Abstract: In some embodiments, an apparatus and a system, as well as a method and an article, may operate to transmit and receive data. Transmission may comprise transforming larger values of acquired data into smaller values of transformed data using a transform defined by a seed value selected to reduce digital pulse position modulation transmission time for the acquired data. Additional activities include digital pulse position modulating the transformed data and a checksum associated with the transformed data to provide a propagation signal, and transmitting the propagation signal into drilling fluid or a geological formation. Reception may comprise receiving the propagation signal, demodulating the propagation signal to extract the transformed data and the checksum, and transforming the transformed data into an estimate of the acquired data, using the transform defined by the seed value validated by the checksum. Additional apparatus, systems, and methods are described.

Abstract: A first executable program on a computer system is enabled to exchange communications with a second executable program on the computer system by determining that the first executable program requests to exchange information with the second executable program, using the second executable program to challenge the first executable program for a digital certificate, and using the second executable program to exchange information with the first executable program when the digital certificate is verified.

Abstract: A method in, and a Broadcast Management unit (163) for recommending and providing digital content to a user equipment (120), and a method in and a user equipment (120) for accessing recommended digital content. The user equipment is served by a base station in a cellular communications network. The Broadcast management unit decides (301, 401, 501) to recommend a digital content to the user equipment (120) and one or more additional user equipments (121, 122, 123) and provides broadcast or multicast of the digital content in a service area (105. The user equipment registers (306; 409; 701) a request for one or more digital contents that are recommended and then identifies, in response to the registered request, a digital content that is recommended and available from broadcast or multicast by the base station (110).

Abstract: A provider computer announces content to the provider computer and establishes a secure connection to a VPN server. Requests for the content are received in one protocol (HTTPS) from the consumer computer and forwarded to the VPN server in a less secure protocol (HTTP) by a protocol conversion proxy, which then forwards the request to the provider computer. A public URL and secure URL may be associated with the same content. The public URL is announced to a consumer computer. A public server receives the public URL and returns the secure URL, which consumer computer uses to establish a secure connection to the provider computer. Upon the secure URL being compromised, a new secure URL is associated with the public URL. The source IP addresses of requests for the public and secure URLs may be compared to determine whether the secure URL is compromised.

Abstract: A chassis platform, such as processor or a system-on-chip (SoC), includes logic to implement a debug chassis security system including a policy generator to control access from a test access port. The policy generator may distribute a debug policy to at least one logic block that locally enforces the debug policy. The debug policy may include a delayed authentication policy in which debug assets are distributed and the chassis platform is initially locked to prevent debug access via the test access port. An authenticated debug user may unlock the chassis platform at a later time to enable debugging operations. The debug policy may also include a live execution policy and an immediate debug policy.

Abstract: Technologies for sensor privacy on a computing device include receiving, by a sensor controller of the computing device, sensor data from a sensor of the computing device; determining a sensor mode for the sensor; and sending privacy data in place of the sensor data in response to a determination that the sensor mode for the sensor is set to a private mode. The technologies may also include receiving, by a security engine of the computing device, a sensor mode change command from a user of the computing device via a trusted input/output path of the computing device; and sending a mode command to the sensor controller to set the sensor mode of the sensor based on the sensor mode change command, wherein the sending the mode command comprises sending the mode command over a private bus established between the security engine and the sensor controller. Other embodiments are described herein.

Abstract: Methods and systems for authenticating a security device for establishing trusted email communication. The security device is authenticated by installing private security software on the security device. In order to authorize an email transaction, a transaction authorization is performed using the security device by display a QR (Quick Response) code from an authorization server on a user terminal and scanning the QR code into the security device. After scanning the QR code, an OTA (One-Time-Authorization) code is sent from the security device to the authorization server for verifying the transaction. Embodiments of the present invention provide trusted email communication. A corresponding system for authenticating a security device and preforming trusted email communication is also provided.

Abstract: A secured audio apparatus (SAA) for providing secured communications between a local device and a remote device and a method for authenticating a local secured audio apparatus (SAA) associated with a local device to a remote SAA associated with a remote device are presented. The SAA includes a processing unit; and a memory, the memory containing instructions that, when executed by the processing unit, configure the SAA to: receive a remote certificate fingerprint from a remote SAA of the remote device; obtain a verified certificate based on the remote certificate fingerprint; generate an ephemeral key based on the obtained certificate, wherein the ephemeral key is used to encrypt and decrypt communications between the local SAA and the remote SAA; and secure audio communications between the local device and the remote device based on the generated ephemeral key.

Abstract: In general, one aspect of the subject matter described in this specification can be embodied in methods that include receiving a registration request from a mobile device to create a credential management account for a user associated with the mobile device; generating a public key and a paired private key associated with the credential management account; transmitting a certificate signing request to a certificate authority system; receiving a digital certificate from the certificate authority system; receiving a request to retrieve a credential for the user from a credential issuing organization; transmitting a request for the credential for the user to the credential issuing organization system; receiving, from the credential issuing organization; transmitting the decrypted data to the credential issuing organization; receiving data for the credential for the user from the credential issuing organization system; and transmitting data encoding a portion of a badge representing the credential.

Abstract: This disclosure involves the notion of using physical objects to generate public key-based authenticators and, in particular, to use “everyday” physical objects to create a generator seed for a key generator that will use that seed to generate a key pair comprising a public key, and its associated private key. In a preferred approach, the physical object is used to create a digital representation (of the physical object) that, together with some uniqueness associated to the user, gives rise to a key generator seed value. Without knowledge of (a) the physical object itself, (b) how the physical object characteristic is converted (to a digital representation), and (c) the uniqueness value, an attacker cannot reproduce the key generator seed (or the key(s) generated from that seed).

Abstract: A method implemented by an edge node in an optical network, the method comprising receiving one or more information centric networking (ICN) service flows, each of which is identifiable by a service label, determining at least one optical resource to be provisioned to the one or more service flows based on the one or more service labels, converting the one or more ICN service flows to one or more optical flows, and transmitting the one or more optical flows using the at least one optical resource.

Abstract: Technologies are generally described for providing a session identifier. In some examples, a method performed under control of a first device includes generating information including at least a part of a next session identifier to be used in a next session between the first device and a second device and transmitting the information to the second device. The next session follows a present session between the first device and the second device.

Abstract: A system and method of multi-factor authentication are described. In some embodiments, a first device provides an initial authentication data to a second device. The second device is different from the first device. The first device obtains a first response data from the second device. The first device generates a first subsequent authentication data using the first response data. The first subsequent authentication data is different from the initial authentication data. The first device provides the first subsequent authentication data to the second device. In some embodiments, obtaining the first response data comprises capturing the first response data from the second device using a camera on the mobile device, where the first response data is displayed on the second device.

Abstract: An apparatus and method for configuring a wireless station for use within a wireless local area network are disclosed. In at least one exemplary embodiment, a pairwise master key is generated by the wireless station and an access point within the wireless local area network. The pairwise master key may be based, at least in part, on a transient identity key pair of the wireless station. The transient identity key pair may be generated by the wireless station in response to receiving a message from the access point. In some embodiments, a public transient identity key of the transient identity key pair may be provided to additional access points to enable the wireless station to authenticate with the additional access points.

Abstract: System, device, and method of provisioning cryptographic assets to electronic devices. A delegation message is generated at a first provisioning server. The delegation message indicates provisioning rights that are delegated by the first provisioning server to a second provisioning server with regard to subsequent provisioning of cryptographic assets to an electronic device. The delegation message includes an association key unknown to the first provisioning server, encrypted using a public key of the electronic device. The delegation message further includes a public key of the second provisioning server. The electronic device locally generates the association key, which is unknown to the first provisioning server. The delegation message is delivered to the electronic device. Based on the delegation message, cryptographic assets are provisioned by the second provisioning server to the electronic device, using the association key.

Abstract: A method used to authenticate an item using an identification tag is provided. At the time of manufacture, the tags are created with various hardware attributes (HA), including a unique identifier (UID); and encoded with a signature of a message that includes a URL, and optionally a serial number associated with a product to which the tag is to be attached. The URL embeds various data such as one or more of the HAs, a serial number, etc., which can be used to verify the authenticity of the tag when verifying the signature. When a tag is read, the message including the URL is recovered and the signature is verified by the processor of the reader. This can be done to ensure that the URL in the message is one designated by the signer. The data in the signature can then be used to verify the authenticity of the tag and/or to detect tampering. The results of the verification can also be displayed to a user, e.g., using an available display on the electronic device including or otherwise acting as the tag reader.

Abstract: A method comprising using at least one hardware processor for: receiving input from a user with respect to masking of a data element in one or more documents of a java script object notation (JSON) type, wherein the input comprises: an identifier of the data element, and one or more constraints for masking the data element based on the hierarchy of the one or more documents of the JSON-type; and generating a masking rule for the one or more documents of the JSON-type based on the input.

Abstract: An infrastructure delivery platform provides a RSA proxy service as an enhancement to the TLS/SSL protocol to off-load, from an edge server to an external cryptographic server, the decryption of an encrypted pre-master secret. The technique provides forward secrecy in the event that the edge server is compromised, preferably through the use of a cryptographically strong hash function that is implemented separately at both the edge server and the cryptographic server. To provide the forward secrecy for this particular leg, the edge server selects an ephemeral value, and applies a cryptographic hash the value to compute a server random value, which is then transmitted back to the requesting client. That server random value is later re-generated at the cryptographic server to enable the cryptographic server to compute a master secret. The forward secrecy is enabled by ensuring that the ephemeral value does not travel on the wire.

Abstract: Systems and methods can secure personal identification numbers associated with secure elements within mobile devices. A host application of the mobile device can receive a personal identification number (PIN) or user PIN from a user. The application can generate one or more random PIN components. The application can compute a PIN for the secure element based upon the user PIN and each of the one or more random components. The SE can be configured using the PIN computed for the secure element. Each of the one or more random components may be stored in one or more distinct, diverse locations. In addition to entering the correct user PIN, each of the one or more random components must be retrieved from the diverse locations in order to reconstruct the PIN for the secure element whenever performing a transaction using the secure element.

Abstract: In order to overcome the limitation of the prior art quantum key terminal equipment not being able to operate across different segments, the present invention discloses a quantum cryptography service network implementation technique to let a point-to-point quantum key equipment in one segment be redesigned to cooperate with other quantum key equipment in other segments to form a quantum key service network. As opposed to the prior art technique of having each segment generates its own quantum key, the present invention can map one pair of quantum key equipment with another pair of quantum key equipment, or map multiple pairs of quantum key equipment connected in series to have quantum keys entirely or partly shared by the quantum key equipment. Therefore, the generated quantum keys can be used across different segments. Each node in the quantum key service network can provide the quantum key to nearby telecommunication equipment in the telecommunication network of the same premises.

Abstract: A method for encryption of blocks of data is provided including the steps of: encrypting a block of data using a current random number generated for the block of data; encoding the current random number using one or more of a set of previous random numbers, each of the set of previous random numbers having been used to encrypt a previously sent block of data; and transmitting the encrypted block of data with the one or more versions of the encoded current random number, each version for a different one of the previous random numbers.

Abstract: A method is to be implemented using a network authentication device and a user end for authenticating the user end. The network authentication device stores hardware information associated with unique identification codes of hardware components of the user end. In the method, the user end executes a terminal program for scanning the hardware components to obtain the identification codes, for establishing a hardware list according to the identification codes, and for automatically sending to the network authentication device verification data associated with the hardware list without user operation. The network authentication device verifies identity of the user end based on the verification data and the hardware information.

Abstract: A method, system and computer program product in a wireless gateway to provide secured communications over a wireless network and a wired network is provided herein. The method includes the steps of receiving a first authentication credential from a wireless device and mapping the first authentication credential to a second authentication credential. The method further includes transmitting the second authentication credential to an authentication server and receiving a first authentication response from the authentication server. The method also includes generating a first shared secret and a second shared secret if the first authentication response indicates that authentication is successful and transmitting a second authentication response to the wireless device. The first shared secret is used to setup a first secured channel for communications with a service provider over a wired network and the second shared secret is used to setup a second secured channel for communications with the wireless device.

Abstract: The subject matter described herein includes methods, systems, and computer readable media for access network protocol interworking and authentication proxying. One method includes receiving an authentication request from a node in an access network for authenticating a user using cellular network authentication. The method further includes, in response to the request, using a native protocol of the cellular network to obtain an authentication challenge from a node in the cellular network. The method further includes communicating the authentication challenge to the node in the access network. The method further includes receiving a response to the authentication challenge from the node in the access network. The method further includes determining whether the response matches an expected response. The method further includes, in response to determining that the response matches the expected response, communicating an indication of successful authentication to the node in the access network.

Abstract: A mobile secret communications method based on a quantum key distribution network, comprises the following steps: a mobile terminal registering to access the network and establishing a binding relationship with a certain centralized control station in the quantum key distribution network; after a communication service is initiated, the mobile terminals participating in the current communication applying for service keys from the quantum key distribution network; the quantum key distribution network obtaining addresses of the centralized control stations participating in service key distribution during the current communication, designating a service key generation centralized control station according to a current state indicator of each centralized control station; the service key generation centralized control station generating service keys required in the current communication and distributing the keys to the mobile terminals participating in the current communication.

Abstract: A method for authenticating a mobile device includes: probing by the mobile device a fading channel which connects the mobile device to a first radio base station; determining a secret held in common with the first radio base station as a function of a physical property of the fading channel; storing the in-common secret; receiving a first request for the in-common secret from a second radio base station; and, in response to the first request, sending a proof of knowledge of the in-common secret to the second radio base station.

Abstract: An authentication method for accessing a user account of a service (28) on a data network (26), includes the following steps: reception (E20) by the service (28) of a request from a consulting device (10) for the service (28), the request including a first authentication information element, reception (E60) by the service (28) of an information element sent by an authentication security device manager (34), the information received by the service (28) being based on a second authentication information element originating from a security device (16; 18) associated with the user account, and authentication by the service (28), based on the first authentication information element and the information received from the authentication security device manager (34).

Abstract: Disclosed are an apparatus and method of remotely communicating with a managed machine. One example method of operation may include selecting the managed machine operating in a communication network, transmitting a connection request message to the managed machine and establishing a secure connection between the managed machine and an administrator machine. The example method may also include responsive to connecting with the managed machine, executing a host service on the managed machine, and connecting to the host service over the communication network via an application client operating on the administrator machine.

Abstract: A method for data privacy in a distributed communication system including a plurality of client terminals merges encrypted streaming data using tree-like encryption key switching and without sharing any private keys in a distributed communication system. The merged data is then sent to client terminals to be further process by respective client terminals.

Abstract: A node device in a network system includes a memory and a processor. The node device is identified with a first value related to a first element and a second value related to a second element. The memory stores a first key corresponding to the first value, a second key corresponding to the second value, first information on a first range of values and second information on a second range of values, at least one of the first key and the second key being shared by at least three or more node devices in the network system. The processor communicates with one of at least three or more node devices indicated by the first value related to the first element and the second value related to the second element using one of the first key and the second key.

Abstract: A method comprising the use of a bootstrapping protocol to define a security relationship between a first server and a second server, the first and second servers co-operating to provide a service to a user terminal. A bootstrapping protocol is used to generate a shared key for securing communication between the first server and the second server. The shared key is based on a context of the bootstrapping protocol, and the context is associated with a Subscriber Identity Module (SIM) associated with the user terminal and provides a base for the shared key. A method of the invention may, for example, be employed within a computing/service network such as a “cloud”, and in particular for communications between two servers in the cloud that are co-operating to provide a service to a user.

Abstract: Method and system for secure key authentication and key ladder are provided herein. Aspects of the method for secure key authentication may include generating a digital signature of a secure key in order to obtain a digitally signed secure key and transmitting the digitally signed secure key from a first location to a second location. The digital signature may be generated by utilizing an asymmetric encryption algorithm and/or a symmetric encryption algorithm. The digitally signed secure key may be encrypted prior to transmission. The secure key may be a master key, a work key and/or a scrambling key. The digitally signed secure key may be received at the second location and the digitally signed secure key may be decrypted to obtain a decrypted digitally signed secure key.

Abstract: A one-way interface for a network device which secures status registers therein from unauthorized changes. The interface includes a first server, a one-way data link and a second server. The first server is coupled to the status registers to read information stored therein. The first server reads the information from the status registers and transmits the information on an output. The one-way data link has an input coupled to the output of the first server and an output. The second server has an input coupled to the output of the one-way data link and an output coupled to a network. The second server receives the information from the first server via the one-way data link. The second server transmits the information on the output to a predetermined network destination and/or provides a user interface for providing access to the information via the network.

Abstract: A delivery method between a terminal device and a delivery device, the method includes: causing the terminal device to request a connection to the delivery device, and request the delivery device to update information to be delivered when the terminal device is connected to the delivery device; and causing the delivery device to deliver delivery target information stored in a storage unit, to interrupt delivery of the delivery target information and to switch to connection to the terminal device, when the connection request is made by the terminal device, to authenticate the terminal device, to restart delivery of the delivery target information when an authentication is not obtained in a first predetermined period, and to update the delivery target information stored in the storage unit in response to a request from the terminal device when the authentication is obtained in the first predetermined period.

Abstract: A streaming one time pad cipher using rotating ports for data encryption uses a One Time Pad (OTP) and an Exclusive Or (XOR) (or other cipher) with a public key channel to encrypt and decrypt OTP data. There is no method in cryptography to thwart the OTP/XOR method and it is proven impossible to crack. The method also rotates the ports of the channels periodically to increase communication obfuscation. Through pre-fetching and cache of OTP data, latency increases from encryption are kept to an absolute minimum as the XOR for encryption and decryption is done with a minimal number of instructions.

Abstract: Disclosed are various embodiments for facilitating the distribution of files from a file repository. Files from a file repository can be distributed via peer to peer transmissions where the peer devices can perform authentication functions. The authentication can be performed based upon metadata associated with the files as well as based upon authentication requests submitted to an authentication server.

Abstract: The present invention generally relates to systems and methods for establishing trusted, secure communications from a mobile device, such as a smart phone, to an immobile device, such as a multi-function device. The disclosed techniques can include the immobile device displaying a pattern that encodes a cryptographic key. The mobile device can obtain an image of the pattern and decode it to obtain the cryptographic key. Because the mobile device obtained the image within its line-of-sight, for example, it can be assured that it communicated with the immobile device, and only the immobile device. The mobile device and the immobile device can use the cryptographic key to secure further communications.

Abstract: Various aspects of the present disclosure enable a persistent docking procedure that, once a persistent docking environment has been established, can simplify the future establishment of a docking environment between the dockee and docking host. Other aspects, embodiments, and features are also claimed and described.

Abstract: A cold chain transportation device includes a body, a cover, and a detection system. The cover is coupled to the body. The detection system includes a control unit, a temperature sensor, and a detection unit. The temperature sensor senses a temperature of the cold chain transportation device. The detection unit detects opened/closed states of cover. The control unit determines motion states and working states of the cold chain transportation device and transmits the temperature, the opened/closed states, the motion states, and the working states of the cold chain transportation device to an electronic terminal.

Abstract: An automatic train operation system includes a first control system configured to run a first software for controlling a first vehicle subsystem and a second control system configured to run a second software for controlling a second vehicle subsystem. The automatic train operation system also includes a software verification controller. The software verification controller is configured to identify a first identifier of the first software and a second identifier of the second software as a software configuration and determine whether the software configuration is preapproved. The software verification controller is also configured to, if the software configuration is preapproved, authorize the first control system and the second control system to run the first and second software.

Abstract: A control apparatus for controlling packet transfer between terminals belonging to a first virtual network identified by a first identifier includes a network configuration information management unit for holding configuration information on a second virtual network identified by a second identifier so that the terminals belong to the second virtual network; and a path control unit for controlling communication between the terminals based on the configuration information on the second virtual network.

Abstract: The present invention is related to a method, apparatus, and computer program product, in which a password-based digest access authentication procedure is used for performing authentication between a client and a server, wherein the authentication procedure is secured by at least one of modifying a digest-response parameter with a user password and generating a bootstrapped key based on the user password and at least one fresh parameter not used in a previous protocol run between the client and the server.

Abstract: Systems, methods, and devices for authenticating a user are provided. A device includes one or more processors configured to determine if a requested service requires high quality authentication, generate a request for high quality authentication if the requested service requires high quality authentication, and generate a request for low quality authentication if the requested service requires low quality authentication. The device also include a network interface component coupled to a network, the network interface component configured to: receive the request for the service requiring authentication, and a memory, the memory storing high quality authentication information and low quality authentication information for authenticating the user.

Abstract: Methods and apparatus to provide packet switched service continuity during circuit switched fallback operation are described. One example method includes determining a set of access technologies available to a User Equipment (UE); identifying a WLAN access network from the set of access technologies; identifying a 3GPP RAT from the set of access technologies; prioritizing the WLAN access network type with respect to types of 3GPP RAT; and selecting one access technology from amongst the identified WLAN access network and the 3GPP RAT according to the prioritizing.

Abstract: An authentication system comprises a plurality of servers storing respective shares of a private key, and a controller associated with the servers. The authentication system is configured to receive a message comprising a password encrypted using a public key corresponding to the private key. The controller directs performance of distributed password-based authentication in the authentication system based at least in part on the encrypted password utilizing the shares of the private key stored in the respective servers. The message is formatted in a manner consistent with an authentication protocol that normally utilizes public key signatures as a mechanism for authentication but is modified to support password-based authentication. For example, the message may be formatted in a manner consistent with a request message of a Kerberos PKINIT protocol extension.

Abstract: According to an embodiment, a communication device includes a first manager, and a second manager, a first communication unit, a determination unit, a controller, and a second communication unit. The first manager shares a first cryptographic key with a first external device connected via a link. The second manager shares a second cryptographic key to be provided to an application, with the first external device and with a second external device connected via links. The first communication unit transmits the second cryptographic key to the first external device. The determination unit determines whether a device with which the second cryptographic key is to be shared is the first external device. If it is affirmative, the controller controls the second manager to share, as the second cryptographic key, a cryptographic key obtained by converting the first cryptographic key. The second communication unit provides the application with the second cryptographic key.

Abstract: A home network router and method of operation are provided for seamlessly sharing access to a network service by multiple devices in a home network by configuring the home network router to receive and store authenticated user credentials for the network service at the home network router after associating the user credentials with the network service so that, upon reception of a second user request from a second client device to access the network service, the user credentials are retrieved from the home network router for direct delivery to and authentication by the network service without requiring re-entry of the one or more user credentials from the second client device.

Abstract: Methods, devices, and machine-readable media are provided to provide secure communications between entities. As provided in this disclosure, this may include receiving a request to begin a new communication session, determining one or more desired parameters of the session, and determining whether the desired parameters of the message match proposed parameters provided by the entity requesting the new communication session. When the one or more proposed parameters match the one or more desired parameters, a secure communication session is established between the entities.

Abstract: Methods, systems, and devices are described for the prevention of network peripheral takeover activity. Peripheral devices may implement an anti-takeover mechanism limiting the number of available device command classes when certain handshake and verification requirements are not met. Anti-takeover peripheral devices with protection enabled may be relocated within a controller network, or in certain cases, from one controller network to another controller network when certain conditions are met. That same device may be hobbled when removed from a controller network and may remain hobbled when connected to another network that fails to meet certain conditions. Unprotection and unhobbling of a device may occur through an algorithmic mechanism using values stored on the peripheral device and the controller device for one or more of anti-takeover code generation, anti-takeover code comparison, network identification value comparison, and manufacturer identification value comparison.

Abstract: Systems, methods, and computer program products are provided for application validation. A first request is transmitted to a ticket generation application. A first ticket is received, including a first unencrypted portion and a first encrypted portion. A second request is transmitted to the ticket generation application. A second ticket is received, including a second unencrypted portion and a second encrypted portion. The first and second unencrypted portions are concatenated to form an unencrypted shared encryption key. The first and second encrypted portions are concatenated to form an encrypted shared encryption key. The unencrypted shared encryption key is stored in a memory, and the encrypted shared encryption key is transmitted to a server.