Abstract: A method and system for responding to a message directed to a recipient includes receiving the message including a query from a sender, receiving an indication that the recipient is unavailable to respond to the query, and providing the query to as an input to a machine-learning (ML) model to identify information requested in the query. The method further includes obtaining the information requested as an output from the ML model, determining if access to the information requested is available to the sender, based on a confidentiality group to which the sender belongs with respect to the information requested, upon determining that access to the information requested is available, generating a response to the query that includes the information requested, and providing the response to the sender. The confidentiality group to which the sender belongs may be determined based on a degree of association between the sender and the information requested.

Abstract: A system and method for recognition of biometric information for a shared vehicle in which data exposure is prevented which may otherwise occur when using a biometric recognition function in a shared vehicle or autonomous driving vehicle in a shared environment. The system and method may be associated with an AI device, a drone, an UAV, a robot, an AR device, a VR device, and a 5G service.

Abstract: The present disclosure discloses a method for preventing a SIP device from being attacked, a calling device, and a called device, belonging to the field of network security. The present disclosure provides a method including: generating, by a calling device and a called device, the same public password, and transmitting, by the calling device, a connection request to the called device; performing, by the called device, header field verification on the connection request to verify whether a specified header field is carried in the connection request; performing, by the called device, device verification on the connection request; and performing, by the called device, identity verification on the connection request, and establishing, by the called device, a connection to the calling device. In this case, spoofing data is filtered out and the SIP device is not easily attacked, so that a user is free of disturbance.

Abstract: Verifiable, secure communications between a sender and a receiver on at least one shared communication channel is provided. A manicoded key encoder produces an argument of knowledge for a secret key to the at least one shared communication channel, and a manicoded message encoder provides an implication argument indicating that knowledge of the secret key enables access to message content of the manicoded message. The argument of knowledge is included in a key manifest for the secret key within a manicoded key, and the implication argument is included in a message manifest of a manicoded message. In this way, the sender may provide message content within the manicoded message, and the receiver may operate a decoder to access the message content. A verifier may use the manicoded key and the manicoded message to verify that the receiver has access to the message content.

Abstract: In an embodiment, a system for asserting a mobile identity to users and devices in an enterprise authentication system includes a communication interface and a processor coupled to the interface. The processor is configured to receive, via the communication interface and from a first device, a request to authenticate a user to a service using a unique identity associated with a second device. The processor is configured to determine, based at least in part on the unique identity, an identity certificate associated with the request, generate an identity assertion based at least in part on the identity certificate, and provide the identity assertion via the communication interface to a requesting node with which the request to authenticate is associated.

Abstract: A cryptography system for the protection of data in transit using a post-quantum encryption key management system that eliminates the need for PKI or other asymmetric key management systems used in today's solutions, while allowing encryption of data in transit with no hands-on management including configuration of routers, switches, etc. The present system includes a multi-factor post-quantum key management mechanism that strengthens existing symmetric encryption systems and industry standard key generators on existing hardware through the post-quantum age.

Abstract: The present disclosure relates to a dialysis machine, external medical equipment and to methods for establishing an authenticated connection between a dialysis machine and external medical equipment. The dialysis machine is caused to establish a short-range wireless connection between the dialysis machine and external medical equipment. A first shared key is associated with the short-range wireless connection. The dialysis machine is further configured to obtain a second shared key generated using the first shared key and to generate a first signature, using the obtained second shared key. The dialysis machine is further configured to send, to the external medical equipment, an authentication request comprising the generated first signature and to receive in return an authentication accept comprising a second signature. Furthermore, the dialysis machine is configured to verify the authenticity of the external medical equipment using the second signature.

Abstract: Pairing data associated with a second device may be received at a first device. The pairing data may be received from a server. A first authentication proof may be generated based on the pairing data received from the server. A second authentication proof may be received from the second device. Furthermore, an authentication status of the second device may be updated based on a comparison of the first authentication proof that is based on the pairing data received from the server and the second authentication proof that is received from the second device.

Abstract: The present disclosure relates to an authentication terminal, an authentication device, and an authentication method and system using the authentication terminal and the authentication device, and more particularly, to a device and a method for authenticating users and allowing transactions through information delivery among a user terminal, an authentication terminal, and an authentication device.

Abstract: A computer-implemented method for detecting replay attack comprises: obtaining at least one candidate transaction for adding to a blockchain, the obtained candidate transaction comprising a timestamp; verifying if the timestamp is within a validation range and if an identification of the candidate transaction exists in an identification database; and in response to determining that the timestamp is within the validation range and the identification does not exist in the identification database, determining that the candidate transaction is not associated with a replay attack.

Abstract: An agreement apparatus P(i) (where i=0, . . . , n?1) which executes a consensus protocol generates an opinion value with a signature Xij=(xi, sig_i(xi)) including an opinion value xi indicating an opinion and a signature sig_i(xi) on the opinion value xi or information different from the opinion value with the signature Xij as an opinion value with a signature X?ij=(x?ij, e?ij) and outputs the opinion value with the signature X?ij to an agreement apparatus P(j) (where j=0, . . . , n?1, i?j). The agreement apparatus P(j) accepts the opinion value with the signature X?ij and outputs the opinion value with the signature X?ij or information different from the opinion value with the signature X?ij to an agreement apparatus P(m) (where m=0, . . . , n?1, m?i, m?j) as an opinion value with a signature X?ij.

Abstract: Embodiments provide methods, and systems for cryptographic keys exchange where the method can include receiving, by a server system, a client public key being part of a client asymmetric key pair from a client device; sending, by the server system, a server public key being part of a server asymmetric key pair to the client device; generating, by the server system, a random value master key and sending the random value master key encrypted using the client public key to the client device; and generating, by the server system, an initial unique session key and sending the initial unique session key encrypted under the random value master key to the client device. A unique session key from the set of the unique session keys is used by the client device to encrypt a session data for transmission to the server system per session.

Abstract: One embodiment of the invention includes a system comprising: a personal digital key and a computer readable medium that is accessible when authenticated by the personal digital key.

Abstract: A device for validating authorization key obfuscation in a continuous integration (CI) pipeline codebase is presented. The device comprises a transceiver, one or more memories, and one or more processors interfacing with the transceiver and the one or more memories. The one or more processors are configured to receive an update to the CI pipeline codebase. The update may include an authorization key, which the one or more processors store in the one or more memories. The one or more processors may perform a build process to integrate the update into the CI pipeline codebase. The build process may include an obfuscation, which creates an obfuscated CI pipeline codebase. The one or more processors may also scan the obfuscated CI pipeline codebase to determine a presence or an absence of the authorization key.

Abstract: Techniques for securely provisioning a set of enclaves are described. A contract owner may register with a shared registry. A subset of enclaves may be selected to be provisioned from among a plurality of enclaves. A keyshare may be requested from one or more provisioning services for each of the subset of enclaves to be provisioned. The requested keyshares may be received from each provisioning service for each of the subset of enclaves to be provisioned. For each of the selected enclaves, the received keyshares may be sent for verification by the enclave. Each of the selected enclaves may send an authenticated and encrypted key derived from the received keyshares.

Abstract: A technology is described for connecting a device to a network. An example method may include identifying a preinstalled network configuration for a default wireless network from device memory. The preinstalled network configuration may be used by the device to connect to the default wireless network and obtain a local network configuration for a local wireless network. Thereafter, the device may disconnect from the default wireless network and connect to the local wireless network using the local network configuration.

Abstract: A formalized set of interfaces (e.g., application programming interfaces (APIs)) is described, that uses a security scheme, such as asymmetric (or symmetric) cryptography, in order authorize and authenticate requests sent to a virtualization later. The interfaces can be invoked to perform security monitoring, forensic capture, and/or patch software systems at runtime. In addition to the foregoing, other aspects are described in the claims, detailed description, and figures.

Abstract: A system of secure data packets for transmission over a packet switched network includes an expiring Hash-based Message Authentication Code (HMAC) appended to the data packet. The expiring HMAC is calculated based on a shared secret and a clock time. A receiving network application or firewall with the shared secret validates the secure data packets based on a comparison of the expiring HMAC to the receiving network or application's own calculation of a valid HMAC based on the shared secret and the clock time. Applications executing on the receiving and sending networks do not need modification to use the secure data packet protocol because HMAC appending, validation, and removal may all occur at network boundaries on firewalls. Protected host endpoints may serve client endpoints using expiring HMAC data packets and other validation information based on security data stored on a shared ledger such as nonce values encountered by the network.

Abstract: Embodiments of a secure multi-party computation method applicable to any one computing node of a plurality of computing nodes deployed in a distributed network are provided. The plurality of computing nodes jointly participate in a secure multi-party computation based on private data held by each computing node. The computing node is connected to a trusted key source, and the method includes: obtaining a trusted key from the trusted key source; encrypting the private data held by the computing node based on the obtained trusted key to obtain ciphertext data; transmitting a computing parameter comprising at least the ciphertext data to other computing nodes participating in the secure multi-party computation, so that the other computing nodes perform the secure multi-party computation based on collected computing parameters transmitted by the computing nodes participating in the secure multi-party computation.

Abstract: Cellular connections can be used to provision non-cellular devices such as internet-of-things (IoT) devices. For example, IoT devices can comprise Bluetooth, Wi-Fi, and cellular capabilities. However, the cellular capability can be used to provision the IoT devices using non-internet protocol data delivery to prevent security vulnerabilities. Data can be transmitted to the IoT device using core elements without using an IP stack. Thus, IoT device configurations and the keys can be provisioned over-the-air without the use of internet protocol data.

Abstract: A method and apparatus provide for security for restricted local operator services. At least one of a restricted local operator services indication and security capabilities associated with the restricted local operator services can be sent. A non-access stratum key exchange request including a symmetric root key can be received. The symmetric root key can be encrypted with a public key. The non-access stratum key exchange request can be acknowledged. A non-access stratum security key can be derived with the symmetric root key. Radio interface keys for user plane and radio resource control can be derived with the symmetric root key.

Abstract: A Wi-Fi access point device (APD) includes a controller, a radio, and a memory. The memory contains instructions for establishing a programmed secure Wi-Fi onboarding SSID with the client device with connection to the external network. The controller is configured to instruct the radio to broadcast the open Wi-Fi onboarding SSID for a predetermined period of time. The controller is also configured to: instruct the radio to broadcast an established programmed secure Wi-Fi onboarding SSID; onboard the Wi-Fi APD to the external network, based on information communicated between the Wi-Fi client device and the Wi-Fi APD over the established programmed secure Wi-Fi onboarding SSID; and instruct the radio to stop the broadcast of the open Wi-Fi onboarding SSID at the earlier of a termination of the predetermined time period and the onboarding of the Wi-Fi APD to the external network.

Abstract: An augmented reality device engages in a mutual exchange of negotiated services with another device. The negotiation comprises a first exchange of respective zero-knowledge proofs, and second exchange of credentials followed by verification of the credentials by a trusted third party, and further exchanges of information comprising services provided by the augmented reality device to the other device, and vice versa. The services are used, in embodiments, to customize an augmented reality experience.

Abstract: This application discloses an identity authentication method, a device, and a system. The method includes: obtaining a first master public key and a first private key from a key generation center; sending a ClientHello message; obtaining a second identity from a ServerKeyExchange message; generating a pre-shared key of a selected PSK mode by using the second identity, the first private key, and the first master public key; and completing identity authentication with a second device by using the pre-shared key. According to the method, device, and system provided in embodiments of this application, an identity can be transmitted by using information in the TLS protocol, without extending the TLS protocol. This can avoid a compatibility problem caused by TLS protocol extension.

Abstract: A system for controlling airplane mode of a user device is configured to transmit a connection request to a telecommunication network for connecting with a target user device over a first communication channel. Upon receiving a call failure response from the telecommunication network the system is configured to transmitting a second communication request to the target user device through a second communication channel, wherein the second communication request comprises a target authentication key. The target user device is configured for generating an authentication response upon authentication of the second communication request based on the target authentication key. Further, the system is configured to transmit an activation signal to the target user device through the secondary communication channel for deactivating the airplane-mode and activate the first communication channel upon receipt of the activation signal.

Abstract: Systems and methods provide techniques for dynamic rate-limiting, such as techniques that utilize one or more of asynchronous rate-limiting, context-aware rate-limiting, and cost-aware rate-limiting. In one example, a method for asynchronous rate-limiting includes the steps of receiving a rate-limiting request for a service application; extracting one or more policy-defining parameters from the rate-limiting request; querying a local cache storage medium associated with the rate-limit decision node to identify one or more local rate-limiting policies associated with the rate-limiting request; determining, based on the one or more policy-defining parameters and the one or more local rate-limiting policies, a rate-limiting decision for the rate-limiting request; and transmitting the rate-limiting decision to the service application in response to the rate-limiting request.

Abstract: The present disclosure includes secure device coupling. An embodiment includes a processing resource, memory, and a network management device communication component configured to, identifying a network attached device within a first domain. Generating a domain device secret corresponding to the first domain. Each network attached device within the first domain can share the same domain device secret. Coupling iterations may be performed for each device within the first domain can include: generating a network management device private key and public key. Providing, via short-range communication, the network management device public key and the domain device secret to a network attached device communication component included in each network attached device of the first domain.

Abstract: The disclosed technology provides for packaging a secure cloud workload at a workload provisioning service. A unique device identifier is received from an edge device. The unique identifier is associated with the edge device. A unique packaging key is cryptographically generated based on the received unique device identifier, a unique workload identifier corresponding to a secure cloud workload to be executed on the edge device, and a nonce. The secure cloud workload is encrypted to generate a packaged secure cloud workload using the cryptographically generated unique packaging key. The encrypted secure cloud workload is transmitted to the edge device. The edge device is capable of independently cryptographically generating the unique packaging key using the unique device identifier, the unique workload identifier, and the nonce. The edge device is also capable of decrypting the packaged secure cloud workload using the generated unique packaging key cryptographically generated by the edge device.

Abstract: Described embodiments provide systems and methods for securing communications between services in a cluster using load balancing. A first proxy of a first node of a cluster of nodes can receive a request for a service from at least one pod of the first node. The service can include a plurality of pods. The plurality of pods can execute in the cluster of nodes including the first node. The first proxy can select, responsive to a load balancing determination, a pod of a second node of the cluster of nodes to receive the request. An encrypted connection can be established with a second proxy of the second node. The request can be forwarded to the selected pod via the encrypted connection to the second proxy. The request can be decrypted at the second proxy and forwarded at the pod of the second node.

Abstract: Techniques are disclosed relating to user authentication using multi-party computation and public key cryptography. In some embodiments, a client system may receive, from a server system, an authentication challenge that includes a first partial signature value. The client system may access key-pair information that includes, for a server key-pair, a server public key and a second component of a server private key, where the server system has access to a first component of the server private key. The client system may then generate a second partial signature value using the second component of the server private key but not an entirety of the server private key, and may generate a final signature value based on the first and second partial signature values. Using the final signature value, the client system may then determine whether the authentication challenge was sent by the server system.

Abstract: A system may include a first network device configured to communicate via an encrypted session, and a second network device configured to communicate with the first network device via the encrypted session, where the second network device may be configured to perform operations to facilitate communication via the encrypted session. The operations may include receive a first set of data from a device other than the first network device, where the first set of data is used to communicate via the encrypted session. The operations may also include combine peer-to-peer information to be used by the first network device to communicate via the encrypted session to an encrypted packet, where the peer-to-peer information is combined with the encrypted packet in an unencrypted form. The operations may additionally include send the encrypted packet with the peer-to-peer information to the first network device.

Abstract: This application sets forth techniques for provisioning electronic subscriber identity modules (eSIMs) to mobile wireless devices that do not include functional bootstrap provisioning profiles to obtain access to a cellular wireless network. Connectivity to a cellular wireless network can be allowed for provisioning one or more eSIMs to a mobile wireless device using hardware device identifiers for authentication and a limited purpose provisioning connection when the cellular wireless network supports provisioning connections without the use of a provisioning profile for access.

Abstract: A system and associated methods provide digital identity and strong authentication management services for Internet users. The system includes a central, cloud-based, online service, referred to as a central service, which can manage user accounts. The system also includes dedicated, always-on, always-connected, cryptographically unique devices, referred to as beacons, located within the physical residences of its users. The central service associates each beacon with the residence address of its user by physically sending a unique address verification code by postal mail to the user's residence. The user presents the unique code to the beacon, and the beacon cryptographically confirms its identity and the unique code sent to the residence address back to the central service. The beacons can attest to users' identities and provide seamless strong authentication to third-party online service providers on behalf of those users.

Abstract: Methods, systems, and computer program products for providing enhanced mobile transactions and payments are disclosed. A computer-implemented method may include providing a registry of public keys to allow users to securely exchange mobile payment data with respective trusted merchants, sending a request from a computing device of a user to validate a merchant, storing a public key for the merchant from the registry, receiving a merchant identifier from a terminal during a mobile transaction indicating that the terminal is associated with the merchant, receiving a request for information from the terminal as part of the mobile transaction, determining whether the terminal requesting the information is trusted, providing the requested information encrypted using the public key to the terminal when the terminal is trusted, and providing decoy response information to the terminal when the terminal is determined to be untrusted.

Abstract: Embodiments are directed to the generation of a token associated with a status. The status of the token may affect how the token is treated and the types of restrictions placed on the token. The status of the token may indicate that the token is generated based on verification of secure user data. Alternatively, the status of the token may indicate that the token is generated based on insufficient user data and, as such, restrictions may be imposed on the token. The token requestor may be a mobile application, such as a merchant mobile application provisioned on a user device. In response to a token request from the merchant, the token provider issues tokens with varying status based on a confidence level. The status of the token may be indicated in terms of token assurance level.

Abstract: An electronic message delivery service receives a request to transmit an electronic message to a recipient. In response to the request, the electronic message delivery service determines first information from the electronic message usable to uniquely identify the electronic message. The electronic message delivery service obtains, based at least in part on the first information and a cryptographic key, cryptographic information that can be inserted into the electronic message. The electronic message delivery service inserts the cryptographic information and second information usable to validate at least a portion of the electronic message with the cryptographic information into the electronic message. The electronic message is transmitted to the recipient.

Abstract: Embodiments are described for enhanced security in a switched network using RSA security between hops of a transmission path of a data frame from an origination node to a destination node, via one or more intervening switches. Each switch and node in a switched network can be configured for “RSA security enabled” or “RSA security disabled.” RSA security can be enabled, or disabled, for the whole network. RSA security can be enabled for all switches (but not nodes) or selectively enabled for switches. If two adjacent devices (nodes or switches) have RSA security enabled, then an RSA secure frame is generated to transmit data on that hop of a transmission path between an originating node and destination node. RSA encryption keys can be different for each hop on the transmission path. RSA token seeds can be regenerated periodically to increase the difficulty of learning an encryption key for any hop.

Abstract: Disclosed are methods, systems, and machine-readable mediums which provide for customer chatbots that detect a customer handoff condition and in response, transferring the customer to a communication session with a live agent. The handoff condition may comprise an inability to understand the customer, an inability to answer the customer's question, expressions of frustration or anger on the part of the customer, a customer's express request to be transferred, or the like. The live agent may receive a complete history of the conversation with the chatbot so that the customer does not have to repeat him or herself to the live agent. The chatbot chat session may be linked to a social networking account of the customer and may take place in association with a social networking profile page of the company.

Abstract: A method of operating a data store system may include identifying a non-responsive processing node from a plurality of processing nodes. The method may further include generating a new registration key in response to identifying the non-responsive processing node. The method may further include providing the new registration key to the other processing nodes of the plurality of processing nodes excluding the identified non-responsive node. Each processing node provided the new registration key may be authorized to access a plurality of storage devices of a storage array in communication with the plurality of processing nodes. A system and computer-readable medium may also be implemented.

Abstract: A user apparatus, a base apparatus, and a method for authenticating these apparatuses through exchanging data packets is provided. The user apparatus and the base apparatus are paired, share a set of security algorithms and parameters, and perform a mutual authentication based on the challenge-response authentication mechanism. More in details, each of the challenge data packets includes authentication data (digest_a, digest_b, digest_c) and a set of at least two random sequences having random content and random length, wherein the random sequences are generated excluding those that, in the at least one data packet, produce at least one fake replica of the authentication data that at least one of the apparatuses can erroneously detect.

Abstract: The disclosure relates to a security method in a radio access network system. A shared secret key is stored in both a user device and a core network system. A further secret key is received from the core network system, wherein the further secret key has been derived using the shared secret key stored in the core network system. One or more values are provided over the radio interface to the user device to derive the further secret key in the user device from at least the shared secret key stored in the user device and one or more of the one or more values provided over the radio interface. An authentication procedure and/or a key agreement procedure is performed for the user device over the wireless radio interface using the received further secret key in the radio access network system and the derived further secret key in the user device.

Abstract: An authentication method for a group of devices connected to a network includes selecting the first controller as a coordinator, the coordinator being configured to manage a group key to be used in common in the group. The method includes generating the group key, and performing first mutual authentication and second mutual authentication. The method also includes sharing the group key with each device for which the first mutual authentication has been successful, and sharing the group key with each second controller for which the second mutual authentication has been successful. The method further includes encrypting transmission data by using the group key to generate encrypted data, generating, authentication data by using the group key, and simultaneously broadcasting a message to each device for which the first mutual authentication has been successful and each second controller for which the second mutual authentication has been successful.

Abstract: The present disclosure relates to a communication technique of fusing a 5G communication system for supporting higher data transmission rate beyond a 4G system with an IoT technology and a system thereof, and provides an intelligent service based on the 5G communication technology and the IoT related technology. A method of an initial access and mobility management function (AMF) in a wireless communication system, includes receiving, from a base station, a registration request message including information on a requested slice; determining whether to reroute the registration request message based on subscription information; transmitting, to a network repository function (NRF), a first message to request information on a target AMF which has required capabilities to serve a terminal; receiving, from the NRF, a second message including information on the target AMF; and rerouting, to the target AMF, the registration request message based on the determination.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for managing blockchain-based centralized ledger systems. One of the methods includes transmitting individual timestamp requests for to-be-timestamped blocks in a blockchain to a trust time server independent from a blockchain-based centralized ledger system that stores data in the blockchain, the blockchain including a plurality of blocks storing transaction data, receiving respective timestamps and associated signatures for the to-be-timestamped blocks from the trust time server, and storing information of the respective timestamps and associated signatures for the to-be-timestamped blocks in respective timestamped blocks in the blockchain, any adjacent two of the timestamped blocks in the blockchain being anchored with each other.

Abstract: An operation control device for controlling operation of an operation device with respect to an operation object includes: operation logic unit that stores in advance an operation logic related to sensor information; virtual object setting unit that sets an operation object to be estimated based on sensor information, as a virtual operation object having an attribute related to presence probability and an operation-related attribute; virtual object operation determination unit that determines whether it is possible to perform an operation with respect to the virtual operation object, based on the attribute related to a presence probability and the operation-related attribute; and operation control unit that controls an operation of the operation device with respect to the operation object by using an operation logic stored in the operation logic means, based on sensor information output from the sensor and a determination result by the virtual object operation determination unit.

Abstract: An authentication request is sent to a server. An authentication request reply message is received from the server. A biometric feature input by a user is received. A biometric feature template identifier (ID) corresponding to the received biometric feature is acquired using the received biometric feature. The acquired biometric feature template ID is compared with a stored biometric feature template ID included in an enable record that is used for biometric feature verification and created during a biometric feature verification enabling process. When the two biometric feature template IDs are consistent, an authentication response message is generated. The authentication response message is sent to the server for verification. Verification includes comparing the biometric feature template ID in the authentication response message with the biometric feature template ID in a saved user record. The verification succeeds if the two biometric feature template IDs are consistent; otherwise an error is reported.

Abstract: The present application provides a facial data collection and verification solution. In this solution, after collecting a face sample, a collection device uses the face sample and check data including a random number as to-be-signed data, performs signature by using a device private key, to obtain a facial data signature, and then obtains trusted facial data based on the to-be-signed data, the facial data signature, and a digital certificate that includes a device public key. When performing verification on the trusted facial data, a facial recognition server sequentially performs verification on the digital certificate that includes the device public key, the facial data signature, and the check data. Because content used for the verification process is added for the face sample on the collection device, subsequent verification cannot succeed if a transmitted communication packet is replaced by an attacker. Therefore, a replay attack is prevented at the collection source.

Abstract: An encrypted communication system includes on-board devices configured to perform encrypted communication with a server located outside a vehicle. Each of the on-board devices includes an encrypted communication portion configured to perform encrypted communication with the server using an encryption key unique to a corresponding one of the on-board devices and a priority setting portion configured to set priority ranks of the on-board devices for encrypted communication. When each of the on-board devices performs encrypted communication with the server and if any one of the on-board devices is set to a higher priority rank, the on-board device is configured to perform encrypted communication with the server via the encrypted communication portion of the on-board device having the higher priority rank.

Abstract: A method is provided for verifying a user's identity. The method has the following steps: connecting a first and a second data processing device for data communication; running a software application in the second data processing device; for user verification, receiving user identification data in the second data processing device, the user identification data comprising reference data; receiving one or more images of a document assigned to the user in the second data processing device; determining measurement data from image data providing a digital representation of the one or more images; comparing the reference data to the measurement data determined from the digital representation of the one or more images; and providing verification data in the second data processing device, the verification data indicative of the user's identity being verified in the step of comparing the reference data to the measurement data.

Abstract: Systems, computer products, and methods are described herein for an improved secure certificate system for identifying potential authorized and unauthorized interactions between a web browser and a website. The certificate system utilizes stored certification requirements (e.g., pinned certification requirements, third-party certification requirement system, or the like), and compares the stored certification requirements with received certification requirements. The system may notify the user or prevent the interaction between the web browser and website when the stored certification requirements do not meet the received certification requirements (e.g., a threshold requirement of certificates to validate, validated certificates, or the like). The certificate system allows the interaction between the web browser and website when the stored certification requirements meet the received certification requirements and the website is verified based on the certification requirements.