Abstract: An example operation may include one or more of receiving a request for storage at a blockchain network, attaching, via a blockchain node, a verifiable credential created by a self-sovereign identity (SSI) network to a blockchain transaction associated with the request, where the verifiable credential includes a claim of the blockchain node and a proof of the SSI network that created the verifiable credential, transmitting the blockchain transaction and the attached verifiable credential to one or more other blockchain nodes, and storing the blockchain transaction and the attached verifiable credential via a data block on the blockchain.

Abstract: An electronic device and a method for performing a peer to peer (P2P) service in the electronic device are provided.

Abstract: Technology is shown for verifying a leaf certificate in a PM chain of trust involving receiving a leaf certificate signed by an intermediate certificate embedded in the leaf certificate. The intermediate certificate is extracted from the received leaf certificate and its public key used to calculate a signature for the received leaf certificate. The calculated signature is compared to a signature included in the received leaf certificate. The received leaf certificate is verified when the calculated signature matches the signature included in the received leaf certificate. The intermediate certificate can be included as a X.509 property of the leaf certificate.

Abstract: An electronic device is provided. The electronic device includes a touchscreen display; first communication circuitry to establish a short-range communication connection; second communication circuitry to establish a cellular communication connection; and a processor.

Abstract: According to another embodiment, a method for invoicing and payments in an integrated supplier network may include: (1) receiving, at a supplier interface for a payments computer program, an invoice from a supplier; (2) receiving, at a buyer interface for the payments computer program, a payment allocation for the invoice, wherein the payment allocation may be associated with a supplier attestation for the supplier; (3) transferring, by the payments computer program, funds for the payment allocation to a liquidity pool, wherein the funds are commingled with other funds in the liquidity pool; (4) receiving, at the supplier interface, the supplier attestation, and a request to withdraw at least a portion of the funds for the payment allocation; and (5) retrieving, by the payments computer program, the portion of the payment allocation to a supplier account with the integrated supplier network.

Abstract: This disclosure describes systems and methods using blockchain for in-vehicle health and wellness tracking. An example method may include receiving a request for a vehicle from a mobile device of a user. The example method may also include receiving, from a pathogen detector device within a first vehicle, an indication that a number of pathogens within the first vehicle is less than a threshold amount. The example method may also include assigning the first vehicle to the user based on the indication that the number of pathogens within the first vehicle is less than a threshold amount.

Abstract: There is provided mechanisms for provisioning of an application level identity from an ID backend server to a communication device. The provisioning of the application level identity is protected using TLS-, DTLS-, or OSCORE-based secure communication. The communication device comprises an identity module configured for interaction according to GSMA RSP based remote subscription profile download. The methods are performed by the communication device and the ID backend server.

Abstract: An apparatus and methods are disclosed for monitoring the operation of an electrical power-transfer system and detecting and handling hazardous and undesirable system states. In accordance with one embodiment, an electrical signal is injected into the electrical power-transfer system. During or after the injection of the electrical signal, an electrical property between a first sensor and a second sensor are measured to obtain a measurement. The electrical power-transfer system is determined to be in a hazardous state based on the measurement, and in response to the determination one or more actions are performed to correct the hazardous state.

Abstract: Disclosed is a method and apparatus for verifying socket connections. The method includes receiving a socket connection request and determining a process executable that initiated the socket connection request. The method further includes determining, by a processing device, whether verification data associated with the process executable corresponds to expected verification data of the process executable. Finally, the method includes in response to the verification data corresponding to the expected verification data, permitting a socket connection corresponding to the socket connection request.

Abstract: Systems and methods are provided that may be implemented to orchestrate trusted enrollment of an endpoint client information handling system by deploying a signed payload of an enrollment package to the endpoint client system, and by using a client software agent executing on the endpoint client system to first verify the distribution chain and/or signature of the deployed enrollment package before proceeding to use other information contained in the enrollment package to contact a registration server to enroll the endpoint client system.

Abstract: A method includes encrypting a first message that contains a first public key of a first peer, by using a second public key of a second peer; and decrypting a second message sent from the second peer by using a first private key paired with the first public key. The second message may be encrypted at the second peer by using the first public key, and may contain an encrypted data encrypted by the second peer using the second public key and hashed by using a secret key of the first peer. The first public key, the second public key, the first private key and the secret key may be physically unclonable function (PUF)-based keys.

Abstract: Various embodiments of the present disclosure include a scalable distributed computing and network system that is configured to install, update or revoke certificates in a multitude of passive devices in many isolated networks. Various embodiments may include a processor in a computing device associating a certificate profile with one or more passive devices in a plurality of passive devices in one or more isolated networks, generating a certificate signing request (CSR) message for each of the associated passive devices, sending the generated CSR messages to a certificate authority, receiving digital certificates from the certificate authority, and sending the received digital certificates to their respective associated passive devices.

Abstract: Systems and methods are directed to improvements for secure communications between client systems and a vehicle integration platform associated with a service provider entity. In one example, a communication infrastructure is provided which includes a vehicle integration platform that includes a plurality of application programming interfaces configured to facilitate communication among clients. The communication infrastructure includes a security integration system which is configured to receive and validate a client certificate forwarded to the vehicle integration platform from a client and determine an identity of the client and an origin of a request associated with the client certificate.

Abstract: Described herein is a method and network-security monitoring platform, also identified as Security Network Monitoring Platform (SNMP), for detecting anomalies in SSL and/or TLS communications set up in a communications network. The SNMP analyses data packets (DP) for detecting anomalous SSL and/or TLS handshake procedures in a monitoring interval, wherein each SSL and/or TLS handshake procedure comprises a first message sent by a respective client to a respective server for starting the respective SSL or TLS communication, and a corresponding second message sent by the respective server to the respective client. Next, the SNMP determines for each handshake procedure a first signature as a function of the data sent with the first message and a second signature as a function of the data of one or more certificates of the chain of certificates (CERT) sent with the second message. The SNMP then analyses the first and the second signatures to determine the respective popularity values.

Abstract: Examples herein describe systems and methods for application-specific compliance enforcement. An example method can include receiving, at a user device, profiles containing application-specific restrictions. When a first application is opened, a management agent compares the corresponding application-specific restrictions with current device settings. This can be done with a checksum comparison where the checksums are created based on a hash with an application- or profile-specific identifier. If they differ, the management agent stores the current device settings and prompts for, or automatically changes, the device settings to new compliant values before allowing the first application to operate in the foreground of the user device screen. If the first application is closed or minimized, the stored device settings can be restored. The management agent can compare those against application-specific restrictions of the second application before allowing the second application to run in the foreground.

Abstract: In variants, a fleet management method can include determining information about a device S100; sending information to a device S200, and operating the device according to the information S300 (e.g., example shown in FIG. 1). The fleet management system can function to scalably manage the operation and permissioning of one or more fleets of devices.

Abstract: At least one processor cause an information processing apparatus to act as the following units. A first installation unit installs a first application. A second installation unit installs a second application for activating the first application. An acquisition unit acquires identification information unique to the first application installed by the first installation unit. An acceptance unit accepts a request for activation of the first application which uses a deep link. A first determination unit, in a case where the acceptance unit accepts a request for activation, determines whether or not to activate, by the second application, the first application by using the identification information acquired by the acquisition unit. An activation unit activates, by the second application, the first application based on a result of the determination by the first determination unit.

Abstract: An apparatus operating as a certificate authority (CA) is described. The apparatus can perform operations including receiving, from a plurality of requesting devices, a request to join a group. The request can include identification information for the group and attestation evidence for the plurality of requesting devices. Responsive to receiving the request, the apparatus can provide a group certificate for the group to the plurality of requesting devices.

Abstract: In some aspects, methods and systems for a digital trust architecture are provided. In some aspects, the architecture includes a user account provisioning process. The provisioning process may make use of in person verifications of some personal information to ensure authenticity of the user information. Once the authenticity of user information is established, an account may be created. The user account may include a user email account, with integrated access to digital certificates linked to the user account. Account creation may also automatically publish the new user's public key in a publicly accessible directory, enabling encrypted email information to be easily sent to the new user.

Abstract: Controlling and provisioning a robot of a virtual machine (VM) includes transmitting a connection request between a first service installed in a virtual machine and a second service. The robot is associated with at least one process running on the virtual machine. The virtual machine is authenticated based on a token associated with the second service and the virtual machine. A connection is established between the first service and the second service. A command is transmitted associated with the controlling of the robot from the second service to the first service based on the authentication of the virtual machine. The command is associated with a corresponding command identifier for identifying a type of the command. The command is then executed for controlling the robot.

Abstract: Methods and network interface devices for establishing a secure and authenticated network connection are provided. The method comprises: receiving, from a requesting entity, a destination IP address and a first certificate that is used to establish a secure network connection, wherein the first certificate comprises a first security attribute that is associated with a source destination IP address; identifying, with aid of one or more processors, a stored second security attribute associated with the destination IP address; and determining, with aid of the one or more processors, a policy action based at least in part on the first security attribute and the second security attribute.

Abstract: Methods and apparatus to enable a distinction between “new” and “used” digital content and to enable a market in used digital content files between mobile phone terminals and an electronic store, securely, by means of a wireless telephony network and a server complex to handle contents right management, transaction reporting, inventory, content delivery, payment, and billing. A server receives a signal generated by a wireless user device that was sent over a wireless telephony network. The signal indicates an election for returning at least one previously purchased digital content item. The server deletes user rights for the at least one digital content item identified by the received signal and sends information to the user device that generated the signal. Access to the associated digital content item at the user device is removed according to the sent information.

Abstract: A system and method for signing and authenticating electronic documents using public key cryptography applied by one or more server computer clusters operated in a trustworthy manner, which may act in cooperation with trusted components controlled and operated by the signer. The system employs a presentation authority for presenting an unsigned copy of an electronic document to a signing party and a signature authority for controlling a process for affixing an electronic signature to the unsigned document to create a signed electronic document. The system provides an applet for a signing party's computer that communicates with the signature authority.

Abstract: An embodiment includes a method of client-server trust management. The method includes receiving, at a client device, a public key of a system server and locally seeding the public key in a secure storage at the client device. The method includes receiving a certificate list signed by a private key of the system server and verifying a source of the certificate list using the seeded public key. The method includes initiating a handshake process with a second device during which a digital device certificate of the second device is received. The method includes halting the handshake process and validating the second device by matching the digital device certificate with a certificate included on the verified certificate list. Based on the validation, the method includes managing a communication session with the second device to enable or prevent data transfer between the client device and the second device.

Abstract: An on-boarding server is configured to receive a data set and a manufacturer identifier from a communications device, validate an identity of an entity from the data set, and locate a first terminal cryptographic key associated with the manufacturer identifier in a terminal database. The on-boarding server is configured to confirm, using the located first terminal cryptographic key, that the manufacturer identifier received from the communications device was signed with a second terminal cryptographic key. The located first terminal cryptographic key and the second terminal cryptographic key are an asymmetric cryptographic key pair. The on-boarding server is configured to determine an acquirer server from the data set, and authorize the entity to effect electronic payments by providing the communications device with a merchant identifier and transmitting the merchant identifier to the acquirer server.

Abstract: An access control system for electric vehicle charging is provided that includes an access device, a secure reservation interface, a reservation server and a smartphone application installed on the smartphone. The access device includes a short-range wireless communication module connected to a processor having control of an electric vehicle charger. The secure reservation interface receives a reservation request for a reservation at a given destination. The reservation server receives the reservation request for the destination, issues a reservation certificate, and transmits the reservation certificate from the reservation server to a smartphone. The smartphone application has access to a short range wireless communication setting corresponding to the access device. The access device receives the reservation certificate from the smartphone application based on use by the smartphone application of the short-range wireless communication setting.

Abstract: An access control system for electric vehicle charging is provided that includes an access device, a secure reservation interface, a reservation server and a smartphone application installed on the smartphone. The access device includes a short-range wireless communication module connected to a processor having control of an electric vehicle charger. The secure reservation interface receives a reservation request for a reservation at a given destination. The reservation server receives the reservation request for the destination, issues a reservation certificate, and transmits the reservation certificate from the reservation server to a smartphone. The smartphone application has access to a short range wireless communication setting corresponding to the access device. The access device receives the reservation certificate from the smartphone application based on use by the smartphone application of the short-range wireless communication setting.

Abstract: The present invention relates to the field of data identification, and in particular to two-dimensional code technology. Provided in the present invention is a two-dimensional code-based file acquisition method, comprising: step 1, parsing a two-dimensional code to acquire two-dimensional code encoded data, wherein the encoded data comprises a first unique value, encrypted data, and signature data; step 2, verifying the signature data; step 3, decrypting the encrypted data to acquire a file address and an. nth data segment In; step 4, acquiring an. encrypted file according to the nth data segment In and the file address; step 5, verifying the encrypted file according to the first unique value to acquire a decrypted file. The present invention solves the technical problems of easy tampering and poor security when data is stored and acquired on the basis of a two-dimensional code, and implements secure and reliable information protection.

Abstract: A method for obtaining a secured routing functionality in a white-boxes based cluster which comprises a plurality of standalone white-boxes, wherein at least two of the standalone white-boxes were manufactured by different manufacturers, and wherein the method comprising identifying a serial number (S/N) associated with each white-box to be included in that cluster, determining pre-defined properties of each respective white-box based on the identification, and installing each of the white-boxes together with a respective computing platform software comprising a software agent provided by the manufacturer of that white-box.

Abstract: Removal of PII is provided. Sensor data is captured using sensors of a vehicle. Object detection is performed on the sensor data to create a sematic labeling of objects in the sensor data. A model is utilized to classify regions of the sensor data with a public or private labeling according to the sematic labeling and a PII filter corresponding to a jurisdiction of a current location of the vehicle. The sensor data is utilized in accordance with the public or private labeling.

Abstract: Systems and methods leverage trust anchors to generate tokens which can then be used by network functions (NFs). A virtualization infrastructure manager (VIM) for a virtualized platform receives a NF software package and a certificate request token (CRT) from a management function. The NF is a virtual NF, a containerized NF, or another virtual entity (xNF) to be deployed. The CRT is digitally signed by the management function and includes a network address of a trust anchor platform and a NF profile. The VIM deploys the NF and provides the CRT to the NF. The NF obtains from the CRT the network address of the trust anchor platform, generates a certificate signing request (CSR) for a digital certificate, and submits the CSR and the CRT to the trust anchor platform. The NF receives a digital certificate from the trust anchor platform based on validation of both the CSR and CRT.

Abstract: Systems, computer program products, and methods are described herein for network traffic routing and load balancing in an electronic network. The present disclosure is configured to identify, by an application layer, at least one website access request by a user account, wherein a website access request comprises a website identifier; transmit the website access request to a traffic routing layer; identify, by the traffic routing layer, a plurality of potential websites; determine, by the traffic routing layer, whether a routing identifier is present for the user account and in response to determining the routing identifier, pin the user account to a pinned website of the potential websites based on the routing identifier; and determine, by the traffic routing layer, whether the pinned website comprises an up attribute or down attribute, and to direct the website access request based on at least this up or down attribute.

Abstract: A method is presented for secure communication, the method including generating a signature using a private key, a nonce, and at least one of an identifier and a key component; and transmitting the signature, the nonce, a security parameter, and the at least one of the identifier and the key component, wherein the security parameter associates a user identity with a public key, the public key being associated with the private key.

Abstract: A system and method for homomorphic encryption in a healthcare network environment is provided and includes receiving digital data over the healthcare network at a data custodian server in a plurality of formats from various data sources, encrypting the data according to a homomorphic encryption scheme, receiving a query at the data custodian server from a data consumer device concerning a portion of the encrypted data, initiating a secure homomorphic work session between the data custodian server and the data consumer device, generating a homomorphic work space associated with the homomorphic work session, compiling, by the data custodian server, a results set satisfying the query, loading the results set into the homomorphic work space, and building an application programming interface (API) compatible with the results set, the API facilitating encrypted analysis on the results set in the homomorphic work space.

Abstract: A method including receiving, at a processor, credential requests for accessing the VPN environment from a first user device using a first interface and from a second user device using a second interface; transmitting, to the first user device, a first credential based at least in part on the first user device using the first interface; and transmitting, to the second user device, a second credential based at least in part on the second user device using the second interface, the first credential being different from the second credential. Various other aspects are contemplated.

Abstract: An embodiment of the present application discloses an information processing method, device and apparatus, a medium, and a program.

Abstract: Digital certificates are generated for devices by a Certificate Authority (CA), which communicates with devices via another entity—registration authority (RA)—so that the CA and RA cannot associate certificates with devices. Each certificate is associated with a public signature key, and with a public encryption key used by CA to encrypt the certificate to hide it from the RA. Both keys are derived by CA from a single key. For example, the signature key can be derived from the public encryption key rather than generated independently. However, high security is obtained even when the CA does not sign the encrypted certificate. Reduced bandwidth and computational costs are obtained as a result. Other embodiments are also provided.

Abstract: The present invention provides systems and methods for supporting encrypted communications with a medical device, such as an implantable device, through a relay device to a remote server, and may employ cloud computing technologies. An implantable medical device is generally constrained to employ a low power transceiver, which supports short distance digital communications. A relay device, such as a smartphone or WiFi access point, acts as a conduit for the communications to the internet or other network, which need not be private or secure. The medical device supports encrypted secure communications, such as a virtual private network technology. The medical device negotiates a secure channel through a smartphone or router, for example, which provides application support for the communication, but may be isolated from the content.

Abstract: Aspects of the subject disclosure may include, for example, a method that includes providing, by a processing system including a processor, a controller function for a user plane function (UPF) of a communication network; the controller function facilitates automated procedures for authentication, deployment, configuration, testing, and/or controlling availability of the UPF, independent of a source of the UPF. The method also includes providing, by the processing system, an interface to facilitate communication between the controller function and the UPF; the controller function uses the interface to facilitate the procedures. Other embodiments are disclosed.

Abstract: Systems and processes are described for a message service with distributed key caching for server-side encryption. Message requests are received by message handlers of the message service that cache data encryption keys used to encrypt and decrypt messages that are stored to message containers in back end storage. A metadata service obtains the data encryption keys from a key management service, caches the keys locally, and sends the keys to the message handlers upon request, where the keys are cached, again. The key management service may generate the data encryption keys based on a master key (e.g., a client's master key). The message handlers may send both message data encrypted using the data encryption key and an encrypted copy of the data encryption key to be stored together in the data store.

Abstract: An issuing device is configured to: respond to a challenge request by transmitting a challenge; and respond to a certification request including a public key and ownership information thereof by issuing a digital certificate certifying the ownership information. The ownership information includes counterparty identity information relating to a ledger of a distributed database. The digital certificate is issued if it is successfully verified that a valid response to the challenge has been posted to the ledger of the distributed database and is associated therein with the counterparty identity information of the certification request. The digital certificate facilitates proofing that an owner of a public key is a given counterparty to a blockchain ledger. Also, a corresponding requesting device and corresponding methods and computer program products for issuing and requesting a digital certificate are disclosed.

Abstract: Various embodiments of systems and methods are provided to bind a system identifier that uniquely identifies an information handling system (IHS) to the system platform, so that the identity of the IHS can be cryptographically verified. More specifically, the present disclosure provides methods to bind a unique system identifier to an IHS platform, and methods to cryptographically verify the identity of the IHS using the unique system identifier and a plurality of keys generated and stored with a Trusted Platform Module (TPM) of the IHS. Systems are provided herein to perform such methods. As such, the systems and methods disclosed herein enable system identity to be irrefutably verified, thereby preventing theft and misuse of system identity.

Abstract: An information processing method is executed by a processor of an apparatus, and includes a step of generating a public key of the apparatus based on a private key of the apparatus (S2), a step of generating a hash value based on the public key and a predetermined hash function (S3), and a step of determining an IP address of the apparatus based on the hash value (S6).

Abstract: According to a first aspect of the disclosure, there is provided a method of accessing data from one or more destination transactions stored on a blockchain, wherein the method comprises selecting one or more hyperlinks linking to the destination transaction(s). According to a second aspect of the disclosure, there is provided a request-response protocol for requesting access to data from a destination transaction.

Abstract: Systems and methods are disclosed including techniques for rendering a 360-degree media content. Techniques disclosed include receiving a 360-degree media content and associated metadata that include a classification of a first spatial region from the received content. Techniques disclosed further include determining that a detected user movement is associated with a rendering of the first spatial region and determining whether the classification associated with the first spatial region complies with a stored user preference. If the classification violates the user preference, a path for gradually shifting the content rendering from a currently rendered spatial region to a spatial region that complies with the user preference is determined, and the received content is rendered according to the determined path.

Abstract: A network device may select a first user plane function for establishing, with a user equipment, a protocol data unit session with a single flow and may receive an application function trigger associated with a first new flow for a first application of the user equipment. The network device may select a second user plane function for the first new flow and may create a first traffic filter for the first new flow. The network device may cause the first traffic filter to be provided to the user equipment so that first application traffic is routed, based on the first traffic filter, to the second user plane function and a first multi-access edge computing device associated with the second user plane function.

Abstract: A device is configured to receive, from a controller, an instruction requesting data for the device and determine a comparison result value based on a comparison of the data for the device and a reference value. The device is further configured to determine whether to respond to the instruction based on the comparison result value and, in response to a determination to respond to the instruction, output, to the controller, the comparison result value, wherein, to output the comparison result value, the device is configured to refrain from outputting the data for the device.

Abstract: A vehicle-to-everything terminal provides a vehicle-to-everything server with a security credential that can prove an identity of the vehicle-to-everything terminal, and requests the vehicle-to-everything server to apply for a certificate for the vehicle-to-everything terminal. The security credential may be a token preconfigured in the vehicle-to-everything terminal, or may be a digital signature of the vehicle. The vehicle-to-everything server performs identity verification on the vehicle-to-everything terminal based on the security credential. After the verification succeeds, the vehicle-to-everything server selects a proper certificate server to apply for a certificate for the vehicle-to-everything terminal.

Abstract: A method for collecting data from a group of entitled members. The method may include receiving, by a collection unit, a message and a message signature; validating, by the collection unit, whether the message was received from any of the entitled members of the group, without identifying the entitled member that sent the message; wherein the validating comprises applying a second plurality of mathematical operations on a first group of secrets, a second group of secrets, and a first part of the message signature; and rejecting, by the collection unit, the message when validating that the message was not received from any entitled member of the group.

Abstract: The present disclosure describes techniques that facilitate the encryption of data communications between a home and VPLMN, along with the verification of a content and origin of encrypted messages at each end of a data communication. In one non-limiting example, the process of verifying the content and origin of an encrypted message is facilitated partly by an exchange of network public keys between the HPLMN and VPLMNs. In another example, a network certificate aggregator (NCA) may act as a certificate authority (CA) by verifying the identities of interacting home and VPLMNs. The NCA may facilitate and exchange public keys between a home and VPLMN, whereby the HPLMN and VPLMNs need only trust and verify an identity of the NCA. Alternatively, the NCA may act as a conduit for data communications between the HPLMN and VPLMN.