Abstract: An application may perform operations within a first secure enclave of a processing device. The application may provide secure monitoring data, such as secure heartbeat information. The monitoring data and an application identity may be verified at a second secure enclave of the processing device using local attestation operations. A remote attestation signature may be generated at the second secure enclave based on the monitoring data, the application identity, and a node private key. A monitoring message signature may be generated at the first secure enclave based on an application private key and a message payload that includes the monitoring data, the application identity, and the remote attestation signature. A monitoring message that includes the payload and monitoring message signature may be sent from the first secure enclave to a monitoring system, which may verify the message to detect unauthorized changes to the monitoring data or the application identity.

Abstract: A request is received from a browser (e.g., a tool that runs on top of or in a browser). The request is to authenticate via an authentication credential provided from a communication device that is external to a test communication device running the browser. The request is queued in a request queue. The authentication credential is received from an interceptor that intercepts the authentication credential in the external communication device. The authentication credential is sent to the browser, which in turn sends the authentication credential to the application under test. This completes the authentication process in the application under test. The request is then removed from the request queue. This allows for an automated multi-factor authentication process that can be used for testing the application under test.

Abstract: A system for efficient third-party authentication of asset transfers using trusted computing includes a process authentication node configured to receive transfer data relating to an asset transfer, wherein the transfer data includes at least a first authentication datum, retrieve, from an instance of a secure listing, a first digitally signed assertion including at least a second authentication datum, wherein the first digitally signed assertion is generated by a data validator device as a function of information of a transferring entity, compare the at least a first authentication datum to the at least a second authentication datum, and authenticate the transfer data as a function of the comparing of the at least a first authentication datum to the at least a second authentication datum.

Abstract: Methods and systems for creating a digital association are provided. The method includes obtaining a first user-generated item comprising identifiable features of a first user and a second user. The method also includes obtaining a second user-generated item comprising the identifiable features of the first user and the second user. The method also includes cross-confirming that the first and second user-generated items are valid to verify the digital association.

Abstract: A system for authenticating an electronic device by means of an authentication server in order to authenticate a user of said electronic device. The system is adapted to perform an authentication based on a fictive payment transaction and includes the authentication server which is adapted to execute a fictive payment transaction with a predetermined transaction amount with said electronic device and during said execution to receive a first cryptogram from said electronic device; send said first cryptogram to a banking server; and receive from said banking server an acknowledgment if said first cryptogram is valid; when said fictive payment transaction has been executed, compute an authentication identification based on said electronic device's data; said electronic device which is a payment electronic device and which is adapted to execute said fictive payment transaction with said authentication server and during said execution to send said first cryptogram to said authentication server.

Abstract: A method may include calculating a first set of hash values for a set of well log channels, extracting a well log channel snippet from an unknown well log channel, calculating a second set of hash values for the well log channel snippet, identifying, for the unknown well log channel, a matching well log channel by searching the first set of hash values with the second set of hash values, and storing, for the unknown well log channel, a channel context corresponding to the matching well log channel.

Abstract: A structured document is verified for changes that are made during and after deployment of an application. The structured document includes first fields that are designated as mutable, and second fields that are designated as immutable. An attempted change is detected to the structured document during or after deployment of the application. Upon detecting the attempted change, a digital signature is generated of the second fields of the structured document. A determination is made whether the generated digital signature of the second fields matches a reference digital signature of the second fields. Upon determining that the generated digital signature matches the reference digital signature, the change to the structured document is permitted. Upon determining that the generated digital signature does not match the reference digital signature, the change is blocked to the structured document.

Abstract: A service management system communicates via wide area network with gateway devices located at respective user premises. The service management system remotely manages delivery of application services, which can be voice controlled, by a gateway, e.g. by selectively activating/deactivating service logic modules in the gateway. The service management system also may selectively provide secure communications and exchange of information among gateway devices and among associated endpoint devices. An exemplary service management system includes a router connected to the network and one or more computer platforms, for implementing management functions. Examples of the functions include a connection manager for controlling system communications with the gateway devices, an authentication manager for authenticating each gateway device and controlling the connection manager and a subscription manager for managing applications services and/or features offered by the gateway devices.

Abstract: This disclosure provides systems, methods, and apparatus, including computer programs encoded on computer-readable media, for a retransmission protocol that utilizes compressed feedback. Various implementations relate generally to a compressed feedback technique for hybrid automatic repeat request (HARQ). Upon receiving a compressed feedback value, a sending device may generate a retransmission codeblock. The retransmission codeblock may be derived from multiple codeblocks in a set of codeblocks. A receiving device can use the retransmission codeblock to obtain any failed codeblock in the set of codeblocks based on all other previously decoded codeblocks in the set of codeblocks. Thus, the receiving device does not need to indicate which codeblock in the set failed, but only needs to send a compressed feedback value that indicates which sets of codeblocks have had a single codeblock failure.

Abstract: A machine learning (ML) based asset monitoring system that automatically determines damage mechanisms (DMs) and generates automatically updated visualizations of assets that include equipment and lines of a processing plant is disclosed. The asset monitoring system is communicatively coupled to the assets of the plant and continuously receives process parameters associated with the various processes and equipment in the plant. Corrosion loops (CLs) are identified and automatically demarcated by the asset monitoring system. DMs are predicted for each of the assets using a ML model based on the process parameters and the corrosion loops. The data regarding the DMs, CLs and the process parameters are used to obtain equipment risk rankings for the assets. Multi-dimensional visualizations of the assets that display the state of the plant assets in real-time are generated.

Abstract: An endpoint determines whether a client is authorized to access data. A database stores separate authorizations of a permission model in a data table along with the data. Mapping templates of the endpoint convert a client request for data into a database query for client authorization and the requested data. In response to the query, the database returns to the endpoint the requested data as well as an indication of authorization from the data table. The mapping templates of the endpoint are then used to generate an appropriate response to the client. When the database response indicates the client is authorized, the endpoint can return the requested data to the client. When the database response indicates the client is not authorized, the endpoint can return an error. In some embodiments, the endpoint is an application programming interface (API) gateway that conforms to representational state transfer (REST) software architecture.

Abstract: A network node of a mobile communications network may need to generate at least one new Input Offset Value, IOV value, for use in protecting communications between the network node and a mobile station. The network node then associates a fresh counter value with the or each new IOV value; calculates a Message Authentication Code based on at least the at least one new IOV value, the fresh counter value associated with the or each new IOV value, and a constant indicating that the Message Authentication Code is calculated to protect the new IOV value; and transmits the at least one new IOV value, the fresh counter value associated with the or each new IOV value, and the calculated Message Authentication Code to the mobile station.

Abstract: Techniques for securing user data in a healthcare data management system are described. A client system receives a request to authenticate a user. The user is associated with applications and roles. The user is authenticated, at the client system, for all applications and all roles. A login token relating to the authenticated user is maintained at the client system. A role is selected for the user, and an authorization token relating to the selected role is maintained at the client system. A session for the user is initiated. This includes generating an encrypted session cookie relating to the user and the session, storing the encrypted session cookie at the client system, and periodically updating a timestamp for the session cookie.

Abstract: A computing device includes an array of addressable elements. Each addressable element is a hardware element that generates a substantially consistent response when interrogated. The device includes a processor coupled to the array of addressable elements and configured to communicate using a communication network. The processor receives a public key, and processes the public key to produce at least a set of addresses. Each address in the set of addresses identifies one or more hardware elements in the array of addressable elements. The processor generates a set of responses by interrogating the one or more hardware elements in the array of addressable elements identified by the set of addresses according to a set of reading instructions, appends the responses in the set of responses to generate a private key, receives an encrypted message and decrypts the encrypted message using the private key to generate an unencrypted message.

Abstract: Aspects of the disclosure relate to detecting impersonation in email body content using machine learning. Based on email data received from user accounts, a computing platform may generate user identification models that are each specific to one of the user accounts. The computing platform may intercept a message from a first user account to a second user account and may apply a user identification model, specific to the first user account, to the message, so as to calculate feature vectors for the message. The computing platform then may apply impersonation algorithms to the feature vectors and may determine that the message is impersonated. Based on results of the impersonation algorithms, the computing platform may modify delivery of the message.

Abstract: Embodiments of the disclosure are related to distribution of content in response to search signals in an enterprise environment. Embodiments of the disclosure obtain search signals from a client device associated with a user. In response to obtaining such a search signal, content stored on a resource repository can be located. Such a resource repository can be a private repository associated with an enterprise. In response to located content, a notification can be sent to the client device of the user.

Abstract: Systems and methods for providing an authenticated groupcast stream of content to destination receivers are disclosed. A method may include receiving information indicating that a media capturing source(s) located at a premises and destination receivers are included in a group. Content captured from a media capturing source(s) may be received. The content may include an image(s)/video(s) and a destination network address associated with the destination receivers. The content may be copied. The number of copies of content may correspond to a number of the destination receivers. A respective copy of the content may be sent to the destination receivers.

Abstract: A computer-implemented method includes receiving an indicator of enrollment of a user in a breach notification service; acquiring information regarding the user; and generating one or more indicators of a data breach for an entity that stores one of data regarding the user or an indication of a transaction with the user in a past predefined time period. The computer-implemented method further includes determining that the one or more indicators meet a threshold level for notifying the user of the data breach; in response to determining that the one or more indicators meet the threshold, generating a notification specific to the user regarding the data breach; and providing the notification to the user during a log-in process for a product or service associated with the provider computing system.

Abstract: The present disclosure generally relates to web page analysis, and more particularly to a classification system for web pages. The classification system may classify a web page as malicious based upon one or more signatures generated for the web page. For example, the classification system may compare one or more signatures generated for a first web page to one or more signatures generated for a second web page, where the first web page and the second web page are the same web page at different times or different web pages. Based upon a similarity of the signatures, the classification system may output whether the first web page is malicious. For another example, the classification system may include a classification model that is trained based upon one or more signatures for one or more classified web pages. The classification model may output whether the web page is malicious.

Abstract: When performing data encryption at rest of data residing on Kubernetes persistent volume, existing methods rely on storage provider's encryption capabilities, which instill limitations that hinder deployment. Accordingly, systems and methods are described that receive a Pod specification comprising a disk encryption request and automatically annotate the specification to include specifications for the disk encryption (e.g., secret, key, etc.) to mount a persistent volume having a disk encrypted according to the generated specification.

Abstract: When a customer service representative (CSR) calls a customer, the customer may be able to authenticate himself or herself by providing the CSR with personal identifying information. However, the CSR may be unable to provide information to authenticate himself or herself to the customer. Thus, this patent document describes authentication techniques that can allow the CSR to authenticate himself or herself to the customer. For example, before or during a call that the second person (e.g., CSR) initiates to call a first person (e.g., customer), a notification message may be sent to the first person's user device. The content of notification message displayed on the user device may provide information to the first person which can allow the first person to determine whether the second person is trustworthy.

Abstract: A system for authentication having an authentication protocol to communicate with the hardware device, the authentication protocol having an encryption function having a hardware key and a software key, a private and a public key pair, the key pair generated from the hardware key and the software key, used to encrypt the communication between the server and the client, an identity authentication service to assign a user of the hardware device to an identity string, and creates a unique user email address based on the identity string and an authentic email server domain, and a target service having a user identity data and comparing the user identity data to the email string, and if the user identity data and the email string match, then the target service accepts the unique user email address to send a service event communication to the hardware device.

Abstract: Signature handling for a block for which consensus was formed in blockchain network which requires signatures from plurality of nodes to form consensus for block adoption. After completion of the setup, first node 110 sends a first message including a generated block to N nodes (S301). Each node evaluates the validity of the block on basis of the rule for consensus formation (S302). If the block is valid, the node sends a second message which includes signature si, by secret key share f(xi), with respect to a hash value h of the block for which consensus is to be formed (S303-1). After k signatures are collected at jth node, the node merges these signatures to generate a signature corresponding to a public key PK (S304). A block for which consensus is to be formed has signature SK·h appended thereto and is added to blockchain of each node (S306).

Abstract: A service may leverage a mutual transport layer security (mTLS) service to authenticate a client that is configured with a client certificate chain. The client may request access to the service, and the service may transmit a redirection response to the client. The redirection response may indicate an endpoint for the mTLS service that is associated with the tenant. In response to receiving the redirection response, the client may perform a digital handshake with the mTLS service, and the mTLS service may validate the client digital certificate and digitally sign the client digital certificate. The mTLS may transmit a redirection response, which redirects the client to the service where the client presents an indication of the digitally signed digital certificate chain. The service may validate the chain of trust associated with the digitally signed digital certificate chain and issue an indication that the client is authenticated to access the service.

Abstract: A method for transaction initiation with a bypass of merchant systems includes: storing a consumer public key and a blockchain comprised of a plurality of blocks, each block being comprised of a block header and data values, each block header including a block timestamp, and each data value including a unique transaction identifier; receiving a data message originating from a merchant system including a specific transaction identifier, a transaction timestamp, and transaction data; identifying a specific data value in a specific block that includes the specific transaction identifier; verifying that the block timestamp in the specific block is within a predetermined period of time of the transaction timestamp; identifying payment credentials associated with a user transaction account corresponding to the specific data value; and initiating a payment transaction between the merchant system and the transaction account using the identified payment credentials and transaction data.

Abstract: Disclosed herein are system, apparatus, article of manufacture, method and/or computer program product embodiments, and/or combinations and sub-combinations thereof, for determining physical possession of one or more IoT devices. According to some embodiments, a method for determining physical possession of a plurality of Internet-of-Things (IoT) devices includes determining physical possession of a first IoT device of the plurality of IoT devices. The method further includes determining whether the first IoT device with the determined physical possession satisfies a condition. In response to determining that the first IoT device with the determined physical possession does not satisfy the condition, determining physical possession of a second IoT device of the plurality of IoT devices.

Abstract: Systems and methods for message encryption include transmitting, to a first device through a first communication channel, a modification rule message including a modification rule. A first message is encrypted using a first key to generate an encrypted message. The encrypted message is modified based on the modification rule to generate a modified encrypted message. The modified encrypted message is transmitted to the first device through a second communication channel.

Abstract: A method for obtaining a profile for access to a communication network by a secondary terminal via a main terminal. The main terminal includes a security element having an authentication key, the authentication key being used by the network and by the main terminal to generate at least one session master key specific to the main terminal. The secondary terminal: provides its identifier to the main terminal; receives from the main terminal a temporary key specific to the secondary terminal, a temporary identifier of the secondary terminal, and an identifier of the network for access to the network. The temporary key is based on the temporary identifier of the secondary terminal and the session master key of the main terminal. The temporary key, the temporary identifier, the identifier of the secondary terminal, and the identifier of the access network are included in an profile for access to the network.

Abstract: A method at a network element, the method including receiving at least one message at the network element, the at least one message being one or both of: an update status information message from an updates server; and an anomaly detection status information message from anomaly detection server; determining, based on the receiving the at least one message, a dynamic cybersecurity posture indication for an intelligent transportation system entity; and providing the dynamic cybersecurity posture indication for the intelligent transportation system entity to an Enrolment Authority, wherein the dynamic cybersecurity posture indication can be included in a certificate relating to the intelligent transportation system entity.

Abstract: Techniques are disclosed relating to generation of cryptographic private keys. In some embodiments, a computing system receives a request for a private key for use with a service that uses a key of a first length, where the request specifies a key of a second length that is less than the first length. The system then generates a hashing scheme based on the second length and a key computation time, where the hashing scheme includes a number of hashing rounds and a set of hashing functions. The system creates a synthetic key of the second length and uses the synthetic key and the hashing scheme to create a normal key of the first length, where the synthetic key permits a user to access the service by supplying the synthetic key and without having to supply the normal key. The disclosed cryptographic techniques may advantageously allow for memorization of private keys.

Abstract: Systems and methods for verifying an identity of a user include a method that includes receiving, by a computing system, a biometric electronic signature token (BEST), the BEST comprising a first biometric sample captured from a signing party and a record, receiving, by the computing system, a second biometric sample captured from the user, generating, by the computing system, a biometric reference template based on biometric data extracted from the second biometric sample, comparing, by the computing system, the biometric reference template to the first biometric sample, and responsive to the biometric reference template matching the first biometric sample, determining, by the computing system, that the user matches the signing party.

Abstract: A method for improving the utilization rate of a vehicle-to-X communication device for vehicle-to-X communication, having the steps: receipt of digital certificates by the vehicle-to-X communication device, generation of cryptographic keys for signing vehicle-to-X messages to be emitted using the digital certificates by an electronic computing apparatus, temporal spacing of the receipt of the digital certificates by the vehicle-to-X communication device, and generation of the cryptographic keys using the digital certificates. Furthermore, a vehicle-to-X communication device and use of the device in a vehicle or an infrastructure apparatus is provided.

Abstract: An authentication system includes: ECUs constituting on-vehicle network and server device communicating with the ECU. The ECU stores ID and encryption key set individually to the ECU and used for authenticating data exchanged between the ECUs. The server device stores the ID and encryption key of the ECU. The ECU includes: first CPU configured to perform: generating authentication data; generating authentication code by encrypting the authentication data using the encryption key; and transmitting the ID, authentication data, and authentication code to the server device. The server device includes: second CPU configured to perform: acquiring the ID transmitted from the ECU; retrieving the encryption key of ECU corresponding to the ID acquired; acquiring the authentication data and authentication code transmitted from the ECU; and authenticating the ECU using the encryption key retrieved.

Abstract: Extending the useful life of finite lifetime asymmetric cryptographic keys by referencing the number of uses of the keys in conjunction with or instead of the elapsed time since generation of the finite lifetime keys. By integrating asymmetric cryptographic keys into a limited use security scheme, the lifetime of finite lifetime asymmetric cryptographic keys is based on the practical risk of security breach during use rather than an arbitrary duration in which the keys are valid.

Abstract: A method of performing user authentication includes by a service electronic device associated with a service, receiving, from a public electronic device, a request for a user to initiate a session of the service, generating a first security token, a first write token, a first read token, and/or a first delete token, sending the first security token, the first write token, the first read token, and/or the first delete token to a server electronic device, receiving, from the server electronic device, a key location identifier that uniquely identifies a memory location of a data store associated with the server electronic device where the first security token, the first write token, the first read token, and/or the first delete token are stored, saving the key location identifier in a data store associated with the service electronic device, generating a signed key location identifier, generating a machine-readable image that includes the key location identifier, the signed key location identifier and the first

Abstract: A vehicle-to-X communication device for a vehicle, containing: a sending device for sending out vehicle-to-X messages, a receiving device for receiving vehicle-to-X messages, and a processing apparatus for processing vehicle-to-X messages to be sent and received. The communication device is configured to send out information for identifying a manufacturer of the vehicle and is furthermore configured to determine, by the processing apparatus, a level of trust of a vehicle-to-X message of a further vehicle received by the receiving device, utilizing information for identifying a manufacturer of the further vehicle which is contained by the vehicle-to-X message of the further vehicle. Furthermore, a corresponding method is disclosed.

Abstract: The present invention aims to improve data protection against illegal access by a strong differentiation of the security level specific on a type of data so that when the protection on a part of the data is violated, the remaining data are still inaccessible. A method for controlling access, via an open communication network, to user private data, comprising steps of: dividing the user private data into a plurality of categories, each category defining a privacy level of the data, encrypting the user private data of each category with a category key pertaining to the category of the data, attributing to a stakeholder an entity configured for accessing to at least one category of user private data, and authorizing the access to the at least one category of user private data for the entity of the stakeholder, by providing the stakeholder with the category keys required for decrypting the user private data of the corresponding category.

Abstract: A method of performing a contactless transaction between a payment device and a terminal is described. The method comprises establishing a data connection between the payment device and the terminal and then establishing if the payment device and the terminal both support an enhanced security architecture. If they do not, they will then perform the contactless transaction according to a basic transaction flow using a first cryptographic system. If they do, they will perform the contactless transaction according to an enhanced transaction flow using a second cryptographic system. The first cryptographic system and the second cryptographic system comprise different asymmetric cryptographic systems. Suitable payment devices and terminals, and methods at the payment devices and terminals, are described.

Abstract: A novel system and network architecture unburdens the end users as a result of reduced complexity of the infrastructure used by said users. As a result of the omission of processors, operating systems and conventional software on the user side, the use of the IT is simplified and the infiltration of malware into the devices belonging to the end users is prevented. In addition, the new architecture makes it possible to set up secure and more efficient networks even with respect to IoT and Industry 4.0 as well as new business models and supports both the coexistence and the migration of the conventional technology to the new architecture.

Abstract: Presented herein are systems and methods of securely sharing data from multiple sources with different client terminals. A server may establish an electronic document for defining a transaction. The electronic document may have data fields. Each data field may be from a client terminal. The server may identify encryption keys to encrypt the corresponding data fields included in the electronic document. The server may distribute the encryption keys across the client terminals in accordance with an access control policy. The access control policy may specify access permissions for a client terminal to each of the plurality of data fields based on a role of the client terminal in the transaction. The server may provide, to each client terminal with access to the data fields in the electronic document via the encryption keys distributed in accordance with the access control policy.

Abstract: A system and method for displaying content to a user comprises a database containing a plurality of media, each of the plurality of media having an associated user image and a processor operably coupled to the database. The processor is configured to receive an image captured by a user device, receive an inputted code entered into the user device, lookup a specific media content corresponding to the image and the code and transmit the specific media content to the user device for display to the user in real time. The method comprises receiving the scanned image and the inputted code, looking up the specific media corresponding to the scanned image and the code and transmitting in real time, the specific media to the user device for display to the user.

Abstract: Secure processing within a computing environment is provided by incrementally decrypting a secure operating system image, including receiving, for a page of the secure operating system image, a page address and a tweak value used during encryption of the page. Processing determines that the tweak value has not previously been used during decryption of another page of the secure operating system image, and decrypts memory page content at the page address using an image encryption key and the tweak value to facilitate obtaining a decrypted secure operating system image. Further, integrity of the secure operating system image is verified, and based on verifying integrity of the secure operating system image, execution of the decrypted secure operating system image is started.

Abstract: Embodiments of the present disclosure provide a voice smart device wake-up method, apparatus, device and storage medium. The method includes: receiving, by a master control device, a wake-up message sent by each smart device, the wake-up message comprising at least sound characteristics information, determining, by the master control device, a target smart device to be woken up according to the sound characteristics information, and sending, by the master control device, a wake-up instruction to the target smart device to be woken up, to wake up the target smart device to be woken up for responding to a voice request from a user. In a case where a plurality of smart devices share a same wake-up word, only one most suitable smart device is waken up to respond to a voice request of the user each time.

Abstract: There may be provided a computer-implemented method. It may be implemented using a blockchain network such as, for example, the Bitcoin network.

Abstract: According to various embodiments, an electronic device may include at least one antenna module; and at least one processor configured to receive a communication service from a first communication network, a second communication network, and an IP multimedia subsystem (IMS) network via the at least one antenna module, wherein the at least one processor may be configured to: access the first communication network based on first identification information which corresponds to the first communication network, via the accessed first communication network, based on second identification information which corresponds to the IMS network, request the IMS network to register the electronic device, if registration request to the IMS network fails, access the second communication network, and request the IMS network to register the electronic device via the second communication network. Other various embodiments are possible.

Abstract: Systems and methods are described herein for provisioning a home automation hub, or one or more of IoT devices, with blockchain nodes (or sub-nodes). The hub, an IoT device, and/or a group of IoT devices can perform operations similar to a node on a blockchain network. The operations can include blockchain transactions and other operations, such as transactions performed to verify or confirm an IoT device is authorized to be part of the shared network and thus is authorized to connect to the hub.

Abstract: A data sharing method of a user device is provided. The data sharing method includes receiving, from a server device storing information, a private key corresponding to the information, performing a homomorphic encryption of the private key by a homomorphic encryption key provided from the server device, and generating a switch key, and uploading the switch key to a blockchain system. Accordingly, a more effective and clear data sharing is provided.

Abstract: A method and system for managing shared use of an asset. An asset device and an owner device accomplish an initial setup procedure to register the owner with the asset. One or more secure policies are then sent from the owner device, or another device authorized to create policies, to one or more user devices. The policies express user conditions and limitations for using the asset. Subsequently, the user device transmits the secure policy to the asset device. Once the policy has been transferred from the user device to the asset device, user associated with the user device can request use of the asset and will be granted the requested use if the requested use is permitted by the policy.

Abstract: The present disclosure discloses a method for configuring a block chain-based local consensus, including implementing an initialization of a plurality of nodes and creating a local consensus instance for a set of nodes selected from the plurality of nodes. The present disclosure also discloses a corresponding computer-readable storage medium and an apparatus for configuring a block chain-based local consensus. The apparatus including an initialization module configured to implement an initialization of a plurality of nodes; and a local consensus configuration module configured to create a local consensus instance for a set of nodes selected from the plurality of nodes.

Abstract: Technologies are disclosed herein that allow for utilization of firmware specific data through an Advanced Configuration and Power Interface (ACPI) Firmware Identification (FID) table in a computing system. The ACPI FID table can be loaded during a boot of a computer system. The ACPI FID table can be read after an operating system has been loaded on the computer system. Based upon firmware specific data in the ACPI FID table, functionality provided by the application can be restricted. The use of various features provided by the application can be restricted or the application can be restricted from executing entirely. Compatibility between the application and the firmware can be ensured based upon firmware specific data in the ACPI FID table.