Abstract: Systems and methods are provided utilizing a consensus protocol that assesses a trust factor of one or more nodes, and which executes a block creation process by selecting and assigning trusted nodes, based on the trust factor assessment.

Abstract: A method for securely receiving a multimedia content by a client device operated by one or more operator(s) involving a dedicated provisioning server of a security provider managing symmetric secrets used by the client devices and operators license servers. The provisioning server provides to the client device one or more generations of operator specific unique device secrets, which are then exploited by the various operators' license servers to deliver licenses such that authorized client devices can consume protected multimedia contents.

Abstract: A service providing apparatus includes: a communicator configured to communicate with an electronic product, a user terminal, and a manufacturing server. The service providing apparatus further includes a controller that is configured to generate data to be transmitted to a service provider to enable the service provider to perform a service on the electronic product, where the data is generated based on product identification information that is associated with the electronic product and that is determined based on communicator identification information of the electronic product received from the user terminal through the communicator.

Abstract: A method of controlling access to a network includes receiving, from a node, a request to access the network. A challenge is sent to the node, the challenge configured to elicit a node fingerprint from the node. The node fingerprint is based on the challenge and on unique characteristic data of a physically unclonable function (PUF), at the node. An expected fingerprint is generated for the node based on the challenge and on characteristic data information associated with the unique characteristic data of the PUF. The characteristic data information is accessed from a location that is independent of and separate from the node. The node is authenticated to the network, to allow the node to access to the network, if the received node fingerprint matches the expected fingerprint. The first node is denied any access to the network if the received node fingerprint does not match the expected fingerprint.

Abstract: Various techniques for facilitating communication with and across a clinical environment and a cloud environment are described. For example, a method for authenticating a network device residing in the clinical environment using a token is described. An authentication proxy in the cloud environment can receive a request from a connectivity adapter in the clinical environment and retrieve a security token from an authentication system in the cloud. The connectivity adapter can use the security token to send signed requests to the authentication system.

Abstract: Methods and systems for rules-based data access are described. In some embodiments, a request for access to customer data by a requesting entity is received; the data is categorized; the person's preferences with respect to allowing access to data are compiled; a requesting entity is determined; and the providing entity that collected each requested data item is determined. Data shareability rules are evaluated based on the policies that regulate the access of the customer data and the requesting entity, and the customer data is provided to the requesting entity according to the evaluation.

Abstract: A machine has a network interface circuit to provide connectivity to networked machines. A processor is connected to the network interface circuit. A memory is connected to the processor and the network interface circuit. The memory stores instructions executed by the processor to record the purchase of a digital asset by a user at a client machine from a data source machine in network communication with the client machine. The location of the digital asset on one or more machines of the networked machines is archived. The location is separate from the data source machine. The digital asset is associated with a data access policy. A request for the digital asset is received. The data access policy is enforced through programmatic control utilized by one or more of the networked machines to form a consent state. Distribution of the digital asset to a networked machine is authorized in response to the consent state.

Abstract: A method for selective data ingestion into an exchange platform for verified credentials includes receiving credential data associated with first users (participants) in native file formats. For each participant, the received credential data is converted into a first participant credential set (PCS) according to a markup language format and having a source-independent data structure, and the first PCS is transformed into a second PCS having a data structure resolvable against a host template comprising a data set of minimum requirements. The second PCS for the respective participant is discarded if it fails to conform after being resolved against the host template, or otherwise cryptographically hashed and instantiated as a searchable object in an underlying persistence layer. A query is receiving from a second user (buyer), the query comprising search parameters, wherein each of the qualifying second PCS from the participants are further programmatically reviewed against the query.

Abstract: A device can (i) store public keys Ss and Sn for a network and (ii) record private key sd. A network can record a corresponding private keys ss and sn. The device can (i) generate a device ephemeral PKI key pair (Ed, ed) and (ii) send public key Ed to the network. The device can receive an ephemeral public key Es from the network. The device can calculate values for A: an elliptic curve point addition over Ss, Sn, and Es, and B: (sd+ed)mod n. The device can input values for X and Y into an elliptic curve Diffie Hellman key exchange (ECDH) in order to determine a mutually derived shared secret X5, where the network can also derive shared secret X5. The device can (i) use X5 to derive a key K2 and (ii) decrypt a ciphertext from the network using key K2.

Abstract: A method for private wireless communication from a broadcaster to an observer, including determining a maximum time error between broadcaster and observer and defining a time unit T exceeding the maximum time error, and sharing a secret s with the broadcaster and the observer. At the broadcaster, the method includes transmitting a message containing a security code c, and at the observer, receiving the message and assessing its genuineness by comparing the security code c with a value h(s, t120) of a predefined function h for a combination of the secret s and a current epoch t120, wherein the current epoch is an integer multiple of the time unit T.

Abstract: A method includes receiving, at a broker processor and from a prover processor, a user request, a user token, and a user cryptographic zero-knowledge proof associated with a user characteristic. The method also includes receiving, at the broker processor, from a service processor, and based on the user request, a requirements specification and the user token. The method also includes generating, via the broker processor, a broker cryptographic zero-knowledge proof based on the requirements specification and the user cryptographic zero-knowledge proof. The method also includes transmitting, via the broker processor and to the service processor, the broker cryptographic zero-knowledge proof to cause the service processor to fulfill the user request.

Abstract: A method performed by a node of a blockchain network, comprising: accessing the locking script from a first transaction on the blockchain; receiving a second transaction not yet on-chain, the second transaction comprising an unlocking script; extracting from the first transaction or another transaction on the blockchain, a portion of code formulated in a second language other than a first language used for the locking and unlocking scripts; running the extracted portion of code in the second language, wherein as a result thereof the code generates at least one value; writing this value to a storage location readable by the locking script; and running the locking script together with the unlocking script in order to validate the second transaction, wherein the unlocking script is configured to read the first value from said storage location, and a condition for validation according to the locking script is dependent on the first value.

Abstract: A host device may include an interconnect, a host memory, and a set of processor cores. A processor core may execute a VM assigned to a cryptographic key and may send a request to access a physical address in the host memory toward the interconnect. An enforcer device may receive the request and extract a key identifier from the request. The enforcer device may determine whether to allow the request to access the physical address via the interconnect based on the key identifier and a list of allowed keys stored on the enforcer device. If the enforcer device determines to not allow the request to access, the enforcer device may modify the physical address and/or the key identifier of the request.

Abstract: A system, method, and computer-readable medium are disclosed for detecting malicious entity behavior and providing accurate indicator of behaviors indicating occurrence of malicious behavior. Data input as to the entity behavior is received and monitored from different sources. The entity behavior is monitored over time at time periods. Detection probability is determined at each time period, where the detection probability relates to malicious behavior and increases over time. A trigger indicator of behavior is provided if the detection probability reaches a threshold value.

Abstract: Introduced herein is a computer-implemented system for creating a digital twin of an electrical system using auto-discovery techniques. The system receives power data from meters in an electrical system. For each meter, the system captures a power profile related to a component connected to the meter and creates a set of delta data representing change in power over time. The system detects correlated changes by comparing the sets of delta data and generates a system dataset by combining the sets of delta data. The system detects echoes of power fluctuations of the electrical system from the system dataset and creates a digital twin of the electrical system.

Abstract: This document describes systems and techniques enabling the secure registration of an agent such that the agent has secure and trusted access to its specific tenant and specific resources in a multi-region, multi-tenant, multi-cell SaaS platform. The systems and techniques use a secure and robust agent registration process to enable the creation of a unique security profile for each specific agent to enable access only to its specific tenant and specific resources that the agent uses to communicate with the SaaS platform to carry out jobs. The systems and techniques result in a registration process that is scalable for thousands or millions of agents in an environment having segregated SaaS platform cells.

Abstract: Methods and systems are disclosed for automatically managing multiple types of applications, electronic forms, electronic forms data instances, network services and, network services. The methods and systems allow organizations with a mobile workforce that relies on established business processes to execute timely and secure exchange of information while providing easy to use, fast, accurate and flexible information capture capability in the field. These organizations and/or third-party providers may optimize the design of mobile applications to better match existing corporate processes and forms in order to reflect existing business needs, preferred graphical user interfaces, processes and experiences on the mobile devices.

Abstract: Methods, systems, and computer-readable media for a certificate management system with forced certificate renewal are disclosed. The certificate management system may receive a request to renew a digital certificate. The request may be received at a selected time prior to an automatic renewal date for the certificate, and the automatic renewal date may be stored by the certificate management system. The certificate management system may acquire, based at least in part on the request to renew the certificate, a renewed certificate from a certificate authority. The renewed certificate may be obtained prior to the automatic renewal date. The renewed certificate may be exported from the certificate management system and bound to a computing resource (e.g., a server) prior to the automatic renewal date.

Abstract: A vault encryption abstraction framework computing system provides interface functionality to facilitate integration of client applications with vaulting solutions. The vault encryption abstraction framework manages custom authentication and authorization using the vaulting solution application for one or more client applications such as by periodically rotating or renewing any authentication tokens. The vault encryption abstraction framework includes a scheduler to manage timing requirements and to configure the client application to the schedule by setting the renewed token value to an API endpoint (e.g., a function return) and/or a configuration file for access by one or more client applications. This event triggers the client application to update to the latest token value. The vault encryption abstraction framework then triggers the vaulting solution to create and return the new key. The new key is then returned to the client application.

Abstract: An information processing apparatus includes a detection unit configured to detect that a setting value related to a time has been deleted, and a setting unit configured, in a case where deletion of a setting value related to a time has been detected by the detection unit, to newly generate an option corresponding to the deleted setting value and to set the option as a new setting value related to the time.

Abstract: Disclosed are various embodiments for verifying the presentation of media represented by non-fungible tokens (NFTs). A presentation device can receive a smart contract address and a non-fungible token (NFT) identifier from a client device. The presentation device can then execute a function of a smart contract located at the smart contract address to obtain the owner address for the NFT, wherein the NFT identifier is provided as an argument to the function of the smart contract. Subsequently, the presentation device can validate the owner address for the NFT. Then, in response to validation of the owner address for the NFT, the presentation device can present the media file represented by the NFT.

Abstract: Various embodiments include methods and systems for managing a volume of misbehavior reports. In various embodiments, a vehicle processing system may identify one or more misbehavior observations from among a plurality of misbehavior observations made by the vehicle processing system based on one or more volume management criteria for misbehavior report generation, generate a misbehavior report including information about the identified misbehavior observations, and transmit the generated misbehavior report to a network computing device.

Abstract: A system and a method provided for managing and protecting master passwords from technicians/employees requiring access to at least one of the security systems such as an access control, a CCTV/surveillance system, burglar alarm and fire alarm system on a network with no internet access. The method involves creating a ciphered version of a master password i.e., a ciphered password on a password management server, transmitting the ciphered password to a Smartphone application installed on a user's device after authenticating the user. Further, securely transferring the ciphered password to an Intelligent USB Drive via Bluetooth®, by authenticating the USB Drive with the user's device. The USB drive is then connected to the security system via a USB port or GUI interface to access the security system.

Abstract: A method performs a trust review of repositories is provided. A computer system identifies security criteria for the trust review. The computer system applies the security criteria on a repository under evaluation. The computer system determines a recommendation for the repository under evaluation using a comparison of a result of applying the security criteria on the repository under evaluation to a trust baseline for a set of trusted repositories. According to other illustrative embodiments, a trust system and a computer program product for performing a trust review are provided.

Abstract: Systems and methods for using a device wallet identifier are disclosed. In one embodiment, in an information processing apparatus comprising at least one computer processor, a method for generating a device wallet identifier may include: (1) receiving a wallet identifier for an electronic wallet or payment application executed by an electronic device; (2) retrieving an issuer identifier for a customer associated with the electronic wallet or payment application; (3) generating a device wallet identifier; and (4) storing a mapping of the device wallet identifier to the issuer identifier for the customer.

Abstract: A system and method for immutably affixing one or more Unique-Numbers (N1-Nn) associated with one or more users and one or more roles (R1-Rn) associated with each user from the one or more users to a digital artifact (A1), rendering the digital artifact (A1) in a client application (C1), and provisioning the one or more users with role-based access to the digital artifact (A1). The method includes steps for registering a set of users by capturing biometric samples associated with each user from the set of users. Further, the method includes steps for immutably affixing one or more Unique-Numbers (N1-Nn) associated with one or more users and one or more roles (R1-Rn) associated with each user from the one or more users to a digital artifact (A1). Further, the method includes steps for provisioning a target user (U1t) with role-based access to the digital artifact (A1).

Abstract: A technical plant, a system for issuing publicly trusted certificates for plant components of the technical plant, an engineering or control system for the technical plant, and a method for issuing publicly trusted certificates for plant components of the technical plant, wherein a) a certification module of a plant component, which is intended to receive a publicly trusted certificate, queries a component identifier; b) the certification module transmits the component identifier together with a certificate request for a publicly trusted certificate to a registration authority; c) the registration authority checks, based on the component identifier, whether the component belonging to the component identifier is assigned to an authorized person or an authorized company; d) if so, the registration authority requests a publicly trusted certificate for the component; and e) the requested publicly trusted certificate is issued and transmitted to the certification module.

Abstract: A cryptography system comprises a noising engine and a de-noising engine. The noising engine is configured to receive a key pattern, determine a final membership value based on one or more input parameters and a first knowledge base, and generate a noised key pattern based on the key pattern and the final membership value. The de-noising engine is configured to receive the noised key pattern and the final membership value, and generate a de-noised key pattern based on the noised key pattern, the final membership value, and a second knowledge base.

Abstract: Embodiments of the present invention provide a system for facilitating creation, verification, and management of digital resources. The system is configured for receiving a digital content for upload to a distributed register from a user, via a user interface, receiving one or more instructions associated with distribution of the digital content from the user, via the user interface, creating one or more digital resources from the digital content via the user interface based on the one or more instructions received from the user, and storing the one or more digital resources on the distributed register.

Abstract: Methods and systems for a processing architecture that maintains a separate logic pathway corresponding to a first operation type and a second operation type, until a blockchain operation is submitted to the blockchain network using either the first operation type or a second operation type. Following submission of the blockchain operation to the blockchain network, the architecture collapses the parallel logic pathways to a single logical pathway for both types.

Abstract: In response to there being multiple process groups for one application service concurrently, each of the multiple process groups has an independent EBPF resource, and the EBPF resource is used to store information of an FD of each process in each of the multiple process groups. After a UDP message is received, a server is configured to determine a target process group from multiple process groups of a reuseport group according to a quadruple of the UDP message, select a target FD from the FD of each process of the target process group, and receive and transmit data by using the target FD. In this way, since each of the multiple process groups has an independent EBPF resource, the processes belong to different process groups do not preempt the same FD, which ensures that the UDP message is not distributed in disorder.

Abstract: A method for coordinating machines to perform a task includes establishing a plurality of communication channels between a plurality of agricultural machines located in a geographic area. Data pertaining to capabilities of each of the plurality of machines, and location in some cases, is received and a collaborative plan to complete a task using the plurality of machines is determined. At least a portion of the collaborative plan is transmitted to each of the plurality of machines. The collaborative plan can be based on the location and capabilities of each of the plurality of machines. The collaborative plan can include a plurality of operations for each of the plurality of machines to perform.

Abstract: The present disclosure discloses an autonomous vehicle remote control apparatus and a method based on heterogeneous networks. The apparatus comprises a vehicle information acquisition module, a first message sending module, a first message receiving module and a first remote control module. According to the present disclosure, the possibility of failure of remote control is avoided or greatly reduced by bypassing the area where the network quality does not support remote control when planning a vehicle path, heterogeneous network resources are reasonably utilized on the vehicle driving path, the real-time performance of obtaining vehicle-related information by a remote control terminal is improved, and the availability and reliability of remote control and the safety of vehicle driving are effectively enhanced.

Abstract: Devices can be configured to implement distributed ledgers capable of immutably recording ledger entries that have validated version identifiers. The devices can include network interfaces, memory and processors. Processors can be configured to obtain ledger entries including version identifiers and version authenticator values, determine software versions that correspond to version identifiers, determine that version identifiers are valid based on version authenticator values, obtain challenges using cryptographic systems, wherein challenges are based on ledger entries, and/or broadcast blocks that incorporate ledger entries to securely add blocks to distributed ledgers. Blocks can be capable of being validated by using cryptographic systems to obtain proofs based on challenges.

Abstract: Method for providing at least one client device (10), from a server (20) configured to control access to audio/video content, with management messages (40), comprising: —determining a first set (41) of management messages pertaining to said client device (10), —transmitting said first set through a first communication channel (51) in a repetitive manner, —receiving, from said client device, a notification (15) comprising at least a client device identifier (11), —determining a second set (42) of management messages, said second set comprising all or part of the first set, —determining a token (45) associated with the second set, —receiving, from the client device, a confirmation (15?) comprising data pertaining to the token, —verifying the data pertaining to the token and, in case of a positive verification, removing all or part of the second set from the transmission through the first communication channel.

Abstract: A system and a method are disclosed for detecting an unacceptable HTTP requests by scanning the headers of the HTTP requests.

Abstract: This disclosure relates to techniques for performing encryption and decryption operations and that provide fully non-custodial data management, i.e., where end-users have control over their data—rather than a third party. Specifically, the techniques disclosed herein are configured to allow end-users to have the ability to recover and/or maintain access to data stored on third-party systems—even if one or more third-party entities storing the data are no longer in compliance with a predetermined set of operational criteria. In other implementations, novel split private key generation techniques are disclosed, wherein a newly-generated private key may be split into at least three shards, e.g., an authentication service provider shard, a shard for another entity, and a “recovery” shard. In still other implementations, an iFrame may decrypt separate shards of a private key using a delegated key management system (DKMS) and then use the reconstructed private key to sign a digital transaction.

Abstract: Managing data transfer and privacy via a multi-channel transfer of information is provided. A query is received from a client device, the query indicating an access identifier corresponding to an entity for which data is stored. A consented data pool is accessed to identify a random value corresponding to the access identifier. A hash value is computed using a combination of both the access identifier and the random value. An anonymous data pool of stored data is queried to identify results from the stored data tagged with the hash value. The results are returned to the client device responsive to the query.

Abstract: Systems, computer program products, and methods are described herein for virtualization of non-fungible tokens. The present invention is configured to receive, via a first user input device, a resource transfer request using a virtual token from a first user, wherein the virtual token is electronically linked to an NFT of a resource transfer instrument; retrieve the NFT associated with the resource transfer instrument in response to receiving the resource transfer request; retrieve an NFT credential descriptor for the resource transfer request from a first metadata layer of the NFT associated with the resource transfer instrument; receive an authentication credential from the first user; determine whether the authentication credential matches an NFT credential descriptor that is electronically linked to the NFT associated with the resource transfer instrument; and authorize the resource transfer request based on at least determining that the authentication credential matches an NFT credential descriptor.

Abstract: A method for authorized use of a projector, comprising the following steps: a projector encodes a license into a QR code and displays same by means of projection; a mobile terminal identifies the QR code to obtain the license and transmits the license and a local terminal identifier of the mobile terminal to a projector authorization server; the projector authorization service verifies the local terminal identifier and the license and generates verification information if the verification is successful, and transmits the verification information to the mobile terminal; the mobile terminal receives and displays the verification information; the projector receives the input verification information, locally verifies the verification information, and if the local verification is successful, obtains use authorization corresponding to authorization information.

Abstract: The present invention relates to secure transmission and reception of electronic messages using an authentication device. The authentication device includes a light sensor that is used to scan a visual element displayed on a display of a user device in conjunction with an electronic message having an encrypted payload. The visual element encodes a unique identifier that the authentication device transmits to a server, receiving in response a cryptographic key stored in association with the unique identifier and usable to decrypt an encrypted payload of the electronic message. The authentication device can also generate encryption keys and corresponding unique identifiers suitable for encryption of payloads of electronic messages.

Abstract: Embodiments provide a communication method and a related product. The method includes: After primary authentication between a core network and a user equipment succeeds, a network function entity in the core network assists a data network in performing secondary authentication between the data network and the user equipment if the secondary authentication further needs to be performed between the data network and the user equipment; the network function entity obtains an authentication result of the secondary authentication and a restriction condition of the secondary authentication from the data network; and the network function entity stores the authentication result and the restriction condition into the core network. The restriction condition may be introduced for the secondary authentication, to make it possible that the authentication result is properly restricted for use, and to lay a foundation for effective management of the authentication result of the secondary authentication.

Abstract: A content distribution system includes content receivers that provide a plurality of blockchain databases that store transaction records associated with subscriber requests for content, and a computer system that processes those transaction records and enables authorized content receivers to output requested content.

Abstract: In a general aspect, risks associated with cryptography usage in network communication between computing nodes are identified. In some aspects, a network packet capture agent obtains cryptography usage data by examining network traffic communicated by computing nodes in the computing environment. A cryptography usage analysis agent identifies cryptography usage risks based on the cryptography usage data. A cryptographic risk identification agent identifies one or more applications associated with the cryptography usage risks.

Abstract: A single sign-on facility providing access across multiple application instances is described. The facility receives sign-in data from a user that includes a sign-in name and password. The facility generates a modified sign-in name by adding information identifying a particular application instance to the received sign-in name. The facility then acts on behalf of the user based upon the generated modified sign-in name and the received password.

Abstract: According to one embodiment, an electronic device includes a non-volatile memory; a controller that is electrically connected to the non-volatile memory and configured for accessibility to a memory space including a plurality of management areas in a host; at least one counter that is provided for each of the plurality of management areas and configured to increment a count value each time data is stored in the corresponding one of the plurality of management areas; and a circuit configured to generate a first value relating to integrity of the data for each management area based on the count value and the data. The controller is configured to store the data and the first value associated with the data.

Abstract: Computer-implemented methods, devices and computer programs are provided for integrity-preserving document processing. At a first layer, a first hash is generated over at least one first data object of a document and associated given random data. The first hash value is set as a leaf to an existing sparse hash tree (SHT). An updated root of the updated SHT is calculated. At a second layer, a current block is generated including a second hash value over at least the existing root of the existing SHT and at least one digital signature of the existing root of the existing SHT, at least one digital signature of at least the updated root of the updated SHT and the updated root of the updated SHT. A third hash value over current block is generated and, at a third layer, registered with a timestamp service or a blockchain.

Abstract: A method for building an advanced storage key includes: storing, in a mobile device, at least (i) device information associated with the mobile device, (ii) program code associated with a first program including an instance identifier, and (iii) program code associated with a second program including a first key; generating a device fingerprint associated with the mobile device based on the device information via execution of the code associated with the first program; generating a random value via execution of the code associated with the first program; building a diversifier value based on the generated device fingerprint, the generated random value, and the instance identifier included in the code associated with the first program; and decrypting the built diversifier value using the first key stored in the code associated with the second program via execution of the code associated with the second program to obtain a storage key.

Abstract: A system for real-time authenticated obfuscation of electronic data provides real-time visual obfuscation of the data by transforming displayed data into undecipherable data when viewed by an unauthorized user while maintaining access for an authorized user. The system may further provide application-level obfuscation of electronic data via cryptographic keys such that only authorized applications may decrypt the encrypted data. In this way, the system provides secure access control of electronic data within a networked environment.

Abstract: Disclosed herein is a data storage device. A data port transmits data between a host computer system and the data storage device. A non-volatile storage medium stores encrypted user content data and a cryptography engine connected between the data port and the storage medium uses a cryptographic key to decrypt the encrypted user content data. The access controller generates a challenge for a manager device. The challenge comprises a blinded public key of an ephemeral unlock key pair that is blinded by an unlock blinding key. The challenge further comprises the unlock blinding key in encrypted form. The access controller further provides the challenge to the device to be authorized for sending the challenge to the manager device; receives a response to the challenge; decrypts the unlock blinding key and calculates a shared secret; and upon determining that the response indicates approval of registering the device, registers the device to be authorized as an authorized device.