Abstract: In one implementation, a wireless security system premises gateway component includes a first local area wireless communication component adapted to communicate wirelessly with plural wireless security system sensors distributed at a premises; a second local area wireless communication component adapted to communicate wirelessly with a general purpose mobile communications device; a communications interface component adapted to communicate with a wide area communications network that is located remotely of the premises; a security system controller component adapted to communicate with the general purpose mobile communications device to provide state information regarding the security system and to provide control inputs to the security system; and a single gateway housing configured and sized to house the first local area wireless communication component, the second local area wireless communication component, the communications interface component, and the security system controller.

Abstract: Techniques for facilitating a digital signature occurrence associated with an object transmitted via a communication channel associated with a group-based communication platform. The object may be created by a user within either the group-based communication platform or a third-party application and transmitted to one or more other users associated with the communication channel via the group-based communication platform. The group-based communication platform may be configured to authenticate a digital signature and, based on a verification of the authenticity, associate the digital signature with the object. The group-based communication platform may cause the digital signature to be presented via an interface associated with the communication channel, such as proximate to or viewable in association with the object.

Abstract: A computer-implemented method comprising receiving, based on a first user interface of a first application executing on a first device, user input that indicates a recipient, the recipient associated with registration information that indicates a method of communication with the recipient and an encryption key associated with the method of communication. The method causing an encrypted message to be generated based on the encryption key, the encrypted message encrypting clear data based on received user input, causing the encrypted message to be formatted into an encrypted package, that is in an application format compatible with a second application corresponding to the method of communication, wherein the application format is compatible with the second application by at least being a format that is allowed to be sent or to be processed by the second application, and providing the encrypted package to the second application to be sent to the recipient.

Abstract: In one implementation, a wireless security system premises gateway component includes a first local area wireless communication component adapted to communicate wirelessly with plural wireless security system sensors distributed at a premises; a second local area wireless communication component adapted to communicate wirelessly with a general purpose mobile communications device; a communications interface component adapted to communicate with a wide area communications network that is located remotely of the premises; a security system controller component adapted to communicate with the general purpose mobile communications device to provide state information regarding the security system and to provide control inputs to the security system; and a single gateway housing configured and sized to house the first local area wireless communication component, the second local area wireless communication component, the communications interface component, and the security system controller.

Abstract: A mechanism for building decentralized computer applications that execute on a distributed computing system. The present technology works within a web browser, client application, or other software and provides access to decentralized computer applications through the browser. The present technology is non-custodial, wherein a public-private key pair, which represents user identity, is created on a client machine and then directly encrypted by a third-party platform without relying on one centralized computing system.

Abstract: Systems, methods, and apparatus for a MILS HPC, data storage system (DSS) system architecture that incorporates a multi-crypto module (MCM) to provide end-to-end multi-independent level security (MILS) protection. Configuration of each MCM enables a high performance computing (HPC) resource to compute different security domains with the associated security level keys from a key/node manager. The HPC resource can be dynamically re-allocated to different security level domain(s) by the key/node manager. In one embodiment, the DSS stores encrypted data regardless of the domains.

Abstract: The present invention relates to methods for secure computation and/or communication. Entangled photons (118) are generated such that each participating party receives a series of optical pulses. Each party has private information (110, 112) which are never transmitted through public or private communication channels. Instead, each party converts their respective private information (110, 112) into measurement bases via an encryption process (114, 116) which are then applied to the entangled photons (118). After the measurement process, e.g., quantum frequency conversion (122, 124), reference indices are announced (124, 126) so that computation can be performed (128) without revealing the private information directly or indirectly.

Abstract: A digital file forensic accounting and management system collects forensic data for a digital file that is stored and accounted for in a datastore. The digital files and the associated forensic data may be retrieved from the datastore by a third party to verify the authenticity of the digital file. An interface program is utilized to collect forensic data about a file upon creation of the file and/or when the file is transferred to the datastore. An interface program may be a framework that is operated on a file producing program that a file provider used to create a digital file. An interface program may be an origination driver that is operated on the file providing computer. An interface program may be a directory monitoring program that transfers the digital file and forensic data to the datastore upon saving the file to the monitored directory.

Abstract: An electronic toll collection system (ETCS) terminal may include a communication interface connected to a vehicle network of a vehicle, a card socket configured to accommodate insertion of a payment card, a card integrated circuit (IC) chip configured to store card information of an issued card, and a controller configured to activate, based on a user input received via the communication interface, at least one of the card IC chip or the card socket.

Abstract: Systems, computer program products, and methods are described herein for secure access and initiation using a remote terminal.

Abstract: Systems and methods described herein may include a memory and a computing a system in communication with said memory. The computing system may be configured to receive data from network management systems. In one embodiment, the network management system includes a network gateway. Users at venues may access external network resources using the network management system. Further, the network management systems may extract device identifiers from network packets sent from user devices to request access to external network resources. In some embodiments, the network management system may provide transmission control protocol handshake completion data to user devices. In some embodiments, the computing system also receives one or more attributes associated with the venue, user data associated with the user device, and connection data associated with communication between the user device and said external network resource.

Abstract: There are provided measures for realization of service level agreements in network slice scenarios joining multiple network capabilities. Such measures exemplarily comprise, as a slice management entity, receiving a network resource combination request, transmitting a request for at least one area base unit fulfilling, receiving, from said area base units repository, area base units fulfilling said at least one predetermined criterion out of stored area base units, generating at least one area base units join, selecting at least one selected area base units join of said at least one area base units join such that a combination of join geographical areas of said at least one selected area base units join covers said slice geographical area, and combining said at least one selected area base units join as a network resource combination.

Abstract: Methods, systems, and computer-readable media for auto-tuning permissions using a learning mode are disclosed. A plurality of access requests to a plurality of services and resources by an application are determined during execution of the application in a learning mode in a pre-production environment. The plurality of services and resources are hosted in a multi-tenant provider network. A subset of the services and resources that were used by the application during the learning mode are determined. An access control policy is generated that permits access to the subset of the services and resources used by the application during the learning mode. The access control policy is attached to a role associated with the application to permit access to the subset of the services and resources in a production environment.

Abstract: A system and control method of managing tasks and organizations is provided herein.

Abstract: Various embodiments of the present invention relate to a method and an electronic device for authenticating a user by using a voice command. Here, the electronic device may comprise a memory, an input apparatus, and a processor, wherein the processor is configured to: receive a voice command from the input apparatus; acquire user identification information and voice print information from the voice command; search reference voice print information of each of multiple users stored in the memory, for reference voice print information corresponding to the acquired user identification information; and perform authentication on the basis of the acquired voice print information and the reference voice print information. Other embodiments are also possible.

Abstract: Cooperative session orchestration includes devising a crypt for pre-distribution of tokens, distributing the tokens to member nodes of the network, based on a request from a delegate node of the network for brokerage of a session between the delegate node and a supplier node of the network, creating and sending, for each of a plurality of potential supplier nodes of the network, a respective individual puzzle, receiving, from each of one or more potential supplier nodes of the plurality of potential supplier nodes, a respective result obtained by the potential supplier node from solving the individual puzzle using the token distributed to the potential supplier, identifying, based on the receiving, candidate supplier node(s) of the one or more potential supplier nodes as a potential supplier for the session with the delegate node, and identifying to the delegate node the candidate supplier node(s) for the session with the delegate node.

Abstract: A near field communication (NFC) router of a telecommunication device has communication pipes between gates of the NFC router. The pipes include a set of communication pipes to implement NFC transactions, which are coupled between radio-frequency gates of the NFC router and physical gates of the NFC router assigned to a security circuit. An attempt to use a pipe, other than one of the set, to implement an NFC transaction is detected by, in response to receiving a message in a NFC communication format via a pipe, comparing bits associated with the pipe with stored bits associated with the set of communication pipes. In response to the comparing indicating the pipe is not one of the set of communication pipes, implementation of the NFC transaction is blocked.

Abstract: An apparatus and method for cyber risk quantification calculated from the likelihood of a cyber-attack on the target enterprise and/or cyber ecosystem based on its security posture. The cyber-attack likelihood can be derived as a probability-based time-to-event (TTE) measure using survivor function analysis. The likelihood probability measure can also be passed to cyber risk frameworks to determine financial impacts of the cyber-attacks. Embodiments of the present invention also relate to an apparatus and method (1) to identify and validate application attack surfaces and protect web applications against business logic-based attacks, sensitive data leakage and privilege escalation attacks; and/or (2) that protects web applications against business logic-based attacks, sensitive data leakage and privilege escalation attacks. This can include implementing an intelligent learning loop using artificial intelligence that creates an ontology-based knowledge base from application request and response sequences.

Abstract: Aspects of the present disclosure involve a method and a system to support execution of the method to obtain a first N cryptographic key, receive a key diversification information comprising a first plurality of bits, obtain an expanded key diversification information (EKDI) comprising a second plurality of bits, wherein a number of bits in the second plurality of bits is greater than a number of bits in the first plurality of bits, and wherein a value of each bit of the second plurality of bits is deterministically obtained in view of values of the first plurality of bits, and apply, by the processing device, a key derivation function to the first cryptographic key and the EKDI to obtain a second cryptographic key.

Abstract: A user device may invoke, for a user associated with an unavailable user device, a guest mode, and may connect the user device with a network device based on invoking the guest mode. The user device may provide credentials of the user and a secure input of the user to the network device based on invoking the guest mode, and may receive an identity service and an emergency service for the user when the secure input is authenticated by the network device. The user device may associate, via the identity service, the user with the user device to enable the user to utilize the emergency service, and may provide, via the emergency service, one or more emergency notifications. The user device may receive an indication of the user exiting the guest mode, and may remove the credentials of the user from a memory based on the indication.

Abstract: A computer system is provided for protecting access to one or more hardware devices with a hardware device password that is invisible to a user, the system comprising a mobile device and the hardware device, the mobile device including: a memory, the memory storing one or more invisible passwords; an application in the memory; a wireless interface for communicating with the hardware device; and a processor coupled to the memory, the application and the wireless interface, the hardware device including: a memory; a wireless interface for communicating with the mobile device; and a processor coupled to the memory and the wireless interface; wherein the processor in the mobile device is configured to receive a hardware device identifier from the processor in the hardware device; wherein the application in the mobile device is configured to select, based upon the hardware device identifier, the invisible password for the hardware device; and the processor in the hardware device is configured to authenticate the a

Abstract: A method for controlling access to process data includes encrypting process data of a process; receiving a request to access the process data; requesting a security code to access the encrypted process data; receiving the security code; authenticating the received security code; and granting access to the encrypted process data if the received security code is successfully authenticated and denying access to the encrypted process data if the received security code is not successfully authenticated.

Abstract: A method is disclosed. The method comprises transmitting, by an access device to a communication device, a resource provider certificate and an access device certificate. Then, establishing a secure channel between the access device and the communication device using data from the resource provider certificate and the access device certificate. Then, transmitting to or receiving data from the communication device using the secure channel.

Abstract: A method of transmitting an encrypted data packet includes, with a processor, in response to receiving the encrypted data packet, executing an extended Berkeley packet filter (eBPF) application at an express data path (XDP) hook point located within a kernel space, determining whether the encrypted data packet is to be processed via a trusted application (TA) within a trusted execution environment (TEE) based on an analysis by the eBPF application, and identifying application intelligence data defining packet forwarding decisions based on a manner in which the encrypted data packet is processed.

Abstract: A system for enhanced internet of things digital certificate security is provided. The system includes a computer device. The computer device is programmed to store, in a database, a plurality of statuses associated with a plurality of digital certificates. The computer device is also programmed to receive, from a first computer device, a status update for the first digital certificate. The computer device is further programmed to update the first status based on the status update. Subsequently to updating the first status, the computer device is programmed to receive a request for a connection from the first device. Subsequently to updating the first status, the computer device is also programmed to deny the request for a connection based on the first status.

Abstract: Some embodiments of the invention provide a method for transmitting data messages via secure tunnels in a network. The method is performed at a gateway device. The method determines that a data message received at the gateway device should be sent via a secure interface of the gateway device. The method matches the data message to a firewall rule that maps to a particular secure tunnel used by the secure interface, with multiple different firewall rules mapping to multiple different secure tunnels used by the secure interface. The method encapsulates the data message with a header that comprises an indicator value specifying the particular secure tunnel and forwards the encapsulated data message to a destination interface.

Abstract: According to an example aspect of the present invention, there is provided method, comprising: generating a first key based on a first input specific to a mobile device, wherein the first input comprises measurement of mutable code of the mobile device and a unique device secret, generating a symmetric second key on the basis of the first key and a second input specific to the mobile device, and generating authentication credentials on the basis of the second key for authenticating the mobile device to a mobile communications network.

Abstract: One example method includes providing temporary access to a computing system and to providing temporary access as a service. The features of a temporary access can be defined by an entity and a user may be able to obtain a token that includes these features, which may be embedded in the token as claims. The user's access is then controlled in accordance with the embedded claims. The temporary access as a service can be federated. The token may include trust levels and tolerance limits. Further, aspects of the temporary access can be monitored and/or changed. Adjustments to trust levels can be automated or manually performed. Further trust for specific users can be gained or lost over time based on at least previous accesses.

Abstract: Various embodiments are generally directed to providing authentication and confidentiality mechanisms for message communication over an in-vehicle network. For example, authentication data associated with a communicating node may be transmitted over the network by encoding different predefined voltage levels on top of the message bits of the message being communicated. Different voltage levels may represent different encodings, such as a bit-pair or any bit combination of the authentication data. In a further example, messaging confidentiality between at least two communicating nodes may be achieved by pseudo-randomly flipping, or scrambling, the dominant and recessive voltages of the entire message frame at the analog level based on a pseudo-random control bit sequence.

Abstract: A computer-implemented method for securely transferring a secret from a source computing component to a target computing component, wherein the source computing component and the target computing component are part of a secure computing environment is disclosed. The method comprises upon the source computing component receiving from the target computing component a signed attestation document, verifying, by the source computing component, an authenticity and content of the attestation document, and upon a successful verification of the authenticity and the content, transferring, by the source computing component the secret to the target computing system. Thereby, the attestation document is attesting that the target computing component is compliant to an update governance rule.

Abstract: An example system includes a processor to receive a graph-based masking policy and a composite payload containing a data object to be masked. The processor is to instantiate a masking engine based on the graph-based masking policy. The processor is to execute the masking engine on the composite payload to generate a masked payload comprising a masked data object. The data object to be masked is masked in place such that the resulting composite payload type is maintained. The processor is to output the masked payload.

Abstract: In some embodiments, a method stores domain name system (DNS) resolution mappings from a domain name to an address in a first table. The DNS resolution mappings are intercepted from DNS responses being sent by a DNS server. The first table is sent to a manager for validation of the DNS resolution mappings. Then, a second table is received from the manager that contains validated DNS resolution mappings. The method intercepts a DNS response that includes a domain name to address resolution mapping from the DNS server and validates the domain name to address resolution mapping using a validated DNS resolution mapping in the second table.

Abstract: Aspects of the subject disclosure may include, for example, transmitting a first message to a server. The first message includes a request for a service and a first timeout associated with the service. The request causes generation of a blocking call associated with the service on the client computing device. Further embodiments can include receiving, prior to the first timeout expiring, a second message from the server indicating that the service is in-progress, and transmitting a third message to the server. The third message comprises one of a first instruction to continue with the service as the blocking call or a second instruction to convert the blocking call to a non-blocking call associated with the service. Other embodiments are disclosed.

Abstract: Aspects of the present disclosure involve a system comprising a computer-readable storage medium storing a program and method for presenting cross-sell products. The program and method provide for receiving indication of a user selection to display cross sell data for at least one product made available for purchase by a website; determining a set of cross-sell products for the at least one product, each cross-sell product in the set of cross-sell products having been previously sold together with the at least one product in association with website; determining, for each cross-sell product in the set of cross-sell products, a set of metrics that relate the cross-sell product to the at least one product; and causing, for each cross-sell product in the set of cross-sell products, display of the respective set of metrics that relate the cross-sell product to the at least one product.

Abstract: A computing device may authenticate a user of the computing device as an authorized user. The computing device may, in response to authenticating the user of the computing device as the authorized user, transition from a locked state to an unlocked state. The computing device may, in response to authenticating the user of the computing device as the authorized user, determine one or more computing devices that are proximate to the computing device. The computing device may, in response to determining the one or more computing devices that are proximate to the computing device, send to each of the one or more computing devices an indication of successful user authentication by the computing device to enable each of the one or more computing devices to transition from the locked state to the unlocked state without performing user authentication.

Abstract: A digital content distribution system uses a Digital Rights Management Controller that performs a set of arbitrary tests against the transfer request from one user to another such as user A to user B. Assuming these tests are successful, the DRM sends an encryption key to transferring user A. This encryption key E is taken from a table of encryption key/hash pairs which have been provided to the DRM Controller by an external authority such as the content rights holder. User A encrypts the content using they key provided by the DRM controller and then optionally calculates a hash over the encrypted form of the content E(X) and returns this value to the DRM Controller. On checking the returned hash against the hash from the table the DRM controller knows that user A does indeed have the digital content X in good condition. The DRM Controller then instructs both users A and B that the transfer may proceed. The encrypted form of the content E(X) is transferred from A to B.

Abstract: One or more embodiments described herein disclose methods and systems that are directed at providing enhanced privacy and security to distributed ledger-based networks (DLNs) via the implementation of zero-knowledge proofs (ZKPs) in the DLNs. ZKPs allow participants of DLNs to prove ownership of accounts on the DLNs without having to necessarily reveal private information such as the private key of the account publicly. As such, the disclosed methods and systems directed at the ZKP-enabled DLNs provide privacy to participants of the DLNs while still allowing the DLNs to remain as consensus-based networks.

Abstract: A secure cloud-based node-locking service with built-in attack detection to eliminate fuzzing, cloning and other attacks is disclosed. White-box base files are securely stored on the cloud service and are not vulnerable to accidental leakage. A secure cloud-based dynamic secret encoding service reduces the risk of exposure of unprotected secrets and other sensitive data.

Abstract: Technologies for providing secure utilization of tenant keys include a compute device. The compute device includes circuitry configured to obtain a tenant key. The circuitry is also configured to receive encrypted data associated with a tenant. The encrypted data defines an encrypted image that is executable by the compute device to perform a workload on behalf of the tenant in a virtualized environment. Further, the circuitry is configured to utilize the tenant key to decrypt the encrypted data and execute the workload without exposing the tenant key to a memory that is accessible to another workload associated with another tenant.

Abstract: For categorizing encrypted data files, a processor determines a block cipher key length for a data file based on data file contents. The processor encrypts the data file with an encryption cipher using the block cipher key length. The processor further determines a data type for the encrypted data file from macroscopic artifacts of the encrypted data file.

Abstract: In some embodiments, a method includes in response to an integration tag included in a webpage at a first user interface being executed at a mobile device, receiving a mobile device identifier and a request to retrieve a purchase identifier. The method includes sending a first signal causing a frame to be provided within the webpage at the first user interface. The method includes in response to a first user input, receiving a Hyper Text Transfer Protocol (HTTP) POST request and determining a uniform resource identifier (URI). The method includes retrieving purchase information and sending a HTTP response message including the URI of the second user interface and the purchase information to deeplink to the second user interface and to cause the second user interface to be rendered at the mobile device with the purchase information pre-populated in an input field of a text message.

Abstract: A communication terminal capable of preventing a reduction in security level that is caused at the time of establishing multiple connections via 3GPP Access and Non-3GPP Access. A communication terminal according to the present disclosure includes: a communication unit configured to communicate with gateway devices disposed in a preceding stage of a core network device via an Untrusted Non-3GPP Access; and a key derivation unit configured to derive a second security key used for security processing of a message transmitted using a defined protocol with the gateway device, from a first security key used for security processing of a message transmitted using a defined protocol with the core network device.

Abstract: Embodiments may be generally directed to methods, techniques and devices to utilize a contactless card to perform a series of operations.

Abstract: A computer-implemented method for seamlessly processing transactions using distributed ledger technology. The method may comprise: linking one or more conventional accounts hosted in a conventional banking infrastructure to one or more DLT-based client accounts hosted on a distributed ledger, wherein the DLT application comprises a routing address configured to be used in conventional transaction infrastructure using conventional communication protocols; storing one or more wallet identifications for the one or more DLT-based client accounts and a mapping of the one or more wallet identifications to the one or more conventional accounts hosted in the conventional banking infrastructure; exchanging a sequence of messages to execute an asset transfer and complete a transaction lifecycle, the sequence of messages based on the first asset type; updating the distributed ledger based on the asset transfer; and sending appropriate messages to clients.

Abstract: An apparatus comprising: a unit configured to verify whether a first region that specifies a verification range of a first boot code and a second region that specifies a verification range of a second boot code have been altered; a unit configured to, when the first region has not been altered, verify whether the first boot code has been altered; a unit configured to, when the first boot code has been altered and the second region has not been altered, verify whether the second boot code has been altered; and a unit configured to, when the second boot code has not been altered, restore the first boot code using the second boot code, wherein the first and second regions are regions that are not rewritten after a start of the apparatus.

Abstract: An apparatus and method for scannable non-fungible token generation, the apparatus including at least a processor and a memory communicatively connected to the processor. The memory containing instructions configuring the processor to receive a creative work datum, determine a creative work class as a function of the creative work datum, generate a creative work token as a function of the creative work datum, and store the creative work token in an immutable sequential listing, where storing the creative work token includes generating a smart contract associated with the creative work datum, the smart contract also including the creative work class. The processor further configured to generate a machine-readable code as a function of the creative work token and the creative work class and transmit the machine-readable code to an output device.

Abstract: Techniques for determining whether HTTP/2 or HTTP/3 is a preferred protocol for communication between a client device and a server over a network are described. A change associated with a network interface of a client device is detected. Based at least in part on detecting the change, a determination is made to identify a preferred communication protocol for a network over which the client device communicates using the network interface. A HTTP/2 probe is transmitted over the network and to a server. A HTTP/3 probe is transmitted over the network and to the server. In response to not receiving a HTTP/3 probe response, the preferred communication protocol is determined to be HTTP/2. In response to receiving the HTTP/2 probe response and the HTTP/3 probe response, the preferred communication protocol is determined to be HTTP/3. The client device communicates with the server over the network using the preferred communication protocol.

Abstract: A method, apparatus, and system are provided for verifying a location of data stored on at least one storage device within at least one cell area served by at least one network node of a wireless communication network. In one embodiment, a location assurance gateway is provided with a communication interface and processing circuitry, the processing circuitry configured to cause the communication interface to communicate with the at least one network node of the wireless communication network for location information associated with the at least one cell area, the location information associated with the at least one cell area being used to verify a location of the data stored on the at least one storage device.

Abstract: A constraint system enforces projection constraints on data values stored in specified columns of a shared dataset when queries are received by a database system. A projection constraint identifies that the data in a column may be restricted from being projected (e.g., presented, read, outputted) in an output to a received query, while allowing specified operations to be performed on the data and a corresponding output to be provided. For example, the projection constraint may indicate a context for a query that triggers the constraint, such as based on the user that submitted the query. Enforcing projection constraints on queries received at the database system allows for data to be shared and used anonymously by entities to perform various operations without the need to tokenize the data.

Abstract: A machine has a network interface circuit to provide connectivity to networked machines. A processor is connected to the network interface circuit. A memory is connected to the processor and the network interface circuit. The memory stores instructions executed by the processor to record the purchase of a digital asset by a user at a client machine from a data source machine in network communication with the client machine. The location of the digital asset on one or more machines of the networked machines is archived. The location is separate from the data source machine. The digital asset is associated with a data access policy. A request for the digital asset is received. The data access policy is enforced through programmatic control utilized by one or more of the networked machines to form a consent state. Distribution of the digital asset to a networked machine is authorized in response to the consent state.