired for a device, and issues a configuration certificate for the at least one target device. A system and methods are also set forth.

Abstract: Described is a technology by which a plug-in (e.g., an ActiveX® control) instantiated by a web browser calls functions of a credential service to use a set of credential data (e.g., a card file) for logging into a website. If the credential service determines that a previously used card file for the website exists, a representation of that card file is displayed in the browser, and the data of that card file is used to obtain a token for logging in the user. If not found, an icon is presented instead, by which the user can select a user interface that allows selection of another card file that meets that meet the website's requirements.

Abstract: An example operation may include one or more of storing a broadcast encryption tree comprising a set of cryptographic keys disposed in a hierarchical tree format, distributing a partial set of keys from the broadcast encryption tree to each respective peer from among a group of peers included in a blockchain network, receiving, from a user device, an identification of at least one peer included in the group of peers for processing a blockchain transaction, selecting a subset of keys from among the set of cryptographic keys in the broadcast encryption tree which enables at least one peer to decrypt transactions and doesn't enable the remaining peers included in the group of peers to decrypt transactions, and transmitting broadcast encryption information about the selected subset of keys to the user device for performing encryption of the transactions.

Abstract: System(s) and method(s) for real-time data communication over an Internet of Things (IoT) network are described. According to the present subject matter, the system(s) implement the described method(s) for real-time data communication over the IoT network. The method includes encoding, at a source communication device, data to be exchanged between peer sub-layers of IoT entities based on a Forward Error Correction (FEC) context to generate encoded data packets, the IoT entities comprising the source communication device and a destination communication device. The method further includes identifying time delay to be maintained for transmission of the encoded data packets from the source communication device to the destination communication device to have minimal data packet drop due to queue overflow at the source communication device. The method further includes transmitting the encoded data packets over the IoT network.

Abstract: Methods, systems, and devices for wireless communication are described. In one method, a wireless device may establish a connection with an access node (AN) of a local area network (LAN). The wireless device may also determine to perform an authentication. The wireless device may further receive an indication, as part of the authentication, of a protocol end point for the authentication as being a non-access stratum (NAS) layer or a radio resource control (RRC) layer. In another method, an AN may establish a connection with a wireless device. The AN may determine the wireless device determined to perform an authentication with an authenticator included in the AN. The AN may further indicate, as part of the authentication, a protocol end point for the authentication as being the NAS layer or the RRC layer.

Abstract: An anonymous secure messaging method and system for securely exchanging information between a host computer system and a functionally connected cryptographic module. The invention comprises a Host Security Manager application in processing communications with a security executive program installed inside the cryptographic module. An SSL-like communications pathway is established between the host computer system and the cryptographic module. The initial session keys are generated by the host and securely exchanged using a PKI key pair associated with the cryptographic module. The secure communications pathway allows presentation of critical security parameter (CSP) without clear text disclosure of the CSP and further allows use of the generated session keys as temporary substitutes of the CSP for the session in which the session keys were created.

Abstract: A system maintains a web session across multiple web resources and/or devices using a two-token model. A user agent transmits an authentication request to a login endpoint. The user agent have access to a grant token, and it will receive an access token in response to the authentication request. The grant token is relatively long-lived and the first access token is relatively short-lived. The user agent will use the access token to access the first web resource and establish a web session. When the access token expires or is about to expire, the user agent will transmit a re-authentication request with the grant token to a re-authentication endpoint. The user agent will then receive a second access token from the re-authentication endpoint. The user agent will then use the second access token to access the web resource and maintain the web session.

Abstract: Disclosed are various examples for single-sign on by way of managed mobile devices. For example, an identity provider service can receive a request for an identity assertion from an application executed in a client device. The identity provider service can then detect a platform associated with the client device. A response to the request can be sent based at least in part on the platform, where the response requests authentication by a management credential. Data generated by the management credential is received from the client device, and the management credential is determined to be valid for the identity assertion. The identity assertion is then sent to the client device in response to determining that the management credential is valid for the identity assertion.

Abstract: An information handling system (IHS) includes controller that performs a method of automating acquisition of link local Internet Protocol (IP) network address of servers. Controller acts as Group manager server (GMS) that maintains an inventory of a respective link local Internet Protocol (IP) network address and public key of each server that is addressable over a local area network (LAN). GMS receives an IP network address and credentials associated with a management console that are used to obtain a public key from the management console. GMS transmits to the management console a GMS IP network address and public key associated with the GMS. GMS encrypts the inventory with the public key of the management console to generate an encrypted inventory. GMS transmits the IP network address and the public key of the management console to each server. GMS forwards the encrypted inventory to the management console to enable secure communication.

Abstract: Technologies for configuring a FPGA include a computing device having a processor and an FPGA. The computing device starts a secure boot process to establish a chain of trust that includes a trusted execution environment. The trusted execution environment loads an FPGA hash from an FPGA manifest stored in secure storage, and a platform trusted execution environment determines whether the FPGA hash is allowed for launch. To determine if the FPGA hash is allowed for launch, the platform trusted execution environment may evaluate one or more launch policies from the FPGA manifest. If allowed, the trusted execution environment configures the FPGA with an FPGA image corresponding to the FPGA hash and verifies the FPGA image with the FPGA hash. The platform trusted execution environment may receive the FPGA hash from a user via a trusted I/O session or from a remote management server. Other embodiments are described and claimed.

Abstract: Described is a system for the implementation of biometric scanning in a user-privacy preserving fashion with respect to identification, authentication, and online credential systems. At enrollment, the user enrolls or initially registers at a physical location, where the user is provided a Fuzzy Extractor (FE) encrypted output (Enc(R)). The user is then registered with an online server, which creates an ID-Wallet for the user and stores the ID-Waller. During operation, the user sends an authentication request to the online server, which provides a corresponding authentication response. The user or user's client then extracts secret (R) for user authentication. The user can then be authenticated with the online server to retrieve credentials from the ID-Wallet, which can be used for a variety of online services.

Abstract: An apparatus and method are described for sharing WiFi credentials.

Abstract: A method for distributing encrypted cryptographic data includes receiving, by a key service, from a first client device, a request for a first public key. The method includes transmitting, by the key service, to the first client device, the first public key. The method includes receiving, by the key service, from an access control management system, an encryption key encrypted with the first public key and a request from a second client device for access to the encryption key. The method includes decrypting, by the key service, the encrypted encryption key, with a private key corresponding to the first public key. The method includes encrypting, by the key service, the decrypted encryption key, with a second public key received from the second computing device. The method includes transmitting, by the key service, to the second client device, the encryption key encrypted with the second public key.

Abstract: An access platform or other network elements can include multiple line cards configured to encrypt data. The platform and/or each of the line cards may receive encryption management data that conforms to a predefined encryption management data interface. The encryption management data received by a particular line card may be generated by a conditional access system device and converted to conform to the encryption management data interface by an encryption manager. Line cards may alternatively be configured for connection to separate encryption hardware components. Line cards may include a block of field programmable gate arrays or other type of programmable hardware that can be configured to execute an encryption module.

Abstract: The present invention relates to a method and device for verifying data ownership. The user may verify whether the server actually owns the data to be uploaded by him, and the server may simultaneously verify whether the user actually owns the data.

Abstract: The invention relates to a method for logging a service technician into an electrical device (20), comprising the following steps: production (3, 4) of a secret key (SKY) as an encrypted login password (LPW) by the electrical device (20), displaying (5) of the secret key (SKY) on a display unit (23) of the electrical device (20) as a QR code (QRC), optical sensing (6) of the QR code (QRC) by means of a mobile device (22), decryption (9) of the login password (LPW) from the secret key (SKY) of the sensed QR code (QRC) by the mobile device (22), displaying of the login password (LPW) on a screen unit (24) of the mobile device (22), entering of the login password (LPW) into the electrical device (20) by the service technician, comparison (10) of the entered login password (LPW) with the produced login password (LPW) by the electrical device (20), release of the login by the electrical device (20) if the two login passwords (LPW) match. The invention further relates to an associated apparatus.

Abstract: Disclosed are various embodiments for sharing network site account information among multiple users. Account information for a network site account is received from a first user at a first client. An indication is received from the first user that the account information is to be shared with a second user. The second user is authenticated at a second client. The account information is transferred to the second client.

Abstract: A layered authentication process can use a first authentication layer to filter out invalid requests. The first layer can perform a lightweight authentication to determine requests that do not meet certain authentication criteria. This can include, for example, denying requests that have invalid credentials or that are received from unapproved locations or sources, or that lack the proper format. Requests that pass the initial authentication can be directed to a more robust authentication service that is capable for performing a full authentication of the request. Such an approach prevents various invalid requests from being delivered to the robust authentication service, thereby preventing the robust authentication service from being overwhelmed by a large number of requests, such as may correspond to a coordinated attack on the service.

Abstract: Examples described herein may include a playback device receiving, from a control device, a validation-key that includes an application identifier corresponding to a controller application. The playback device may create a session identifier and transmit the session identifier to the control device. The playback device may receive, from the control device, a playback request comprising the session identifier and a playback command. The playback device may determine that the session identifier is valid and then execute the playback command. A computing system may receive identification information related to a controller application and generate the validation-key based on the controller application meeting at least one quality-control metric. The controller application may receive the validation-key from the computing system.

Abstract: Methods and systems are disclosed for managing registrations of computers. The methods and systems provide a registration tool that may be used to automatically register the computers. For each computer to be registered, information uniquely identifying the computer is collected and sent to a remote registration server. The information is then used by the remote registration server to perform the registration on behalf of the computer. The registration may be with a software vendor, a third-party database, or with the remote registration server itself in some cases. The registration server thereafter returns a registration code or other information to the computer to complete the registration. Such an arrangement allows the registration process to be controlled from a central location.

Abstract: A user device operated by a user receives a compromise alert indicating a potentially compromised use of first access data associated with a user. The compromise alert enables the user to input a response to the compromise alert, where the response can indicate that the first access data is compromised along with a request to issue new access data for the user. The response is sent to a server computer, which then initiates a process to disable use of the first access data and generate the new access data. The new access data is transmitted to the user device. The user can utilize the new access data to request access to a resource.

Abstract: Processes and systems for locking a NB-IoT device to a NB-IoT SIM before connecting the NB-IoT device to a cellular network are discussed herein. The NB-IoT device may include a status flag that determines whether the NB-IoT device requires a NB-IoT SIM to access NB-IoT-specific functions provided by a cellular network. In one example, a Group Identifier Level 1 (GID1) of the IoT SIM may be queried and compared against a reference value to determine whether the IoT SIM is an NB-IoT SIM, and if confirmed, the NB-IoT device may connect to a cellular network and access the NB-IoT-specific functions. In an example, an NB-IoT device associated with a status flag indicating that the device does not require an NB-IoT SIM may connect to a cellular network, but may not access NB-IoT-specific functions.

Abstract: Systems, methods and apparatus are described that offer improved performance of a sensor bus. A first command is transmitted to devices coupled to a serial bus operated in a first mode in accordance with a first protocol to cause the serial bus to be operated in a second mode. After communicating in accordance with a second protocol while the serial bus is operated in the second mode, a second command is transmitted to the plurality of devices in accordance with the first protocol to terminate the second mode. In the second mode, extra symbols inserted into a sequence of symbols transmitted on the serial bus prevent the occurrence of an unintended signaling state on the serial bus. Pulses transmitted on a wire of the serial bus in the second mode may have their duration limited such that a filter of a second device suppresses the limited-duration pulses.

Abstract: A method, system or computer usable program product for managing attributes including obtaining a unique mutable identifier for storage in memory in response to a request to a service provider; utilizing a processor to provide a selected set of attributes to the service provider for association with the unique mutable identifier and storage at the service provider; and providing the unique mutable identifier to an application whereby the application can obtain the set of attributes by inquiring the service provider.

Abstract: Provided is a method for managing a cloud server by using a manager server in a cloud environment, the method including receiving server template information of a first cloud server in a cloud domain, to which the manager server pertains, from the first cloud server, generating server setting information for a cloud server in the cloud domain based on the server template information of the first cloud server, and transmitting the server setting information for the cloud server to the first cloud server to drive the first cloud server.

Abstract: Systems and methods for identify confirmation and transaction security are described. The system generates a challenge. The system transmits to a client computing system an encrypted challenge generated using the challenge and a public key of an asymmetric key pair to a client computing system. The system fragments a private key of the asymmetric key pair into a first, second and third private key fragments. The system generates a first partially decrypted challenge using the first private key fragment and the encrypted challenge. The system receives a second and a third partially decrypted challenges from the client computing system. The system generates a decrypted challenge using the first, second and third partially decrypted challenges. The system compares the decrypted challenge and the challenge for identity verification.

Abstract: The information processing apparatus stores a cryptographic module and a key that the cryptographic module generated. The information processing apparatus determines whether or not the stored key is a key that a cryptographic module for which integrity is not verified generated. If so, the information processing apparatus updates the key determined to be the key that the cryptographic module for which integrity is not verified generated.

Abstract: Systems and methods are provided for determining an access request provided by an application that seeks to interact with one or more backend systems through a computing system. One or more predefined restrictions can be enforced on the application, the computing system, or the one or more backend systems.

Abstract: A mobile communications transmission system provides a plurality of mobile communications cells in a building or campus. It comprises a first baseband unit and a first gateway device, which is connectable to a data network. At least one transceiver unit is connected to the first baseband unit. The at least one transceiver unit is configured to provide at least one first mobile communications cell. By way of this first mobile communications cell, a subscriber device in the building can exchange information with the data network. A first control device is connected to the first baseband unit and the first gateway device. The first baseband unit and the first gateway device are installed in the building or campus in which the at least one transceiver unit provides the at least one first mobile communications cell, whereas the first control device is accommodated remote therefrom at an operating company.

Abstract: Methods and systems for rules-based data access are described. In some embodiments, a request for access to customer data by a requesting entity is received; the data is categorized; the person's preferences with respect to allowing access to data are compiled; a requesting entity is determined; and the providing entity that collected each requested data item is determined. Data shareability rules are evaluated based on the policies that regulate the access of the customer data and the requesting entity, and the customer data is provided to the requesting entity according to the evaluation.

Abstract: An apparatus that includes a memory configured to store encryption keys and encrypted data entries. The apparatus further includes an encryption service engine configured to periodically re-encrypt the encrypted data element, which includes determining that an encryption wait time period has lapsed, obtaining a first encryption key using a first key index, and decrypting the encrypted data element using the first encryption key to recover the original data. The encryption service engine is further configured to obtain a second encryption key, encrypt the original data using the second encryption key, and modify the metadata linked with the encrypted data element with a second key index referencing the second encryption key. The encryption service engine is further configured to receive a data request for the encrypted data element, to send the encrypted data element, and to limit the bandwidth of a data channel used to send the encrypted data element.

Abstract: Various system configurations and methods for maintaining, accessing, and utilizing secure data of a web browser in a hardware-managed secure data store are disclosed herein. In an example, operations for management of sensitive data such as passwords may be provided with the use of secure enclaves operating in a trusted execution environment. For example, such secure enclaves may be used for sealing and persisting sensitive data associated with a remote service, and transmitting the sensitive data to the remote service, while an unsealed form of the sensitive data is not accessible outside of the trusted execution environment. In further examples, operations for generating a password, storing or updating existing passwords, and replacing web browser input fields with secure data are disclosed.

Abstract: A method and arrangements for enabling authentication of a communication device is suggested, where a network node, capable of operating as an authentication server does not have to store all state related information relevant for a roundtrip of an authentication session. Instead of storing all this information, at least a part of it is provided to the authenticator or the communication unit, for later retrieval in a subsequent response. Based on the state related information provided in the response, the network node is capable of reproducing a state associated with a respective roundtrip. By repeating the mentioned process for a required number of roundtrips, an authentication session can be executed, where less state related information need to be stored at the mentioned network node.

Abstract: Introductions of the users of electronic communication capable devices can be made temporarily with each other. In one example, a first device presents, visually, audibly, electronically or otherwise, a code that may be received by one or more other devices, either visually, audibly, electronically or otherwise. The code can be used to establish a path for communications, for a predetermined finite period of time, to allow the users to exchange references or profiles with each other without revealing either user's true identity or other personally identifying information, including that which is associated with the mobile or other devices involved in the communication, unless or until a user chooses to do so.