Abstract: A system including a transceiver, a modem, and a processor. The processor is configured to cause the transceiver to imitate a base transceiver station (BTS) such that a mobile communication terminal disconnects from an Nth-generation mobile communication network, which uses an Nth-generation communication standard, and connects to the transceiver. The processor is further configured to cause the terminal to switch to the Pth-generation communication standard, and to cause the modem to impersonate the terminal with respect to an Mth-generation mobile communication network. The processor is further configured to intermediate voice communication between the terminal and the Mth-generation mobile communication network exchanged between the modem and the Mth-generation mobile communication network.

Abstract: The disclosed embodiments are related to securely updating a semiconductor device and in particular to a key management system. In one embodiment, a method is disclosed comprising receiving a request for an activation code database from a remote computing device, the request including at least one parameter; retrieving at least one pair based on the at least one parameter, the pair including a unique ID (UID) and secret key; generating an activation code for the UID; and returning the activation code to the remote computing device.

Abstract: A system and method for providing a providing security credential is disclosed. In one embodiment, the method comprises accepting a request to generate at least one key in an online data signing system; generating, in a hardware security module communicatively coupled to the online data signing system, a first key K1 as a temporary object; encrypting, by the hardware security module, the first key K1 according to a wrapping key Kw to produce an encrypted first key EKw[K1]; storing the encrypted first key; and providing a second key K2 associated with the first key K1 to a user device communicatively coupled to the online data signing system.

Abstract: A plurality of computing devices are provisioned configured to communicate on a mobile communications network operated, in part, by an edge computing network. The edge computing network is associated with a customer of a computing service provider. The edge computing network comprises computing and storage devices configured to extend computing resources of the computing service provider to the customer of the computing service provider. A selection is received of a SIM provider and a quantity of SIM profiles for enabling the plurality of computing devices to access the mobile communications network. SIM data corresponding to the quantity of SIM profiles is received. The SIM data is encrypted and received over an encrypted channel.

Abstract: An object may include at least one microtransponder (MTP) configured with an identifier. The identifier of the MTP may be indexed to the object. Indexing information associated with the MTP and the object may be stored in a database of a security system. The MTP may be read, and data reported by the MTP may be processed to determine authenticity of the object.

Abstract: The proposed systems and methods apply natural language processing to identify implicit security requirements flowing from input text narratively describing desired features for a software project. These systems and methods can identify hidden security requirements that may not be readily apparent from the features described in the input text. For example, a story may include a feature of a return URL (Uniform Resource Locator), which is the URL for the website to which a user will be redirected. A security vulnerability that would not be obvious from this feature is that a user might be directed to an attacker controlled site instead of the originally intended site. A security requirement that could counteract this vulnerability would be to include the feature of verifying all redirects go to Whitelisted Sites.

Abstract: A system and method of selecting a cryptography algorithm within a network. The method can include receiving network data from a one or more network interfaces or network elements; analyzing the network data to identify a cryptography algorithm from a plurality of cryptography algorithms; and identifying the cryptography algorithm from the plurality of cryptography algorithms based on at least one of the following parameters: network security level, network criticality, or energy efficiency. In addition, the step of analyzing the network data to identify the cryptography algorithm may further include receiving a plurality of identifiers associated with the network data, wherein the plurality of identifiers are each further associated with a degree of importance in connection with the network security level parameter.

Abstract: A variable-step authentication system and a method for operating for performing variable-step authentication for communications in a controlled environment is disclosed. The variable-step authentication system may include a communication device and a server. The variable-step method includes steps for determining an authentication process that involves a number of authentication steps. The number of authentication steps is variable and dependent on a trust level associated with each participant in the communication.

Abstract: A cryptographic method of performing a maintainable Merkle-based vector commitment is provided. The method comprises: a) computing a succinct batch proof of a subset of k leaves in a Merkle tree of n leaves using a recursive succinct non-interactive arguments of knowledge (SNARK), where the recursive SNARK is run directly on Merkle paths belonging to elements in the batch to perform the computation of the subset hash inside the computation of the Merkle verification, using operations comprising: i) verifying that the elements belong to the Merkle tree, ii) computing a batch hash for the elements in the batch using canonical hashing and iii) making the batch hash part of the public statement; and b) maintaining a data structure that stores previously computed recursive proofs; and c) updating the succinct batch proof, upon change of an element of the Merkle tree, in logarithmic time.

Abstract: In some embodiments, the present disclosure provides an exemplary method that may include steps of determining an identity of at least one user of a plurality of users based on a multi-factor authentication; utilizing an identity tokenizer to generate at least one temporary identity token associated with the identity of the user; transmitting the at least one temporary identity token to an external computing device for authentication; receiving an authenticated digital token from the external computing device; automatically utilizing the authenticated digital token to retrieve a plurality of data items of an account information; utilizing a security module to link the authenticated digital token and the plurality of data items; generating a unique-universal identifier associated with the security module and the authenticated digital token; and utilizing the unique-universal identifier and the security module associated with the authenticated digital token.

Abstract: Reduce inventory cost without preparing a control device for each destination in advance. This control device is for controlling industrial machinery and includes an encryption unit, and comprises: an encryption device unit that includes a plurality of encryption units corresponding to each of a plurality of destinations, and a plurality of invalidation units that invalidate any one of the plurality of encryption units or invalidate the plurality of encryption units; and an operating unit that, depending on the destination of the control device, selects invalidation of the encryption units by specifying to each of the plurality of invalidation units to invalidate one of the plurality of encryption units or to invalidate the plurality of encryption units.

Abstract: A computer network device that implements a data plane is described. During operation, the computer network device may receive, associated with a second computer network device, a request to establish a connection, where the request includes an instance of a first type of certificate associated with a first certificate authority for a first layer in a hierarchy in the network, and/or an instance of a second type of certificate associated with a second certificate authority for a second layer in the hierarchy, where the first layer is lower in the hierarchy than the second layer. Then, the computer network device may selectively establish a connection in the network with the second computer network device based at least in part on the instance of the first type of certificate and/or the instance of the second type of certificate.

Abstract: The disclosed technology teaches a method for customers of an organization to perform configuration at runtime for authentication journeys used by the customer's users, to simplify authentication trees, and to delegate configuration to the customer's administrators, wherein an authentication tree implements an authentication journey, the authentication tree including authentication nodes and edges connecting the authentication nodes. The method includes configuring an editable script and an authentication node used in the authentication tree in response to a user invocation of the authentication journey by executing a factory method that applies configuration parameters to the editable script and to parameters used to access an API.

Abstract: Various embodiments described herein disclose an endpoint modeling and grouping management system that can collect data from endpoint computer devices in a network. In some embodiments, agents installed on the endpoints can collect real-time information at the kernel level providing the system with deep visibility. In some embodiments, the endpoint modeling and grouping management system can identify similarities in behavior in response to assessing the data collected by the agents. In some embodiments, the endpoint modeling and grouping management system can dynamically model groups such as logical groups, and cluster endpoints based on the similarities and/or differences in behavior of the endpoints. In some embodiments, the endpoint modeling and grouping management system transmits the behavioral models to the agents to allow the agents to identify anomalies and/or security threats autonomously.

Abstract: A device for sending a message to at least two receivers for a motor vehicle is provided. The motor vehicle includes the device and the at least two receivers. The device is configured to ascertain information that is characteristic of an integrity of the message on the basis of the message, to transmit the information that is characteristic of the integrity of the message to the at least two receivers using a communication protocol that ensures the authenticity of the information that is characteristic of the integrity of the message, and to transmit the message to the receivers using a multipoint protocol.

Abstract: A full-link data security protection method and a system are provided. The method includes: at a data creation and collection stage: building a data security identification; at a data transmission and storage stage: dividing the ciphertext file into blocks to generate ciphertext components; calculating a virtual index and a data label; transmitting the ciphertext components to a distributed hash table (DHT) network; uploading a tuple including the virtual index, the data block, and the data label to a cloud server; at a data processing and exchange stage: applying re-encryption based on a re-encryption key generation algorithm; performing decryption to obtain the signed identifier and a secret value; acquiring a tuple having a ciphertext component associated with the virtual index. Attribute-based proxy re-encryption is used to achieve fine-grained access control for the cloud storage. In the data destruction stage, the DHT network automatic updating utility is leveraged to realize data self-destructing.

Abstract: A communication apparatus accepts an input of a passphrase by a user operation, sets an authentication scheme based on a passphrase length of the passphrase, and performs wireless connection with a partner apparatus using the set authentication scheme, wherein (i) in a case where the passphrase length is within a predetermined range, an authentication scheme of any of WPA (Wi-Fi Protected Access), WPA2, and WPA3, or a combination of at least two of WPA, WPA2, or WPA3, is set, and (ii) otherwise, an authentication scheme of WPA3 is set.

Abstract: A text search method is disclosed. The text search method includes, based on a query including a text being input, computing a vector value having a preset size by using a preset encoding algorithm, the vector value corresponding to the text, generating a query ciphertext by homomorphic encryption for the computed vector value, transmitting the generated query ciphertext to a server, receiving a calculation result ciphertext having similarity information with the query for each of a plurality of indexes, determining an index having a preset similarity by restoring the calculation result ciphertext, and receiving information corresponding to the index by transmitting the determined index to the server.

Abstract: A method for registering a device with a connected computing facility includes registering the device with the computing facility by using a first encryption method, defining, in the computing facility, a user-specific and device-specific second encryption method based on device identification data and user identification data, and communicating the second encryption method from the computing facility to the device for future communication. A communication system and an energy supply network are also provided.

Abstract: A novel security testing compatibility and configuration platform that utilizes a virtual emulation on a cloud-based service to assess the functionality of a device after implementing secure configurations. The disclosed platform provides a computer-implemented method for security testing compatibility and configuration comprising (1) using a virtual emulation to capture images of a connected device; (2) building a virtual machine based on the images; (3) applying secure configurations to the virtual machine; (4) executing functions and commands on the virtual machine using AI; (5) creating a report of the results; and (6) applying secure configurations to the connected device.

Abstract: Systems and methods for cryptographic authentication are provided. A transport service may establish a connection with a login device, where a user is attempting to log in via a web browser. The login device may display a graphical code that encodes a unique URL provided by the transport service. A user may use an authenticator device to image the graphical code. A browser within the authenticator device may be opened and access the URL. The transport service may utilize the authenticator device to perform a proximity-based authentication.

Abstract: A mobile terminal that communicates with an image forming apparatus includes a generating unit configured to generate a one-time password based on secret information managed in association with the image forming apparatus, a transmission unit configured to transmit the one-time password generated by the generating unit and user information to the image forming apparatus, and a control unit configured to, upon successful completion of authentication processing based on the one-time password and the user information transmitted by the transmission unit, provide a service for operating the image forming apparatus.

Abstract: A computer-implemented method is disclosed.

Abstract: A data integrity tree for memory security comprises a plurality of nodes, wherein a linked series of nodes of the data integrity tree protects a data item stored in memory. A parent node in the linked series of nodes comprises a plurality of counters, each associated with a respective child node and providing an input to a protection function associated with the respective child node. A node authentication code protects the plurality of counters in each parent node and is dependent on a counter in a node above the parent node in the data integrity tree. A plurality of hash value child nodes each comprises a plurality of encrypted hash values generated as a function of a respective block of data stored in the memory and as a function of a counter comprised in a node above the hash value child node in the data integrity tree.

Abstract: Various embodiments of the present technology generally relate to authentication. More specifically, some embodiments relate to systems and methods for mobile application infrastructure and framework for application authentication. Currently, methods and systems for authentication are not flexible or dynamic and over-authentication has become a solution because it is cheap and easy. In contrast, in accordance with some embodiments of this application, the methods and systems can analyze authentication challenges and non-authentication challenges received from a server over a network in a client side infrastructure. The client side infrastructure can determine a customized, flexible, and dynamic plan for responding to authentication challenges in manner that avoids over-authentication on the client side.

Abstract: A data processing system and method for norm checking a cryptographic operation for lattice-based cryptography in a processor, the instructions, including: multiplying a first polynomial by a second polynomial to produce a first output, wherein the d arithmetic shares have a modulus q?; securely converting the first output to d Boolean shares; securely subtracting a third polynomial from the first output to produce a second output, wherein the third polynomial is randomly generated and then offset by a first constant parameter; securely adding a first constant based upon a bound check and the first constant parameter to the second output to shift the values of the second output to positive values to produce a third output; and securely adding a second constant based upon the bound check to the third output to produce a carry bit.

Abstract: A system, apparatuses, and methods for mobile device security are disclosed. In an example, a system includes a mobile endpoint device wirelessly communicatively coupled to a user device via a short range air gap. The system also includes a proxy server communicatively coupled to the user device via a network connection. The mobile endpoint device is configured to receive a text input from a user, convert the text input into a first format for transmission over the short range air gap, encrypt the converted text input, and transmit the encrypted converted text input to the user device. The proxy server is configured to receive the encrypted converted text input from the user device, decrypt the encrypted converted text input; convert the decrypted converted text input into a second format compatible with an application server, and transmit the converted text input in the second format to the application server.

Abstract: In an example, an apparatus may operate as a continuous delivery (CD) pipeline for application artifacts running on a target software platform. The apparatus may include a processor to operate an application upgrader for the target software platform, the application upgrader to: consume application artifacts from a continuous integration (CI) system, wherein the target software platform runs a version of the application artifacts; obtain a signed manifest output from the CI system, the signed manifest identifying the consumed application artifacts; and compare a signature of the application artifacts from the CI system to a signature of the version running on the target software platform to determine if an update of the version running on the target software platform is required. Other embodiments may be disclosed and/or claimed.

Abstract: Systems and methods for data obfuscation are provided. Data obfuscation is needed when protecting an algorithm from reverse engineering attempts. The data is obfuscated by requesting more data from the data steward than is needed by the algorithm. If there are not enough types of data available from the data steward, “low intensity” data types can be requested to fill out the data types requested. These ‘low intensity’ data types are ones that are easily obtained or even regularly collected anyway. The algorithms libraries are altered to call for all the data fields available, thereby rendering reverse engineering extremely difficult, if not impossible.

Abstract: The disclosed computer-implemented method for detecting cross-site leaks and restricting execution timing may include detecting, by at least one processor, one or more cross-site leak candidates. The method may additionally include determining, by the at least one processor, that at least one of the one or more cross-site leak candidates is related to one or more timers. The method may also include restricting, by the at least one processor, at least one of accuracy or precision of the one or more timers in response to the determination. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: According to one example, a system includes a second computing device that receives encrypted data from a first computing device. The encrypted data is encrypted based on a first encryption key. Also, the data is obfuscated prior to encryption. The second computing device generates a second encryption key that matches the first encryption key, decrypts the encrypted data using the second encryption key, un-obfuscates the data, and transmits the data for use.

Abstract: Secure protocols for external-facing authentication are provided for both user templates stored on their devices and the biometric measurement captured by external sensors of an access device. The protocols provide different levels of security, ranging from passive security with some leakage to active security with no leakage. A packing technique is also provided. Zero-knowledge techniques are used during enrollment to validate a norm of user templates and knowledge of the plaintext biometric template. Once enrolled, the verifier can sign the encrypted template for use in a later matching phase with an access device.

Abstract: An access control terminal (1), comprising an electronic circuit (11) and an ultra-wide-band transceiver (10) connected to the electronic circuit (11) wherein the electronic circuit (11) exchanges messages with a mobile device (2) to determine a distance (d) of the mobile device (2) from the access control terminal (1), and to transmit to the mobile device (2) one or more update messages configured to update access rights data in the mobile device (2), if the mobile device (2) is within the pre-determined proximity range (P).

Abstract: A digital file forensic accounting and management system collects forensic data for a digital file that is stored and accounted for in a datastore. The digital files and the associated forensic data may be retrieved from the datastore by a third party to verify the authenticity of the digital file. An interface program is utilized to collect forensic data about a file upon creation of the file and/or when the file is transferred to the datastore. An interface program may be a framework that is operated on a file producing program that a file provider used to create a digital file. An interface program may be an origination driver that is operated on the file providing computer. An interface program may be a directory monitoring program that transfers the digital file and forensic data to the datastore upon saving the file to the monitored directory.

Abstract: Aspects of the disclosure relate to utilizing federated user identifiers to enable secure information sharing. A computing platform may receive, from an external application host platform, a federated login request comprising user identification information associated with a user account. Based on receiving the federated login request, the computing platform may send, to a client computing device linked to the user account, a push notification prompting a user of the client computing device to authenticate. Then, the computing platform may authenticate the user of the client computing device to the user account. Based on authenticating the user, the computing platform may generate an orchestration message directing a data hub platform to initiate a validated data transfer with the external application host platform and may send the orchestration message to the data hub platform to initiate a transfer of external information associated with the user of the client computing device.

Abstract: A secure and convenient document payment processing device and system are provided. A user's document payment processing device is connected to a remote end and a document processing device via a network. A document to be printed out is uploaded to the remote end with a link program provided by a trusted proxy app installed on the document payment processing device. A mobile payment program is executed according to a fee information provided by the remote end. Upon completion of payment, the document payment processing device sends a document output command to the remote end, enabling the remote end to send the document to be printed out to the document processing device for output. Use of secure apps protects personal information. Operation procedures are streamlined to enhance operation efficiency. Fee collection is improved to enhance payment management efficiency.

Abstract: Disclosed herein are an apparatus and method for mutual authentication of quantum entities based on Measurement-Device-Independent Quantum Key Distribution (MDI-QKD). The method may include configuring a quantum input form based on an authentication key shared in advance with a counterpart entity, applying polarization modulation to the configured quantum input form, transmitting the quantum input form to which polarization modulation is applied to a quantum measurement device, and authenticating the counterpart entity by checking whether the counterpart entity configures a quantum input form according to the shared authentication key using a measurement result and information about polarization modulation.

Abstract: A method comprises sending, from an authentication application deployed on a second computing device to the system, a first authentication code, the first authentication code being generated from a shared code and an authentication application time, wherein the shared code is a code previously shared between the second computing device and the system, and the authentication application time is based on a first current device time of the second computing device and an offset parameter value.

Abstract: Disclosed are methods, systems, and non-transitory computer-readable media for using a sponsor as a proxy for multi-factor authentication of a first user account for a first user when a primary multi-factor authentication mechanism is unavailable to the first user account, comprising registering the sponsor in a multi-factor authentication chain of trust associated with the first user account; requesting verification of an identity of the first user from the sponsor; receiving, from the sponsor, a verification of the identity of the first user; and granting access to a service to the first user account.

Abstract: According to one configuration, a wireless access service provider selects and assigns a particular authentication option amongst multiple different authentication options to an entity such as a wireless access point or a sub-network supported by the wireless access point. When a communication device attempts to use the corresponding wireless access point provided by the wireless access service provider, a wireless access gateway receives information from the wireless access point indicating the particular authentication option assigned to authenticate the communication device. The wireless access gateway communicates the notification of the particular authentication option to an authentication manager, which provides the wireless access gateway with network address information indicating a captive portal in which to authenticate the communication device.

Abstract: A computer-implemented method implemented in a blockchain network is described. Validation nodes receive data regarding a newly mined block comprising a plurality of transactions and send a delete request to a distributed memory pool to delete the plurality of transactions from the distributed memory pool. Nodes storing the distributed memory pool store a plurality of transactions, the plurality of transactions forming at least part of a distributed memory pool of transactions waiting to be mined into a block of a blockchain. The computer-implemented method further comprises receiving a delete request from a validation node of the blockchain network, the delete request identifying one or more transactions which have been included in a newly mined block, the delete request indicating that the one or more transactions should be deleted from the distributed memory pool.

Abstract: A weak password detection method and device based on deep learning, an electronic device, and a storage medium are provided. The method includes: acquiring a password character string to be detected; processing, by applying a fully trained weak password detection model, the password character string to be detected to obtain a strong/weak password classification label of the password character string to be detected, the fully trained weak password detection model being obtained by training a deep learning model with a password character string as an input and a strong/weak password classification label corresponding to the password character string as a supervision; and marking the password character string to be detected as a weak password under the condition that the strong/weak password classification label is a weak password label.

Abstract: Methods and systems for parsing and identifying unindexed parameters and other information (e.g., a token contract address) that may appear encoded in event data. Specifically, the system may retrieve bytecode for an identified blockchain operation (e.g., a transaction). The system may then segregate the bytecode into constructor arguments, code sections, and/or metadata. The system may then parse the segregated portions of bytecode for bytecode representations that are based on function signatures, event signatures, token standards, and/or contract addresses. In some embodiments, the system may further narrow the pool of known bytecode representations that are compared against the remaining sections of bytecode based on bytecode representations corresponding to a particular type of blockchain network standard.

Abstract: A method is disclosed including establishing a browser session in response to receiving a request from a browser application in a public network. The browser session is assigned to a dedicated network service running in a dedicated network name space. Requests received from the browser application are proxied to a dedicated network service. A local web session in the dedicated network service authenticates a user of the browser application for access to at least one private webservice. A security client in the dedicated network service establishes a networking tunnel between the proxy and a remote gateway to the private network, thereby obtaining network access to the private webservice from the dedicated network name space. Within the dedicated network name space, proxied requests addressing the private webservice are forwarded over the networking tunnel to the private network.

Abstract: A system, device and method to securely notify a user of a compromise of a device are provided. The system, device and method may include a detection device adapted for determining a compromise of the device communicatively coupled to the first path, a user database including at least information regarding the device and other devices associated with the user, and the secure signal path to at least one of the other devices.

Abstract: A computer implemented method of a secure computing component to provide access to a cryptographic key, the key being associated with the secure component by a digitally signed record in a blockchain wherein the blockchain is accessible via a network and includes a plurality of records validated by miner computing components, the method including receiving a request from another secure computing component to associate the key with the other component, the request having associated identification information for a requester of the key; responsive to a verification of an entitlement of the requester, generating a new record for storage in the blockchain, the new record associating the key with the other component and being validated by the miner components; and further responsive to the verification, securely transferring the key to the other component so as to provide access to the key to the key requester via the other component.

Abstract: A computer processing system configured to perform lattice-based cryptographic primitives with resistance to side-channel attacks with a computer processing architecture operably configured to perform at least one of key generation, key encapsulation, and key decapsulation and process security sensitive data, a sampling submodule performing hashing operations and centered binomial sampling routines, a polynomial arithmetic unit performing polynomial multiplication, polynomial addition, and polynomial subtraction by processing the security sensitive data that is divided into shares stored on a plurality of memory banks, an auxiliary submodule mathematical operations, a data interface unit operably configured to perform input and output operations and to input data and output data in shares, and de-serialize the input data into polynomial coefficients utilized by the polynomial arithmetic unit, and a controller submodule operably configured to sequence any operations needed to perform the at least one of key ge

Abstract: Disclosed are systems, apparatuses, methods, and computer-readable media for configuring network groups without software-based processing and management. A method includes: validating veracity of a secure enclave based on a secure identify of the secure enclave using the instructions of a secure enclave predriver stored in a memory integral to a processor; establishing a secure connection with the secure enclave; retrieving at least one authentication key from the secure enclave; retrieving at least a portion of a bootstrapper from a secure storage based on the instructions of the secure enclave predriver; validating a veracity of the bootstrapper based on the at least one authentication key; initializing an external memory using the instructions of the bootstrapper; copying a bootloader from the secure storage into the external memory; validating a veracity of the bootloader based on the at least one authentication key; and executing the bootloader.

Abstract: Systems and methods for authentication may include an authentication server. The authentication server may include a processor and a memory. The processor may be configured to transmit an authentication request. The processor may be configured to receive a first response that is responsive to the authentication request, the first response comprising a first cryptogram. The processor may be configured to generate a first challenge based on the first response. The processor may be configured to encrypt the first challenge with a symmetric key. The processor may be configured to transmit the first challenge receive a second response that is responsive to the first challenge, the second response comprising a second cryptogram. The processor may be configured to authenticate the second response.

Abstract: Representative embodiments of secure authentication to a resource in accordance with a predefined, electronically stored quorum-based authentication policy include causing electronic interaction among multiple devices that constitute a quorum in accordance with the policy, computationally determining whether the interaction satisfies the policy, and if so, electronically according access to the resource to one or more individuals associated with the interacting device(s).