Abstract: Exemplary embodiments are directed to a method for allowing a user at a first client device to provide access to restricted content on a content provider server to a user at a second client device without providing identifying information of the second client device or the user to the content provider. The second client device receives, in a messaging app, a message from the first client device comprising a link to a content item at a content provider and an identifier of a private/public key pair on the second client device. Second client device displays the link in the user interface of the messaging app and receives a user selection of the link. Second client device generates generating a digital signature for the link using the private key of the private/public key pair and sends the link and the digital signature to the content provider. The content item is then received from the content provider and displayed on the second client device.

Abstract: A system for establishing and maintaining a bi-directional chain of trust includes a root of trust (RoT) executing a root trusted server that can establish a trusted relationship between the RoT and a given node, and monitor the given node to ensure that the given node executes trusted operations and to ensure that authenticated code and static data for the given node are unchanged. The given node can include a trusted server that can monitor another node to ensure that the other node executes trusted operations and to ensure that authenticated code and static data for the other node are unchanged. The other node can include a trusted server that can monitor the given node to ensure that the given node executes trusted operations and to ensure that the authenticated code and static data for the given node are unchanged based on maintenance information received for the given node.

Abstract: A method, apparatus and computer program product are provided for generating a registered certified seal, sealing an asset, and verifying a sealed asset. In an example embodiment, a method is provided for receiving a request to generate a registered certified seal from an entity, accessing certifier entity data via a uniform resource locator of a certification authority identified by a certifying certificate, and verifying a digitally signed entity certifying certificate. The method further comprises upon verifying the digitally signed entity certifying certificate, receiving seal data comprising a seal data key for a certified seal, and saving the seal data for the entity within a digital seal registry, wherein the digital seal registry is searchable based at least in part on at least a portion of the seal data key.

Abstract: An information processing apparatus connected with one or more apparatuses through a network, comprises: a first acquiring unit configured to acquire first address information for indicating one of addresses in the network among addresses of the apparatuses and first apparatus specific information for identifying the apparatuses; a second acquiring unit configured to acquire second apparatus specific information for identifying an apparatus indicated by the first address information acquired by the first acquiring unit; a determining unit configured to determine whether the first apparatus specific information acquired by the first acquiring unit is the same as the second apparatus specific information acquired by the second acquiring unit or not; and a process requesting unit configured to request the apparatus indicated by the first address information to perform a certain process upon the determining unit determining the first apparatus specific information to be the same as the second apparatus specific i

Abstract: A communication apparatus automatically establishes a wireless communication connection with an image processing apparatus. The communication apparatus captures one of more images of the image processing apparatus and determines, via image recognition process the identification information associated with the image processing apparatus. The communication apparatus automatically searches configuration information matching the identification information of the image processing apparatus and initiates the communication connection request. Communication apparatus provides the status information on a display screen of the communication apparatus and establishes a connection between the image processing apparatus and the communication apparatus.

Abstract: Systems and methods for moving encrypted storage blocks in a security enhanced manner. An example method may comprise: selecting, by a processing device, a storage block stored by a storage device, wherein the storage block comprises encrypted content and is associated with a computing process; causing the encrypted content of the storage block to be decrypted using a first cryptographic input that is location dependent and encrypted using a second cryptographic input that is location independent; and copying the storage block comprising the encrypted content from a first location within the storage device to a second location within the storage device.

Abstract: Binding a public cloud account and a personal cloud account is described. A pre-approval list indicates that a user's public cloud account and personal cloud account are approved for binding. A copy of the pre-approval list is stored on the personal cloud device; another copy is stored on the public cloud service. The user logs into the public cloud account using a client device. Based on the pre-approval list stored on the public cloud service, the client device obtains information identifying the user's personal cloud account. The personal cloud device verifies the pre-approval of the binding based on the pre-approval list stored on the personal cloud device. The personal cloud device transmits a verification to the public cloud service. Each of the public cloud service and the personal cloud device stores information indicating the binding.

Abstract: This specification describes techniques for managing assets in a blockchain. One example method includes receiving, from a target user recorded in a distributed database of the blockchain network, a user input including a request to generate an asset object in the blockchain network, the blockchain network including an account object and a contract object, determining, based on the user input, an asset type of the asset object, initiating, in the blockchain network, the contract object corresponding to generate the asset object based on the asset type, the asset object including a digital asset corresponding to a physical asset associated with the target user, assigning the asset object to a target object of the target user, and adding address information of the asset object to the target object.

Abstract: Provided is a security communication method in a NFV environment and a system thereof. A security communication method in the NFV environment according to an exemplary embodiment of the present invention is a security communication method between virtualized network functions (VNF) in a network function virtualization (NFV) environment including: performing authentication between a first VNF and a second VNF by an element manager using a hash chain; generating secret keys based on its own hash chains by the first VNF and the second VNF which are authenticated; and performing the communication by the first VNF and the second VNF using its own secret keys.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for proximity-based access. In some implementations, an electronic device receives a first message over a network over a first communication channel. In response to receiving the first message, the electronic device increases a frequency that the electronic device scans for messages over the second communication channel. After increasing the frequency that the electronic device scans for messages over the second communication channel, the electronic device receives a second message from a secured resource over the second communication channel. The electronic device determines that the electronic device is located within a predetermined level of proximity to the secured resource, and in response, sends authentication data to the secured resource over the second communication channel.

Abstract: Systems and methods for securing user location data are described. A method includes receiving, by a location server computer, an encrypted location from a mobile device. The encrypted location is a location of the mobile device encrypted with a public key. The method then includes receiving, by the location server computer, a location request message from an interaction processing server and partially decrypting, by the location server computer, the encrypted location with a first private key share to form a partially decrypted location. The method further includes transmitting, by the location server computer to the interaction processing server, a location response message with the encrypted location and the partially decrypted location. The interaction processing server then uses the partially decrypted location and the second private key share to form a decrypted location.

Abstract: A method for generating an encryption key for use in an encryption process at a device, the method comprising: measuring respective values of a plurality of features of the device to generate a plurality of feature values, normalising the feature values using a respective normalisation map for each feature to generate a plurality of normalised values, and generating the encryption key in dependence on the normalised values.

Abstract: A system and method for accelerating compaction includes a compaction accelerator. The accelerator includes a compactor separate from a processor performing read and write operations for a database or a data store. The compactor is configured to receive a table to be compacted and entries written in the table, each of the entries being associated with a timestamp indicating when they were respectively written; identify, using a plurality of sort engines operating in parallel, the entries that were written last based on the timestamps; mark, using a plurality of marker engines operating in parallel, older copies of the entries for deletion; create, using the plurality of marker engines, tombstones for the older copies; create a compacted table, including the entries that were last written; delete the tombstones and the entries associated with the tombstones; and generate a freemap based on storage locations of the entries associated with the tombstones.

Abstract: A cryptographic service device includes: a processor; and a memory storing instructions executable by the processor, wherein the processor is configured to execute the instructions to operate as a registration module, a working key creation module, and a cryptographic operation calling module. The registration module is configured to call a primary security module to generate a master key for a newly added secondary security module. The working key creation module is configured to receive a working key creation request of a business system, call the primary security module to generate a working key for the business system, and acquire a working key ciphertext. The cryptographic operation calling module is configured to receive a cryptographic operation request of the business system; call a target security module, and obtain an operation result of the target security module.

Abstract: [Problem] To provide an anonymous communication system which ensures anonymity, with which a user can be identified if necessary, and which has a high degree of social credibility. [Solution] A user computer 11 transmits to a management computer 21 electronically signed subscription application data signed using a first signature key capable of being used with another communication system. The management computer 21 verifies the electronic signature of the subscription application data using a first public key, and if the validity of the electronic signature can be verified, generates and encrypts a second signature key and transmits the encrypted second signature key to the user computer 11. The user computer 11 generates electronically signed receipt data that have been signed in duplicate using the first and second signature keys, and transmits the receipt data to the management computer 21.

Abstract: Method and system of encrypting data using device authentication key disclosed. The system of encrypting data may include a transmitting device, configured to transmit a device identification information to request an authentication and a receiving device, configured to perform the authentication, and to generate an authentication key to provide to the transmitting device when the authentication is successful.

Abstract: A method, a computer program product, and a system for distributing a private signature key between authorization instances. The method includes registering a plurality of authorization instances in a configuration file and generating host instance key pairs by each of the authorization instances. The method also includes storing the public host keys in the shared database and electing one of the authorization instances to be a signature key leader instance. The method includes generating, by the signature key leader instance, a signature key pair. The signature key pair includes a public signature key and a private signature key. The method also includes storing the public signature key in the shared database and transmitting an encrypted private signature key to a requesting authorization instance of the authorization instances. The method further includes decrypting the encrypted private signature key using the private host key generated by the requesting authorization instance.

Abstract: Techniques are described for determining account features based on a risk assessment. A first set of account features may be determined, including security feature(s) such as mode(s) for authenticating and/or verifying the identity of a user associated with account(s). Based on the first set of features, a risk metric may be determined for the account(s). The risk metric may indicate a risk that fraud may be committed against the account or using the account. Based on the determined risk metric, a second set of account features may be determined for the account(s). The first and second sets of account feature(s) may be applied to the account(s). Disabling a particular feature may cause a reevaluation of the risk metric and a redetermination of the feature sets to be applied to the account(s).

Abstract: A computer implemented method for automatically certifying documents with integrity and authenticity guarantees and computer programs thereof.

Abstract: System and methods are disclosed that enable data sharing across networks, including peer-to-peer sharing of content over wireless networks using peer mobile devices. A database may store content associated with a first peer mobile device. A request from a requester peer mobile device for content associated with a user of the first peer mobile device may be received at a server. The encrypted request is transmitted by the server to the first peer mobile device which may decrypt the request. An authorization token may be transmitted by the first peer mobile device to the server which may then enable the requesting peer mobile device to access the requested content, which may be accessed from the first peer mobile device and/or a cloud storage system.

Abstract: In one embodiment, a crypto cloudlet is provided that includes a security wrapper to a virtual machine to guarantee secure Input/Output exchange between a client and one or more cryptographic adaptive services powered by a set of virtual CPUs through a single well defined channel, an adaptive service running in the virtual machine that identifies hardware resources necessary to satisfy a cryptographic demand or request, and an Ethernet interface communicatively coupled to the security wrapper providing network channel services for exchange of cryptographic data and commands. The security wrapper presents to the adaptive services the hardware accelerators exposed by the virtual machine. Other embodiments are disclosed.

Abstract: Embodiments of the invention are directed to authentication and authorization methods. The authentication process can involve a user device interacting with an access device that is within a proximity of the user device to help ensure that the user device is near a location of the access device. The access device can assist with the authentication, either at the access device or via a communications network to an authentication computer. For example, embodiments can provide mechanisms for authentication of a user device at an access device before the user device is authenticated and authorized access to a building.

Abstract: The present invention discloses a service processing method and apparatus, and relates to the communications field. The method includes: receiving trigger information sent by an intermediary device; and assisting, based on the trigger information, the intermediary device in negotiating with UE and a network server, to enable the intermediary device to obtain a first key, where the first key is used by the intermediary device to decrypt ciphertexts sent by the UE and the network server, the ciphertext is obtained after the UE or the network server encrypts service information by using a second key, and the first key is corresponding to the second key. The present invention resolves a problem that an intermediary device cannot provide service optimization for user equipment and a network server because the intermediary device cannot decrypt ciphertext, and achieves an effect of expanding a usage scope of service optimization.

Abstract: Embodiments of the invention can establish secure communications using a single non-traceable request message from a first computer and a single non-traceable response message from a second computer. Non-traceability may be provided through the use of blinding factors. The request and response messages can also include signatures that provide for non-repudiation. In addition, the encryption of the request and response message is not based on the static keys pairs, which are used for validation of the signatures. As such, perfect forward secrecy is maintained.

Abstract: A method of network configuration of a personal identification number (PIN) pads includes receiving a request to upgrade a PIN pad from a merchant or an individual software vendor (ISV) to read microprocessor-enabled or contactless payment vehicles, retrieving a PIN pad configuration hash value from the PIN pad, obtaining current configuration using the hash value, sending instructions to the PIN pad to upgrade the PIN pad over a network if the PIN pad is capable of reading microprocessor-enabled or contactless payment vehicles, and downloading and installing drivers to enable PIN pad readers to read and process at least one of the microprocessor-enabled payment vehicles and contactless payment vehicles according to the instructions. The method further performs additional operations such as updating the PIN pad registry with the PIN pad configuration and enabling the PIN pad to read the microprocessor-enabled or contactless payment vehicles.

Abstract: Systems and methods are disclosed for using one or more gateway systems for integrating multiple load control systems such that the load control systems may appear to a user and be controlled by the user as a unified load control system.

Abstract: A ciphertext matching system, includes: a registration target data generation apparatus, a matching request apparatus, a data matching apparatus, and a matching support apparatus. The data matching apparatus generates a first-distance-related ciphertext in which a first distance between registered data and matching target data is kept secret by random numbers. The matching support apparatus generates a public key and a secret key and transmits the generated public key to the individual apparatuses. The data matching apparatus transmits the first-distance-related ciphertext to the matching support apparatus. The matching support apparatus determines whether the first distance obtained by decrypting the first-distance-related ciphertext with the secret key is included in a set of second distances in which the registered data and the matching target data are allowable to be matched each other and transmits a result of the determination to the data matching apparatus.

Abstract: A network function performs a method to identify an invalid subscription concealed identifier, SUCI. When the network function receives a message containing a SUCI, it determines a size of the SUCI contained in the received message, and also determines an expected size of the SUCI in the received message. The network function then determines whether the size of the SUCI contained in the received message satisfies a criterion associated with the expected size. If the size of the SUCI contained in the received message does not satisfy the criterion associated with the expected size, the network function determines that the SUCI in the received message is invalid, and it rejects the SUCI in the received message if it is determined to be invalid.

Abstract: The present invention provides a method for enabling a wearable device connected to a user equipment device to be identified and authenticated within a mobile communications network, the method comprising attaching both the user equipment device and the wearable device to the mobile communications network by means of a single registration request communicated by the user equipment device to the mobile communications network.

Abstract: A system and method for facilitating service sharing (e.g., voice services, data services, multimedia services, etc.) in a network environment (100). In one example arrangement, upon receiving an input at a host subscriber device (302), a request is generated (306) to a host subscriber's service provider network (304) for instantiating a virtual subscriber identification module (vSIM) populated with the host subscriber's service profile with respect to a service. A guest user's authentication information is provided (354) for performing guest registration and remote provisioning (354, 502) for the vSIM, the remote provisioning including allocation of a temporary phone number and an IP address, which may be used in a mapping relationship for routing calls or sessions engaged by the guest (352) using a service shared with the host subscriber (302).

Abstract: Aspects of the subject disclosure may include, for example, a mobile device gateway that receives an HTTP POST message including an advertising identifier from a mobile device, determining whether a uniform resource locator of the HTTP POST message is on a list of URLs for data management platforms; and routing the HTTP POST message to the Internet responsive to determining that the URL of the HTTP POST message is not on the list of URLs for data management platforms. Other embodiments are disclosed.

Abstract: An example system may include a processor and memory, wherein the processor is configured to perform one or more of gather hashed commitments inputs from a plurality of user peers until a current time of a blockchain network equals to a hashed commitments inputs end time (t1), collect plain text inputs until the current time of the blockchain network equals to a plain text inputs collection end time (t2), wherein the t2 is greater than the t1, and execute a chaincode of the smart contract to: compare generated hashes of the plain text inputs against previously stored hashes, in response to a match, store the plain text inputs into an input array, and perform a compute function on the input array.

Abstract: A method for operating an electronic apparatus according to an embodiment of the present invention may comprise the steps of: setting a first key for unlocking data stored in a first electronic apparatus; when the first electronic apparatus receives, from a second electronic apparatus, a second key set by the second electronic apparatus, transmitting by the first electronic apparatus, to the second electronic apparatus, first data locked using the first key and the second key; and when the first electronic apparatus receives, from the second electronic apparatus, a generation signal of a first event for the first data, transmitting the first key to the second electronic apparatus according to whether the first event is approved or not.

Abstract: A wireless communication device includes: a memory; a transceiver; and a processor communicatively coupled to the memory and to the transceiver and configured to: obtain a first device identity for each of a plurality of first radio-frequency (RF) devices each configured to transmit a wireless RF signal; obtain a mobility status for each of the plurality of first RF devices, the mobility status indicative of whether the respective first RF device is expected to be mobile or static; obtain an RF signal measurement for each of the plurality of first RF devices; and produce a profile of the plurality of first RF devices using the first device identity for each of the plurality of first RF devices, the mobility status for each of the plurality of first RF devices, and the RF signal measurement for each of the plurality of first RF devices.

Abstract: In one example a processing device can receive an indication from a software application that an encrypted communication transmitted by a remote device is stored in a memory location. In response to receiving the indication, the processing device can retrieve the encrypted communication from the memory location, decrypt the encrypted communication using a first key to determine a decrypted version of the encrypted communication, and extract a second key from the decrypted version of the encrypted communication. The second key can be different from the first key. And the second key can be configured to decrypt a set of encrypted data stored in a non-volatile memory device that is accessible to the computing device.

Abstract: The present disclosure provides generally for a system and method for visualizing and measuring software assets. According to the present disclosure, the system interacts through an API to discover and populate all software applications within an organization in an interface that provides the user real-time information regarding the software applications. The system may provide real-time insights within an organization at all levels, with real-time feedback and metrics on what software there is, how software is being used, and software management options.

Abstract: Disclosed are various embodiments for implementing a key escrow system without disclosure of a client's encryption key to third parties. An encryption key is split into a plurality of key segments pursuant to a shared secret protocol. A plurality of peer client devices are then identified. Each peer client device in the plurality of peer client devices is then verified and the respective one of the plurality of key segments are sent to a respective one of the plurality of peer client devices. A response is then received from each respective one of the plurality of peer client devices, the response confirming receipt of the respective one of the plurality of key segments. A list identifying the plurality of peer client devices is finally provided to a key escrow service, the list comprising key-value pairs that identify each respective one of the plurality of peer client devices and the respective one of the plurality of key segments.

Abstract: The present invention provides an improved system and method for using cryptography to secure computer-implemented choice mechanisms. In several preferred embodiments, a process is provided for securing participants' submissions while simultaneously providing the capability of validating their submissions. This is referred to as a random permutation. In several other preferred embodiments, a process is provided for securing participants' advance instructions while simultaneously providing the capability of validating their advance instructions. This is referred to as a secure advance instruction. Applications include voting mechanisms, school choice mechanisms, and auction mechanisms.

Abstract: Generally, embodiments of the invention are directed to methods, computer readable medium, servers, and systems for deidentified access of data. The deidentified access is permitted with the use of an identifier that uniquely indicates an outcome, the coding of the identifier obscures unaided human interpretation of the outcome, and the identifier uniquely identifies data for remediating performance associated with future outcomes.

Abstract: A first example network security platform disclosed herein includes a platform selector to determine a platform selection value based on a first parameter value in a first message from a client and a second parameter value in a second message from a server, the first and second messages associated with establishment of an encrypted network traffic flow between the client and the server. The example first network security platform also includes a key retriever to obtain a cryptographic session key associated with the encrypted network traffic flow from a selected one of a cluster of network security platforms based on the platform selection value, the first network security platform included in the cluster of network security platforms. The example first network security platform further includes a traffic analyzer to analyze network traffic associated with the encrypted network traffic flow based on the cryptographic session key.

Abstract: Embodiments of the present invention provide a system for resource distribution within an offline environment. A merchant device internally stores a repository of reference codes and managing entity public keys that are paired with managing entity private keys. The user requests an amount of resources for offline exchange from the managing entity system. The managing entity system transmits certain authorization and encryption information to a user device. When the user device receives an exchange prompt from the computing device of the merchant through near field communication, it generates a digital token incorporating layers of content encryption ending with a managing entity's private key. The encrypted token and reference code are transmitted via near field communication to the merchant device. The merchant device matches the reference code to the managing entity public key and decrypts portions of the token with the managing entity public key to acquire the usable exchange information.

Abstract: Network equipment (26) in a wireless communication network is configured to receive at least a portion of a subscription concealed identifier, SUCI, (34) for a subscriber (13). The SUCI (34) contains a concealed subscription permanent identifier, SUPI, (20) for the subscriber (13). The received at least a portion of the SUCI (34) indicates a sub-domain code, SDC, (32). The SDC (32) indicates a certain sub-domain, from among multiple sub-domains (30-1, 30-2, . . . 30-N) of a home network of the subscriber (13), to which the subscriber (13) is assigned. The network equipment (26) is also configured to determine, based on the SDC (32) and from among multiple instances (24-1, 24-2, . . . 24-M) of a provider network function in the home network respectively allocated to provide a service to be consumed for subscribers assigned to different sub-domains, an instance of the provider network function to provide the service to be consumed for the subscriber (13).

Abstract: This specification describes techniques for managing assets in a blockchain. One example method includes receiving, from a target user recorded in a distributed database of the blockchain network, a user input including a request to generate an asset object in the blockchain network, the blockchain network including an account object and a contract object, determining, based on the user input, an asset type of the asset object, initiating, in the blockchain network, the contract object corresponding to generate the asset object based on the asset type, the asset object including a digital asset corresponding to a physical asset associated with the target user, assigning the asset object to a target object of the target user, and adding address information of the asset object to the target object.

Abstract: A communication system between a plurality of in-vehicle electronic devices protected using a symmetric key method is disclosed. The communication system includes a sender configured to transmit a message including a cyclic authentication code and a group authentication code, and a plurality of receivers configured to separately verify the message based on the cyclic authentication code and the group authentication code at a preset order.

Abstract: A method, an apparatus, and a system for controlling an intelligent device are provided. The device transmits a control request including a first intelligent device identifier corresponding to a first intelligent device to be controlled. In response to transmitting the control request, the device receives a first verification character string that corresponds to the control request. The first verification character string is transmitted to a first wearable device locally establishing a data connection with the first wearable device. First signed information is received from the first wearable device. The first signed information is a result of performing a signature on first to-be-signed information and includes the first verification character string. The first signed information and operation information for controlling the first intelligent device are transmitted.

Abstract: This specification describes techniques for managing assets in a blockchain. One example method includes receiving, from a target user recorded in a distributed database of the blockchain network, a user input including a request to generate an asset object in the blockchain network, the blockchain network including an account object and a contract object, determining, based on the user input, an asset type of the asset object, initiating, in the blockchain network, the contract object corresponding to generate the asset object based on the asset type, the asset object including a digital asset corresponding to a physical asset associated with the target user, assigning the asset object to a target object of the target user, and adding address information of the asset object to the target object.

Abstract: Disclosed subject matter includes systems and methods for providing a witnessed an electronically executed legal instrument, such as a limited power of attorney. The technology disclosed herein allows for the immediate transfer of a witnessed electronic document meeting today's current standards for witnessing of a document, including proximity of parties, and multiple forms of party identity authentication.

Abstract: A system and method providing a security gateway for high security blockchain systems, that acts as a firewall (and manages users, rules, data access, transactions, fees, etc.), has the ability to understand and enforce blockchain business processes policies (access policy and transaction policy of a blockchain solution that may or may not support smart contracts), and can understand tokens and their functionality, without totally disabling code execution, for example from smart contracts or tokens enabled by smart contracts.

Abstract: A first encryption key associated with a first tenant is created. The first encryption key is configured in a host where a virtual machine associated with the first tenant is executing, the host including a network interface controller configured to have a virtual network interface function, the virtual network interface function executing on the host and being associated with the virtual machine of the first tenant. The virtual network interface function is caused to bind the first encryption key to the virtual machine of the first tenant. The virtual network interface function is caused to encrypt outgoing network traffic of the first tenant using the first encryption key. The virtual network interface function is caused to decrypt incoming network traffic for the first tenant using the first encryption key.

Abstract: A method of sharing encrypted data includes, by an electronic device, receiving a password from a user to perform an action, receiving a salt value, generating a user key using the password and salt value, receiving an encrypted key location identifier value, decrypting the encrypted key location identifier value to obtain a key location identifier, receiving an encrypted read token value, decrypting the encrypted read token value using the user key to obtain a read token value, and transmitting the read token value and the key location identifier to a server electronic device.