Abstract: An anonymous credential authentication system receives an anonymous credential signature value indicating that setting proposition information using a credential is satisfied from a user device that has been issued the credential combined with multiple pieces of attribute information constituting personal information, generates signer authentication information that confirms a signer of the anonymous credential signature value using an opening key, and outputs the signer authentication information.

Abstract: Systems and methods are provided to allow a smart phone or any terminal to activate a lock using a web site or server computer system. An access control system is provided that includes a server and an access device. The access device includes a processor and a communication module. The process has control of a lock and is able to receive a reservation certificate presented by a portable terminal through the communication module. The processor activates the lock when a current reservation certificate has been presented.

Abstract: A consumer of a software module issues a module certificate that enables a testing entity to automatically validate a software module from a producer of the software module. The consumer receives a request for a module certificate from the producer of the software module. The request indicates attributes of the software module. The consumer determines whether the attributes of the software module are within predetermined limits, and if the attributes are within predetermined limits, the consumer generates and signs the module certificate including the attributes of the software module. The consumer issues the module certificate to the producer of the software module. Once the consumer obtains a software package including the software module and the module certificate from the producer, the consumer directs a testing entity to validate the software module with the module certificate.

Abstract: A computer-implemented method, a system, and a computer program product for renewing a digital certificate. According to an embodiment of the present invention, the computer-implemented method comprises copying a digital certificate, from a first computer, onto a second computer, and requesting, from the second computer, renewal of the digital certificate by a certificate authority. The method further comprises loading a renewed digital certificate from the certificate authority, and saving the renewed digital certificate on the second computer. The renewed digital certificate is checked, on the second computer, for specified conditions, and the renewed digital certificate is copied from the second computer onto the first computer.

Abstract: Described herein is a system and method for validating media integrity using asymmetric key cryptography utilizing a public/private cryptographic key pair. The private key is kept secret and is known to an originator and/or publisher of a media file. The public key is added to the media file and is used to validate integrity of the media file, that is, that content of the media file (e.g., portion(s), frame(s)) has not been altered since publication of the media file. By validating integrity of the media file, strong proof that the media file came from an owner of the keypair (e.g., had possession of the private key) can be obtained, for example, resolving issues of trust and/or authenticity common in altered content. In some embodiments, information regarding an origin of the content can further be determined.

Abstract: During provisioning of a biometric device, a hardware root of trust is established between the biometric device and a server. The biometric device includes a cryptographic processor with a first encryption key stored in secure storage. The first encryption key is used to establish a mutually authenticated communication channel with the server. A set of additional encryption keys between the device and the server are established via the communication channel. Biometric data generated by the biometric device is encrypted using the additional keys and digitally signed. The server receives the encrypted and signed data via the communication channel and verifies the signature. Once the signature is verified, the biometric data is then decrypted. The server then processes the decrypted biometric data. Data that does not arrive via the communication channel, that fails the verification, or that fails decryption is deleted or disregarded.

Abstract: An information processing apparatus is provided. The apparatus performs operations comprising searching for devices connected to a network; displaying a screen for selecting a device to be used from among devices discovered through the search; when the device selected through the screen is a device which can perform encrypted communication and for which a result of processing for verifying a certificate received from the device is a failure, inquiring with a user as to whether to allow or reject communication with that device; and obtaining information of the selected device by communicating with the device when a user operation for allowing the communication has been made in response to the inquiring, and performing control for not establishing encrypted communication with the selected device when a user operation for rejecting the communication has been made.

Abstract: Embodiments of the present application relate to a method, apparatus, and system for verifying an identity of a user. The method includes receiving a preset key that is associated with a key carrier that is a physical object, storing the preset key in a database storing mappings between a plurality of preset keys and a plurality of users, receiving a verification key in connection with an identity verification of a user, retrieving the preset key associated with the user from the database, determining whether the verification key matches the preset key associated with the user, and causing a determination of whether the key carrier is authentic.

Abstract: A public key infrastructure (PKI) ecosystem includes a first organization computer system having a first processor, a first memory, and a first organization process including instructions that are (i) encoded in the first memory, and (ii) executable by the first processor. The ecosystem further includes a second organization computer system having a second processor and a second memory, a digital ledger, and domain name system security extensions (DNSSEC). When executed, the first instructions cause the first processor to create at least one public/private PKI keypair for a first domain name, in the DNSSEC, register the first domain name and create a certificate authority (CA), register the CA in the blockchain, using the CA, create a certificate for a first entity, register the certificate in the blockchain and/or the DNSSEC, and assert, to the second organization computer system, trust in the first entity based on the registered certificate.

Abstract: A method, a system, and a computer program product for validating a transaction. A received request to validate a transaction in accordance with one or more validation rules in a plurality of validation rules is executed. Based on the executed validation request, a validation certificate associated with the transaction is generated. Validity of the validation certificate is determined. The transaction is stored on a blockchain network upon determining that the validation certificate is valid. Storage of the transaction on the blockchain network is prevented upon determination that the validation certificate is invalid.

Abstract: Embodiments of the present invention provide a method, program, and apparatus that may identify a device by using a virtual code generated based on a unique value of a chip inside a device without a separate procedure for identifying the device. Furthermore, embodiments of the present invention provide a method, program, and apparatus that may generate a virtual code, which is not matched with any other code, whenever a code for identifying a device is requested. Moreover, embodiments of the present invention provide a method, program, and apparatus for identifying a device that may add and use only an algorithm without changing a conventional process.

Abstract: A system for implementing mixed protocol certificates, the system includes a subject device designed and configured to receive, from an issuing device, a first digital certificate, wherein the first digital certificate further comprises a first digital signature public and private key pair according to a first digital signature protocol and a second digital signature public key according to a second digital signature protocol, wherein the second digital signature protocol is distinct from the first digital signature protocol, to generate a second digital certificate, wherein generating the second digital certificate comprises generating a subject digital signature signing the certificate, the subject digital signature generated as a function of the second digital signature protocol and to provide the first digital certificate and the second digital certificate to a verifying device.

Abstract: This is a system and method for homomorphic encryption comprising: a key generation module configured to generate a secret key, a public key and a bootstrapping key; a private-key encryption module configured to generate a first ciphertext using the secret key; a public-key encryption module configured to generate a second cyphertext using the public key; a private-key decoding module configured to decode a first ciphertext, a second ciphertext and an encrypted analytic result; a homomorphic computational module configured to perform an analytical operation, according to an analytical operation request on the first ciphertext and the second ciphertext without decrypting the first ciphertext and the second ciphertext using the bootstrapping key; and, wherein the encrypted analytical result is provided by the homomorphic computational module and are encrypted with the secret key.

Abstract: Systems and methods are provided to allow a smart phone or any terminal to activate a door lock using a web site or server computer system. An access control system is provided that includes a server and an access device. The access device includes a processor and a communication module. The process has control of a door lock and is able to receive a reservation certificate presented by a portable terminal through the communication module. The processor activates the door lock when a current reservation certificate has been presented.

Abstract: A file verification method, a file verification system and a file verification server are provided. The file verification method includes the following steps. A tree data structure is established according to a plurality of first hash values of a plurality of first electronic files. A first root hash value of the tree data structure is stored into a block of a blockchain. A verification data including block information of the block, one of the first hash values and at least one non-terminal hash value of the tree data structure is generated for one of the first electronic files. A second electronic file is verified according to the verification data.

Abstract: The aim of the invention is to strengthen the security of secure voice and/or video communications established through a network of Internet type. The security of these communications, which are based on the use of the SRTP protocol, is strengthened by the invention which makes it possible, without significantly modifying the protocols, to use better quality session keys produced by a security server of HSM type. These keys are configured by an intermediate server of SIP proxy type when establishing the communication.

Abstract: Systems and methods for provisioning and operating a primary security device in a verifiable end-to-end election system are presented herein. The security device serves as a root of trust for chains of certificates that are deployed and utilized throughout the election process. These chains of certificates, originating with the device, which acts as an intermediate certification authority, are used to create a verifiable trust chain throughout the different parts of the election process, the trust chain being traceable back to the device and to the original root of trust certificate. In various embodiments the security device includes a compute module, a security chip, a connection to a human interface display device, at least one lockable transfer device port, and an air-gapped main board to house the compute module, the security chip, and the lockable transfer device port.

Abstract: A home energy management system (HEMS) controller certifies a plurality of devices participating in an HEMS network. When a request for re-certification is issued to a given device among the plurality of devices and when a response is not available from the device, the HEMS controller suspends a re-certification process for the device and performs a re-certification process for another device first.

Abstract: Embodiments of the present disclosure generally relate to systems, devices, and methods wherein dynamically generated symmetric keys are used for encryption and decryption of software updates for vehicles. The symmetric keys are dynamically generated using a combination of information that ties a given symmetric key to a specific combination of a vehicle and the devices installed therein. The dynamic generation of the symmetric keys also uses a piece of random data generated by an intermediary server, which allows the intermediary server to validate devices before providing the piece of random data and thereby control access to the software updates. Use of the techniques disclosed herein provide heightened security, control, safety, and reliability for over-the-air software updates for vehicles.

Abstract: Embodiments described herein provide systems and methods to prevent, or provide a countermeasure, to a co-existence attack, for example, that may occur in a Security Credential Management System (SCMS) where both regular butterfly key (RBK) protocol and unified butterfly key (UBK) protocol are supported. Embodiments described herein provide, support, employ, or implement hardware acceleration for a Hardware Security Module (HSM), for example, for cryptographic operations (e.g., block ciphers, digital signature schemes, and key exchange protocols).

Abstract: Automated registration of one or more IoT devices seeking connection to one or more IoT platforms using a secure provisioning service. The secured provisioning service verifies and administers connection credentials to each IoT device, ensuring legitimate devices cannot be impersonated or controlled by unauthorized personnel. The provisioning service matches the IoT devices and metadata of each IoT device to the provisioning rules. Connection credentials and/or rules defining each IoT device's access to IoT platforms are based on the provisioning rules of the rules registry. Matching each IoT device to one or more provisioning rules offers flexibility to dynamically add, delete or amend one or more rules in a complex rules-based system, allowing for automatic updates to the connection credentials of each IoT device, wherein each IoT device can be provisioned or re-provisioned using the most up to date set of new or amended rules.

Abstract: Techniques and systems are disclosed to enable location verification and tracking, for use or access of a geographic-specific phone number or similar location feature of a communications service by a mobile computing device at (or within) a geographic location or defined area. In an example, verification of a use of the device at the location or area is enabled by the receipt and collection of location verification data for a token having location verification and time data, with such location verification data being communicated via a short-range wireless network. The verification is enabled by communication of the token to a communications service for device identification and location registration, and assess to a resource based on registered use of the communications device at the geographic location. In further examples, capabilities for security, verification, and auditing of location information is enabled with use of the token and location information.

Abstract: A device, method, and computer readable storage medium generate a biometric public key for an individual based on both the individual's biometric data and a secret, in a manner that verifiably characterizes both while tending to prevent recovery of either by anyone other than the individual. The biometric public key may be later used to authenticate a subject purporting to be the individual, using a computing facility that need not rely on a hardware root of trust. Such biometric public keys may be distributed without compromising the individual's biometric data, and may be used to provide authentication in addition to, or in lieu of, passwords or cryptographic tokens. Various use cases are disclosed, including: enrollment, authentication, establishing and using a secure communications channel, and cryptographically signing a message.

Abstract: In an aspect of the disclosure, a method, a computer-readable medium, and an apparatus are provided. In certain configurations, the apparatus may connect to a mesh network that includes at least the first device and a second device. The apparatus may communicate with the second device without obtaining one or more access credentials from the second device.

Abstract: A system (100) for providing a user device (102) access to a resource or data is disclosed. The system (100) comprises: the user device (102) comprising: a light detector (104) configured to detect light (130) emitted by a light source (122), which light (130) comprises an embedded code comprising a light source identifier of the light source (122), a communication unit (108) configured to communicate with a network device (112), a processor (106) configured to retrieve the light source identifier from the light (130), and to communicate the light source identifier to the network device (112).

Abstract: A method, in a provisioning server, of provisioning a printer, includes: receiving a provisioning request from the printer, the provisioning request containing (i) a printer identifier, and (ii) an account identifier associated with the printer; obtaining, from a digital certificate issuer, a unique string; sending the unique string to the printer; receiving from the printer, in response to sending the unique string, a certificate signing request containing (i) the printer identifier, (ii) the account identifier, and (iii) an authentication token including the unique string signed with a private key of the printer; validating the certificate signing request; passing the validated certificate signing request to the digital certificate issuer; receiving, from the digital certificate issuer, a digital certificate encoding the printer identifier and the account identifier; and providing the digital certificate to the printer for storage.

Abstract: Server Name Indication (SNI) hostname extraction to populate a reverse Domain Name System (DNS) listing to protect against potentially malicious domains. In some embodiments, a method may include detecting a Transport Layer Security (TLS) handshake between a first client application and a first server application, extracting an SNI hostname and an Internet Protocol (IP) address from the TLS handshake, populating the reverse DNS listing with the SNI hostname as a domain paired with the IP address, detecting communication between a second client application and the IP address, accessing the reverse DNS listing to determine the domain paired with the IP address, determining that the domain is a potentially malicious domain, and in response to determining that the domain is a potentially malicious domain, performing a remedial action to protect against the potentially malicious domain.

Abstract: Trusted agents operating within a trusted execution environment (TEE) of a client computing device are configured with complex computational puzzles (e.g., hash functions or other proof of work puzzles) for a remote service to solve before the trusted agent executes an operation. The trusted agent may have a policy that the puzzle is associated with, in which the policy defines a statistically defined time period over which puzzles are solved. The statistically defined time period is effectuated through parameters which control a complexity of the puzzle. Malware or bad actors that attempt to misuse the trusted agent are throttled until the remote service solves the puzzle, which is configured with a level of complexity that takes the statistically defined time period.

Abstract: The present disclosure provides systems and methods for improving provision of secret data on programmable devices. An appliance receives physical unclonable function (PUF) data pertaining to an integrated circuit. Secret data is provided to the appliance from a secret vault. Public and private PUF keys are derived based upon the PUF data. Further, ephemeral public and private keys are derived by the appliance. The public and private PUF keys, along with the ephemeral public and private keys are used to establish a secure channel for programming the secret data on the programmable device.

Abstract: In an embodiment, a computing resource service provider provides a certificate management service that allows customers of the computing resource service provider to create, distribute, manage, and revoke digital certificates issued by private certificate authorities. In an embodiment, a private certificate authority hosted by the computing resource service provider is able to issue signed certificates to network entities within the customer enterprise. In an embodiment, the certificate management service provides a network-accessible application programming interface to the private certificate authority that allows applications to create and deploy private certificates programmatically. In an embodiment, the system provides the flexibility to create private certificates for applications that require custom certificate lifetimes or resource names.

Abstract: An enhanced certificate authority system and method allows for the enhanced security, validation and Multi-Factor Authentication of user's within a digital signature and transaction system through the creation and management of a user's Digital Identity certificate so that through an enhanced certificate authority a user's identity and bona fides may be both protected and established across a diversity of electronic devices and transactions.

Abstract: Systems, methods, and other embodiments described herein relate to securing personally identifiable information associated with riding in a vehicle. In one embodiment, a method includes, in response to receiving, in a mobile device from the vehicle, telematics data about a current trip of the vehicle, securing the telematics data according to at least a mobile cryptographic key associated with the mobile device to provide the telematics data as secured data that is obfuscated. The method includes generating, by the mobile device, a secure packet including at least the secured data and a signature from the vehicle associated with the secured data. The method includes communicating, by the mobile device, the secure packet to a remote computing device to cause the remote computing device to securely store the secured data without identifying a user associated with the mobile device.

Abstract: A song may be matched with information in a song categorization database so that one or more categories associated with the song are identified. Specifically, a method and system for associating one or more advertising categories with a song includes receiving a set of child categories and receiving a wordnet graph. Synsets from the wordnet graph are assigned to function as activators for one or more categories. Next, a set of parent categories relative to the child categories are received. One or more scores are assigned to the parent categories based on their relationships to the child categories. Synsets from a work, such as a song lyric, are compared to the wordnet graph. Relevant child categories are identified based on synsets which match one or more activators. Matching activators are found by using only hypernym relationships between a synset from a work and an activator.

Abstract: Various systems and methods are provided for propagating information throughout a data center or other network environment. For instance, in certain embodiments, the functionality disclosed herein includes determines propagation rules, and then either stores and/or propagates those rules throughout the datacenter or other network environment. Propagation rules define various conditions or other variables that govern propagation of information throughout a system, such as those systems described herein. The propagation rules can then be used to perform various other functionality. For instance, the functionality described herein can be used to process updates to entities. The functionality described herein can also be used to process updates to propagation metadata. Additionally, the functionality described herein can be used to process the creation of new relationships. The functionality described herein can also be used to process the deletion of objects and/or relationships.

Abstract: One example provides a method for authenticating a computing device received from a manufacturer, the method including establishing a secured connection with the computing device, receiving, from the computing device, a first set of security artifacts, and retrieving, from a secure cloud storage location, a second set of security artifacts, the second set of security artifacts including the EK public key and the PCR values for the computing device obtained during manufacturing. The method further comprises, when the first set of security artifacts matches the second set of security artifacts, then verifying the computing device as trusted and permitting communication between the computing device and a secured computing environment, and when the first set of security artifacts does not match the second set of security artifacts, then not verifying the computing device as trusted and not permitting communication between the computing device and the secured computing environment.

Abstract: Verification of the identities of parties participating in network-based communication, such as telephone communication, including SMS/text communication, email communication and the like is provided. Communication identifiers (IDs) (e.g., telephone numbers, email addresses or the like) are verified as being associated with one or more communication parties and, in response, a verified communication (ID) database is established. The verified communication ID database is relied upon when a user/communication is selecting a communication ID as an address for an impending communication or receiving a communication for determining whether the communication ID is verifiably associated with a known communication party. If the communication ID is determined to be verifiably associated with a known communication party, a visual or audible output may be provided on the user's device or within the communication that indicates that the communication ID is verifiably associated with the known communication party.

Abstract: The invention relates to a method for linking a terminal (1) into a region (4a) of an interconnectable computer infrastructure (2) which is designed for a plurality of users (6, 6a), said region being allocated to a user (6a). A user certificate (12a) is generated for the region (4a) allocated to the user (6a) and is provided to the user (6a) and/or the interconnectable computer infrastructure (2). A terminal certificate (16a) which is compatible with the user certificate (12a) is generated, and the terminal certificate (16a) is entered into the terminal (1). The terminal (1) is registered in the interconnectable computer infrastructure (2) via a data connection (20), wherein the terminal certificate (16a) and/or a password which is encrypted using the terminal certificate (16a) is transmitted from the terminal (1) to the interconnectable computer infrastructure (2) via the data connection (20) for the registration process.

Abstract: Methods, systems, and apparatus for providing secure communication. The device includes a trusted environment having a memory that is configured to store an application. The device includes one or more processors configured to perform operations of the application that execute within the trusted environment. The operations include sending an access request to connect with a second device, receiving an authentication request from the second device that requests the application to provide a zero-knowledge password proof and obtaining the zero-knowledge password proof. The operations also include sending the zero-knowledge password proof to the second device and establishing a communication channel with the second device.

Abstract: Methods and systems relating incentivizing a data provider to participate in a match making protocol between a business (second entity) to a user (first entity) are shown. Encryption techniques maintain the secrecy of the data providers data such as proprietary analytics of user information such that the data is need not be shared with users or businesses. Businesses can verify that the user has desired properties without learning the actual raw data owned by the data provider. Users initiate data sharing by explicit request but do not learn the actual raw data known to the data provider, only whether or not they satisfy the properties of interest. The data provider is incentivized because the business compensates the data provider for access to proofs of properties about user data.

Abstract: A recording device may record information continuously. Particular events which occur during recording may be of interest for review (e.g. audit, inspection). Events may be audited to ensure that the data gathered is not tampered with or corrupted and to provably establish an evidence chain of custody. Metadata may mark recorded data of an event, in whole or in part, for later review. Metadata may be identified as an audit tag which may identify particular occurrences during an event. An audit tag may be urgent or non-urgent. Notice of an urgent audit tag may be sent to a server prior to sending the recorded data associated with the audit tag. Recorded data may be cryptographically signed to protect the recorded data from tampering.

Abstract: A method for registering and provisioning an electronic device is provided. The method includes a step of inserting a first keypair into a secure element of the electronic device. The first keypair includes a public key and a private key. The method further includes a step of requesting, from a server configured to register and provision connected devices, a provisioning of credentials of the electronic device. The method further includes a step of verifying, by the server, the electronic device credentials. The method further includes a step of registering, by the server, the electronic device. The method further includes a step of transmitting, from the server to the electronic device, a device certificate. The method further includes steps of installing the transmitted device certificate within the secure element of the electronic device, and provisioning the electronic device according to the installed device certificate.

Abstract: A communication device capable of performing encrypted communication with other communication device with use of a common key, obtains, from the other communication device, a certificate including a public key and identification information on the other communication device, verifies validity of the certificate on a basis of the identification information on the other communication device included in the certificate, and transmits the common key encrypted by the public key to the other communication device to perform the encrypted communication in a case where the certificate is valid as a result of the verification.

Abstract: A method of communication, within a processing system of a gas turbine engine, between a first electronic component and a second electronic component, comprising: generating by the first electronic component, a request, comprising a digital certificate, intern comprising a first host public key and a first client public key, signed with a first host private key, to initiate a trusted communication session with a second electronic component; encrypting at the first electronic component, at least a portion of the request with a first client private key; transmitting the request to the second electronic component; the first host private key and the first host public key defining a first asymmetric keypair and the first client private key and the first client public key defining a second asymmetric keypair.

Abstract: Embodiments herein describe providing a certificate signed by a local CA to an unauthenticated server rather than obtaining a certificated signed by a third-party CA. A server that already has a certificate that was signed by a third-party CA may want to establish secure connection with an unauthenticated server which does not have a signed certificate. The unauthenticated server needs a certificate signed by a CA trusted by the server that already has a signed certificate (referred to herein as the authenticated server). To do so, the unauthenticated server sends login credentials to the authenticated server so that this server knows it can trust the unauthenticated server. In turn, the authenticated server can send its signed certificate to the unauthenticated server so it can verify the authenticated server. Once verified, the authenticated server generates a signed certificate for the unauthenticated server using a local CA.

Abstract: Systems and methods relating to an extension of a group signature scheme certificate that allows group users to conduct anonymous transactions in public, with the ability to subsequently audit and confirm signer identity. Auditing and confirmatory functions may include group signature openers that are configured to reveal the identity of a signer that is a member of a group by their signature. Auditing and confirmatory functions may also include group signature linkers that are configured to link two signatures to the same signer using a linking key or linking base.

Abstract: A method for re-provisioning a user equipment (UE, 140) after a first digital security certificate for the UE (140) has expired includes communicating content data to a controller (130) over a first secure communication channel after verification of a validity of a first digital security certificate. Once it is realized the first digital security certificate has expired, the UE (140) sends a certificate provisioning request message over an unsecure channel to the controller (130) as a request to the controller (130) to provision a second digital security certificate. The UE (140) signs the certificate provisioning request message with the private key for the now expired first digital security certificate. A second digital security certificate is signed by the rescue-secret private key at the controller (130) and sent to the UE (140), which verifies its authenticity with the corresponding rescue-secret public key.

Abstract: Systems and methods related to a VPN controller are provided. In some embodiments, a first VPN controller is configured to establish a VPN tunnel with a client endpoint, wherein the VPN tunnel is established using an authentication process of the client endpoint, route a L2 request to a second VPN controller via an established communication tunnel between the first VPN controller and the second VPN controller by identifying a Generic Routing Encapsulation (GRE) header of the L2 request and based on the GRE header of the L2 request, directing the L2 request to a responsive L2 device accessible by the second VPN controller, receive an encapsulated L2 response from the second VPN controller identifying acceptance of the L2 request, and enable an electronic communication between the client endpoint and the responsive L2 device at least via the VPN tunnel between the client endpoint and the first VPN controller.

Abstract: Disclosed are various approaches for encrypting documents using mobile devices. A first application receives, from a second application a file and an identifier of a user account. The first application then sends a request for a certificate to a certificate authority and receives a certificate in response. The file is then encrypted using the certificate, and the encrypted file is returned to the second application. The second application can identify the user account as the recipient of a file. Then, the second application can send an encryption request that includes the identifier of the user account and the file to the first application. In response to the request, the second application receives the encrypted file and then provides the encrypted file to the recipient.

Abstract: The present disclosure includes apparatuses, methods, and systems for verifying a vehicular identity. An example includes a processing resource, memory, and a vehicular communication component configured to verify an identity of the particular vehicle using a public key, wherein the public key is received in response to a departure of the particular vehicle, and request, in response to verifying the identity of the particular vehicle, data corresponding to information associated with the departure of the particular vehicle.

Abstract: A method and system for associating a unique device identifier with a potential security threat are described. In a method conducted at a remotely accessible server, a unique device identifier is received from a computing device. The unique device identifier is associated with a record and is usable in identifying the computing device. An interaction data element is received from the computing device. The received interaction data element is validated including confirming that the received interaction data element matches an expected interaction data element associated with the record. Based on determining that the received interaction data element is not valid, the record is updated to associate the unique device identifier with a potential security threat. The interaction data element is updated periodically according to a sequence. The expected interaction data element changes based on the sequence.