Abstract: A method for authorized use of a projector, comprising the following steps: a projector encodes a license into a QR code and displays same by means of projection; a mobile terminal identifies the QR code to obtain the license and transmits the license and a local terminal identifier of the mobile terminal to a projector authorization server; the projector authorization service verifies the local terminal identifier and the license and generates verification information if the verification is successful, and transmits the verification information to the mobile terminal; the mobile terminal receives and displays the verification information; the projector receives the input verification information, locally verifies the verification information, and if the local verification is successful, obtains use authorization corresponding to authorization information.

Abstract: Embodiments provide a communication method and a related product. The method includes: After primary authentication between a core network and a user equipment succeeds, a network function entity in the core network assists a data network in performing secondary authentication between the data network and the user equipment if the secondary authentication further needs to be performed between the data network and the user equipment; the network function entity obtains an authentication result of the secondary authentication and a restriction condition of the secondary authentication from the data network; and the network function entity stores the authentication result and the restriction condition into the core network. The restriction condition may be introduced for the secondary authentication, to make it possible that the authentication result is properly restricted for use, and to lay a foundation for effective management of the authentication result of the secondary authentication.

Abstract: In a general aspect, risks associated with cryptography usage in network communication between computing nodes are identified. In some aspects, a network packet capture agent obtains cryptography usage data by examining network traffic communicated by computing nodes in the computing environment. A cryptography usage analysis agent identifies cryptography usage risks based on the cryptography usage data. A cryptographic risk identification agent identifies one or more applications associated with the cryptography usage risks.

Abstract: Computer-implemented methods, devices and computer programs are provided for integrity-preserving document processing. At a first layer, a first hash is generated over at least one first data object of a document and associated given random data. The first hash value is set as a leaf to an existing sparse hash tree (SHT). An updated root of the updated SHT is calculated. At a second layer, a current block is generated including a second hash value over at least the existing root of the existing SHT and at least one digital signature of the existing root of the existing SHT, at least one digital signature of at least the updated root of the updated SHT and the updated root of the updated SHT. A third hash value over current block is generated and, at a third layer, registered with a timestamp service or a blockchain.

Abstract: A single sign-on facility providing access across multiple application instances is described. The facility receives sign-in data from a user that includes a sign-in name and password. The facility generates a modified sign-in name by adding information identifying a particular application instance to the received sign-in name. The facility then acts on behalf of the user based upon the generated modified sign-in name and the received password.

Abstract: According to one embodiment, an electronic device includes a non-volatile memory; a controller that is electrically connected to the non-volatile memory and configured for accessibility to a memory space including a plurality of management areas in a host; at least one counter that is provided for each of the plurality of management areas and configured to increment a count value each time data is stored in the corresponding one of the plurality of management areas; and a circuit configured to generate a first value relating to integrity of the data for each management area based on the count value and the data. The controller is configured to store the data and the first value associated with the data.

Abstract: Methods and systems for selecting and delivering content are provided. More particularly, content can be delivered to an output device from a user device through a device adaptor, such as an over-the-top (OTT) device. The OTT device or devices available to the user device are determined by a communication server. In particular, the OTT device or devices available to the user device are limited to those OTT devices associated with an output device in the user's room, or that the user is otherwise authorized to access.

Abstract: Disclosed herein is a data storage device. A data port transmits data between a host computer system and the data storage device. A non-volatile storage medium stores encrypted user content data and a cryptography engine connected between the data port and the storage medium uses a cryptographic key to decrypt the encrypted user content data. The access controller generates a challenge for a manager device. The challenge comprises a blinded public key of an ephemeral unlock key pair that is blinded by an unlock blinding key. The challenge further comprises the unlock blinding key in encrypted form. The access controller further provides the challenge to the device to be authorized for sending the challenge to the manager device; receives a response to the challenge; decrypts the unlock blinding key and calculates a shared secret; and upon determining that the response indicates approval of registering the device, registers the device to be authorized as an authorized device.

Abstract: A technique uses a code image that is less likely to increase in size. A terminal decodes a code image to obtain a character string. The character string includes identification information to identify a communication apparatus without including a public key of the communication apparatus. The terminal obtains the public key of the communication apparatus using the identification information and performs a predetermined process to perform target communication with the communication apparatus using the obtained public key. The target communication establishes a wireless connection in accordance with a predetermined communication protocol between a pair of devices.

Abstract: A method for building an advanced storage key includes: storing, in a mobile device, at least (i) device information associated with the mobile device, (ii) program code associated with a first program including an instance identifier, and (iii) program code associated with a second program including a first key; generating a device fingerprint associated with the mobile device based on the device information via execution of the code associated with the first program; generating a random value via execution of the code associated with the first program; building a diversifier value based on the generated device fingerprint, the generated random value, and the instance identifier included in the code associated with the first program; and decrypting the built diversifier value using the first key stored in the code associated with the second program via execution of the code associated with the second program to obtain a storage key.

Abstract: A system for real-time authenticated obfuscation of electronic data provides real-time visual obfuscation of the data by transforming displayed data into undecipherable data when viewed by an unauthorized user while maintaining access for an authorized user. The system may further provide application-level obfuscation of electronic data via cryptographic keys such that only authorized applications may decrypt the encrypted data. In this way, the system provides secure access control of electronic data within a networked environment.

Abstract: System and techniques for capability discovery in an information centric network (ICN) are described herein. An ICN node receives a discovery packet that includes a discovery type corresponding to an indication of a node capability requested by a source node of the discovery packet. First capability data, from an intermediate node, is extracted from the discovery packet. The first capability data is stored locally by ICN node. Second capability data from the ICN node is added to the discovery packet to create an expanded discovery packet. The expanded discovery packet is then communicated by the ICN node.

Abstract: A computing system remotely trains a public ensemble model of an artificial intelligence model management system. The system receives, by the model management system, an encrypted representation of a private data value from a client system. The encrypted representation includes annotation information provided by the client system. The system determines, using the encrypted representation and the annotation information, a data value cluster that corresponds to the private data value. Data value clusters are generated using encrypted representations of a private data values provided by client systems. The system obtains, based on the assigned data value cluster, an encrypted representation of a model. The model is trained remotely by the client system using the private data value. The system adds the encrypted representation of the model to the public ensemble model. The public ensemble model is generated using a plurality of encrypted representations of models remotely trained by the client systems.

Abstract: An application program spans a plurality of digital social networks. The application program includes an inferred digital social network. Consent is obtained from a plurality of users of the digital social networks to participation in the inferred. digital social network. Information is automatically obtained from the digital social networks for the users, through a plurality of respective communication channels, which can be application program interfaces or covert or subliminal channels, The information includes link information between each of the users and other individuals in the digital social networks. The information is aggregated for the users to form the inferred digital social network, corresponding to a graph having nodes representing the users and the other individuals and having links between the nodes representing social relationships.

Abstract: A method for updating a software component. The method includes providing a first electronic device and a second electronic device that are connected in a first network, receiving update information for the second electronic device via the first electronic device, the update information being provided with a signature that is generated with the aid of a post-quantum algorithm (PQA) signature, checking the update information by validating the signature by the first electronic device, relaying the update information to the second electronic device if the update information is deemed to be valid, and updating a software component of the second electronic device using the update information.

Abstract: A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data, that may be communicated using multiple communications paths.

Abstract: Provided are a method and electronic device for storing a digital key. The electronic device includes: a communicator; a secure element configured to store a digital key and perform authentication related to the digital key; a memory storing a program and data for storing the digital key; and a processor configured to execute the program stored in the memory to perform authentication on a target device and a user of the electronic device by performing short range communication with the target device, generate the digital key for the target device, and store the generated digital key in one region of the secure element.

Abstract: A method for IPSec communication between a source machine and a destination machine is provided. The method includes receiving, at the destination machine, first and second packets from the source machine through first and second VPN tunnels established between a first VTI of the source machine and a second VTI of the destination machine; determining the first packet corresponds to a first SA and the second packet corresponds to a second SA; processing, by a first processing core, the first packet based on the first SA, and processing, by a second processing core, the second packet based on the second SA; and updating, at the second VTI, states of one or more flows based on the first and second packets, the second VTI providing one or more stateful services for the one or more packet flows based on the one or more states.

Abstract: An electronic signature service of a provider network may specify a virtual electronic signing device (ESD) to be used by user accounts (e.g., retail sales businesses) to generate digital signatures for documents (e.g., sales receipts). The electronic signature service may establish an isolated virtual network (IVN) on behalf of the client (e.g., taxing authority or other entity), which is managed by the client via a client interface. The electronic signature service may instantiate, on behalf of a user account, an ESD compute instance based on the virtual ESD specification. In response to receiving a request for a digital signature of a document, the ESD compute instance generates a digital signature based on the document and sends the digital signature to the user account. The service may store the signature and associated document data, which can subsequently be used for auditing (e.g., tax auditing).

Abstract: Techniques are disclosed for exchanging digital gaming currency directly between an online service system platform and an online gaming system platform. Various techniques disclosed describe integration of the online service system platform with the online gaming system platform and linking user accounts between the platforms. Integrating the online service system platform with the online gaming system platform and linking user accounts between the platforms allows for direct transferring of digital gaming currency between user accounts located in the online service system platform. Additionally, digital gaming currency may be directly deposited into a user's account on the online gaming system platform from the online service system platform.

Abstract: Embodiments of the present invention provide a system for establishing a secure session to authenticate DNS requests via dynamically configurable trusted network interface controllers. The system is configured for receiving a DNS request from a first device, wherein the DNS request comprises a unique authentication package, wherein the unique authentication package comprises encrypted data, in response to receiving the DNS request, initiating a handshaking protocol with the first device, establishing a handshaking session with the first device based on the encrypted data using the handshaking protocol, receiving a query associated with the DNS request, wherein the query is generated using a handshaking algorithm associated with the handshaking protocol, and performing at least one action in response to receiving the query.

Abstract: Spending digital currency without owning digital currency may be facilitated. The user may use a software application running on the user's computing platform to scan a digital currency public address quick-response code (QR), or a near-field-communication (NFC) based public address. The user may be prompted to swipe-to-authenticate the transaction. The user may authenticate the transaction by fingerprint-swiping a biometric-enabled transitory password authentication device. The biometric-enabled transitory password authentication device may transmit an encrypted transitory password a server via the user's computing platform. Upon receiving and verifying the transaction, the server may send an amount of digital currency to the target address on behalf of the user. The server may charge the user's debit card an equivalent amount of sovereign currency.

Abstract: A signature verification system includes a signature generation server, a signature verification server, and a verification key management server that are connected to one another via a communication network. The signature generation server includes: reporting means for, when a signing key and a verification key are generated by a publisher, reporting the verification key and publisher identification information that identifies the publisher to the verification key management server; and signature generation means for signing a bid request issued by the publisher with use of the signing key. The verification key management server includes: registration means for registering the publisher identification information and the verification key that were reported by the reporting means in a storage unit in association with information that enables specifying a version of the verification key.

Abstract: A peripheral device package for use in a host computing device has a plurality of compute elements and a plurality of resources shared by the plurality of compute elements. A datastructure is stored in a hidden memory of the peripheral device package. The data structure holds metadata about ownership of resources of the peripheral device package by a plurality of user runtime processes of the host computing device which use the compute elements. At least one of the user runtime processes is a secure user runtime process. The peripheral device package has a command processor configured to use the datastructure to enforce isolation of the resources used by the secure user runtime process.

Abstract: Self-provisioning a computer system is illustrated. Code in a secure base activation image implements an auto-connection service at the computer system. The auto-connection service attempts to perform a local activation by attempting to determine that a private port is open and using the private port, initiating an identification and attestation process with an activation service. The auto-connection service performs a remote activation by determining that the private port is closed, defaulting activation to a public port, and using the public port, initiating an identification and attestation process with the activation service.

Abstract: The present invention provides an encrypting device including an encryption unit and a communications unit. Paired encrypting devices allow for communication of trusted data between trusted devices over an untrusted network. Data received by the encryption unit is encrypted and provided with a connectionless header for delivery to the communications unit. Data received by the communications units is provided with a complex header for delivery to the paired encrypting device. The encrypting devices may be implemented in hardware or may be virtualized on a server or a plurality of severs. Arrangement of the encrypting devices in a hub-and-spoke topology allows for communication amongst a plurality of trusted devices. The encrypting devices can be used to covert commercially available equipment suitable for high assurance environments.

Abstract: Implementations efficiently verify an identity claim for an entity. An example method includes receiving a query key and a property identifying an entity and identifying a possible match for the property from graph access records, the possible match being a node in an identity chain. The method also includes verifying a complete chain from the possible match to a genesis node in the chain. The query key is used to find a next node in the chain. Failure to identify the genesis node results in an unsuccessful verification. The method also includes generating a response that indicates a successful verification request responsive to locating the genesis node and generating a response that indicates an unsuccessful verification request otherwise.

Abstract: Apparatuses, methods, and systems pertaining to the verification of portable consumer devices are disclosed. In one implementation, a verification token is communicatively coupled to a computer by a USB connection so as to use the computer's networking facilities. The verification token reads identification information from a user's portable consumer device (e.g., credit card) and sends the information to a validation entry over a communications network using the computer's networking facilities. The validation entity applies one or more validation tests to the information that it receives from the verification token. If a selected number of tests are passed, the validation entity sends a device verification value to the verification token, and optionally to a payment processing network. The verification token may enter the device verification value into a CVV field of a web page appearing on the computer's display, or may display the value to the user using the computer's display.

Abstract: A method for protecting individual data elements within an unstructured dataset includes identifying a data element within the unstructured dataset requiring access control, encrypting the data element within the unstructured dataset, storing a decryption key and access control information corresponding to the dataset at an access controller, and cryptographically binding the encrypted data element to metadata that identifies the access controller. The method may additionally include detecting an access attempt to the dataset, and determining whether the access attempt is acceptable according to the access control information. If the access attempt is acceptable, the method may further include allowing the access attempt. If the access attempt is not acceptable, the method may further include denying the access attempt.

Abstract: A core set of nodes of a graph representing a network of devices is identified, a node of the graph representing a device in the network of devices, an edge of the graph representing an ability to transmit data between two devices represented by corresponding nodes of the graph. A device represented by a node more than one hop from any node in the core set of nodes of the graph is removed from the network of devices, the removing resulting in a validated network of devices. Using a number of devices in the validated network of devices, a number of security keys in use in the validated network is validated. A device in the validated network is caused to perform a task.

Abstract: This disclosure is directed to devices, systems, and techniques for establishing a secure connection between two or more devices. In some examples, a device is configured for wireless communication. The device comprises signal reception circuitry configured to receive communications transmitted according to at least a first communication protocol, communication circuitry configured for wireless communication according to at least a second communication protocol, and processing circuitry electrically coupled to the signal reception circuitry and the communication circuitry. The processing circuitry is configured to receive, via the signal reception circuitry, a first signal according to the first communication protocol. In response to receiving the first signal, the processing circuitry is further configured to transmit, via the communication circuitry, a second signal according to the second communication protocol and establish a secure link according to the second communication protocol.

Abstract: Features are disclosed for the validation of an image and the verification of the validation of a validated image. A computing device can receive a request to validate an image. The computing device can validate the image and generate a validated image. The computing device may embed a signed token in the validated image. The signed token may include a digital certificate associated with a publisher of the image, a hash of a portion of the image, and metadata associated with the image. The computing device may store the hash of the portion of the image on a blockchain and provide the validated image. A client computing device may verify the validation of the validated image using the digital certificate, the hash of the portion of the image stored in the signed token, the hash of the portion of the image stored on the blockchain, and the metadata.

Abstract: Embodiments of the present application disclose a method and a device for loading module of virtual reality equipment based on PC terminal. The virtual reality equipment is in communication connection with the PC terminal, and comprises a plurality of functional devices and functional modules corresponding to the functional devices; and the PC terminal comprises experience modules corresponding to the functional devices.

Abstract: Provided is a device establishing a security session for a vehicle-to-everything (V2X) service. The device transmits a ping request message requesting establishment of the security session to a V2X server. The ping request message includes a certificate based on the Institute of Electrical and Electronics Engineers (IEEE) 1609.2 and a session identifier (ID) for the security session. The device receives, from the V2X server, a ping response message as a response to the ping request message.

Abstract: Techniques and apparatus for protecting sequence numbers used in authentication procedures are described. One technique includes receiving, from a network, an authentication request comprising at least a random challenge. After receipt of the authentication request, a synchronization parameter is generated based at least in part on a key shared by the network and the UE, the random challenge, and a first message authentication code (MAC). The synchronization parameter and the first MAC are transmitted to the network in response to the authentication request.

Abstract: Provided is a process that affords out-of-band authentication for confirmation of physical access or when a device utilized for out-of-band authentication lacks connectivity to a network. An asymmetric cryptographic key-pair is established, a first device obtaining a key operable to decrypt data. A remote server obtaining a key operable to encrypt data and associating that key with an identifier of an identity or account associated with a user. An access attempt from the second device is received in association with the identifier of the identity associated with the user. A notification including data encrypted by the encryption key is generated by the remote server and transmitted to the second device. The first device obtains the notification data from the second device and decrypts the data to determine a notification response which is returned to the remote server for verification to permit or deny the access attempt of the second device.

Abstract: A network node is adapted to wirelessly receive content data from remote wireless devices if they have been provisioned to the network node via provisioning data. The network node includes a memory for storing first provisioning data, a transceiver adapted to transmit a portion of the first provisioning data for receipt and storage by a second node, receive a portion of second provisioning data stored in the second node, communicate with a remote cloud based source of provisioning data, transmit content data communicated to the first node by a wireless device to a remote data store, and a programmable processor. The processor determines whether a detected device has or has not been formerly provisioned with the first node. If the detected device has not been formerly provisioned with the first node, and if provisioning data for the detected device is not available in the first or the second provisioning data, provisioning data for the detected device is obtained from the remote cloud based source.

Abstract: Systems, apparatuses and methods may provide for infrastructure node technology that conducts a mutual authentication with a vehicle and verifies, if the mutual authentication is successful, location information received from the vehicle. The infrastructure node technology may also send a token to the vehicle if the location information is verified, wherein the token includes an attestation that the vehicle was present in a location associated with the location information at a specified moment in time. Additionally, vehicle technology may conduct a mutual authentication with an infrastructure node and send, if the mutual authentication is successful, location information to the infrastructure node. The vehicle technology may also receive a token from the infrastructure node.

Abstract: A first party uses a secret key to encrypt information, which is then sent through an untrusted connection to a second party. The second party, however, cannot decrypt the information on its own, and it relays the encrypted information through a secure network. The secure network includes one or more nodes linking the first and second parties through one or more trusted connections (“hops”); each hop features uses of a shared secret key unique to that hop. The first party's connection to the network (domain) receives the information relayed through the secure network by the second party, it decrypts that information according to the secret key of the first party, and it then retransmits the decrypted information to the second party using the secure hops. Techniques are provided for sharing a private session key, federated credentials, and private information.

Abstract: Methods and systems for selectively encrypting commit log entries in a distributed database system are described. One example method includes determining that a commit log for a particular server in the distributed database system is to be updated based on a data operation performed on a tablet managed by the server, the tablet including at least a portion of the data from a table in the distributed database system, and wherein the data from the table is stored in multiple tablets; determining that the tablet managed by the particular server is an encrypted tablet; in response to determining that the tablet is an encrypted tablet, generating an encrypted log entry representing the data operation performed on the tablet including an encrypted payload including information representing the data operation and an unencrypted header including information about the encrypted log entry; and updating the commit log to include the encrypted log entry.

Abstract: Aspects of the subject disclosure may include, for example, a device including a processing system including a processor; and a memory that stores executable instructions that, when executed by the processing system, facilitate performance of operations of: receiving domain name system (DNS) record changes; identifying errors from the DNS record changes; discarding the DNS record changes responsive to the errors identified; scheduling the DNS record changes responsive to a lack of errors identified; translating the DNS record changes into protocol specific formats; and provisioning the protocol specific formats of the translated DNS record changes. Other embodiments are disclosed.

Abstract: A file selection user interface (UI) includes a navigation area and a holding area. The navigation area enables a user to navigate between storage locations provided by the file hosting service. Visual representations of files stored by the file hosting service are displayed in the navigation area. The holding area provides a temporary storage area for files upon which one or more operations are to be performed. A user might provide input that causes visual representations of files shown in the navigation area to be added to the holding area. Once the desired files have been added to the holding area, the user may provide user input requesting that the file hosting service perform one or more operations on the files represented in the holding area. In response thereto, the file hosting service can cause the requested operations to be performed on the files represented in the holding area.

Abstract: This application provides a key information synchronization method and system, and a device, and relates to the field of communications technologies. The method includes: A terminal sends a first public key of the terminal to an IoT device; the terminal obtains a second public key of the IoT device from the IoT device; the terminal sends first key information to a hub device, where the first key information includes a first private key of the terminal, the first public key, and the second public key; the hub device uses the first private key and the first public key in the first key information as a key pair of the hub device; and the hub device performs encrypted interaction with the IoT device by using the first key information.

Abstract: Embodiments provide a communication method and a related product. The method includes: After primary authentication between a core network and a user equipment succeeds, a network function entity in the core network assists a data network in performing secondary authentication between the data network and the user equipment if the secondary authentication further needs to be performed between the data network and the user equipment; the network function entity obtains an authentication result of the secondary authentication and a restriction condition of the secondary authentication from the data network; and the network function entity stores the authentication result and the restriction condition into the core network. The restriction condition may be introduced for the secondary authentication, to make it possible that the authentication result is properly restricted for use, and to lay a foundation for effective management of the authentication result of the secondary authentication.

Abstract: An authentication and encryption computer system is disclosed including processing devices, a network interface, and a data store. The authentication and encryption system is configured to maintain in the data store content common to a plurality of entities and content independently specified by each of the plurality of entities. The system is configured to receive a content request from an application executing on a mobile device, the content request comprising a secure access code corresponding to an entity, and the content request encrypted by the mobile device. An interface, comprising the content common to the plurality of entities, is customized to include content independently specified by the entity, wherein the content independently specified by the entity comprises a token value. A user request for an item presented via the interface is received and the token value is transferred to the entity.

Abstract: A system described herein may maintain information associating one or more tokens to one or more network slices associated with a network. The system may receive a request, from an application executing at a User Equipment (“UE”), for communication session information, where the request includes a particular token. The system may identify a particular network slice associated with the particular token based on the information associating the one or more tokens to the one or more network slices. The system may receive communication session information, associated with the particular network slice, from the network, and may provide the communication session information to the application. The application may use the communication session information to communicate with the network via the particular network slice. The application may use such communication session information without providing an application identifier to the network.

Abstract: A variety of techniques are disclosed for detection of advanced persistent threats and similar malware. In one aspect, the detection of certain network traffic at a gateway is used to trigger a query of an originating endpoint, which can use internal logs to identify a local process that is sourcing the network traffic. In another aspect, an endpoint is configured to periodically generate and transmit a secure heartbeat, so that an interruption of the heartbeat can be used to signal the possible presence of malware. In another aspect, other information such as local and global reputation information is used to provide context for more accurate malware detection.

Abstract: Data reads and related data reading processes are described. An example data read method includes: receiving a data read request, the data read request being aimed at target node data stored in a target node of a B+ tree; acquiring node location information, the node location information indicating a storage location of node data in a node data set of the B+ tree, and the node data set including the target node data; and determining a target storage location of the target node data. Beneficially, data stored in the B+ tree can be read and updated efficiently while reducing computing overhead.

Abstract: Provided is a database multi-authentication method and system, a terminal, and a storage medium. The method comprises: initializing a hardware authentication certificate carrier by means of a programming interface, and storing a public key of the hardware authentication certificate carrier and a user certificate public name; taking the user certificate public name as a database user name, and generating a standard message digest value; receiving an authentication request sent from a client, and returning an initial random number to the client; receiving a signature random number sent from the client, and using the public key to decrypt the signature random number to obtain a random number; in response to determining that the random number is consistent with the initial random number, acquiring an message digest value, and in response to determining that the message digest value is consistent with the standard message digest value, determining that the client passes the authentication.

Abstract: A method for solving a problem and a system thereof are provided. The method includes displaying, by a first terminal device, an embedding content search interface, which is included in a content authoring user interface for creating target content to be transmitted, displaying, by the first terminal device, an indicator of embedding content, determined by user input via the embedding content search interface, in an editing area in the content authoring user interface, transmitting, by the first terminal device, a body of the target content and metadata of the embedding content in response to receipt of input for a “Send” button in the content authoring user interface, and displaying, by a second terminal device, received content with the embedding content embedded therein, wherein the embedding content is embedded in the body of the target content by a server system.