Abstract: Methods and systems for supporting trusted communication between nodes from different blockchains are provided. The method comprises using a bootstrapping service for bootstrapping trust among blockchains of a group of federated blockchains. The bootstrapping service records security parameters of the federated blockchains. The security parameters include information on consensus configurations of the federated blockchains.

Abstract: A digital content distribution system uses a Digital Rights Management Controller that performs a set of arbitrary tests against the transfer request from one user to another such as user A to user B. Assuming these tests are successful, the DRM sends an encryption key to transferring user A. This encryption key E is taken from a table of encryption key/hash pairs which have been provided to the DRM Controller by an external authority such as the content rights holder. User A encrypts the content using they key provided by the DRM controller and then optionally calculates a hash over the encrypted form of the content E(X) and returns this value to the DRM Controller. On checking the returned hash against the hash from the table the DRM controller knows that user A does indeed have the digital content X in good condition. The DRM Controller then instructs both users A and B that the transfer may proceed. The encrypted form of the content E(X) is transferred from A to B.

Abstract: A server device includes a memory; and a processor configured to execute instructions stored on the memory to cause the server device to obtain unique data associated with a network device, store, into the memory, at least one of a first key and a first seed, the first key being associated with the network device and being based on the unique data, the first seed being associated with the network device, being based on the unique data, and for use to create a second key, obtain user information identifying a user to be associated with the network device, store, into the memory, the association of the user with the network device, obtain service provider information identifying a first service provider to provide service to the user via the network device, and store, into the memory, the association of the first service provider with the network device.

Abstract: The disclosure relates to an electronic device for generating a mnemonic phrase of a private key and an operation method in the electronic device. The electronic device may comprise a memory, a display module, and at least one processor electrically connected with the memory and the display module. The at least one processor may be configured to generate a private key and a public key, generate a first mnemonic phrase including a designated first number of words based on a structure of the private key, identify a user phrase input by a user, generate a second mnemonic phrase including a second number of words identified based on a security level obtained by analyzing the user phrase, and control the display module to display the generated second mnemonic phrase. Other embodiments are possible.

Abstract: A method of providing authentication at a communication device is provided. A primary authentication is run with a Trusted Non-3GPP Gateway Function TNGF node to obtain a TNGF Key (KTNGF). A re-authentication Root Key (rRK) is provided based on the TNGF key. A re-authentication Master Session Key (rMSK1) is derived based on the re-authentication Root Key. A security setup is performed with a Trusted Non-3GPP Access Point TNAP using the re-authentication Master Session Key. Related methods of performing authentication using a Trusted Non-3-GPP Gateway Function are also discussed.

Abstract: A method and a system for controlled usage of a laboratory glassware 123 comprises defining the usage control of the laboratory glassware 123, at a remote server 130, by receiving a first information from a computing device 120, and thereby generating a virtual stamp associated with the laboratory glassware 123. The first information is received over a communication link 160 from the computing device 120 by scanning a QR code associated with the glassware 123 using a scanning module 210 of the computing device 120. The remote server 130 allows an authorized user to define the usage control information in the virtual stamp for the controlled usage of the glassware 123.

Abstract: The techniques herein are directed generally to personalized secure communication session management, such as for virtual private networks (VPNs). In one embodiment, a user is authenticated at a client device to verify that the user is present at the client device and authorized to access one or more secured resources, and in response, a secure communication session is established for the client device to access the secured resources. At a later time during the secure communication session, it is determined whether the user is still authenticated at the client device, such that if so, access to the one or more secured resources is maintained on the secure communication session, or else access is restricted to the one or more secured resources (e.g., the session is terminated, or access is otherwise limited).

Abstract: Methods and systems for storing data are disclosed. To store data, transactions may be generated and sent to a storage system. Hashes of the transaction may also be generated and distributed to ledger agents of a distributed ledger system. The hashes of the transaction may be used by the storage system to verify integrity of the transaction. To establish trust in the ledger agents, the storage system may require that the hashes of the transaction be signed with a private key. The private key may be protected with multiple protection mechanisms.

Abstract: A wireless communication system includes an external provider subsystem and an electronic network subsystem in operable communication with the external provider subsystem. The electronic network subsystem is configured to provide a first microservice and a second microservice different from the first microservice. The wireless communication system further includes an in-home subsystem (i) separate from the external provider subsystem, (ii) in operable communication with the electronic network subsystem, and (iii) including a first micronet and a second micronet different from the first micronet. The first micronet is configured to operably interact with the first microservice, and the second micronet is configured to operably interact with the second microservice. The wireless communication system further includes at least one electronic device configured to operably connect with one of the first micronet and the second micronet.

Abstract: A key filling method includes transmitting first filling information to a server, the first filling information indicates to a security chip a filling permission of an electronic device; obtaining second filling information that includes a verification public key generated by the server. In accordance with a determination that the electronic device has the filling permission based on the first filling information, the second filling information comprises filling information transmitted by the server to the electronic device; and filling the verification public key into the security chip, the verification public key being used for encrypting information, and a verification private key corresponding to the verification public key being used for decrypting the encrypted information.

Abstract: Aspects of the present disclosure provide systems, methods, apparatus, and computer-readable storage media that support improved watermarking and fingerprinting of a shared dataset. To illustrate, clustering may be performed on the dataset using initial clustering parameters (e.g., a secret key) to assign each record (e.g., attribute) of the dataset to one of multiple clusters. The secret key may be selected by a user or determined automatically based on the clustering algorithm. After the clustering, the records of each cluster may be selected for embedding a portion of fingerprint data based on one or more security parameters (e.g., a hash function, priority values, even/or selection, etc.). The selected records (or portions thereof) may be replaced with corresponding portions of the fingerprint data to embed the fingerprint data within different records as watermarking. Aspects also include analyzing a dataset to verify whether watermarking is present and to extract a fingerprint.

Abstract: A method for data processing, a readable medium, and an electronic device are provided. The method for data processing includes: receiving a data processing task; determining target data corresponding to the data processing task and a target first key corresponding to the target data; decrypting the target first key according to the first session key via a target computing node to obtain the first key, and decrypting the target data based on the first key to obtain the data to be processed; and determining a data processing result according to a target model and the data to be processed. The target computing node is executed in a trusted execution environment. The target model is obtained by decrypting an encrypted target model based on a model key, the model key is stored in a key management service, and the key management service is executed in the trusted execution environment.

Abstract: A setting system performs setting required for causing a field device to perform a predetermined operation on the field device. The setting system includes a server apparatus configured to provide device setting data in which identification information of the field device and setting data to be set in the field device are associated with other, and an input/output device that is a device interposed between the field device and a control device controlling the field device. In a case in which connection between the input/output device and the field device has been established, the input/output device is configured to perform the setting of the field device by transmitting, to the field device, the setting data associated with the identification information of the field device with which the connection has been established out of the device setting data provided from the server apparatus.

Abstract: In various embodiments, once the client registers onto the system, a third party (a “requestor”) may transmit a request to the client for the client to provide the requestor with access to the client data. In at least one embodiment, a requestor may be an entity or person that desires to utilize client data for the requestor's business purposes. In one embodiment, upon registration with the application, the system generates and assigns the requestor a requestor key. In one or more embodiments, the system transmits the requestor key along with each requestor request. In some embodiments, the client may accept or reject the requestor's request. In many embodiments, if the client accepts the requestor's request, the system grants the requestor access to the client data.

Abstract: In a method for controlling access to an instrument (110) that is coupled to an interlock (112) device that controls access to the instrument (110), in which a user time-based one-time password that is unique to each user or project is periodically generated (312). A set of instrument time-based one-time passwords that correspond to each user time-based one-time password for the instrument is periodically generated (320). The set of instrument time-based one-time passwords is stored in the interlock device. The user time-based one-time password is received from a user (316). Only when the user time-based one-time password received from the user corresponds to one of the set of instrument time-based one-time passwords that is stored by the interlock device (326) then the interlock device is instructed to allow access to the instrument by the user (328). Parameters relating to use of the instrument by the user are recorded.

Abstract: Aspects of the present disclosure are directed to obscuring objects in data streams using machine learning. A data stream captured at a client device associated with a principal user (e.g., video stream, artificial reality session, and the like) can be processed to recognize objects in the stream. Based on user preferences that define object sharing rules, one or more of the recognized objects can be obscured from the data stream. For example, when the principal user's data stream is displayed to the participant users, such as during a video conference, objects in the principal user's data stream can be obscured according to the object sharing rules. Different groups of object sharing rules (e.g., profiles) can be used for different participant users or session types. Machine learning can be used to learn trends and predict a profile for use with a current or future shared streaming data session.

Abstract: A secure cloud-based node-locking service with built-in attack detection to eliminate fuzzing, cloning and other attacks is disclosed. White-box base files are securely stored on the cloud service and are not vulnerable to accidental leakage. A secure cloud-based dynamic secret encoding service reduces the risk of exposure of unprotected secrets and other sensitive data.

Abstract: This disclosure relates to, among other things, key generation systems and methods. Certain embodiments disclosed herein provide for generation of cryptographic keys based on one or more defined key generation rules. Key generation consistent with various aspects of the disclosed embodiments may increase the difficultly and/or cost of producing public keys and, by extension, discourage the generation of fake keys used in connection with a key flooding attack. In certain embodiments, generated keys and/or associated key generation rules may depend, at least in part, on associated binding data.

Abstract: A method, system and apparatus are disclosed. According to some embodiments, an assistant network node configured to communicate with a proxy network node is provided. The assistant network node includes processing circuitry configured to receive, over an internet, a request message associated with a digital assistant device where the request message inquires about a voicemail function of a voicemail system related to a user of a fixed or cellular network, access the voicemail system based at least in part on the request message where the accessing of the voicemail system is performed without establishing a voice channel in the fixed or cellular network, and return a response message to the digital assistant device over the internet based at least in part on the access of the voicemail system in the fixed or cellular network.

Abstract: There is provided an apparatus comprising means for: receiving, from a requesting service and/or from a network function, an indication of security credentials for a selected service agent; and transmitting the security credentials to the selected service agent as part of a service request from the requesting service.

Abstract: A method for confidentially querying the presence of a record in a database hosted by a server, the records being stored in the database in the form of digital footprints obtained by hashing a record by a public hash function. The footprints are masked by a stream cipher using a symmetric key of a first user. The first user may grant a second user authorisation to query the database by transmitting the inverse masks of various rows, encrypted by the public key of an additive homomorphic cryptosystem of the second user. The rows of the database are unmasked in the homomorphic domain and the second user transmits an encrypted request to query the base according to a PIR protocol. The second user can decrypt the response from the server using the private key of their homomorphic cryptosystem and determine whether the footprint sought is present in the response thus decrypted.

Abstract: Turning now to the drawings, systems and methods for transferring funds in accordance with embodiments of the invention are illustrated. In one embodiment, a method for conducting peer-to-peer transfers includes obtaining a cash-out request data using a fund transfer server system, wherein the cash-out request data includes target account data and fund data, the target account data includes metadata identifying a consumer account and specifies an account to which funds will be provided, and the fund data describes the funds to be provided in response to redeeming the cash-out request, generating a cash-out code based on cash-out request data using the fund transfer server system, providing the cash-out code using the fund transfer server system, obtaining cash-out code redemption data using the fund transfer server system, wherein the cash-out code redemption data identifies the provided cash-out code, and transmitting a request to provide the funds described by the fund data.

Abstract: The invention relates to systems, methods, network devices, and machine-readable media for improved constructions of public-key functional encryption schemes for quadratic functions. In particular, the present disclosure relates to a new functional encryption scheme to compute quadratic functions so that the data owner controls what can be computed but is not involved in the calculation, and generates a decryption key which allows one to learn a quadratic function evaluation of some encrypted data.

Abstract: A verifiable credential verifying apparatus and method are disclosed. The verifiable credential verifying method of the verifiable credential verifying apparatus, according to an embodiment of the present disclosure, comprises the steps of receiving, by the verifiable credential verifying apparatus, a verifiable credential verification request for receiving approval of using a service provided by a service provider from a first terminal of a service user, verifying verifiable credential of the first terminal by using first verifiable credential of the first terminal, which has been received according to the verifiable credential verification request, and second verifiable credential pre-registered by the first terminal in the verifiable credential verifying apparatus; and transmitting a result of verifying the verifiable credential of the first terminal to the first terminal and a second terminal of the service provider.

Abstract: Techniques are described for providing secure audio calls between a calling party and a receiving party. Upon receiving a call request from a call initiating party, a notification is sent to the intended call recipient. The call recipient can send a request for a secure call. Upon receiving the request for a secure call, a bi-directional multifactor authentication is performed to authenticate the identity of both the call initiating party and the call receiving party. In response to successfully authenticating both parties, a secure call between the parties is established. One or more secure key tokens or other metadata can be embedded in the call to ensure security of the call.

Abstract: When a second operation to simultaneously update component data D12 to component data D13 and update component data D21 to component data D22 is performed, a controller of a client server creates a record RA3 including a hash value of the component data D13 in a distributed ledger which is a first proof chain and creates a record RB2 including a hash value of the component data D22 in a distributed ledger which is a second proof chain. The controller generates a terminal hash value including a record hash value of the record RA3 and a record hash value of the record RB2 and obtains a time stamp token for the terminal hash value.

Abstract: A system for protecting public-facing computing assets of an organization includes a correlation system and security appliances. Public-facing computing assets of the organization are discovered as being accessible from the Internet. The security appliances monitor network traffic between monitored computing assets of the organization and clients on the Internet. The correlation system correlates certificate information of digital certificates of the monitored computing assets with certificate information of digital certificates of the discovered public-facing computing assets to identify an unprotected computing asset.

Abstract: According to embodiments, a global identity (ID) is generated by receiving a plurality of documents which, in total, only a particular person has ready access, and assigning a global ID to actual name of the particular person. Registration on the blockchain gives others a way to verify that a transaction was signed by the person and sent from the person's personal electronic device by transmitting a challenge message to the person as a digital challenge, and verifying that the person possesses a corresponding private key by responding with an encrypted message that can be decrypted to display the original message.

Abstract: An app is supplied to user devices. The app provides shared device cards to digital wallets of the user devices. The shared device cards supply entity-specific authentication configuration settings to a shared document processing device. The shared document processing device receives user credentials and uses the entity-specific authentication configuration settings to supply (through a computerized network) the user credentials to entity-specific authentication servers specified in the entity-specific authentication configuration settings. In response, the shared document processing device receives approval/denial for a user to access the shared document processing device from the entity-specific authentication servers. Different shared device cards have different entity-specific authentication configuration settings that correspond to only one of the entity-specific authentication servers, limiting each of the shared device cards to use with a single authentication server.

Abstract: A method comprises a token requestor computer transmitting a first authorization request message comprising a token and first cryptogram for authorization of an interaction to a server computer. The token requestor computer receives a first authorization response message comprising a response code from the server computer, then generates a cryptogram request message comprising the token or a token identifier and the response code. The token requestor computer transmits the cryptogram request message to a token provider computer, which generates a second cryptogram. The token requestor computer receives the second cryptogram and credential and generates a second authorization request message comprising the second cryptogram and the credential. The token requestor computer transmits the second authorization request message to the server computer. A second authorization response message is received from the server computer in response to the second authorization request message.

Abstract: Techniques are described for embedded device based fingerprint signing and public ledger registering management. A digital fingerprint associated with media content can be identified. An embedded integrated circuit (IC) of the computing device can be utilized to store security data associated with the media content. The security data can include at least one digital certificate. The at least one digital certificate can include a device certificate utilized to generate a cryptographic signature associated with the metadata and the digital fingerprint. A file can be generated and registered with a public ledger. The file can include the digital fingerprint, the metadata, the at least one certificate, and the cryptographic signature.

Abstract: Method of providing anonymized data comprises: first server connected to first data source generates shared encryption key and receives, from networked location, first message comprising first encrypted identifier that it is unable to decrypt. The first server generates shared encryption key and generates, from the first data source, first dataset that may include data corresponding to the first encrypted identifier, and returns it to the networked location. To generate the first dataset, the first server obtains, from the first data source, set of at least one local unencrypted identifier. For each local unencrypted identifier, it verifies, using the shared encryption key, the first encrypted identifier against the local unencrypted identifier to obtain successful or failed verification. If the verification is successful, it obtains, from the first data source, first corresponding data that is associated with the local unencrypted identifier, wherein the first dataset comprises this first corresponding data.

Abstract: A virtual network system for a computer network is provided. The system includes a first host executing a virtual network function manager. The system also includes a second host executing a management virtual machine. The management virtual machine is in communication with the virtual network function manager and with one or more virtual network function component instantiations. The management virtual machine is programmed to route messages between the one or more virtual network function component instantiations and the virtual network function manager.

Abstract: In some implementations, a server device may receive, from a first device, a credential and a request to access a resource. The server device may transmit, to a second device associated with the credential, an image that includes a first symbol composed of a set of elements. The server device may receive, from the first device, information associated with a second symbol formed via user interaction with a user interface of the first device. The second symbol may be formed by dragging elements, presented via the user interface, to an area of the user interface in which the second symbol is to be formed, or drawing elements in the area of the user interface in which the second symbol is to be formed. The server device may grant or denying access to the resource based on the first symbol and the information associated with the second symbol.

Abstract: Disclosed are various embodiments for controlling access to resources by a client device. Methods may include receiving a user request to access a resource on the device and determining whether the resource requires a facial capture. If the resource requires a facial capture, a camera of the device may be automatically activated to capture an image and the resource may be rendered on the device. In some cases, access to the resource may be limited based on whether the image includes a face or not. A record associating the image and the requested resource may be stored, for example, on the device or on a remote server.

Abstract: A method and apparatus of a device that endorses a proximity authorization for an authorization requesting device is described. In an exemplary embodiment, the device receives a proximity authorization request from the authorization requesting device, wherein the authorization requesting device is in proximity with the authorization endorsing device. The device additionally presents a local authorization request to a user of the authorization endorsing device and receives a set of user credentials for the local authorization request. The device further performs a local authorization on the device using at least the set of user credentials. In addition, the device sends a server authorization request to an identity management server, receives an authorization response from the identity management server, and returns the authorization response.

Abstract: An electronic device according to an embodiment of the disclosure includes a communication circuit, a memory, and a processor configured to be operatively connected to the communication circuit and the memory. The processor may be configured to control the communication circuit to perform wireless communication through a first access point, to search for another access point while performing communication through the first access point, and attempt to connect to a candidate access point selected based on a block list stored in the memory, and to store, when a designated event occurs while attempting to connect to the candidate access point, a recovery condition configured according to a type of the designated event together with identification information of the candidate access point in the block list.

Abstract: A computer-implemented method, computer program product and computing system for: a computer-implemented method is executed on a computing device and includes: rendering a threat mitigation user interface that identifies objects within a computing platform in response to a security event; rendering an inspection window that defines object information concerning a selected object within the threat mitigation user interface; and enabling a third-party to effectuate a specific targeted action that is based, at least in part, upon the object information defined within the inspection window.

Abstract: A system includes a memory and a processor. The memory stores a baseline record associated with a device, which includes a set of parameters that were extracted from the device. The processor receives a request from the device to initiate a communication. In response to receiving the request to initiate the communication, the processor determines that an update to the device has modified the set of parameters of the device. In response to determining that that the update has modified the set of parameters, the processor extracts the modified set of parameters from the device, and stores a new record associated with the device in the memory, which includes the modified set of parameters extracted from the device. The processor additionally uses the new record to validate the request. In response to validating the request, the processor transmits the communication.

Abstract: Embodiments of this application disclose a software integrity protection method and apparatus. A first device obtains a first software package, where the first software package includes a first signature made by a first party for a second software package by using a first private key; and the first device performs a signing operation on the first software package by using a second private key, to obtain a third software package including a second signature, where the first private key is controlled by the first party, and the second private key is controlled by a second party. The first device sends the third software package to a second device. The second device verifies the first signature and the second signature in the third software package respectively based on a first public key and a second public key that are prestored, to obtain a verification result.

Abstract: Systems and methods for a multitenant computing platform. Original data is generated through operation of a computing platform system on behalf of an account of the computing platform system, and the original data is moderated according to a data retention policy set for the account. The moderated data is stored at the computing platform system. The computing platform system moderates the generated data by securing sensitive information of the generated data from access by the computing platform system, and providing operational information from the generated data. The operational information is accessible by the computing platform system during performance of system operations.

Abstract: Systems and methods for a multitenant computing platform. Original data is generated through operation of a computing platform system on behalf of an account of the computing platform system, and the original data is moderated according to a data retention policy set for the account. The moderated data is stored at the computing platform system. The computing platform system moderates the generated data by securing sensitive information of the generated data from access by the computing platform system, and providing operational information from the generated data. The operational information is accessible by the computing platform system during performance of system operations.

Abstract: A method of exchanging data between devices is provided. The method includes a first device detecting a user's intention to transmit data, generating first identification information for the data by using biometric data obtained from the user, and transmitting the data and the first identification information to a personalized cloud storage, and a second device detecting the user's intention to receive the data, generating second identification information by using the biometric data obtained from the user, requesting the personalized cloud storage for the data by using the second identification information, and receiving and storing the data from the personalized cloud storage.

Abstract: A control method of an electronic apparatus includes identifying whether an external device is located within a reference radius of the electronic apparatus; based on the external device being located within the reference radius, obtaining distance information between the identified external device and the electronic apparatus; identifying a standby time based on the distance information; and based on the standby time elapsing, performing connection with the external device.

Abstract: A method of encrypting data at an electronic device where the electronic device is associated with a key device. Each device is associated with an asymmetric cryptography pair, each pair including a first private key and a first public key. Respective second private and public keys may be determined based on the first private key, first public key and a deterministic key. A secret may be determined based on the second private and public keys. The data at the electronic device may be encrypted using the determined secret or an encryption key that is based on the secret. Information indicative of the deterministic key may be sent to the key device where the information may be stored.

Abstract: A method of determining a target path according to a source electronic control unit (ECU) mounted on a vehicle is provided. The method includes obtaining state information of a plurality of paths connecting the source ECU with a destination ECU, selecting the target path for target data from among the plurality of paths based on the state information, and transmitting the target data to the destination ECU through an ECU located on the selected target path, the state information including information about at least one of power consumption of an ECU located on the paths, a temperature of the ECU located on the paths, a latency of the paths, and a transmission success rate of the paths.

Abstract: Systems and methods for a multitenant computing platform. Original data is generated through operation of a computing platform system on behalf of an account of the computing platform system, and the original data is moderated according to a data retention policy set for the account. The moderated data is stored at the computing platform system. The computing platform system moderates the generated data by securing sensitive information of the generated data from access by the computing platform system, and providing operational information from the generated data. The operational information is accessible by the computing platform system during performance of system operations.

Abstract: A cross-blockchain data migration method includes obtaining, by a first node in a first blockchain network, from a first blockchain in the first blockchain network, first service data information corresponding to a first data structure mode stored in a first block in the first blockchain and obtaining a second data structure mode associated with a second block in a second blockchain corresponding to a second blockchain network. The method further includes converting the first service data information to second service data information corresponding to the second data structure mode and establishing a hash mapping relationship between the first service data information and the second service data information in the first blockchain. The method also includes migrating the second service data information to a second node in the second blockchain network based on the hash mapping relationship.

Abstract: A method for managing a request to pair a first item of equipment with a second item of equipment is implemented by a device for managing a pairing request. The managing device is configured to communicate with the first item of equipment via an optical communication channel. The managing method includes: reception, via the optical communication channel, of a pairing request including data representative of the identity of the first item of equipment; and if the pairing request is authorized, transmission, via the optical communication channel, of a security key to the first item of equipment to be used during communications between the first item of equipment and the second item of equipment once the items of equipment have been paired.

Abstract: A wireless communication system includes a server supporting multi-service, multi-advertising, and multi-connection and a plurality of client devices simultaneously receiving a first advertising signal and a second advertising signal from the server through Bluetooth Low Energy (BLE) communication, wherein the first advertising signal includes a first media access control (MAC) address, and the second advertising signal includes a second MAC address different from the first MAC address.