Abstract: In a general aspect, secure messaging between electronic modules is described. In an example, a method includes: generating, by a first electronic module, a private key and a public key associated with the private key; communicating, by the first electronic module, an unencrypted message, including the public key, to a first network-connected device using a first module-to-device communication link; receiving, from the first network-connected device, an encrypted message including a symmetric encryption key generated by a second electronic module; decrypting, by the first electronic module, the encrypted message using the private key, wherein decrypting using the private key makes the symmetric encryption key available to the first electronic module; and establishing, by the first electronic module, a secure messaging channel with the second electronic module based on at least the symmetric encryption key.

Abstract: Technologies are described for generating and validating encrypted coupons. For example, an encrypted coupon can be received. The encrypted coupon can be decrypted using a public key. The decrypted coupon can be decoded (e.g., using a pre-defined data format) to extract coupon data comprising a unique coupon identifier and a unique user identifier. The decrypted coupon can be validated based at least in part upon the unique coupon identifier and the unique user identifier. The process of receiving the encrypted coupon, decrypting the encrypted coupon, decoding the decrypted coupon, and validating the decrypted coupon can be performed offline (e.g., without access to external networks or the internet) and without accessing information indicating associations between unique coupon identifiers and unique user identifiers.

Abstract: A computer implemented method for processing a financial transaction includes the steps of transmitting one or more documents pertaining to the financial transaction, from a first intermediary server to a first document store, generating an enriched data record from the one or more documents, at the first intermediary server, and adding the enriched data record into a blockchain, from the first intermediary sever, requesting generation of a token corresponding to the financial transaction, to a token server, from the first intermediary server, via a messaging bus, generating the token at the token server and adding the token into the blockchain from the token server, transmitting the token to the first intermediary server from the token server, via the messaging bus, and transmitting the token from the first intermediary server to the first document store.

Abstract: A method for login, including making a login request to an entity through a federation server that generates a session identifier. A QR code is sent to the federation server to receive the session identifier. A secure envelope including user personal information is sent to the federation server to verify user registration with the federation server. A login token generated by the federation server is received and is associated with a smart contract generated by the federation server and stored on a blockchain. The login token is signed using user private key and sent to the blockchain for inclusion in the smart contract. A transaction identifier is received from the blockchain, and is sent to the federation server that generates a session record based on the login token. The federation server sends user verification to the entity to authorize a communication session between the user device and the entity.

Abstract: The invention relates to a method (50) for authenticating a user to a computer system (70), the method comprising the following steps executed in a token (10): generating (52) a counter value (20, 22) by utilizing a counting unit (12) implemented in the token (10), wherein at least a portion of generated counter values (20, 22) forms a strictly monotonous sequence, generating (54) a message (30) depending on the generated counter value (20, 22), signing (56) the generated message (30) by utilizing a private key (24) of the user, wherein the private key (24) is stored in the token (10), and wherein the private key (24) or a copy thereof is not provided to the computer system (70), and transmitting (58) the signed message to the computer system (70). The invention further relates to a token (10) for authenticating a user to a computer system (70) and to a method (60) executed on a computer system (70) for authenticating a user.

Abstract: Methods, apparatus, and system to verify the source of a suspect message, so that it is no longer suspect.

Abstract: A method and apparatus to protect the coded signals sent over physical twisted-pair wiring or between two (2) or more LANs connected by a Wide Area Network (WAN), from unauthorized electronic circuit/wiring monitoring. This is accomplished by varying the assignments of the standard Registered Jack communication pins, varying the transmission speed, inserting meaningless or unrelated data, encrypting data before it is sent or changing network protocol(s) on behalf of the communications adapter/controller of each computer to which it is attached on those LANs.

Abstract: Disclosed are some implementations of systems, apparatus, methods and computer program products for facilitating the authentication of computing system requests across tenants of at least one multi-tenant database system. Authentication is facilitated using a central registry that is accessible by and independent from the tenants of the multi-tenant database system.

Abstract: The search engine optimizer transforms input information interactively and works independently and in parallel with a browser and search engine supercomputer. The optimizer reorganizes the input, and provides an optimized version as an output. The output (Optimized, reorganized input) is sent to the search engine, which responds to the end user with search results. The optimizer recognizes each request as a pattern and stores the pattern in an advanced Glyph format. This permits the optimizer to use left brain English language and right brain geospatial key featured association equation to gain factor the best results, and then using deductive reasoning feedback equation attenuate content with confounding variables in order to stabilize and reduces sensitivity parameter variations due to the environment and identify a left and right side human brain checkmate combination required to achieve certitude.

Abstract: A system for processing data within a Trusted Execution Environment (TEE) of a processor is provided. The system may include: a trust manager unit for verifying identity of a partner and issuing a communication key to the partner upon said verification of identity; at least one interface for receiving encrypted data from the partner encrypted using the communication key; a secure database within the TEE for storing the encrypted data with a storage key and for preventing unauthorized access of the encrypted data within the TEE; and a recommendation engine for decrypting and analyzing the encrypted data to generate recommendations based on the decrypted data.

Abstract: A method for communication in a hearing system comprising the server device and a hearing device system, the hearing device system comprising a hearing device and a user accessory device with a user application installed thereon, the method includes: obtaining hearing device data for the hearing device; securing the hearing device data using a first security scheme to obtain a first output; securing the first output using a second security scheme to obtain a second output, wherein the second security scheme is different from the first security scheme; and transmitting the second output to the user accessory device.

Abstract: Techniques are disclosed relating to the secure communication of devices. In one embodiment, a first device is configured to perform a pairing operation with a second device to establish a secure communication link between the first device and the second device. The pairing operation includes receiving firmware from the second device to be executed by the first device during communication over the secure communication link, and in response to a successful verification of the firmware, establishing a shared encryption key to be used by the first and second devices during the communication. In some embodiments, the pairing operation includes receiving a digital signature created from a hash value of the firmware and a public key of the second device, and verifying the firmware by extracting the hash value from the digital signature and comparing the extracted hash value with a hash value of the received firmware.

Abstract: A fork support is provided for duplicating an application running inside an enclave entity. In this regard, a request to duplicate an application running inside a first enclave may be received by one or more processors of a host computing device of the first enclave. A snapshot of the first enclave including the application may be generated. The snapshot may be encrypted with a snapshot key and copied to untrusted memory of the host. A second enclave may be generated. The snapshot key may be sent from the first enclave to the second enclave through a secure communication channel. The encrypted snapshot may be copied from the untrusted memory of the host into the second enclave. The encrypted snapshot may be decrypted inside the second enclave with the snapshot key.

Abstract: A method assigns a bootstrap server for wireless devices in a machine-to-machine environment. The method includes receiving, by a network device in a wireless access network and from a wireless device, a first request for a bootstrap server identifier. The method also includes providing, to the wireless device, a response including an address for a carrier-specific bootstrap server device. The method also includes receiving, by the carrier-specific bootstrap server device, a request for management server connection information. The request is submitted by the wireless device using the bootstrap server identifier. The method further includes assigning, by the carrier-specific bootstrap server device, the wireless device to a management server of a group of management servers and sending connection information for the management server to the wireless device.

Abstract: One or more hardware identity circuits (which may be reconfigurable) may be employed in a device or system in order to impose a tampering penalty, preferably without relying on battery-backed volatile memory to do so. The device or system may also include a cryptographic division and distribution (‘sharing’) of a secret internal to the device or system.

Abstract: Embodiments of the present disclosure disclose a method and apparatus for processing a request. A specific embodiment of the method includes: receiving a request; determining a type of the request or an object name indicated by the request; acquiring, after determining that a current time is after a validity deadline of locally stored first request control information, the number of control servers in a preset control server set; determining, from the control server set, a target control server based on the acquired number and any one of: the type of the request, the object name indicated by the request; and forwarding the request to the target control server.

Abstract: A method includes transmitting a message to a first end point that includes an instruction to initiate a communication type in which the communication type includes sharing a randomization token between the first and a second end point. The method further includes obtaining a first communication report from the first end point and a second communication report from the second end point in response to initialization of a communication based on the communication type in which the first and second communication reports respectively include a first and second hash that corresponds to a function of the randomization token and identity information. The method further includes determining whether the first hash matches the second hash and generating a value that correlates the first and second end points with the communication across the network in response to determining that the first hash matches the second hash.

Abstract: A data storage method comprises sending, by a blockchain node associated with a blockchain, data to an encryption device to cause the encryption device to encrypt the data and return the encrypted data to the blockchain node; receiving the encrypted data returned by the encryption device; and sending the encrypted data to other blockchain nodes associated with the blockchain to cause each of the other blockchain nodes to store the encrypted data in the blockchain after performing consensus verification on the encrypted data with success.

Abstract: System and methods are disclosed that enable data sharing across networks, including peer-to-peer sharing of content over wireless networks using peer mobile devices. A database may store content associated with a first peer mobile device. A request from a requester peer mobile device for content associated with a user of the first peer mobile device may be received at a server. The encrypted request is transmitted by the server to the first peer mobile device which may decrypt the request. An authorization token may be transmitted by the first peer mobile device to the server which may then enable the requesting peer mobile device to access the requested content, which may be accessed from the first peer mobile device and/or a cloud storage system.

Abstract: In one embodiment, a method includes receiving, from a computing device of a first user, a request to transfer funds from a first account associated with the first user to a second account associated with a second user. The request to transfer funds may be generated by receiving a first token at the computing device of the first user through near-field communication with a first payment card and determining that the first token is associated with the second user. The method includes sending, in response to receiving the request to transfer funds, to the computing device of the first user, a request to authorize the transfer to the second account associated with the second user. The method includes receiving, from the device of the first user, an indication of authorization, wherein the indication of authorization is generated by receiving a second token at the device of the first user.

Abstract: A packet parsing method includes a source device receives a first ciphertext from a control device, where the first ciphertext is used to verify reliability of a packet from a parsing device, and the parsing device is a trusted device selected on a path between the source device and a destination device. The source device obtains a second packet including the first ciphertext according to the first ciphertext and a first packet, and sends the second packet to the destination device. The parsing device obtains, according to the second packet and a device identifier of the parsing device, a third packet including verification information and the first ciphertext. The destination device receives the third packet from the parsing device, and verify reliability of the third packet using the verification information and the first ciphertext included in the third packet.

Abstract: Authenticating devices utilizing Transport Layer Security (TLS) protocol to facilitate exchange of authentication information or other data to permit or otherwise enable access to services requiring authentication credentials, certificates, tokens or other information. The authentication may utilize Digital Transmission Content Protection (DTCP) certificates, Diffie-Hellman (DH) parameters or other information available to the authenticating devices, optionally without requiring device requesting authentication to obtain an X.509 certificate.

Abstract: Techniques are provided for secure detection and management of compromised credentials. A first candidate credential is received, comprising a first username and a first password, wherein the first candidate credential was sent in a first request from a first client computer to log in to a first server computer. A first salt associated with the first username in a salt database is obtained. A first hashed credential is generated based on the first password and the first salt. The first hashed credential is transmitted to a set model server computer, wherein the set model server computer is configured to maintain a set model that represents a set of spilled credentials, determine whether the first hashed credential is represented in the set model, and in response to determining that the first hashed credential is represented in the set model, performing additional processing on the first hashed credential.

Abstract: The present disclosure describes techniques that allow for a client-side application, located on a first client device, to generate a random encryption key and encrypt locally-stored application data with the random encryption key. In order to ensure that the client-device application is unable to decrypt the locally-stored encrypted application data prior to authenticating with an external authentication source (i.e., SSO, IdP), the client-side application divides the random encryption key into at least a first share and a second share according to a secret sharing algorithm. The first share is transmitted to a trusted third party, while the second share is encrypted locally and stored in a secure location on the client device. Upon successful authentication, the trusted third party returns the second share to the first client device. The client-side application derives the random encryption key and decrypts the locally-stored encrypted application data to be used by the client-side application.

Abstract: A video packaging and origination service can process requests for content segments from requesting user devices. The video packaging and origination service can utilize various techniques to address performance of the user device responsive to detection of the presence of ad blocking software applications.

Abstract: A responder device receives, from an initiator device, a request to initiate a cryptographic tunnel between the initiator device and the responder device. The responder device does not include a static private key to be used in an asymmetric cryptography algorithm when establishing the tunnel. The responder device transmits a request to a key server that has access to the static private key and receives a response that is based on at least a result of at least one cryptographic operation using the static private key. The responder device receives from the key server, or generates, a transport key(s) for the responder device to use for sending and receiving data on the cryptographic tunnel. The responder device transmits a response to the initiator device that includes information for the initiator device to generate a transport key(s) that it is to use for sending and receiving data on the cryptographic tunnel.

Abstract: Aspects of the present disclosure relate to providing a booting key to a remote system. A policy server receives a verification that a predetermined number of user devices provided secret information for booting a remote system. The policy server provides, in response to the received verification, a message for a key server to provide a booting key to the remote system, the key server providing the booting key in response to the message and causing the remote system to complete a booting procedure, in response to the message from the policy server.

Abstract: A relay-proxy device has first and second interfaces allowing connection to a first node and a second node respectively, wherein the relay-proxy device is configured with at least one key, and the relay-proxy device is operable to: receive a traffic flow in an encrypted transport protocol on the first interface; decrypt a first part of the traffic flow with said key, wherein a second part of the traffic flow cannot be decrypted with said key; perform a management function based on a content of the decrypted first part of the traffic flow; and forward at least the second part of the encrypted traffic flow to the second interface.

Abstract: A method for execution by a dispersed storage and task (DST) processing unit includes queuing authorization requests, corresponding to received operation requests, in response to determining that first system utilization data indicates a first utilization level that compares unfavorably to a normal utilization threshold. A first batched authorization request that includes the queued authorization requests is generated for transmission to an Identity and Access Management (IAM) system in response to determining that the first request queue compares unfavorably to a first queue limit condition. A second queue limit condition that is different from the first queue limit condition is determined based on second system utilization data. A second batched authorization request that includes a second plurality of authorization requests of a second request queue is generated in response to determining that the second request queue compares unfavorably to the second queue limit condition.

Abstract: Examples described herein include systems and methods for performing distributed encryption across multiple devices. An example method can include a first device discovering a second device that shares a network. The device can identify data to be sent to a server and calculate a checksum for that data. The device can then split the data into multiple portions and send a portion to the second device, along with a certificate associated with the server for encrypting the data. The first device can encrypt the portion of data it retained. The first device can receive an encrypted version of the second portion of the data sent to the second device. The first device can merge these two portions and send the merged encrypted data to the server, along with the checksum value. The server can decrypt the data and confirm that it reflects the original set of data.

Abstract: A first non-volatile memory may store first data and a second non-volatile memory may store second data. An authentication component may be coupled with the first non-volatile memory and the second non-volatile memory and may receive a request to perform an authentication operation. In response to the request to perform the authentication operation, the authentication component may access the first data stored at the first non-volatile memory and the second data stored at the second non-volatile memory and determine whether the second data stored at the second non-volatile memory has become unreliable based on a memory disturbance condition. In response to determining that the second data stored at the second non-volatile memory has become unreliable, a corrective action associated with the first data stored at the first non-volatile memory may be performed.

Abstract: High performance query processing and data analytics can be performed across architecturally diverse scales, such as single core, multi-core and/or multi-nodes. The high performance query processing and data analytics can include a separation of query computation, keying data, and data movement and parallel computation, thereby enhancing the capabilities of the query processing and data analytics, while allowing the specification of complex forms of data parallel computation that may execute across real-time and offline. The decoupling of data movement and parallel computation, as described herein can improve query processing and data analytics speed, can provide for the optimization of searches in a plurality of computing environments, and can provide the ability to search through a larger space of execution plans.

Abstract: A vehicle unit adapted to receive a GNSS raw data signal, characterised in that it comprises a secure processor or secure microcontroller unit (MCU) adapted to authenticate the GNSS raw data signal and securely calculate a position of the vehicle unit based on the authenticated or to be authenticated GNSS raw data signal.

Abstract: A conferencing apparatus and a method for switching an access terminal therein are provided. The conferencing apparatus according to one embodiment of the present disclosure includes: a conference information management module configured to generate mapping information for terminal identification information of a first terminal and access information of a conference participant who is accessing a conference through the first terminal; and an access switch module configured to provide a token corresponding to the mapping information to the first terminal according to an access terminal switch request from the first terminal and, when the token is received from a second terminal, switch a terminal of the conference participant from the first terminal to the second terminal according to validity of the received token.

Abstract: A data storage method comprises sending, by a blockchain node associated with a blockchain, data to an encryption device to cause the encryption device to encrypt the data and return the encrypted data to the blockchain node; receiving the encrypted data returned by the encryption device; and sending the encrypted data to other blockchain nodes associated with the blockchain to cause each of the other blockchain nodes to store the encrypted data in the blockchain after performing consensus verification on the encrypted data with success.

Abstract: Systems and methods for distributed file processing are disclosed. In one embodiment, a computer-implemented method for distributed file processing in a distributed network may include: (1) receiving, at a first distributed host in a network of a plurality of distributed hosts, an archive command; (2) the first distributed host identifying a plurality of files in a shared file system to archive in response to the archive command; (3) the first distributed host splitting at least one of the plurality of files that is above a predetermined size into a plurality of file chunks; (4) the first distributed host instructing a second distributed host to archive one of the plurality of files or plurality of file chunks to a store; and (5) the first distributed host and the second distributed host archiving the plurality of files and the plurality of file chunks to the store.

Abstract: This application discloses a private key generation method and system, and a device. The method includes: sending, by a first network device, a first request to a second network device, where the first request includes a first parameter set; receiving, by the first network device, a first response message returned by the second network device, where the first response message includes a first sub-private key and a second parameter set, the first sub-private key is generated based on the first parameter set, and the first sub-private key is generated for a terminal device; generating, by the first network device, a second sub-private key based on the second parameter set, where the second sub-private key is generated for the terminal device; and synthesizing, by the first network device, the first sub-private key and the second sub-private key into a joint private key according to a synthesis formula.

Abstract: The present invention provides an improved system and method for using cryptography to secure computer-implemented choice mechanisms. In several preferred embodiments, a process is provided for securing participants' submissions while simultaneously providing the capability of validating their submissions. This is referred to as a random permutation. In several other preferred embodiments, a process is provided for securing participants' advance instructions while simultaneously providing the capability of validating their advance instructions. This is referred to as a secure advance instruction. Applications include voting mechanisms, school choice mechanisms, and auction mechanisms.

Abstract: A client can allocate and reassociate unique identifiers to local content items associated with an account at a content management system, and use the unique identifiers to commit operations for the content items on the content management system. For example, a client can create a content item and determine the content item does not have an identifier from the content management system. The client obtains an identifier for the content item and asks the content management system to verify a uniqueness of the identifier. When the identifier is unique, the client adds a node corresponding to the content item to a local tree representing a state at the client of content items associated with the account, and uploads the content item with the identifier to the content management system. When the identifier is not unique, the client obtains a new identifier for the content item.

Abstract: A mobile communication device. The mobile communication device comprises a processor, a non-transitory memory, a subscriber identity module (SIM), wherein the SIM stores an encryption key, and a client application stored in the non-transitory memory. When executed by the processor, the client application transmits a server application authentication token request comprising an identity of the SIM, receives a message comprising a value, requests the SIM to encrypt the value using the encryption key stored by the SIM, receives an encrypted value from the SIM, transmits the encrypted value in a message, receives a server application authentication token, stores the server application authentication token in the non-transitory memory, transmits a server application access request comprising the server application authentication token, and conducts a communication session with the server application.

Abstract: A network entity may determine whether a network context of a device is stored in the device or in the network based, at least in part, on a preference or capability of the device, as reported by the device during attachment to the network entity. The context may be stored in, and retrieved from, a dedicated context storage function that is independent of the network entity. A context storage function may be partitioned, or separate storage functions used, to automatically group and track access network contexts, core network contexts, or network slice contexts. The context storage function may provide to the device an index, such as a link or other identifier to be used in retrieving the stored context information. The context storage function may further provide a token to secure re-attachment communications among the device, the network entity, and the context storage function.

Abstract: Systems and methods for peer-to-peer secure document exchange are disclosed. The system may allow a document provider to securely transmit a certified document to a document verifier using decentralized storage. The verifier system may generate a session key pair and transmit the session public key to a trusted API provider. The trusted API provider may generate a session nonce. The verifier system may transmit the session nonce to the provider system. The provider system may use the session nonce to retrieve the session public key. The provider system may encrypt a certified document using the session public key and store the encrypted certified document in the decentralized storage. The verifier system may retrieve the encrypted certified document by polling the trusted API provider based on the session nonce. The verifier system may decrypt the encrypted certified document using the session private key.

Abstract: In one embodiment, a device writes messages and corresponding trace-on-failure flags to log files when failure conditions are detected. The device propagates the trace-on-failure flags to headers of the log files. The device forms a file index of the log files that have trace-on-failure flags set in their headers. The device performs, using the file index, a lookup of messages in the log files associated with a particular error context. The device sends data from the lookup to an electronic display.

Abstract: Disclosed are various embodiments for distributed verification of digital work product. A blockchain management application receives corresponding updates to a plurality of documents within a time interval. The blockchain management application then generates a single work product record in a blockchain. The single work product record evidences corresponding states of the plurality of documents at an end of the time interval.

Abstract: Systems and methods for accessing credentials from a blockchain are provided. A computing device requests for a server to process a transaction. In response to the request, the server transmits a server public key to the computing device. A key generator of the computing devices uses the user private key and the server public key to generate a user public key. The user public key includes permissions to access credentials that are stored on blockchain. The server receives the user public key and generates a request for credentials to blockchain. The request includes the user public key and the server private key. The blockchain receives the request and generates an identity token. The identity token includes credentials that are specified in the user public key. The blockchain transmits the identity token to the server and the server uses the identity token to processes the transaction.

Abstract: An electronic device that prevents damage and an operation method thereof are provided. The electronic device includes a transceiver, a memory configured to store a first part of a first program, and a processor configured to receive, using the transceiver, a second part of the first program from a second electronic device and perform a first function of the first program by using the first part and the second part.

Abstract: A server receives a login request from a first device. The login request includes login information used for an application login. In response to receiving the login request from the first device, the server transmits, to a second device different from the first device, a first message including a verification code. The first message instructs the second device to broadcast an audio signal including the verification code. The verification code is used to verify the first device by the server.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for training a multi-party secure logistic regression model (SLRM). One of the methods includes receiving, at a plurality of secure computation nodes (SCNs), a plurality of random numbers from a random number provider; encrypting, at each SCN, data stored at the SCN using the received random numbers; iteratively updating a secure logistic regression model (SLRM) by using the encrypted data from each SCN; and after iteratively updating the SLRM, outputting a result of the SLRM, wherein the result is configured to enable a service to be performed by each SCN.

Abstract: Example implementations relate to data recovery. An example controller can deliver file contents to a user, validate the file contents in real-time during the delivery, and in response to a determination that a portion of the file contents is broken, use the validated file contents to recover the broken portion of the file contents. The example controller can also deliver the recovered portion of the file contents to the user.

Abstract: A method includes securely booting a device using a bootloader, where the bootloader is digitally signed using a first cryptographic key associated with the bootloader. The method also includes executing one or more kernel or user applications using the device, where the one or more kernel or user applications are digitally signed using one or more second cryptographic keys associated with the one or more kernel or user applications. In addition, the method includes using an in-band channel to update or replace the first cryptographic key.