Abstract: A network node of a mobile communications network may need to generate at least one new Input Offset Value, IOV value, for use in protecting communications between the network node and a mobile station. The network node then associates a fresh counter value with the or each new IOV value; calculates a Message Authentication Code based on at least the at least one new IOV value, the fresh counter value associated with the or each new IOV value, and a constant indicating that the Message Authentication Code is calculated to protect the new IOV value; and transmits the at least one new IOV value, the fresh counter value associated with the or each new IOV value, and the calculated Message Authentication Code to the mobile station.

Abstract: Techniques for securing user data in a healthcare data management system are described. A client system receives a request to authenticate a user. The user is associated with applications and roles. The user is authenticated, at the client system, for all applications and all roles. A login token relating to the authenticated user is maintained at the client system. A role is selected for the user, and an authorization token relating to the selected role is maintained at the client system. A session for the user is initiated. This includes generating an encrypted session cookie relating to the user and the session, storing the encrypted session cookie at the client system, and periodically updating a timestamp for the session cookie.

Abstract: Aspects of the disclosure relate to detecting impersonation in email body content using machine learning. Based on email data received from user accounts, a computing platform may generate user identification models that are each specific to one of the user accounts. The computing platform may intercept a message from a first user account to a second user account and may apply a user identification model, specific to the first user account, to the message, so as to calculate feature vectors for the message. The computing platform then may apply impersonation algorithms to the feature vectors and may determine that the message is impersonated. Based on results of the impersonation algorithms, the computing platform may modify delivery of the message.

Abstract: A computing device includes an array of addressable elements. Each addressable element is a hardware element that generates a substantially consistent response when interrogated. The device includes a processor coupled to the array of addressable elements and configured to communicate using a communication network. The processor receives a public key, and processes the public key to produce at least a set of addresses. Each address in the set of addresses identifies one or more hardware elements in the array of addressable elements. The processor generates a set of responses by interrogating the one or more hardware elements in the array of addressable elements identified by the set of addresses according to a set of reading instructions, appends the responses in the set of responses to generate a private key, receives an encrypted message and decrypts the encrypted message using the private key to generate an unencrypted message.

Abstract: Embodiments of the disclosure are related to distribution of content in response to search signals in an enterprise environment. Embodiments of the disclosure obtain search signals from a client device associated with a user. In response to obtaining such a search signal, content stored on a resource repository can be located. Such a resource repository can be a private repository associated with an enterprise. In response to located content, a notification can be sent to the client device of the user.

Abstract: Systems and methods for providing an authenticated groupcast stream of content to destination receivers are disclosed. A method may include receiving information indicating that a media capturing source(s) located at a premises and destination receivers are included in a group. Content captured from a media capturing source(s) may be received. The content may include an image(s)/video(s) and a destination network address associated with the destination receivers. The content may be copied. The number of copies of content may correspond to a number of the destination receivers. A respective copy of the content may be sent to the destination receivers.

Abstract: A computer-implemented method includes receiving an indicator of enrollment of a user in a breach notification service; acquiring information regarding the user; and generating one or more indicators of a data breach for an entity that stores one of data regarding the user or an indication of a transaction with the user in a past predefined time period. The computer-implemented method further includes determining that the one or more indicators meet a threshold level for notifying the user of the data breach; in response to determining that the one or more indicators meet the threshold, generating a notification specific to the user regarding the data breach; and providing the notification to the user during a log-in process for a product or service associated with the provider computing system.

Abstract: A system for authentication having an authentication protocol to communicate with the hardware device, the authentication protocol having an encryption function having a hardware key and a software key, a private and a public key pair, the key pair generated from the hardware key and the software key, used to encrypt the communication between the server and the client, an identity authentication service to assign a user of the hardware device to an identity string, and creates a unique user email address based on the identity string and an authentic email server domain, and a target service having a user identity data and comparing the user identity data to the email string, and if the user identity data and the email string match, then the target service accepts the unique user email address to send a service event communication to the hardware device.

Abstract: When a customer service representative (CSR) calls a customer, the customer may be able to authenticate himself or herself by providing the CSR with personal identifying information. However, the CSR may be unable to provide information to authenticate himself or herself to the customer. Thus, this patent document describes authentication techniques that can allow the CSR to authenticate himself or herself to the customer. For example, before or during a call that the second person (e.g., CSR) initiates to call a first person (e.g., customer), a notification message may be sent to the first person's user device. The content of notification message displayed on the user device may provide information to the first person which can allow the first person to determine whether the second person is trustworthy.

Abstract: The present disclosure generally relates to web page analysis, and more particularly to a classification system for web pages. The classification system may classify a web page as malicious based upon one or more signatures generated for the web page. For example, the classification system may compare one or more signatures generated for a first web page to one or more signatures generated for a second web page, where the first web page and the second web page are the same web page at different times or different web pages. Based upon a similarity of the signatures, the classification system may output whether the first web page is malicious. For another example, the classification system may include a classification model that is trained based upon one or more signatures for one or more classified web pages. The classification model may output whether the web page is malicious.

Abstract: When performing data encryption at rest of data residing on Kubernetes persistent volume, existing methods rely on storage provider's encryption capabilities, which instill limitations that hinder deployment. Accordingly, systems and methods are described that receive a Pod specification comprising a disk encryption request and automatically annotate the specification to include specifications for the disk encryption (e.g., secret, key, etc.) to mount a persistent volume having a disk encrypted according to the generated specification.

Abstract: Signature handling for a block for which consensus was formed in blockchain network which requires signatures from plurality of nodes to form consensus for block adoption. After completion of the setup, first node 110 sends a first message including a generated block to N nodes (S301). Each node evaluates the validity of the block on basis of the rule for consensus formation (S302). If the block is valid, the node sends a second message which includes signature si, by secret key share f(xi), with respect to a hash value h of the block for which consensus is to be formed (S303-1). After k signatures are collected at jth node, the node merges these signatures to generate a signature corresponding to a public key PK (S304). A block for which consensus is to be formed has signature SK·h appended thereto and is added to blockchain of each node (S306).

Abstract: A service may leverage a mutual transport layer security (mTLS) service to authenticate a client that is configured with a client certificate chain. The client may request access to the service, and the service may transmit a redirection response to the client. The redirection response may indicate an endpoint for the mTLS service that is associated with the tenant. In response to receiving the redirection response, the client may perform a digital handshake with the mTLS service, and the mTLS service may validate the client digital certificate and digitally sign the client digital certificate. The mTLS may transmit a redirection response, which redirects the client to the service where the client presents an indication of the digitally signed digital certificate chain. The service may validate the chain of trust associated with the digitally signed digital certificate chain and issue an indication that the client is authenticated to access the service.

Abstract: A method for transaction initiation with a bypass of merchant systems includes: storing a consumer public key and a blockchain comprised of a plurality of blocks, each block being comprised of a block header and data values, each block header including a block timestamp, and each data value including a unique transaction identifier; receiving a data message originating from a merchant system including a specific transaction identifier, a transaction timestamp, and transaction data; identifying a specific data value in a specific block that includes the specific transaction identifier; verifying that the block timestamp in the specific block is within a predetermined period of time of the transaction timestamp; identifying payment credentials associated with a user transaction account corresponding to the specific data value; and initiating a payment transaction between the merchant system and the transaction account using the identified payment credentials and transaction data.

Abstract: Disclosed herein are system, apparatus, article of manufacture, method and/or computer program product embodiments, and/or combinations and sub-combinations thereof, for determining physical possession of one or more IoT devices. According to some embodiments, a method for determining physical possession of a plurality of Internet-of-Things (IoT) devices includes determining physical possession of a first IoT device of the plurality of IoT devices. The method further includes determining whether the first IoT device with the determined physical possession satisfies a condition. In response to determining that the first IoT device with the determined physical possession does not satisfy the condition, determining physical possession of a second IoT device of the plurality of IoT devices.

Abstract: Systems and methods for message encryption include transmitting, to a first device through a first communication channel, a modification rule message including a modification rule. A first message is encrypted using a first key to generate an encrypted message. The encrypted message is modified based on the modification rule to generate a modified encrypted message. The modified encrypted message is transmitted to the first device through a second communication channel.

Abstract: A method at a network element, the method including receiving at least one message at the network element, the at least one message being one or both of: an update status information message from an updates server; and an anomaly detection status information message from anomaly detection server; determining, based on the receiving the at least one message, a dynamic cybersecurity posture indication for an intelligent transportation system entity; and providing the dynamic cybersecurity posture indication for the intelligent transportation system entity to an Enrolment Authority, wherein the dynamic cybersecurity posture indication can be included in a certificate relating to the intelligent transportation system entity.

Abstract: Techniques are disclosed relating to generation of cryptographic private keys. In some embodiments, a computing system receives a request for a private key for use with a service that uses a key of a first length, where the request specifies a key of a second length that is less than the first length. The system then generates a hashing scheme based on the second length and a key computation time, where the hashing scheme includes a number of hashing rounds and a set of hashing functions. The system creates a synthetic key of the second length and uses the synthetic key and the hashing scheme to create a normal key of the first length, where the synthetic key permits a user to access the service by supplying the synthetic key and without having to supply the normal key. The disclosed cryptographic techniques may advantageously allow for memorization of private keys.

Abstract: A method for obtaining a profile for access to a communication network by a secondary terminal via a main terminal. The main terminal includes a security element having an authentication key, the authentication key being used by the network and by the main terminal to generate at least one session master key specific to the main terminal. The secondary terminal: provides its identifier to the main terminal; receives from the main terminal a temporary key specific to the secondary terminal, a temporary identifier of the secondary terminal, and an identifier of the network for access to the network. The temporary key is based on the temporary identifier of the secondary terminal and the session master key of the main terminal. The temporary key, the temporary identifier, the identifier of the secondary terminal, and the identifier of the access network are included in an profile for access to the network.

Abstract: Systems and methods for verifying an identity of a user include a method that includes receiving, by a computing system, a biometric electronic signature token (BEST), the BEST comprising a first biometric sample captured from a signing party and a record, receiving, by the computing system, a second biometric sample captured from the user, generating, by the computing system, a biometric reference template based on biometric data extracted from the second biometric sample, comparing, by the computing system, the biometric reference template to the first biometric sample, and responsive to the biometric reference template matching the first biometric sample, determining, by the computing system, that the user matches the signing party.

Abstract: A method for improving the utilization rate of a vehicle-to-X communication device for vehicle-to-X communication, having the steps: receipt of digital certificates by the vehicle-to-X communication device, generation of cryptographic keys for signing vehicle-to-X messages to be emitted using the digital certificates by an electronic computing apparatus, temporal spacing of the receipt of the digital certificates by the vehicle-to-X communication device, and generation of the cryptographic keys using the digital certificates. Furthermore, a vehicle-to-X communication device and use of the device in a vehicle or an infrastructure apparatus is provided.

Abstract: An authentication system includes: ECUs constituting on-vehicle network and server device communicating with the ECU. The ECU stores ID and encryption key set individually to the ECU and used for authenticating data exchanged between the ECUs. The server device stores the ID and encryption key of the ECU. The ECU includes: first CPU configured to perform: generating authentication data; generating authentication code by encrypting the authentication data using the encryption key; and transmitting the ID, authentication data, and authentication code to the server device. The server device includes: second CPU configured to perform: acquiring the ID transmitted from the ECU; retrieving the encryption key of ECU corresponding to the ID acquired; acquiring the authentication data and authentication code transmitted from the ECU; and authenticating the ECU using the encryption key retrieved.

Abstract: Extending the useful life of finite lifetime asymmetric cryptographic keys by referencing the number of uses of the keys in conjunction with or instead of the elapsed time since generation of the finite lifetime keys. By integrating asymmetric cryptographic keys into a limited use security scheme, the lifetime of finite lifetime asymmetric cryptographic keys is based on the practical risk of security breach during use rather than an arbitrary duration in which the keys are valid.

Abstract: A vehicle-to-X communication device for a vehicle, containing: a sending device for sending out vehicle-to-X messages, a receiving device for receiving vehicle-to-X messages, and a processing apparatus for processing vehicle-to-X messages to be sent and received. The communication device is configured to send out information for identifying a manufacturer of the vehicle and is furthermore configured to determine, by the processing apparatus, a level of trust of a vehicle-to-X message of a further vehicle received by the receiving device, utilizing information for identifying a manufacturer of the further vehicle which is contained by the vehicle-to-X message of the further vehicle. Furthermore, a corresponding method is disclosed.

Abstract: A method of performing user authentication includes by a service electronic device associated with a service, receiving, from a public electronic device, a request for a user to initiate a session of the service, generating a first security token, a first write token, a first read token, and/or a first delete token, sending the first security token, the first write token, the first read token, and/or the first delete token to a server electronic device, receiving, from the server electronic device, a key location identifier that uniquely identifies a memory location of a data store associated with the server electronic device where the first security token, the first write token, the first read token, and/or the first delete token are stored, saving the key location identifier in a data store associated with the service electronic device, generating a signed key location identifier, generating a machine-readable image that includes the key location identifier, the signed key location identifier and the first

Abstract: The present invention aims to improve data protection against illegal access by a strong differentiation of the security level specific on a type of data so that when the protection on a part of the data is violated, the remaining data are still inaccessible. A method for controlling access, via an open communication network, to user private data, comprising steps of: dividing the user private data into a plurality of categories, each category defining a privacy level of the data, encrypting the user private data of each category with a category key pertaining to the category of the data, attributing to a stakeholder an entity configured for accessing to at least one category of user private data, and authorizing the access to the at least one category of user private data for the entity of the stakeholder, by providing the stakeholder with the category keys required for decrypting the user private data of the corresponding category.

Abstract: A method of performing a contactless transaction between a payment device and a terminal is described. The method comprises establishing a data connection between the payment device and the terminal and then establishing if the payment device and the terminal both support an enhanced security architecture. If they do not, they will then perform the contactless transaction according to a basic transaction flow using a first cryptographic system. If they do, they will perform the contactless transaction according to an enhanced transaction flow using a second cryptographic system. The first cryptographic system and the second cryptographic system comprise different asymmetric cryptographic systems. Suitable payment devices and terminals, and methods at the payment devices and terminals, are described.

Abstract: A novel system and network architecture unburdens the end users as a result of reduced complexity of the infrastructure used by said users. As a result of the omission of processors, operating systems and conventional software on the user side, the use of the IT is simplified and the infiltration of malware into the devices belonging to the end users is prevented. In addition, the new architecture makes it possible to set up secure and more efficient networks even with respect to IoT and Industry 4.0 as well as new business models and supports both the coexistence and the migration of the conventional technology to the new architecture.

Abstract: A system and method for displaying content to a user comprises a database containing a plurality of media, each of the plurality of media having an associated user image and a processor operably coupled to the database. The processor is configured to receive an image captured by a user device, receive an inputted code entered into the user device, lookup a specific media content corresponding to the image and the code and transmit the specific media content to the user device for display to the user in real time. The method comprises receiving the scanned image and the inputted code, looking up the specific media corresponding to the scanned image and the code and transmitting in real time, the specific media to the user device for display to the user.

Abstract: Presented herein are systems and methods of securely sharing data from multiple sources with different client terminals. A server may establish an electronic document for defining a transaction. The electronic document may have data fields. Each data field may be from a client terminal. The server may identify encryption keys to encrypt the corresponding data fields included in the electronic document. The server may distribute the encryption keys across the client terminals in accordance with an access control policy. The access control policy may specify access permissions for a client terminal to each of the plurality of data fields based on a role of the client terminal in the transaction. The server may provide, to each client terminal with access to the data fields in the electronic document via the encryption keys distributed in accordance with the access control policy.

Abstract: Embodiments of the present disclosure provide a voice smart device wake-up method, apparatus, device and storage medium. The method includes: receiving, by a master control device, a wake-up message sent by each smart device, the wake-up message comprising at least sound characteristics information, determining, by the master control device, a target smart device to be woken up according to the sound characteristics information, and sending, by the master control device, a wake-up instruction to the target smart device to be woken up, to wake up the target smart device to be woken up for responding to a voice request from a user. In a case where a plurality of smart devices share a same wake-up word, only one most suitable smart device is waken up to respond to a voice request of the user each time.

Abstract: Secure processing within a computing environment is provided by incrementally decrypting a secure operating system image, including receiving, for a page of the secure operating system image, a page address and a tweak value used during encryption of the page. Processing determines that the tweak value has not previously been used during decryption of another page of the secure operating system image, and decrypts memory page content at the page address using an image encryption key and the tweak value to facilitate obtaining a decrypted secure operating system image. Further, integrity of the secure operating system image is verified, and based on verifying integrity of the secure operating system image, execution of the decrypted secure operating system image is started.

Abstract: There may be provided a computer-implemented method. It may be implemented using a blockchain network such as, for example, the Bitcoin network.

Abstract: According to various embodiments, an electronic device may include at least one antenna module; and at least one processor configured to receive a communication service from a first communication network, a second communication network, and an IP multimedia subsystem (IMS) network via the at least one antenna module, wherein the at least one processor may be configured to: access the first communication network based on first identification information which corresponds to the first communication network, via the accessed first communication network, based on second identification information which corresponds to the IMS network, request the IMS network to register the electronic device, if registration request to the IMS network fails, access the second communication network, and request the IMS network to register the electronic device via the second communication network. Other various embodiments are possible.

Abstract: Systems and methods are described herein for provisioning a home automation hub, or one or more of IoT devices, with blockchain nodes (or sub-nodes). The hub, an IoT device, and/or a group of IoT devices can perform operations similar to a node on a blockchain network. The operations can include blockchain transactions and other operations, such as transactions performed to verify or confirm an IoT device is authorized to be part of the shared network and thus is authorized to connect to the hub.

Abstract: A data sharing method of a user device is provided. The data sharing method includes receiving, from a server device storing information, a private key corresponding to the information, performing a homomorphic encryption of the private key by a homomorphic encryption key provided from the server device, and generating a switch key, and uploading the switch key to a blockchain system. Accordingly, a more effective and clear data sharing is provided.

Abstract: A method and system for managing shared use of an asset. An asset device and an owner device accomplish an initial setup procedure to register the owner with the asset. One or more secure policies are then sent from the owner device, or another device authorized to create policies, to one or more user devices. The policies express user conditions and limitations for using the asset. Subsequently, the user device transmits the secure policy to the asset device. Once the policy has been transferred from the user device to the asset device, user associated with the user device can request use of the asset and will be granted the requested use if the requested use is permitted by the policy.

Abstract: The present disclosure discloses a method for configuring a block chain-based local consensus, including implementing an initialization of a plurality of nodes and creating a local consensus instance for a set of nodes selected from the plurality of nodes. The present disclosure also discloses a corresponding computer-readable storage medium and an apparatus for configuring a block chain-based local consensus. The apparatus including an initialization module configured to implement an initialization of a plurality of nodes; and a local consensus configuration module configured to create a local consensus instance for a set of nodes selected from the plurality of nodes.

Abstract: Technologies are disclosed herein that allow for utilization of firmware specific data through an Advanced Configuration and Power Interface (ACPI) Firmware Identification (FID) table in a computing system. The ACPI FID table can be loaded during a boot of a computer system. The ACPI FID table can be read after an operating system has been loaded on the computer system. Based upon firmware specific data in the ACPI FID table, functionality provided by the application can be restricted. The use of various features provided by the application can be restricted or the application can be restricted from executing entirely. Compatibility between the application and the firmware can be ensured based upon firmware specific data in the ACPI FID table.

Abstract: Block chain-based multifactor personal identity verification may be provided. Verification addresses may be established on a block chain by: associating identifiers with individuals having previously verified personal identities, assigning verification addresses on a block chain to the individuals, and recording identifiers and biometric data associated with the individuals at corresponding verification addresses. Block chain-based multifactor personal identity verification using the verification addresses may be performed by: receiving one or more identifiers in connection with one or more requests to verify an identity of one or more individuals, extracting the biometric data associated with the one or more individuals from the corresponding verification addresses, and verifying the identity of the one or more individuals upon receiving matching biometric data and private keys.

Abstract: Systems and methods to securely send or write data to a cloud storage or server. In one embodiment, a method includes: establishing a connection to a client using a client-side transport protocol; receiving, over the connection, data from the first client; decrypting, using a client session key, the received data to provide first decrypted data; encrypting the first decrypted data using a stored payload key (that is associated with the client) to provide first encrypted data; encrypting, using a cloud session key, the first encrypted data using a remote-side transport protocol to provide second encrypted data; and sending the second encrypted data to the cloud storage or server.

Abstract: A method may include receiving peer data describing a set of peer clients associated with a demand response application server and describing how the peer clients communicate with one another. The peer data may be configured so that a subset of the peer clients directly communicate with the demand response application server and the demand response application server does not directly communicate with each of the peer clients. The method may also include receiving announcement data describing an event specified by the demand response application server and determining event response data responsive to the announcement data. The method may also include identifying, from the set of peer clients specified by the demand response application server, a set of recipient peer clients to receive the event response data.

Abstract: A method for securing a multi-band wireless communication system includes authenticating a first station (STA) multi-link device (MLD) with a second STA MLD comprising negotiating a group of keys in a key negotiation (KN) band, the group of keys comprising a Pair-Wise Transient Key and a Group Transient Key. The KN band is one of a plurality of frequency bands. The first STA MLD includes a plurality of first STA links. The second STA MLD includes a plurality of second STA links. Each of first STA links and each corresponding second STA link are configured to transceive over a respective one of the plurality of frequency bands. Authenticating the first STA MLD in the KN band authenticates the first STA MLD for each of the frequency bands.

Abstract: Systems and methods are disclosed for bidirectional multifunction communication between a computing device and applications located at an external server. The bidirectional communications allows an operation to be performed on a file using a computing device and an external server. In one implementation, an application resides on a desktop computer that is connected to the Internet. The application sends a request to an external server accessible through the Internet using a bidirectional communication system. The server accepts and processes the request and provides data back to the computer via the same bidirectional communication system. A user may then access the data, manipulate it and provide an additional request to the server via the bidirectional communication system.

Abstract: Aspects of the invention include receiving, by a processor, an unencrypted object that includes plaintext and metadata that describes the plaintext. A data encryption key (DEK) and a nonce key for the unencrypted object are obtained by the processor. The nonce key is different than the DEK. The unencrypted object is encrypted by the processor. The encrypting includes generating a nonce based at least in part of the plaintext and the nonce key. The encrypting also includes generating ciphertext and a metadata authentication tag that includes a signature of the metadata. The generating is based at least in part on the plaintext, the metadata, the DEK, and the nonce. An encrypted object that includes the ciphertext, the metadata, and the metadata authentication tag is created.

Abstract: Systems and methods to rotate security assets used to for secure communications are disclosed. The system includes receiving a first certificate that includes a first subject name for the remote servers. The first certificate further includes a first public key. Next, the system receives a second certificate that includes the first subject name for the remote servers. The second certificate further includes a second public key that is different from the first public key. Next, the system stores the first and second certificates in a trust module. Next, the system receive a third certificate from a first server included in the plurality of remote servers. Next, the system identifies the first server is trusted. The identifying is based on the third certificate matching any one of the first certificate and the second certificate. Finally, the system establishes a secure communication session with the first server based on the identifying the first server is trusted.

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to receive a verbal command to active a device with an unknown label, derive a probable device and a label for the probable device, activate the probable device, determine that the activated probable device is the same device to be activated by the verbal command, and store the label and a description for the device. In some examples, the label is associated with the description.

Abstract: Disclosed in some examples are methods, systems and machine-readable mediums which allow for more secure authentication attempts by implementing authentication systems with credentials that include interspersed noise symbols in positions determined by the user. These systems secure against eavesdroppers such as shoulder-surfers or man-in-the middle attacks as it is difficult for an eavesdropper to separate the noise symbols from legitimate credential symbols.

Abstract: Method, device, and system for deriving keys are provided in the field of mobile communications technologies. The method for deriving keys may be used, for example, in a handover process of a User Equipment (UE) from an Evolved Universal Terrestrial Radio Access Network (EUTRAN) to a Universal Terrestrial Radio Access Network (UTRAN). If a failure occurred in a first handover, the method ensures that the key derived by a source Mobility Management Entity (MME) for a second handover process of the UE is different from the key derived for the first handover process of the UE. This is done by changing input parameters used in the key derivation, so as to prevent the situation in the prior art that once the key used on one Radio Network Controller (RNC) is obtained, the keys on other RNCs can be derived accordingly, thereby enhancing the network security.

Abstract: Systems and methods are provided for identifying potentially compromised cloud-based access information. The systems and methods include providing a unique signature for insertion into application programming interface (API) communications to be sent from a network resource to a cloud application executable in a cloud environment. The unique signature can be associated with an access token that a particular identity can use to request access to the cloud application. The systems and methods include accessing a log associated with the cloud environment, identifying the unique signature and the access token using information in the log, accessing a trusted validation resource storing signature information associated with the access token, determining whether the unique signature is valid, and determining whether the access token is potentially compromised.