Abstract: The disclosed embodiments are related to securely updating a semiconductor device and in particular to a key management system. In one embodiment, a method is disclosed comprising storing a plurality of activation codes, each of the activation codes associated with a respective unique identifier (UID) of semiconductor device; receiving, over a network, a request to generate a new storage root key (SRK), the request including a response code and a requested UID; identifying a selected activation code from the plurality of activation codes based on the requested UID; generating the SHRSRK value using the response code and the selected activation code; associating the SHRSRK value with the requested UID and storing the SHRSRK value; and returning an acknowledgement in response to the request.

Abstract: A system and method of a system provides for tracking and controlling print cartridge ownership transfers using non-fungible tokens (NFTs). A print cartridge manufacture creates a unique NFT for each manufactured print cartridge that is stored on a public blockchain. Each NFT is encoded with a serial number of its associated cartridge, along with manufacturer information stored in the manufacturer's digital certificate. Each NFT may include manufacturer information, transactional information and a smart contract. Sale or resale of a cartridge is accomplished by a sale of its associated NFT on a digital marketplace. Sales are governed by smart contract terms. A buyer scans a cartridge QR code to decode its serial number which is then used to lookup manufacturer information, cartridge information and transactional information. If a purchase permitted and is accepted, the buyer information and sale information are updated to the blockchain with the associated NFT which is placed in the possession of the buyer.

Abstract: Aspects of the disclosure relate to mechanisms and algorithms for a vehicle to join a vehicle group. The vehicle may transmit a query message that includes an identifier, and includes vehicle course information. In response, the vehicle may receive an invitation message that includes a group identifier, group course information, and wireless resource information for joining a vehicle group. The vehicle may then transmit a joining request message, including the first group identifier.

Abstract: Provided is dynamic and flexible authentication based on an interaction over a communications link between a user device and a financial entity. A set of interactions enabled at the user device are categorized into different levels, each level comprises a different authentication policy. At about the same time as an interaction is initiated at the device, an authentication policy assigned to the interaction is accessed and a security challenge is activated at the device. Based upon a successful response to the security challenge, an enablement of the communications link is continued. Based upon an unsuccessful response to the security challenge, the communications link is disabled.

Abstract: A network system including a plurality of devices can acquire authenticated location information of a device and provides various services using the authenticated location information. Each of the plurality of devices includes: a communication unit for performing data communication with another device; a storage unit that stores a digital certificate including a public key for determining an IP address of the device; and a determination unit that determines an IP address of another device based on a public key included in a digital certificate received from the another device. The digital certificate includes location information associated with a corresponding device.

Abstract: A data transaction processing system including multiple transaction processors also includes an active transaction receiver that sequences all incoming messages from various sources to facilitate transactional determinism, as well as a results arbiter to efficiently decide which transaction processor result to choose as the correct output. The data transaction processing system minimizes overall latency by optimizing which transaction processors and results arbiters are responsive to specific client computer input requests or messages.

Abstract: There may be provided a computer-implemented method. It may be implemented using a blockchain such as, for example, the Bitcoin blockchain. The computer-implemented method includes: i) joining a congress by transferring, by a node operating in a proof-of-work blockchain network, one or more digital assets to a congress pool having one or more other digital assets associated with other members of a congress; ii) detecting, by the node, a special transaction of digital assets on the proof-of-work blockchain network to an address associated with the congress pool, the special transaction satisfying determined criteria; and iii) minting, by the node, one or more digital assets on a proof-of-stake blockchain network in response to detecting the special transaction.

Abstract: Examples for validating the identify of an application in an inter-app communication protocol are described. An attestation payload is obtained from a third party attestation service that is executed remotely from a device on which the application is running. The attestation payload can be validated by another application on the device in order to validate the identity of the application providing the attestation payload.

Abstract: The invention relates to a method for a secure transmission of electronic data packets in a network comprising network components.

Abstract: A Data Leakage Prevention (DLP) device and a method for processing a packet are disclosed. The DLP device receives an IP packet sent by a user device, wherein the IP packet includes TCP port information; and detects whether a first TCP connection is established between the DLP device and the user device. If the first TCP connection is not established, when the IP packet is a data packet, an application layer protocol for transmitting the IP packet is determined by comparing a packet feature of the IP packet with packet features corresponding to respective application layer protocols. When the application layer protocol for transmitting the IP packet is listened to, a pair of TCP connections is established according to the TCP port information, wherein the pair of TCP connections includes the first TCP connection and a second TCP connection between the DLP device and a server.

Abstract: Embodiments of the present disclosure provide systems and methods for managing access rights for a copy of an original digital document. The method performed by a server system includes receiving a request for generating a copy of an original document. The method includes performing an authorization of the request for generating the copy of the original document based on the access rights associated with the original document. Further, the method includes generating a copy document of the original document upon successful authorization. The method includes determining the access rights defined for the copy document in the original document. The method further includes transmitting the access rights to the copy document. The method includes sending the copy document with the access rights. The access rights set on the copy document facilitate the user to perform document-related operations on the copy document.

Abstract: A security platform architecture is described herein. The security platform architecture includes multiple layers and utilizes a combination of encryption and other security features to generate a secure environment.

Abstract: A method of performing a contactless transaction between a payment device and a terminal is described. The method comprises establishing a data connection between the payment device and the terminal and then establishing if the payment device and the terminal both support an enhanced security architecture. If they do not, they will then perform the contactless transaction according to a basic transaction flow using a first cryptographic system. If they do, they will perform the contactless transaction according to an enhanced transaction flow using a second cryptographic system. The first cryptographic system and the second cryptographic system comprise different asymmetric cryptographic systems. Suitable payment devices and terminals, and methods at the payment devices and terminals, are described.

Abstract: A method of performing user authentication includes by a service electronic device associated with a service, receiving, from a public electronic device, a request for a user to initiate a session of the service, generating a first security token, a first write token, a first read token, and/or a first delete token, sending the first security token, the first write token, the first read token, and/or the first delete token to a server electronic device, receiving, from the server electronic device, a key location identifier that uniquely identifies a memory location of a data store associated with the server electronic device where the first security token, the first write token, the first read token, and/or the first delete token are stored, saving the key location identifier in a data store associated with the service electronic device, generating a signed key location identifier, generating a machine-readable image that includes the key location identifier, the signed key location identifier and the first

Abstract: Systems and methods for verifying an identity of a user. A method includes generating a tokenized biometric sample by tokenizing a biometric sample associated with the user by a computing system. The method further includes generating a digitally-signed tokenized biometric sample by digitally signing the tokenized biometric sample with a private key associated with the user by the computing system. The method further includes, responsive to a biometric reference template matching a signing party biometric sample associated with a signing party and a record, determining that the user matches the signing party by the computing system. The biometric reference template is based on biometric data extracted from the biometric sample. Authenticity and data integrity of the record is determined based on each of the record, the tokenized biometric sample, and a public key of a public/private key pair comprising the private key.

Abstract: There may be provided a computer-implemented method. It may be implemented using a blockchain such as, for example, the Bitcoin blockchain. The computer-implemented method includes: i) joining a congress by transferring, by a node operating in a proof-of-work blockchain network, one or more digital assets to a congress pool having one or more other digital assets associated with other members of a congress; ii) detecting, by the node, a special transaction of digital assets on the proof-of-work blockchain network to an address associated with the congress pool, the special transaction satisfying determined criteria; and iii) minting, by the node, one or more digital assets on a proof-of-stake blockchain network in response to detecting the special transaction.

Abstract: According to aspect of the present disclosure there are provided methods and apparatus for printing to a group of printers in a network, including a method comprising provisioning each printing device of the plurality of printing devices with a respective private cryptographic key, defining a first group of printing devices comprising a first subset of the plurality of printing devices, generating a first group public key for the defined first group of printing devices, the first group public key generated based on public cryptographic keys corresponding to the respective private cryptographic keys provisioned to the first subset of the plurality of printing devices, and providing the first group public key to a user.

Abstract: Methods and systems for introducing self-contained intent functionality into decentralized computer networks is described. Specifically, the methods and systems for encoding user intent (e.g., what functions a value may be used for) into data structures for computer programs and/or transaction protocols intended to automatically execute, control, or record events and actions according to predetermined terms or criteria are described herein. For example, the methods and systems may include using a permission structure native to one or more cryptocurrencies to provide additional functionality that allows for an intent to be introduced into the computer program and/or transaction protocol. This intent may be introduced using a routing data structure indicating exchange eligibility of resource sources.

Abstract: The invention relates to securing of an article against forgery and falsifying of its associated data, and particularly of data relating to its belonging to a specific batch of articles, while allowing offline or online checking of the authenticity of a secured article and conformity of its associated data with respect to that of a genuine article.

Abstract: An administrator creates an access policy for a network resource using an access server. The access policy may specify device characteristics that are needed to access the network resource. These characteristics may relate to the type of user device, the computing environment of the user device, installed applications and versions, installed certificates, and physical characteristics. The access policy for the network resource may be assigned to a user or to groups of users. Later, when the user attempts to access the network resource, an application installed on the user device provides a file containing the characteristics of the user device to the access server. The access server determines whether the characteristics of the file satisfies the access policy associated with the user and network resource, and if so permits access to the network resource. Else, access to the network resource is denied.

Abstract: Disclosed is distributed routing and load balancing in a dynamic service chain, receiving a packet at a first service instance, including a NSH imposed on the by a service classifier. The NSH includes a stream affinity code consistent for packets in a stream. The method also includes processing the packet at the first instance where the instance performs a first service in a service chain that includes second and third services. The first service instance accesses a flow table using the stream affinity code to select a second service instance performing the second service from among service instances performing the second service, and the first instance routes the packet to the selected second service instance upon egress from the first service instance. The method can include hashing the stream affinity code to access the flow table and access an available instance using the hash as a key to a CHT.

Abstract: An administrator creates an access policy for a network resource using an access server. The access policy may specify device characteristics that are needed to access the network resource. These characteristics may relate to the type of user device, the computing environment of the user device, installed applications and versions, installed certificates, and physical characteristics. The access policy for the network resource may be assigned to a user or to groups of users. Later, when the user attempts to access the network resource, an application installed on the user device provides a file containing the characteristics of the user device to the access server. The access server determines whether the characteristics of the file satisfies the access policy associated with the user and network resource, and if so permits access to the network resource. Else, access to the network resource is denied.

Abstract: Embodiments of the present invention provide methods, systems, apparatuses, and computer program products for integrating user-specific context indicators into a searchable enterprise platform. In one embodiment, an apparatus is configured to apply a learned user profile, to a set of search results to obtain a user-specific, ranked arrangement of search results. The learned user profile may be developed through the application of a machine learning and/or trained model to a set of user behaviors that have been determined or otherwise detected within an enterprise platform, such that the user-specific context in which a user's search arises can be modeled and applied to retrieved digital content items associated with a search query within the enterprise platform.

Abstract: Methods, systems, and apparatuses, including computer programs encoded on computer-readable media, for receiving a first communication request, from a web browser of a user. A first responder requests information and a response to the request for information is received as part of a conversation. A conversation identifier is used to store the conversation. Based on the conversation, the conversation is determined to stop and a second responder is identified. The conversation is then transferred to the second responder.

Abstract: A system for and method of transmitting verifiable e-mail includes a message ID sent to a recipient of the e-mail. A system for and method of transmitting encrypted files using e-mail and other electronic communication channels includes a computer program for storing encrypted files supplied by a user, creating a link to the encrypted files to be e-mailed to a recipient, allowing download of the encrypted files when an authorization code is provided after the link is used to go to a system server, wherein the authorization code is sent to a telephone of the recipient, via text or aurally.

Abstract: Systems and methods for permitting software presence/configurations to function as a factor in a multi-factor authentication scheme so that a user's access to a different software program/application is conditioned on the presence of certain pre-specified software or software configurations that would otherwise not be necessary for access and/or operation of the different software program/application. Generally, by confirming the presence/configuration of the pre-specified software on a computing device, the system ensures that a user, in one embodiment, may only access the different software program/application with the proper configuration of the pre-specified software.

Abstract: Methods, systems, and devices for wireless communication are described. Devices may synchronize parameters associated with an encryption key to avoid a key mismatch. In a first example, a transmitter and a receiver may each update a respective parameter at each transmission occasion associated with semi-statically allocated resources, regardless of whether signaling is transmitted in the transmission occasion. In a second example, the transmitter and the receiver may each update the respective parameter based on a slot count, rather than at each transmission occasion. In a third example, the transmitter may indicate a value of a transmitter parameter to the receiver, for example in control signaling or in the signaling in each transmission occasion. In a fourth example, the receiver may be enabled to identify a skipped transmission occasion The receiver may be enabled with a feedback process to indicate the receiver recognized the associated transmission occasion was skipped.

Abstract: This technology receive first telemetry data collected at the client when first instrumentation code provided to the client during a first interaction with a first server is executed at the client. The first telemetry data is stored in a telemetry data set comprising telemetry data for one or more interactions between a plurality of clients and a plurality of servers. Second telemetry data, collected at the client when the second instrumentation code provided to the client during a second interaction with a second server is executed at the client, is received. Based on the second telemetry data, determining when the telemetry data set includes stored telemetry data for an interaction between the client and the first server. A transfer of data associated with the client and the first server to the second interaction is facilitated when the determination indicates the telemetry data set includes the stored telemetry data.

Abstract: To provide a mutual authentication system which is not required to erase master key when a slave device is replaced. The storage part stores a temporary key which is key data used temporarily and a master key which is key data used for authentication. The storage part stores the temporary key. The key confirmation unit inquires whether the slave device stores the master key. The key confirmation response unit confirms whether the master key has already been stored in the storage part for an inquiry from the master device and responds. The key introduction unit encrypts the master key by using the temporary key and transmits to the slave device. The key storage unit decrypts the encrypted master key by using the temporary key and stores in the storage part. The main authentication unit and the sub-authentication unit authenticate with each other by using the master key.

Abstract: In an approach to auditing of multi-factor authentication, one or more computer processors receive a request for a multi-factor authentication for a service from at least one device associated with a user. One or more computer processors retrieve information associated with the at least one device. One or more computer processors log the request and the information associated with the at least one device. One or more computer processors calculate a strength of the multi-factor authentication based on the request and the information associated with the at least one device. One or more computer processors log a multi-factor authentication audit trail.

Abstract: Methods and systems for distributed cognition of digital content include receiving submissions from community members regarding a knowledge object. Each community member has a reputation value and each submission includes an evaluation value representing an evaluation of the knowledge object by the community member. A consensus evaluation is determined based on a calculated combination of the evaluation values in the submissions received and the reputation values of the respective community members who submitted the submissions. While submissions are being received, the consensus evaluation of the knowledge object is iteratively updated based on submissions received, being a calculated combination of the evaluation values in the submissions received and the reputation values of the respective community members who submitted the submissions.

Abstract: The techniques herein are directed generally to providing access control and identity verification for communications when initiating a communication from an entity to be verified. In one embodiment an initiating device initiates a communication to a receiving device on a communication channel, wherein the receiving device is configured to determine whether an identity associated with the initiating device is verified by a verification service. The initiating device verifies the identity through a verification service client application on the initiating device, and conveys, to the verification service over a verification channel, that the identity associated with the initiating device is verified, wherein the verification service conveys, to the receiving device over the verification channel, that the identity is verified.

Abstract: A protocol that is managed by a coordinating network element or third-party intermediary or peer network elements and utilizes tokens prohibits any subset of a union of the coordinating network element or third-party intermediary, if any, and a proper subset of the processors involved in token generation from substantively accessing underlying data. By one approach, processors utilize uniquely-held secrets. By one approach, an audit capability involves a plurality of processors. By one approach, the protocol enables data transference and/or corroboration. By one approach, transferred data is hosted independently of the coordinating network element. By one approach, the coordinating network element or third-party intermediary or a second requesting network element is at least partially blinded from access to tokens submitted by a first requesting network element. By one approach, a third-party intermediary uses a single- or consortium-sourced database.

Abstract: Methods, apparatus, and processor-readable storage media for automatically discovering and securely identifying connected systems are provided herein. An example computer-implemented method includes discovering a set of one or more systems connected via at least one network using one or more domain name server (DNS) service discovery techniques; identifying at least one of the one or more systems of the discovered set by processing cryptographic data associated with at least a portion of the one or more systems using one or more digest access authentication techniques; and performing one or more automated actions based at least in part on the at least one identified system.

Abstract: Methods, apparatus, systems, and articles of manufacture are disclosed to securely audit communications. An example apparatus includes a participant list generator to, responsive to a command to provision a secured group of devices in a network to prevent malicious activity, generate a participant device list including one or more endpoint devices and a control plane server; a privilege controller to, based on a policy indicated in the command, set read and write privileges for the one or more endpoint devices and the control plane server; a command controller to, based on the command, determine whether to generate a shared communication key using a shared system key; and a communication processor to encrypt communications between the one or more endpoint devices and the control plane server using the shared communication key.

Abstract: Methods and apparatuses are described for authenticating client applications using an identity fabric blockchain. A server receives a first registration request from a first client application. The server generates a first decentralized identifier corresponding to the first client application and stores the first identifier in an identity fabric blockchain. The server receives a second registration request from a second client application, generates a second decentralized identifier corresponding to the second client application, and stores the second identifier in the blockchain. The server receives a first authentication request from a first resource and authenticates the first client application based on the first authentication request and the first decentralized identifier stored in the blockchain.

Abstract: A system for centralized management of access subnetwork selections is disclosed. The system comprises an Internet protocol-based communications management (ICM) client located on an onboard server of each of one or more vehicles, and an ICM server located at a ground center. The ICM server is in operative communication with the ICM client on each of the one or more vehicles. The ICM client on each of the one or more vehicles is operative to communicate with the ICM server through one or more subnetworks, which are in operative communication with a ground network. The ground network communicates with the ICM server.

Abstract: There is disclosed in one example a gateway apparatus, including: a hardware platform including a processor and a memory; and instructions stored within the memory to instruct the processor to: provide a domain name system (DNS) server, the DNS server to provide an encrypted DNS service, and to cache resolved domain names; receive an outgoing network packet; determine a destination address of the outgoing network packet; and upon determining that the destination address was not cached, apply a security policy.

Abstract: Embodiments are presented for collaborative device address generation between a wireless client device and a network infrastructure component, such as a wireless access point. The wireless client device and network infrastructure component share information to facilitate collaborative generation of a sequence of device addresses. This shared information includes, in some embodiments, key information and moving factor information. The key information and moving factor information is used to generate a token. A sequence of tokens is generated by updating the moving factor as each token is generated. A corresponding sequence of device addresses are then derived based on the sequence of tokens. Since the wireless client device and the network infrastructure device apply equivalent methods to generate respective sequences of addresses, the network infrastructure is able to efficiently identify a source wireless client device when observing a new device address on a wireless network.

Abstract: A network of storage units has a data path, which is at least a portion of the network. The network also has a dynamic time-varying or cycle-varying code generation unit and a code comparator unit that together make up an unlock signal generation unit; and a gateway storage unit. If the gateway storage unit does not store an unlock signal or the unlock signal generation unit does not generate and transmit an unlock signal, the gateway storage unit does not insert a data path segment in the data path. If the unlock signal generation unit is operated such that it generates an unlock signal, and it transmits that unlock signal to a gateway storage unit, and the gateway storage unit stores the unlock signal value, then the gateway storage unit inserts a data path segment into the data path.

Abstract: A method can include receiving identity data from a computing device. The method can include verifying that the identity data is associated with a live subject. The method can include generating a privacy-secured token based on the identity data. The method can include generating a randomized unique user identifier (RUUI). The method can include storing the privacy-secured token and the RUUI in association at a first registry. The method can include transmitting the RUUI to the computing device. The method can include configuring metadata of a cryptographic asset to include the RUUI. The cryptographic asset may be associated with a second registry, and the second registry may be associated with a blockchain environment.

Abstract: A request is obtained for accessing a resource in a different region from a region indicated by a session token included with the request. The session token is re-encrypted using secret information of the second region. The request to access the resource in the different region can be fulfilled using the re-encrypted session token.

Abstract: A data transaction processing system including multiple transaction processors also includes an active transaction receiver that sequences all incoming messages from various sources to facilitate transactional determinism, as well as a results arbiter to efficiently decide which transaction processor result to choose as the correct output. The data transaction processing system minimizes overall latency by optimizing which transaction processors and results arbiters are responsive to specific client computer input requests or messages.

Abstract: A system for extraction and verification of handwritten signatures from arbitrary documents. The system comprises one or more computing devices configured to: receive a digital image of a document; perform a dilating transformation via convolution matrix on the digital image to obtain a modified image; determine a plurality of regions of connected markings in the digital image; based at least in part on a pixel density or proximity to an anchor substring of each region, determine whether any region contains any handwritten signature; extract first image data of the region containing a handwritten signature from the digital image; retrieve second image data of a confirmed example signature for a purported signer of the handwritten signature; and based on a comparison of the first image data with the second image data, forward a determination of whether the first image data and second image data are similar.

Abstract: Systems and methods are described that enable trusted communications between two entities. In one implementation, a controller of a vehicle may include one or more processors configured to receive data and a controller signature from a second controller of the vehicle. The controller signature may be generated based on at least a first portion of the data. The one or more processors may be further configured to transmit the data and the controller signature to a gateway of the vehicle and receive a gateway signature from the gateway. The gateway signature may be generated based on at least a second portion of the data and transmitted to the controller after the gateway verified the controller signature. In addition, the one or more processors may be configured to verify the gateway signature and process the data.

Abstract: A system and method for data coding and transmission for improving a retry mechanism are disclosed. A system and method allow the receiver to perform decoding based on increased data bits rather than by repeatedly processing the same retransmitted information, thereby reducing the number of retries and improving the performance of a communication system. Also, with the reduced number of retries, the computing costs of the electronic devices used in the communication systems are reduced. When mobile devices are often used in wireless communication, this is particularly advantageous since the battery life of these devices is significantly improved. Moreover, the system and method provide incremental data transmission and therefore optimize the utilization of channel bandwidth.

Abstract: Systems, methods, and devices are disclosed for preventing relay attacks. A user device may receive (e.g., when proximate to the first access device), from an intervening device, device identification data for a first access device. A message may be received from a second access device via the intervening device. The message may include a digital signature generated based at least in part on second access device identification data. The user device may validate the message utilizing the digital signature and a public key. If the message is invalid, the user device may discard the message. If the message is valid, (e.g., unaltered), the user device may determine that the user has not confirmed an intent to interact with the second access device and may terminate an further interaction with the second access device accordingly.

Abstract: Certain examples described herein relate to secure update propagation. The examples present systems and methods to transmit data in the form of updates over a network and to ensure the authenticity of the updates. The examples use a set-homomorphic digital signature scheme to sign updates such that a combined digital signature may be used to verify a batch of updates in place of a set of individual digital signatures. The combined digital signature may be generated by aggregating individual digital signatures.

Abstract: A method including determining, by a processor, an assigned key pair associated with a user device, the assigned key pair including an assigned public key and an assigned private key; authenticating, by the processor, received biometric information; selectively transmitting, by the processor to a trusted device based at least in part on a result of authenticating the received biometric information, an encryption request to encrypt the assigned private key; and encrypting, by the processor based at least in part on selectively transmitting the encryption request, content based at least in part on utilizing the assigned public key is disclosed. Various other aspects are contemplated.

Abstract: An application may perform operations within a first secure enclave of a processing device. The application may provide secure monitoring data, such as secure heartbeat information. The monitoring data and an application identity may be verified at a second secure enclave of the processing device using local attestation operations. A remote attestation signature may be generated at the second secure enclave based on the monitoring data, the application identity, and a node private key. A monitoring message signature may be generated at the first secure enclave based on an application private key and a message payload that includes the monitoring data, the application identity, and the remote attestation signature. A monitoring message that includes the payload and monitoring message signature may be sent from the first secure enclave to a monitoring system, which may verify the message to detect unauthorized changes to the monitoring data or the application identity.