Abstract: A method includes obtaining, by an application executing on a processor of an electronic device, user data of a user, generating a representation of the user data, applying local differential privacy to the representation of the user data, to generate a transform of the representation of the user data, sending the transform of the representation of the user data, to a service provider via a network and receiving, from the service provider, via the network, service data based on the transform of the user data. The service data includes a user-specific output based on the transform of the user data. The application executes outside of a trusted execution environment (TEE) of the electronic device. The transform of the representation of the user data is generated in the TEE of the electronic device.

Abstract: Systems, methods, apparatuses, and computer-readable media for key recovery based on contactless card cryptograms. A server may receive, from an application, a request to recover a private key for a digital wallet, the request includes a first cryptogram generated by a contactless card. The server may decrypt the first cryptogram based on a key for the contactless card. The server may determine, based on the decryption, a unique identifier of the contactless card and a diversification factor associated with the digital wallet. The server may generate the private key based on the unique identifier and the diversification factor. The server may transmit the private key to the application via a network.

Abstract: A method is disclosed. The method includes transmitting, to a token service computer, a request message comprising a token requestor identifier associated with the token requestor and a service provider computer identifier associated with the service provider computer. The method also includes receiving a response message comprising the token and/or a cryptogram, generating an authorization request message comprising the token and the cryptogram, and transmitting the authorization request message to a processing computer in communication with a token service computer.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for detecting objects in images. One of the methods includes obtaining an input image; processing the input image to generate predicted part feature data, the predicted part feature data comprising, for each of a plurality of possible object parts: a part presence probability representing a likelihood that the possible object part is depicted in the input image, a predicted pose of the possible object part in the input image given that the possible object part is depicted in the input image, and an object part feature vector characterizing the depiction of the possible object part given that the possible object part is depicted in the input image; and processing the predicted part feature data for the plurality of possible object parts to generate an object detection output that identifies one or more objects depicted in the input image.

Abstract: Described herein is a system for calculating trust of a client session. A proof of work value is received from a session of a client computer. The proof of work value is calculated by the session of the client computer based, at least in part, upon a work function and input(s) received from service(s) connected to the session. A probability that the session is trustworthy is calculated based, at least in part, upon the proof of work value. Feedback is provided to the session of the client computer based, at least in part, upon the calculated probability. The feedback can increase complexity or frequency of calculation. The feedback can include an update to the work function.

Abstract: A method of unlocking a locked device includes receiving a device identifier over a wireless communication protocol, determining if the device identifier is associated with a list of trusted devices, transmitting a request to generate an acoustic signal over the wireless communication protocol based on the determination, receiving the acoustic signal as an audio sound generated external to the locked device, estimating a distance between a source of the audio sound and the locked device, and unlocking the locked device based on the estimation.

Abstract: The synthetic broadcast system and method according to the present invention contemplates a system of interactive devices within a wireless personal area network, near-me area network, or local area network, and at least one of which devices is configured to enable the user to generate audiovisual content and contribute the user-generated content to one or more virtual watch parties or synthetic broadcasts. A smart television and a mobile device together operate over a local area network or short-range wireless communication channel(s) to generate or parse the playback and routing instructions of state-of-the-art synthetic rebroadcast mechanisms. The system according to the present invention adds a novel mechanism for displaying real-time user generated video and audio content within the virtual watch parties attending to or consuming the content of the watch parties by way of the smart television and mobile device components.

Abstract: Embodiments described herein are directed to managing device compliance for devices that are connected to an enterprise network. For example, a mobile device manager may provide configuration settings to a computing device, which implements the settings in order to be compliant with an enterprise's data and/or security policy. The mobile device manager also maintains a local reference of each device's configuration settings implemented thereby. When the mobile device manager subsequently performs a determination as to whether the computing device is still in compliance, the mobile device manager simply needs to refer to the local reference to determine the computing device's settings instead of explicitly querying the computing device for its settings.

Abstract: The disclosure provides computer-implemented methods, computing apparatuses and computer program products for generating a random number based on genetic information from a biological data source containing at least the genetic information sequenced from a biological organism. In response to receiving a request for a random number at the computing device, a seed value is obtained from an entropy source accessible by the computing device and used to initialize a pseudo random number generator. A sequence of values derived from genetic information for a biological organism is retrieved from a biological data source from which values are read in selected positions in the sequence of values derived from genetic information. The values are encoded to pairs of bits using an encoding scheme and assembled to provide a bit string as a random number. At least one of the selections is based on the pseudo random output.

Abstract: Various embodiments of the present disclosure provide techniques for facilitating a credential-less exchange over a network using a plurality of identifier mapping and member interfaces. The techniques may include initiating the presentation of an enrollment user interface via a client device of a user and receiving selection data indicative of a selection of a service provider instrument from the enrollment user interface. The techniques include generating a matching code for authenticating the user, providing the matching code to a service provider platform, and receiving the matching code from a partner platform. In response to an authentication of the user based on the matching code, the techniques may include generating an UUEK for the user that may be used to replace persistent credentials.

Abstract: A computing device may generate a hash value based at least in part on user credentials for accessing an internal network, a security code generated by a security token, and at least a portion of program code of a virtual computing application for accessing the internal network. The computing device may send, using a first communications channel, an indication of the hash value to a computing system associated with the internal network. The computing device may, in response to sending the hash value, receive, via a second communications channel, a first indication of a passcode from the computing system. The computing device may, in response to receiving the passcode, send a second indication of the passcode to the computing system.

Abstract: The present disclosure provides a method for hierarchically pruning data in a blockchain transaction, which comprises: acquiring a transaction data set; performing N rounds of pruning on the transaction data set based on a data pruning model to obtain a target data set; and performing processing on the target data set to obtain a target value, wherein the target value is configured as the transaction identification number used when the target data set is on-chain. Based on the customized data pruning model, part of the data in the transaction (e.g., Unlocking-Scripts and Locking-Scripts) can be easily pruned in the process of network transmission, internal storage, or construction of a new transaction (especially the Unlocking-Scripts therein) without affecting the process of verifying the data of other parts of the transaction data, which significantly improves the efficiency of UTXO-based blockchains.

Abstract: Securely encrypting data using a remote key management service, including: transmitting a local secret to a key management service; transforming an encryption key received from the key management service to generate a key-encrypting key, wherein the encryption key is a one-way cryptographic hash using, as input, the local secret transmitted to the key management service; and decrypting, based on the key-encrypting key, a local data encryption key for encrypting or decrypting local data.

Abstract: A method for transmitting data comprising a data requester sends, to a data sender, a data request that carries an identifier of the data requester and a category of requested data. After receiving the data request, the data sender generates an identifier public key using the identifier of the data requester and the category of the data. The data sender encrypts the data requested by the data requester using the identity public key, and sends the encrypted data and identity public key indication information to the data requester. The data requester decrypts the encrypted data using an identifier private key corresponding to the identifier public key to obtain the requested data, and the data requester performs decryption using the identifier private key.

Abstract: Provided is a technology including an apparatus and a machine-implemented method for operating a content sending apparatus attachable to a network, comprising acquiring a sequence comprising at least two content blocks; generating at least one authentication metadata block comprising at least one signed digest derived by a chaining digest technique from the sequence of content blocks; deriving a content transform encoding for each of the content blocks; and sending the at least one authentication metadata block and at least one content transform encoding to at least one of a set of recipient devices, the at least one device being operable to apply an inverse transformation to the content transform encoding and to authenticate at least one resultant content block according to the authentication metadata block.

Abstract: A vehicle system, a server, and a vehicle communication security method are provided. The vehicle system includes a first controller that transmits vehicle identification information from other controllers in a vehicle and a second controller and a third controller among the other controllers that generates and stores a unique key of the vehicle using the vehicle identification information received from the first controller and a previously stored shared key. The second controller and the third controller perform communication based on the unique key.

Abstract: An apparatus includes an operation unit, a display unit, a communication unit, and a control unit, wherein the control unit controls the display unit to display, while indicating together as one item, a plurality of security methods compatible with a first authentication method out of authentication methods in Wi-Fi Protected Access® (WPA), wherein, in response to the item being selected, the control unit causes the operation unit to receive inputting of a password for connecting to an access point, and wherein the control unit varies a security method in WPA used when connecting to the access point based on a format or number of characters of the password.

Abstract: Various aspects of the present disclosure generally relate to wireless communication. In some aspects, a user equipment (UE) may transmit, to a relay UE, a first message comprising a first freshness parameter, an identity of the UE, and authentication information, where the authentication information is used by a network node to authenticate the UE with security context information of the UE. The UE may derive a relay key for security establishment between the UE and the relay UE based on the first freshness parameter, a set of key generation parameters, and a shared key with the network node. The UE may derive a relay session key for security establishment between the UE and the relay UE based on the relay key, a first nonce of the UE, and a second nonce of the relay UE. Numerous other aspects are described.

Abstract: The present invention relates to a secured and unforgeable digital license plate that facilitates tracking of a vehicle's location and the monitoring of the vehicle's mechanical and electrical condition, as well as providing indications about the vehicle's traffic and parking lot violations. The display on the digital license plate is highly visible to both motor vehicle enforcement officers and to drivers and passengers of nearby vehicles, and is indicative that the vehicle bearing the digital license plate with the displayed indication is exhibiting anomalous motor activity.

Abstract: Disclosed herein is a system for watermarking a neural network, comprising memory; and at least one processor in communication with the memory; wherein the memory stores instructions for causing the at least one processor to carry out a method comprising: generating a trigger set by obtaining examples from a training set by random sampling from the training set, respective examples being associated with respective true classes of a plurality of classes; generating a set of adversarial examples by structured perturbation of the examples; generating, for each adversarial example, one or more adversarial class labels by passing the adversarial example to the neural network; and applying one or more trigger labels to each said adversarial example, wherein the one or more trigger labels are selected randomly from the plurality of classes, and wherein each trigger label is not a said true class label for the corresponding example or a said adversarial class label for the corresponding adversarial example; and stori

Abstract: A computer-implemented method is disclosed. The method includes: receiving transfer parameters associated with a request for a first transfer of resources, the transfer parameters including an identifier of a designated transferor associated with the first transfer; determining that the transferor is eligible to access at least one protected data source based on the transfer parameters; generating a request message for the request including reference data for accessing the at least one protected data source; and providing, to a computing device associated with the transferor, the request message.

Abstract: A method including receiving, by a user device, validation data based at least in part on transmitting a first service request to receive a first network service; receiving, by the user device, the first network service based at least in part on signing the validation data using a signature key and on authenticating first biometric information; transmitting, by the user device while receiving the first service, a second service request to receive encrypted content; and decrypting, by the user device, the encrypted content based at least in part on utilizing a master key and on authenticating second biometric information is disclosed. Various other aspects are contemplated.

Abstract: An authentication system includes a light fidelity (LiFi) device and a receiving device. The LiFi device includes at least one light source that is configured to emit light. The LiFi device communicates encrypted data via the light emitted from the at least one light source to the receiving device. The receiving device receives the encrypted data and obtains the confidential data from the encrypted data. The receiving device accesses an authentication level of the user that indicates to which one or more portions of the confidential data the user is authorized to access. The receiving device determines that the user of the receiving device is authorized to access a first subset of the confidential data based on the authentication level of the user. The receiving device grants, the user of the receiving device, access to the first subset of the confidential data.

Abstract: A communication apparatus receives a communication parameter for wireless communication with a first communication apparatus via a wireless network from a second communication apparatus, generates encryption key information to be shared with the first communication apparatus based on the received communication parameter, acquires an expiration date for connection to the wireless network from the received communication parameter, connects to the first communication apparatus via the wireless network using the generated encryption key information, and determines whether the acquired expiration date has passed and restricts connection to the first communication apparatus using the encryption key information in a case where the expiration date has passed.

Abstract: A method of recording a target transaction in a blockchain, comprising: obtaining an updated version of the target transaction, being updated relative to a pre-existing first version; and instead of the first version, sending the updated version to be propagated through a network of nodes to be recorded in the blockchain. The target transaction comprises an input comprising an unlocking script and a pointer to an output of a first transaction, the output of the first transaction comprising a locking script specifying a plurality of alternative conditions for unlocking that output.

Abstract: Methods and systems are described for enhanced-security database encryption via cryptographic software, where key management is carried out, without exporting or exposing cleartext keys, using an independent key manager coupled to a cryptographic hardware security module (HSM).

Abstract: A system and computer-implemented method for authenticating digital transactions. The method includes receiving a device registration request and a device attestation response including at least a device integrity status from a device. In response to the device registration request, the method includes providing a device registration response to the device, based on validation of the device integrity status. Further, the method includes receiving a first payment transaction request and an enrolment request from the device via an application to authenticate a second payment transaction request using a first type of authentication technique. Finally, the method includes enrolling the device to the first type of authentication technique and providing a second token to the device based on a result of the first payment transaction request, wherein the second token is used for authenticating the second payment transaction request.

Abstract: A wireless communication system is mounted on a moving body, and includes a wireless communication unit, a terminal identification (ID) reader, an operation receiver, a moving body state detector, a communication permission list, and a controller. The wireless communication unit transmits and receives information to and from the wireless terminal. The terminal ID reader reads, from the wireless terminal, ID information that identifies the wireless terminal. The operation receiver receives a specific operation from a user. The moving body state detector detects an operation state of the moving body. The communication permission list stores the ID information of a wireless terminal that is permitted to communicate with the wireless communication unit.

Abstract: Delegated administration of permissions using a contactless card. In one example, a permissions module may receive a request from a first account to grant a second account access to a computing resource. The permissions module may receive permissions data of the first account from a contactless card and encrypted data generated by the contactless card. The permissions module may transmit the permissions data and the encrypted data to an authentication server, which may verify the encrypted data based at least in part on the private key, and determine, based on the permissions data, that the first account has permissions to grant access to the computing resource. The permissions module may receive, from the authentication server, an indication of the verification of the encrypted data and a permissions vector associated with the second account, the permissions vector reflecting the grant of access to the computing resource to the second account.

Abstract: Systems, devices, and methods are disclosed for wireless communication of analyte data. In embodiments, a method of using a diabetes management partner interface to configure an analyte sensor system for wireless communication with a plurality of partner devices is provided. The method includes the analyte sensor system receiving authorization to provide one of the partner devices with access to a set of configuration parameters via the diabetes management partner interface. The set of configuration parameters is stored in a memory of the analyte sensor system. The method also includes, responsive to input received from the one partner device via the diabetes management partner interface, the analyte sensor system setting or causing a modification to the set of configuration parameters, according to a system requirement of the one partner device.

Abstract: A server can record (i) a first digital signature algorithm with a first certificate, and a corresponding first private key, and (ii) a second digital signature algorithm with a second certificate, and a corresponding second private key. The server can select first data to sign for the first algorithm and the first private key in order to generate a first digital signature. The server can select second data to sign, wherein the second data to sign includes at least the first digital signature. The server can generate a second digital signature for the second data to sign using the second algorithm and the second private key. The server can transmit a message comprising (i) the first and second certificates, and (ii) the first and second digital signatures to a client device. Systems and methods can concurrently support the use of both post-quantum and classical cryptography to enhance security.

Abstract: A method and system uses a test cloud system for monitoring cloud to cloud performance. The method includes initiating a first trust relationship by the test cloud system with a first target cloud system, receiving a success indicator for the trust relationship, in response to the first target cloud verifying the test cloud system is whitelisted, generating a security token using a private key of the test cloud system, and invoking a function of an application programming interface of the first target cloud using the security token to validate functionality of the function of the application programming interface of the first target cloud.

Abstract: A key updating method includes receiving, by a terminal, a key updating notification sent by an operation server, generating, by the terminal, a new private key and a new public key using a trusted execution environment (TEE) system of the terminal, storing the new private key in the TEE system, performing signature processing on the new public key using an upper-level private key of the new private key to obtain to-be-verified signature information, and sending, by the terminal to the operation server, a storage request carrying a device identifier of the terminal, the new public key, and the to-be-verified signature information.

Abstract: In some examples, a system receives information based on wireless sensing performed using wireless signals of a wireless interface of a wireless node, the wireless interface of the wireless node to communicate data over a wireless connection established with another wireless device. The system performs authentication in response to the received information.

Abstract: Methods, systems and apparatus, including computer program products are described for providing temporally relevant targeted content items. A set of user data is used to determine current user interests as indicated by one or more recent events. Content items relevant to those events are identified and ranked based on a time that the corresponding event occurred. One or more of the top ranked content items can be delivered to a user.

Abstract: A cryptography agent is implemented to serve as an intermediary for a client application executing on an unsecured portion of a machine to bring greater hardware-based security to the client application. The cryptography agent does so by generating a public/private key pair for the client application and sealing the key pair inside an enclave that resides on a secured portion of the machine. The cryptography agent fetches confidential information for the client application from a secure server, where the confidential information is encrypted using the public key. The cryptography agent seals the confidential information using seal keys that are directly fused into hardware of the machine on which the enclave resides, which prevents the client application from accessing the confidential information in plaintext form. The client application sends commands to the cryptography agent, which performs operations within the enclave according to the commands once the client application is validated.

Abstract: This disclosure provides systems, devices, apparatus, and methods, including computer programs encoded on storage media, to verify packet validity and control packet usage based on centrally stored and locally cached device profiles and usage policies. A processing device may receive, at an encryption tunnel, an unencrypted packet or a previously encrypted packet. The packet is encrypted with a one or more layers of encryption (e.g., C2 and/or C1). The processing device generates a Passport to accompany the packet, where the Passport is a data file including information to validate the packet and control packet usage. The processing device encrypts the Passport and the packet with an additional layer of encryption (C3) that provides a multi-tiered encryption stack for the packet and outputs, from the encryption tunnel, the Passport and the packet encrypted with the additional layer of encryption.

Abstract: An apparatus for applying database commands to one or more database tables includes a memory and a hardware-implemented pipeline. The hardware-implemented pipeline includes one or more table-processing circuits, and is configured to receive a stream of input records drawn from the one or more database tables, to parse first records, from among the input records, into a key and one or more fields other than the key, to store at least parts of the first records in the memory so as to be accessible using the key, and to apply a database command by matching at least parts of second records from among the input records to the at least parts of the first records stored in the memory, in accordance with the key.

Abstract: An apparatus and method for creating non-fungible tokens (NFTs) for future user experiences are provided. The apparatus includes at least a processor and a memory communicatively coupled to the at least a processor. The memory includes instructions configuring the at least a processor to receive user data associated with a user, identify at least one significant future user experience for the user based on the user data, generate a recommendation for a non-fungible token (NFT) for the at least one significant future user experience, and output the recommendation for a NFT to the user.

Abstract: A first component of an industrial automation system includes an electrically erasable programmable read-only memory (EEPROM) storing data identifying the first component. The data identifying the first component is read from the EEPROM by a second component to which the first component is communicatively coupled to authenticate the first component. The first component lacks a processor and a microcontroller, and does not run firmware.

Abstract: Various systems, methods, and computer program products are provided for providing access to personalized user environments. A system provided allows a user of a first party (e.g., a bank employee) to toggle between a first party user environment and a second party user environment, the first party user environment being an environment only viewable by a user of the first party and the second party user environment rendered to user of the first party as viewable by a user of a second party (e.g., a client). The first party user environment can also receive data relating to activity of the second party user environment in order to take actions (e.g., provide recommendations) in response to said activity.

Abstract: A zero trust industrial control system is disclosed herein. The industrial control system includes a plurality of industrial elements (e.g., modules, cables) which are provisioned during manufacture with their own unique security credentials. A key management entity of the zero trust industrial control system monitors and manages the security credentials of the industrial elements starting from the time they are manufactured up to and during their implementation within the industrial control system for promoting security of the industrial control system. An authentication process, based upon the security credentials, for authenticating the industrial elements being implemented in the industrial control system is performed for promoting security of the industrial control system. In one or more implementations, all industrial elements of the zero trust industrial control system are provisioned with the security credentials for providing security at multiple (e.g., all) levels of the system.

Abstract: Techniques for providing specialized certificate authorities are described. A method of providing specialized certificate authorities may include receiving a request to generate a private certificate at a specialized certificate authority, the specialized certificate authority configured to generate only one type of digital certificate using a user-specified template, generating a certificate based on the customer-specified template, and returning the certificate.

Abstract: Systems and methods for performing fraud detection at POA devices based on analysis of feature sets are disclosed. In one embodiment, an exemplary method may comprise: obtaining, by a POS device, upon initiation of a transaction involving a card or a card and mobile device associated with an individual initiating the transaction, one or more sensory inputs and an identifier; mapping, by the POS device, the one or more sensory inputs to a first cluster position of a plurality of clusters; determining whether the cluster position of the cluster mapped for the transaction corresponds to a second cluster position of the at least one expected cluster associated with the known owner of the card and/or mobile device; and initiating, by the POS device, at least one second factor authentication process to establish that the individual is the known owner of the card and/or mobile device being used in the transaction.

Abstract: A network includes a first wireless node that communicates over a wireless network connection. The first wireless node includes a first encryption engine that processes a first initialization data set and a current transmit sequence associated with a current communication to generate a next transmit sequence that is employed to communicate with a second wireless node that derives a next received sequence that corresponds to the next transmit sequence to process a subsequent communication.

Abstract: Systems and methods are described for distilling data. First data associated with a user may be received. The first data associated with the user may comprise an anonymized hash of an identifier associated with the user. A database may be determined to comprise a first record indicating the anonymized hash. The first record may comprise second data associated with the user. Based on the determining that the database comprises the first record, a second record may be generated. The second record may comprise the first data associated with the user, the second data associated with the user, and the anonymized hash. Based on the determining that the database comprises the first record, the example method may be stored to the database. These and other user and/or data distillation methods and systems are described herein.

Abstract: Aspects of the disclosure relate to utilizing independently stored validation keys to enable auditing of instrument measurement data maintained in a blockchain. A computing platform may receive, from a first block generator, a first data block comprising first measurement data captured by a first instrument and associated with a sample. Subsequently, the computing platform may receive a first validation key for the first data block calculated from contents of the first data block. Then, the computing platform may store the first data block and the first validation key for the first data block in a blockchain associated with the data management computing platform. Next, the computing platform may send the first validation key for the first data block to a data escrow database system, which may cause the data escrow database system to store the first validation key in a validation keys database.

Abstract: A first device in a wireless communication system is provided. The first device discovers a second device using a first application, and transmits to the second device information to request launch of a second application by the second device.

Abstract: A digital license plate comprising includes a display system capable of showing a first image and a power supply rail connected to the display system. A display controller is provided with a data connection to the display system and arranged to measure at least one of power consumption and impedance of the power supply rail. The display controller is further configured to prevent sending a second image to the display system if display failure is indicated by measured power consumption or impedance as being below a defined threshold.

Abstract: The present disclosure relates to enhancing load processing for facilitated assignment or modification of access-right data. More specifically, the present disclosure relates to enhancing load processing and data storage using hierarchical data structures that can store various iterations of resource objects. In some embodiments, a computer-implemented method, system, and/or computer-program product tangibly embodied in a non-transitory machine-readable storage medium for enhanced load processing using hierarchical data structures may be provided.