Abstract: This application provides a method for issuing a digital certificate performed by a digital certificate issuing center that includes a public-private key generation module and an authentication module. The method includes: receiving a public-private key request from a node in a blockchain network; generating a public key and a private key of the node by using the public-private key generation module, and transmitting the public and private keys to the node; receiving the public key of the node and registration information of the node, and authenticating the registration information by using the authentication module; and generating, in accordance with a determination that the authentication succeeds, a digital certificate of the node by using the authentication module, and transmitting the digital certificate to the node. The embodiments of this application can improve the probative value of an issued digital certificate, thereby improving the security of data exchange in a blockchain network.

Abstract: Systems, devices, and techniques for allowing communication between two or more computing devices are described herein. For example, a method includes receiving, by a first computing device configured to operate in accordance with a first wireless protocol, one or more data packets via one or more signals output by a second computing device according to a second wireless protocol, where the first computing device is not configured to operate in accordance with the second wireless protocol. Additionally, or alternatively, a method includes receiving, by a first computing device configured to operate in accordance with a first wireless protocol, at least one signal including a data packet, wherein a payload of the data packet comprises an indication of a symbol defined in accordance with a second wireless protocol.

Abstract: A method which is obtained specifically by output oriented coding, making possible the maximum selection of encryption parameters used for encryption by systems using OpenSSL, however without compromising the integrity of the encryption by autogenerating some Attributes thereby making possible row wise encryption in a database and encoding (if encoding is required) on the database side. The method has to satisfy the conditions/restrictions mentioned herein [0054]. This Invention is related to today's information technology and communicating methodology where encryptions and encodings are being used. The present invention can be described as software that enables a method of encryption acting as an Enhanced security feature or a technique which will enable users to manually or automatically select encryption parameters thereby encrypting and securing data.

Abstract: A native application on a client computing device enables secure user authentication via an identity provider (IdP) for accessing services of a web service provider. The native application forwards a redirect request generated by a main gateway of the service provider and including an IdP uniform resource locator (URL) to a system browser of the client computing device. The redirect request directs the system browser to a broker gateway of the service provider that registers an authentication response handler and redirects the system browser to the IdP URL to enable a user of the native client computing device to authenticate. After the broker gateway receives an IdP authentication response from the IdP following authentication by the user, the broker gateway provides the IdP authentication response to the native application for providing back to the main gateway. The main gateway finally processes the authentication response to complete the authentication request.

Abstract: A module with an embedded universal integrated circuit card (eUICC) can include a profile for the eUICC. The profile can include a first and second shared secret key K for authenticating with a wireless network. The first shared secret key K can be encrypted with a first key, and the second shared secret key K can be encrypted with a second key. The module can (i) receive the first key, (ii) decrypt the first shared secret key K with the first key, and (iii) subsequently authenticate with the wireless network using the plaintext first shared secret key K. The wireless network can authenticate the user of the module using a second factor. The module can then (i) receive the second key, (ii) decrypt the second shared secret key K, and (iii) authenticate with the wireless network using the second shared secret key K. The module can comprise a mobile phone.

Abstract: A technique for replacing a source Virtualized Network Function Manager, VNFM, managing a source Virtualized Network Function, VNF, in a VNF based environment by a target VNFM is disclosed. A method implementation of the technique comprises the steps of triggering (S302) instantiating a target VNF, the target VNF being managed by the target VNFM and being executed in parallel to the source VNF, triggering (S304) redirecting traffic from the source VNF to the target VNF in accordance with a traffic redirection schedule, triggering (S306) terminating the source VNF when redirecting traffic from the source VNF to the target VNF is complete, and triggering (S308) terminating the source VNFM.

Abstract: A message authentication code, for a message transmitted and received over a communications network, is formed by applying inputs to an integrity algorithm acting on the message. The inputs comprise: an integrity key; a value indicating a transfer direction; and a frame-dependent integrity input, wherein the frame-dependent integrity input is a frame-dependent modulo count value that also depends on a random value and on a frame-specific sequence number.

Abstract: A communication apparatus accepts an input of a passphrase by a user operation, sets an authentication scheme based on a passphrase length of the passphrase, and performs wireless connection with a partner apparatus using the set authentication scheme, wherein (i) in a case where the passphrase length is within a predetermined range, an authentication scheme of any of WPA (Wi-Fi Protected Access), WPA2, and WPA3, or a combination of at least two of WPA, WPA2, or WPA3, is set, and (ii) otherwise, an authentication scheme of WPA3 is set.

Abstract: Systems, apparatuses, and methods related to a computer system having a processor and a main memory storing scrambled data are described. The processor may have a cache, a register, an execution unit, and an unscrambler. The processor can load the scrambled data into the cache; and the unscrambler may convert the scrambled data into unscrambled data just in time for the register or the execution unit during instruction execution. The unscrambled data can be an instruction, an address, or an operand of an instruction. Unscrambling can be performed just before loading the data item in a scrambled form from the cache into the register in an unscrambled form, or after the data item leaves the register in the scrambled form as input to the execution unit in the unscrambled form. The unscrambled data and the scrambled data may have the same set of bits arranged in different orders.

Abstract: Some embodiments are directed to a second cryptographic device (20) and a first cryptographic device (10). The first and second cryptographic devices may be configured to transfer a key seed. The key seed may be protected using a public key from one party and a private key from the other party. For example, a public key may be obtained from a private key through a noisy multiplication. At least one of the first and second cryptographic device may validate an obtained public key, e.g., to avoid leakage of the key seed or of a private key.

Abstract: A technique to stop lateral movement of ransomware between endpoints in a VLAN is disclosed. A security appliance is set as the default gateway for intra-LAN communication by overwriting the DHCP responses. Message traffic from compromised endpoints is detected. Attributes of ransomware may be detected in the message traffic, as well as attempts to circumvent the security appliance. Compromised devices may be quarantined. Additionally, the DHCP address assignment may be policed to ensure accuracy and correctness to provide an additional layer of security.

Abstract: Embodiments of systems and computer implemented methods are provided to transfer software licenses and entitlements associated with a user account from a first information handling system (IHS) to a second IHS. A computer implemented method in accordance with the present disclosure may generally include executing an entitlement management service to reassign the software licenses and entitlements associated with the user account to the second IHS, executing at least one local validation service on the second IHS to validate the second IHS and the user's workspace, and if the second IHS and the user's workspace is successfully validated by the at least one local validation service, executing one or more cloud-based orchestration services to verify the user account, determine which software licenses and entitlements are associated with the user account, and acquire and validate the software licenses and entitlements before transferring the software licenses and entitlements to the second IHS.

Abstract: The present disclosure discloses a vehicle and a vehicle security control method and system based on an open platform. The open platform includes a software development kit in which a control protocol is encapsulated, the software development kit provides an API function interface, and the method includes: receiving a call request from a third-party device for a target API function interface of the open platform; converting the call request by using the software development kit to generate a control signal that meets a requirement of the control protocol and that is used for controlling a first vehicle component in a vehicle; and transmitting the control signal to a security gateway through a first bus, to enable the security gateway to perform protocol conversion on the control signal, and transmitting the control signal to an in-vehicle network to control the first vehicle component in the vehicle.

Abstract: Systems and methods are provided for quantum-resistant secure key distribution between a peer and an EAP authenticator by using an authentication server. The systems and methods include receiving requests for a COMMON-SEED and a quantum-safe public key from a peer and an EAP authenticator. The COMMON-SEED is encrypted using the quantum-safe public key of the peer and the quantum-safe public key of the EAP authenticator, and the encrypted COMMON-SEED is sent to the peer along with a request for a PPK_ID from the peer to complete authentication of the peer. The PPK_ID is received from the peer, and the encrypted COMMON-SEED and PPK_ID is sent to the EAP authenticator. A quantum-resistant secure channel is established between the peer and the EAP authenticator when the peer and the EAP authenticator share the same COMMON-SEED and the same PPK-ID.

Abstract: An Internet-connected device, such as a car, refrigerator, or even a laptop can use a second device, such as a cell phone, to support cryptographic operations and communication with token service providers or other processing services requiring pre-provisioned capabilities that may include cryptographic secrets. By removing the need to store personally sensitive data in “Internet of Things” (IoT) devices, a user's personal information and other sensitive financial information may be contained to a relatively small number of devices. This may help prevent theft of goods or services by IoT devices that are not always under the close control of the user.

Abstract: The present disclosure involves a method for grouping non-fungible digital tokens. The method includes generating a first transaction on a blockchain having an output of a fungible digital token, with the fungible digital token having a first transaction hash identifier. The method further includes assigning the first transaction hash identifier associated with the fungible digital token with a cryptographic public key, and generating a second transaction on the blockchain having an output of a non-fungible digital token and an input. The fungible digital token is spent as the input into the second transaction, with the non-fungible digital token comprising a second transaction hash identifier and a group identifier associated with the first transaction hash identifier.

Abstract: A method of authenticating a secondary communication device based on authentication of a primary mobile communication device is disclosed. Trust is established with the primary mobile communication device by a device authentication server (DAS). The DAS receives an authorization code request from a secondary application operating on the secondary communication device, and transmits an authorization code to the secondary communication device. The DAS receives the authorization code from a primary application operating on the primary mobile communication device. The DAS authorizes the secondary application based on the trust with the primary mobile communication device and the authorization code from the primary application. The DAS transmits a secondary token to the secondary application at the secondary communication device to allow initialization of a communication session from the secondary application on behalf of the primary mobile communication device.

Abstract: A public-private key cryptographic scheme is described for granting authenticating a client to a remote device or service in order to access a secure resource. The client is provided the public key, but the private key is stored in a hardware security module (HSM) that the client is not able to access. The client requests a digital signature be generated from the private key from a secure vault service. The secure vault service accesses the HSM and generates the digital certificate, which is then passed to the client. The digital certificate may be added to a security token request submitted to an identity provider. The identity provider determines whether the digital signature came from the private key.

Abstract: Features are disclosed for automatically identifying a speaker. Artifacts of automatic speech recognition (“ASR”) and/or other automatically determined information may be processed against individual user profiles or models. Scores may be determined reflecting the likelihood that individual users made an utterance. The scores can be based on, e.g., individual components of Gaussian mixture models (“GMMs”) that score best for frames of audio data of an utterance. A user associated with the highest likelihood score for a particular utterance can be identified as the speaker of the utterance. Information regarding the identified user can be provided to components of a spoken language processing system, separate applications, etc.

Abstract: Techniques are presented relating to security of blockchain transactions that transfer digital assets or entities from one resource to another. Techniques provide a computer-implemented method for improving the security, anonymity and/or control of a value-mixing blockchain transaction having a plurality of participating nodes, each node having a respective output address to which the transaction is to allocate value. The method includes encrypting by a node its output address using that node's public key, adding the encrypted output address to a set of output addresses for the transaction, shuffling the order of the encrypted output addresses in the set. Each participating node identifies its encrypted output address in the set, and replaces its encrypted output address with its unencrypted output address. The result is a shuffled set of output addresses that cannot be linked to a particular input. with its unencrypted output address.

Abstract: A computer implemented method for generating a dispatch datagram is disclosed. The computer implemented method includes receiving, at a dispatcher, a request from a client. The method further includes generating an authorization header based on the received request. The authorization header includes one or more rules for handling the request. The method further includes wrapping the received request and the generated authorization header together to generate a dispatch datagram.

Abstract: Systems, computer program products, and methods are described herein for virtualization of non-fungible tokens. The present invention is configured to receive, via a first user input device, a resource transfer request using a virtual token from a first user, wherein the virtual token is electronically linked to an NFT of a resource transfer instrument; retrieve the NFT associated with the resource transfer instrument in response to receiving the resource transfer request; retrieve an NFT credential descriptor for the resource transfer request from a first metadata layer of the NFT associated with the resource transfer instrument; receive an authentication credential from the first user; determine whether the authentication credential matches an NFT credential descriptor that is electronically linked to the NFT associated with the resource transfer instrument; and authorize the resource transfer request based on at least determining that the authentication credential matches an NFT credential descriptor.

Abstract: Provided are methods and systems for performing a secure machine learning analysis over an instance of data. An example method includes acquiring, by a client, a homomorphic encryption scheme, and at least one machine learning model data structure. The method further includes generating, using the encryption scheme, at least one homomorphically encrypted data structure, and sending the encrypted data structure to at least one server. The method includes executing a machine learning model, by the at least one server based on the encrypted data structure to obtain an encrypted result. The method further includes sending, by the server, the encrypted result to the client where the encrypted result is decrypted. The machine learning model includes neural networks and decision trees.

Abstract: Techniques are provided for ad-hoc authenticated group discovery and data sharing in a mesh network. A group of devices is created without leaving a security gap due to the open communication needed to establish the discovery of the devices forming the group. The group can be authenticated autonomously following network discovery of the devices. Instead of requiring global pre-assigned keys for authentication, the devices in the group are authenticated with signatures and certificate passing thereby providing strong security. The efficiency of data sharing between the devices of the network, such as a mesh network, can also be increased. One or more devices may act as a bridge device between devices of a same group that are not in direct wireless communication with each other to reduce re-broadcasts within the mesh network.

Abstract: Disclosed are various examples for enrollment of gateways using a client device. In one example, a request is transmitted from a client device to a management service. The request comprises the gateway identifier. Gateway credentials are relayed through the client device from the management service to the gateway device. The gateway credentials are unexposed to users of the client device.

Abstract: Introduced herein is a computer-implemented system for creating a digital twin of an electrical system using auto-discovery techniques. The system receives power data from meters in an electrical system. For each meter, the system captures a power profile related to a component connected to the meter and creates a set of delta data representing change in power over time. The system detects correlated changes by comparing the sets of delta data and generates a system dataset by combining the sets of delta data. The system detects echoes of power fluctuations of the electrical system from the system dataset. The system creates a digital twin of the electrical system, where the digital twin includes a one-line diagram representing connections between components in the electrical system.

Abstract: Computer-readable media, methods, and systems are disclosed for encrypting and decrypting data pages in connection with a database employing group-level encryption. A request to load a group-level encrypted logical data page into main memory is received, the data page being identified by a logical page number. A block of group-level encrypted data is loaded into the main memory of the database system from an address corresponding to the physical block number. A block of group-level encrypted data is loaded into the main memory of the database system. A header associated with the block of group-level encrypted data is decrypted using a data-volume encryption key, and an encryption-group identifier is accessed from the decrypted header. A group-level encryption key is retrieved from a key manager, and the remainder of the block of group-level encrypted data is decrypted using the group-level encryption key.

Abstract: A method for providing a secret unique key for a volatile FPGA uses layers of encryption with different and independent keys and the possibility to store auxiliary data in the configuration memory. The configuration may be stored in a bit-file protected using hardwired bit-file encryption. The configuration includes a security block with an embedded group key used for protecting the auxiliary data. In the beginning, the auxiliary data may include a specific field with null identifier, which indicates that the device has not been initialized. During the initialization, the device generates a unique key and sets the field to specific identifier, which indicates that the device has been initialized, and replaces the original auxiliary data in the non-volatile configuration memory with a new auxiliary data constructed from these values. During normal operation this key is fetched from the auxiliary data and used to build a root-of-trust.

Abstract: Disclosed is a method of reducing smart contract fees for a decentralized application (DApp). A parameter of a request reception event and a public key of a user are stored in a task queue of a computation server. The computation server performs a task requested by the user, calls a state change function for the performed task from a smart contract, and transmits a transaction result to the user when the transaction result is returned. The user pays, to the smart contract, a fee corresponding to the generation of the request reception event, and the computation server pays, to the smart contract, a fee corresponding to a state change of the smart contract. Thus, by minimizing and uniformizing a fee to be paid by a user of a DApp system, it is possible to increase accessibility to a corresponding DApp.

Abstract: The present invention addresses the problem of providing a signal process in which a countermeasure against eavesdropping over a physical layer in a wireless communication is performed. An optical signal generation unit 11 generates, as an optical signal, multivalued information that is in a multivalued state and is based on prescribed data. An E/O conversion unit 112 converts the optical signal to an electrical signal. An optical signal amplification unit 12 amplifies the optical signal. An O/E conversion unit 13 converts the optical signal to an electrical signal. A radio wave transmission unit 14 transmits, as a radio wave, the multivalued information converted into the electrical signal. The problem is solved thereby.

Abstract: A method for personalizing a UICC includes: i—sending from the UICC to a D-HSS an attach request message comprising an IMSI with a given MCC/MNC; ii—sending from the D-HSS to the UICC a command and first cryptographic data; iii—computing at the UICC a secret key by using the first cryptographic data; iv—sending from the UICC to the D-HSS a command and second cryptographic data; v—repeating steps ii to iv until the UICC holds the entire first cryptographic data and the D-HSS holds the entire second cryptographic data; vi—computing at the D-HSS the secret key by using the second entire cryptographic data; vii—allocating by the D-HSS a free IMSI belonging to an operator and transferring from the D-HSS to the UICC the free IMSI and other personalization data; viii—personalizing the UICC with the free IMSI, personalization data and the secret key.

Abstract: A transaction card includes a near-field communication (NFC) component, a security component, a wireless component, one or more memories, and one or more processors communicatively coupled to the one or more memories. The device receives a signal from a user device attempting to access a secure application, and energizes the NFC component based on the signal received from the user device. The device causes the security component to generate an encrypted code based on the NFC component being energized, and provides, via the security component, the encrypted code to the wireless component. The device provides, via the wireless component, the encrypted code to the user device to permit the user device to utilize the encrypted code as authentication for accessing the secure application.

Abstract: Systems and methods for adaptive attack resistant distributed symmetric cryptography are disclosed. A client computer may communicate with a number of cryptographic devices in order to encrypt or decrypt data. Each cryptographic device may possess multiple secret shares corresponding to distinct secret values, which may be used in the process of encrypting or decrypting data. The client computer may generate multiple commitments and transmit those commitments to the cryptographic devices. Each cryptographic device may generate a partial computation based on the commitments and their respective secret shares. The partial computations may be transmitted to the client computer. The client computer may use the partial computations to generate a cryptographic key. The client computer may use the cryptographic key to encrypt a message or decrypt ciphertext.

Abstract: A device which can be implemented on a single packaged integrated circuit or a multichip module comprises a plurality of non-volatile memory cells, and logic to use a physical unclonable function to produce a key and to store the key in a set of non-volatile memory cells in the plurality of non-volatile memory cells. The physical unclonable function can use entropy derived from non-volatile memory cells in the plurality of non-volatile memory cells to produce a key. Logic is described to disable changes to data in the set of non-volatile memory cells, and thereby freeze the key after it is stored in the set.

Abstract: Techniques are provided that validate a participant in a video conference. As a video conferencing system is remote from a video conference participant, and user devices are not trusted, traditional methods such as client side facial recognition are ineffective at validating a participant from a video conferencing system. Thus, the embodiments encode modulated data for projection onto a face of the participant. A video of the participant is then captured. The conferencing system then confirms that the modulated data is present in the captured video.

Abstract: A multiple-identity secure device (MISD) persistently may store an identification code. The identification code may be stored in an integral memory of the device, or on an interchangeable card received in a physical interface of the MISD. The MISD may generate one or more unique identities (e.g., network addresses) from the stored identification code. The generated identities may be dynamically generated or may be securely stored in the MISD for subsequent retrieval. The generated identities may generate in accordance with an addressing scheme, a global/network setting, or as determined from a received data transmission.

Abstract: Techniques are described for controlling a first device that operates in a first mode. In an example, the first device receives, while it is operating in a first mode, a secret from a second device. The first device is capable of wireless data reception and incapable of wireless data transmission in the first mode. The first device determines that the secret is valid. Based at least in part on the secret being valid, the first device performs at least one of: switching an operational mode of the first device from the first mode to a second mode, or performing, while operating in the first mode, a command indicated by the second device. The first device is capable of the wireless data transmission in the second mode.

Abstract: An information handling system includes a BIOS and a service processor. The BIOS may generate, during a POST, a secret key that includes a symmetric key and a HMAC key and transmits the secret key to the service processor via an high-speed communication interface. After the POST, the BIOS transmits an SMI message that includes an encrypted message and a first hash value of the encrypted message. The encrypted message is encrypted using the symmetric key and the first hash value of the encrypted message is calculated using the HMAC key. The service processor calculate a second hash value of encrypted message based on the HMAC key and verify the encrypted message by comparing the first hash value and the second hash value. After a successful verification, the service processor decrypts the encrypted message and transmits a response to the BIOS.

Abstract: A packet sending method includes generating, by a network device, a first packet, and sending the first packet. The first packet includes a first packet header, a second packet header, and protected data. The first packet header includes an indication field. The indication field indicates that the first packet includes the second packet header. The second packet header includes a type field. The type field indicates a first protection protocol. The protected data is protected by using the first protection protocol.

Abstract: A system and method of securing a computer system by controlling write access to a storage medium by monitoring an application; detecting an attempt by the application to write data to said storage medium; interrogating a rules database in response to said detection; and permitting or denying write access to the storage medium by the application in dependence on said interrogation.

Abstract: Disclosed herein are system, method, and computer program product embodiments for encryption key management. An embodiment operates by executing an initial non-backup instance of an application and generates a primary key using a cryptographic algorithm. The embodiment requests a customer to create a passphrase configured to encrypt and decrypt the primary key. The embodiment generates a derived key using a cryptographic algorithm and the customer passphrase as input. The embodiment then encrypts the primary key using the generated derived key and stores the encrypted primary key in a catalog.

Abstract: A document management system integrates with a video conference system to ensure that proper electronic witness procedure is performed for document validation. The document management system accesses a video conference between a user and an electronic witness, and then instructs the user to electronically sign the document while the electronic witness observes. The document management system receives confirmation that the electronic witness observed the video of the user electronically signing the document. The document management system combines and stores portions of the video conference that correspond to the electronic witness's validation of the document.

Abstract: A technique to protect a cloud database located at a database server and accessible from a database client. In this approach, a communication associated with a database session is intercepted. A hostname or network address associated with the communication is then evaluated to determine whether such information can be found in or otherwise derived from data in a database protocol packet associated with the database session. The information typically is placed there unavoidably by the cloud database client and normally cannot be spoofed by a process that does not understand or speak the proper database protocol semantics. Upon a mismatch, the database session is flagged as being potentially associated with a man-in-the-middle (MITM), in which case a given action may then be taken with respect to the database session that is then active. The technique provides for a MITM checkpoint in a cloud database service environment.

Abstract: In one implementation, a method for spatially designating private content. The method includes: presenting, via a display device, an indication of a private viewing region relative to a location of the computing system; determining a first location for presentation of graphical content; and presenting, via the display device, the graphical content at the first location. The method further includes: transmitting a characterization vector associated with the graphical content to at least one other device for display thereon according to a determination that the first location of the graphical content is outside of the private viewing area; and forgoing transmission of the characterization vector associated with the graphical content to the at least one other device according to a determination that the first location of the graphical content is inside of the private viewing area.

Abstract: An approach for privacy-preserving auditable accounts on blockchain networks. The approach may include encoding tokens associated with a blockchain network. The encoding may include data relating to the current epoch, where an epoch is a specific time range. The tokens may be received from a user for inspection by an auditing entity. The approach may include performing an audit check on the encoded tokens. If the audit check succeeds, the auditing entity may submit an audit transaction verifying the tokens were generated in the current epoch and making the tokens auditable for the next epoch.

Abstract: Techniques for authenticating industrial devices in an industrial automation environment are disclosed herein. In at least one implementation, a physical unclonable function response of an industrial device is extracted. The industrial device transmits a security certificate signed by a certificate authority that includes a device public key to a system, wherein the system validates the security certificate, encrypts an authentication challenge using the device public key, and transmits the authentication challenge to the industrial device. The industrial device generates a device private key using the physical unclonable function response and decrypts the authentication challenge using the device private key.

Abstract: Described herein are techniques for facilitating push provisioning of a user payment source into a user's digital wallet without the user having a physical card. The techniques allow an issuer to provide a button in an issuer's application for the user to simply push the button to request that the payment source be imported into a pay wallet or a merchant. In this way, the payment source information is “pushed” into the pay wallet. Using push provisioning, the user need not enter any physical card information. The described techniques generate a chain of trust that can be used to ensure that a user, through an issuer and using a gateway, authorizes a token service provider to provision the payment source into the pay wallet or merchant.

Abstract: Security functions for a memory corresponding to a smart security storage may be facilitated or executed through operation of utility application corresponding to a smart device. For example, encryption/decryption of data stored on the memory may be facilitated or executed by a security module under control of an access application corresponding to the smart device. Data securely stored on the memory may be explored and accessed by the smart device or a host computing device under control of the access application.

Abstract: A method includes operating a mobile device to establish a communications channel between the mobile device and a shared computing terminal. The shared computing terminal is accessible to a plurality of users other than a user of the mobile device. In response to authentication of the user of the mobile device with a remote computing device, the mobile device receives a code from the remote computing device. The mobile device provides the code to the shared computing terminal via the communications channel to enable the shared computing terminal to request a temporary access token from the remote computing device. The temporary access token is used by the shared computing terminal to launch a computing session with the remote computing device without transfer of a long-lived access token of the user from the mobile device to the shared computing terminal.

Abstract: Rapid verification of executing processes includes receiving a seed from a verification unit. A checksum is generated at least in part by using a processor. The processor is coupled to a hierarchical memory, the hierarchical memory comprising an instruction cache, a data cache, and a shared memory accessible by both the instruction cache and the data cache. The shared memory is configured to store an executing program. A size of at least one of the instruction cache and the data cache is insufficient to store the entire executing program. The checksum is transmitted to the verification unit.