Abstract: Provided are servers and methods for authenticating software files. A server includes a processor circuit and a memory coupled to the processor circuit. The memory includes computer program instructions that, when executed by the processor circuit, cause the authentication server to perform operations including verifying, using a public key, signature data corresponding to a single certificate file for authenticating a software installation package file that was signed using a private source key. Operations may include, responsive to verifying that the signature data matches an originally signed single certificate file, reading an image file segment table from the software installation package file. The image file segment table includes multiple records that correspond to ones of multiple image file segments of the software installation package file.

Abstract: According to the present invention, an information processing apparatus comprises a first controller that executes a first program code; a second controller that executes a second program code different from the first program code, and communication with the first controller; a storage device that stores the first program code to be executed by the first controller and the second program code to be executed by the second controller; and a verifier that verifies, before the first controller and the second controller execute respective program codes, the respective program codes, stored in the storage device.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to identify media. An example method includes: in response to a query, generating an adjusted sample media fingerprint by applying an adjustment to a sample media fingerprint; comparing the adjusted sample media fingerprint to a reference media fingerprint; and in response to the adjusted sample media fingerprint matching the reference media fingerprint, transmitting information associated with the reference media fingerprint and the adjustment.

Abstract: Aspects of the disclosure relate to a transmission logic for selecting an authorized signatory as a recipient for an electronic document for signature. The transmission logic forms a part of a communications platform. The platform, including a first electronic communications pathway and a second electronic communications pathway, conducts and supports communication between a first entity and a second entity. The logic may generate an electronic document together with a request for an electronic signature, flag the document and transmit the document along the first electronic communications pathway to an authorized signatory at the second entity. The logic may also select a signatory according to a predetermined protocol, determine the availability of the selected signatory, confirm the selection, and transmit the electronic document to the authorized signatory for signature. Upon notification of the electronic signature, the logic may transmit, along the second pathway, the document to the first entity.

Abstract: Client identifier watermarks in media signals are disclosed. An example apparatus to watermark a multilayered file includes a watermark storage to store media identifiers. The example apparatus also includes an encoder to encode a first bit sequence in the media file on a first encoding layer of a multilayered watermark, the first bit sequence to include a client identifier of a client associated with the media file, and encode a second bit sequence in the media file on a second encoding layer of the multilayered watermark, the second bit sequence to include a media identifier to identify media corresponding to the media file.

Abstract: A method for re-keying an encrypted data file, the data file being stored chunkwise on a storage entity (SE), data file chunks being encrypted with a global secret, and the method being performed by one or more computing devices, includes updating the global secret for encryption data for a data chunk to be re-keyed such that an output of a non-interactive oblivious key exchange is used to identify the private key of the data chunk to be re-keyed with a new private key, wherein the non-interactive oblivious key exchange uses an oblivious protocol; and reencrypting the data chunk to be re-keyed with the updated global secret.

Abstract: In certain embodiments, reduction of delay related to postage indicia dispensing may be facilitated. In some embodiments, a postage distributor system may retrieve indicia data representing postage indicia from a postage provider system associated with a postage provider. The postage distributor system may store the indicia data representing the postage indicia at a storage system of the postage distributor system. The postage distributor system may receive, via a user device, a request to purchase one or more indicia subsequent to the storage of the indicia data representing the postage indicia at the storage system. The postage distributor system may provide indicia data representing the requested indicia to the user device from the indicia data representing the postage indicia. In some embodiments, the postage distributor system's receipt of the request and providing of the indicia data representing the requested indicia occur during a downtime period of the postage provider system.

Abstract: A computer system performs cryptographic operations as a service. The computer system is configured to allow users of the service to maintain control of their respective cryptographic material. The computer system uses inaccessible cryptographic material to encrypt a user's cryptographic material in a token that is then provided to the user. The user is unable to access a plaintext copy of the cryptographic material in the token, but can provide the token back to the service to cause the service to decrypt and use the cryptographic material.

Abstract: Systems and methods for verifying the rendering of video content on information resources are provided herein. A server can transmit a video content element having a first bit stream corresponding to a predesignated frame to a client device. The client device can identify the first bit stream as corresponding to the predesignated frame. The client device can decode the first bit stream corresponding to the predesignated frame of the video content element to generate a second bit stream. The client device can transmit, to the server, a tracking message including the second bit stream. The server can compare the second bit stream included in the tracking message from the client device with a third bit stream maintained at a database. The server can determine that the video content element is rendered at the client device responsive to the second bit stream matching the third bit stream.

Abstract: Disclosed are various embodiments for the efficient hashing of data objects. In one embodiment, a hashing application receives an update to a portion of a data object. The hashing application then generates an updated hash value of the data object by hashing the portion of the data object and at least one stored internal hash value corresponding to one or more portions of the data object that are unaffected by the update.

Abstract: According to examples, an apparatus may include a processor and a non-transitory computer readable medium that the processor may execute to determine whether a token is to be printed printed onto the medium, following printing onto the medium in a printing system, cause a scan bar in a media feed path of the printing system to capture an image of the printed medium. The processor may also determine, from the captured image of the printed medium, whether the token was properly printed onto the printed medium and, based on a determination that the token was not properly printed onto the printed medium, output an indication and/or an instruction corresponding to the token being improperly printed.

Abstract: A cross authentication method includes steps of: a host central processing unit (CPU) module sending to a baseboard management controller (BIC) a request for BMC signature; the host CPU module receiving BMC signature data from the BMC; the host CPU module determining whether the received BMC signature data is authentic based on a BMC public key stored in the host CPU module; and the host CPU module allowing the BMC to access the host CPU module when it is determined that the BMC signature data is authentic.

Abstract: A computer-implemented method includes receiving an original message from a trusted execution environment. The original message includes an original digital signature authored by the trusted execution environment. The method includes computing a proof of knowledge for the original digital signature and modifying the original message by replacing the original digital signature with the proof of knowledge.

Abstract: A method (30) of handling a hash-tree based data signature is described. The method (30) is performed in a client device (12) and comprises receiving (32), from a gateway device (13), a hash-tree based data signature, and determining (33), based on the received hash-tree based data signature, a first partial signature, P I. A method (60) in a gateway device (13) is also described. A corresponding client device (12) and gateway device (13) are also disclosed, as are related computer programs and computer program products.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to identify media. An example method includes: in response to a query, generating an adjusted sample media fingerprint by applying an adjustment to a sample media fingerprint; comparing the adjusted sample media fingerprint to a reference media fingerprint; and in response to the adjusted sample media fingerprint matching the reference media fingerprint, transmitting information associated with the reference media fingerprint and the adjustment.

Abstract: Techniques are disclosed relating to biometric authentication. In one embodiment, a computing device includes a controller circuit, a camera, and a secure circuit. The controller circuit is coupled to a button and detects when the button has been pressed. The camera captures a set of biometric data of a user. The secure circuit performs an authentication of the user by confirming that a notification identifying the button being pressed was received from the controller circuit and by comparing the set of biometric data with another set of biometric data for an authorized user of the computing device. In some embodiments, the controller circuit is configured to maintain a timestamp indicative of when the button has been pressed and usable by the secure circuit to confirm that the button is pressed within a threshold time period of the authentication being performed.

Abstract: A technique for downloading a profile for access to a communication network by a security module. This access profile has been prepared by a network operator and is available from a server configured to provide this access profile by downloading to the security module. The security module obtains a first verification datum prepared by the network operator. A secure downloading session is established thereafter. During establishment, session keys are jointly generated between the server and the security module and the server is authenticated by the security module using a public downloading key. The security module verifies authenticity of the public downloading key by using the first verification datum enabling verification that the server uses a secret downloading key corresponding to that provided by the network operator during preparation of the first verification datum. When the public downloading key is not authentic, the security module interrupts downloading of the access profile.

Abstract: Data convolution for geographically diverse storage is disclosed. Data and corresponding convolutions of data can employ erasure coding to improve robustness of access to information represented in the data. For a peer group of chunks employing a given erasure coding scheme, access to the information represented in the data can be via accessible chunks and/or recovery of a less-accessible chunk, e.g., via a deconvolution operation, via a decoding operation, via a mix of deconvolution and decoding operations. The mix of deconvolution and decoding operations can enable recovery of a less-accessible chunk that cannot be recovered by either a deconvolution or decoding operation alone. This can improve access to information represented in less-available data.

Abstract: A system initiates a boot operation that executes firmware, and retrieves an anti-roll back version table stored by a trusted platform module. The system determines that the firmware is invalid based on the anti-roll back version table retrieved from the trusted platform module, and aborts the boot operation in response to the determining that the firmware is invalid based on the anti-roll back version table.

Abstract: An information processing device which includes: a secure storage accessible by only trusted software, in which a first encryption key keeping unit keeping a first encryption key is configured inside an access limit area; a second encryption key construction unit constructing a second encryption key by consolidating a plurality of pieces of distributed information; a setup processing activation unit outputting the second encryption key constructed by the second encryption key construction unit in response to activation of a local device; and a software execution unit being executed as the trusted software, constructing a common encryption key by using the second encryption key acquired from the setup processing activation unit and the first encryption key acquired from the first encryption key keeping unit, and setting up an encrypted file system by using the constructed common encryption key.

Abstract: A head related transfer function (HRTF), which can be considered as biometric data is used to authenticate a user from whom the HRTF is derived. The HRTF may be used for authentication in combination with other biometric data such as retina scan or fingerprint to render two-factor biometric authentication. The HRTF used for authentication is encrypted for security.

Abstract: A user interface for email users which calls attention to one or more categories of emails in different ways. In some species, at least three categories are used: branded senders with Truemarks; white list buddies; and fraudulent emails which are either not from the domain they purport to be from or in which the content was tampered. The preferred embodiment authenticates emails from branded senders and displays them with the sender's Truemark. Branded sender emails have their Truemarks displayed in the sender column of a list view in the preferred embodiment. In a preferred embodiment, white list senders have either an icon or other graphic or photo they choose displayed to the left or right of the sender column with their name in the sender column. In a preferred embodiment, fraudulent emails have a fraud icon displayed to the left or right of the sender column with a warning in the sender column. Antiphishing processing is also disclosed.

Abstract: A system and method to establish a no-login authenticated and contextualized two-ways data flow between a medicine user and the pharmaceutical manufacturer. Near Field Communication (NFC) technology, enabling short-range communication between two compatible devices is utilized via a writeable NFC tag carried by a medication package. The writeable NFC tag includes medication information, anti-counterfeiting information, as well as data about the patient and the prescription. The NFC tag may be read by a user device associated with the patient, enabling the user device to merge this data with the patient's feedback, send this rich flow in a secure way to the manufacturer, who in turn is now able to provide rich contextual guidance to the patient.

Abstract: An information handling system may include a host system comprising a host system processor, a management controller coupled to the host system processor, and an information handling resource coupled to the host system processor and the management controller, the information handling resource including a firmware. The information handling system may be configured to transfer a firmware update package from the host system to the management controller, wherein the firmware update package includes a cryptographic signature; verify, at the management controller, the cryptographic signature; transfer data indicative of the verification from the management controller to the information handling resource; and in response to receiving the data indicative of the verification from the management controller, install, by the information handling resource, the firmware update package.

Abstract: Disclosed herein are various embodiments of computer-implemented methods and systems for parsing information from messages containing a standardized electronic document format, such as a continuity of care document (“CCD”), and for generating referrals and other documents using data parsed from the messages and/or standardized electronic document format. In some embodiments, a message containing a CCD may be received, the CCD and the message may be parsed to extract information (e.g., patient information), the patient information may be mapped into a document template, and an electronic document containing mapped referral parameters may be generated.

Abstract: A coupon-minter is configured to perform operations including: generating a coupon comprising encrypted discount information, wherein the encrypted discount information is encrypted with a discount key; generating, for the coupon, a hashlock from a preimage; introducing the coupon to a blockchain in association with the hashlock, wherein the blockchain is configured to permit claiming of the generated coupon only upon receiving access to the preimage used to generate the hashlock. A store-manager configured to perform operations including: claiming, using the preimage, the coupon in the blockchain; encrypting the discount key with a clearing-house public key; updating the coupon with the encrypted discount key. A clearing-house-manager configured to perform operations comprising: detecting the store-manager's claiming of the coupon; decrypting the encrypted discount key with a clearing-house private key to re-generate the discount key; and decrypting the encrypted discount information with the preimage.

Abstract: The invention relates to a method for granting access to a service provided by a connected device for a user having a user's device and requesting said access, the method comprising the steps of: receiving by the user's device from the connected device a request to validate a user profile, a user profile corresponding to a list of at least one data item representing the user's capabilities to use a service provided by the given connected device; requesting by the user's device to a verification server associated to the at least one data item to validate said data item, and receiving a digital signature of said data item generated by the verification server as a proof of the validation; transmitting the data item of the user profile and its digital signature to a device belonging to the owner of the connected device for it to be informed that said data item is validated, the user profile being considered as validated when the digital signatures of all the data items listed in the user profile are correctly ver

Abstract: Systems and methods for automatically determining consumer eligibility for a gated offer while reducing data exposure, are herein disclosed. In one example, a method for automatically determining consumer eligibility for a gated offer using a hashed dataset comprises, receiving an eligibility claim from a requester, receiving credentials from a consumer, selecting a verification source based on the eligibility claim and the credentials, determining an eligibility status of the eligibility claim by comparing the credentials against a hashed dataset of the verification source, and transmitting the eligibility status to the requester. In this way, a verification platform may determine consumer eligibility to a gated offer using hashed data, without holding the underlying personal data of the consumer, thereby reducing data exposure of the consumer.

Abstract: In some implementations, a user interface for an application is displayed using a web browser instance on a client device. An input is received to present data on the user interface in a particular view. In response to the input, a first web worker thread corresponding to the web browser instance obtains data from a server, and executes first library routines to store the data in local storage at the client device. A second web worker thread, which corresponds to the web browser instance and the user interface, accesses the data from the local storage by using one or more second library routines, and processes the data to convert to a presentation format corresponding to the particular view. The second web worker thread stores the processed data in the local storage by using one or more third library routines, and provides the processed data for display on the user interface.

Abstract: An information processing device which includes: a secure storage accessible by only trusted software, in which a first encryption key keeping unit keeping a first encryption key is configured inside a access limit area; a second encryption key keeping unit keeping as a second encryption key; a setup processing activation unit acquiring the second encryption key from the second encryption key keeping unit in response to activation of a local device, and outputting the acquired second encryption key; and a software execution unit being executed as the trusted software, acquiring the second encryption key from the setup processing activation unit, acquiring the first encryption key from the first encryption key keeping unit together with acquisition of the second encryption key, constructing a common encryption key by using the first encryption key and second encryption key, and setting up an encrypted file system by using the constructed common encryption key.

Abstract: A memory device includes cyclic redundancy check (CRC) circuitry configured to indicate whether an error has been detected in transmission of data from a host device to the memory device. The CRC circuitry includes a synchronous counter that is configured to synchronize a count with a system clock and to transmit the count. The CRC circuitry also includes pulse width control circuitry that is configured to receive the synchronized count from the synchronous counter and to generate pulse width controls based at least in part on the synchronized count. Furthermore, the CRC circuitry includes synchronization circuitry that is configured to receive the pulse width controls and to generate an error alert signal based at least in part on the pulse width controls.

Abstract: The present disclosure involves systems, software, and computer implemented methods for automatically controlling access and limiting functionality of a computer workstation based on which user is currently logged in. In some implementations, an overwatch application is installed on the workstations to be controlled and monitored. If an authorized, but limited, user logs in, the overwatch application can initiate a lockdown process on the workstation. In some instances, the lockdown process is managed by a dedicated lockdown application, which is initiated or notified from the overwatch application, and which can initiate a lockdown of particular applications, functionality, and allowed interactions on the workstation until the limited user has completed their task and a new user logs in.

Abstract: Systems and methods are described for automatically identifying fraud, waste or abuse in health insurance claims submitted to insurance companies by healthcare providers. Insurance claim information and at one image associated with the insurance claim may be received, where the image has been submitted by a healthcare provider to an insurance carrier as supporting evidence of a medical service performed by the healthcare provider. The system may generate a digital signature representing the image, then may compare the digital signature generated for the image to previously generated digital signatures of other images that have been submitted in association with other insurance claims. The system may then determine a likelihood that the given insurance claim is associated with fraud, waste or abuse, based in part on whether the digital signature is identical or close to one or more of the previously generated digital signatures.

Abstract: There is disclosed a blockchain-based system, and an electronic apparatus and a method in the system. The electronic apparatus at a control node end includes a processor configured to: verify, in response to an ownership declaration for a new object that is first introduced from a to-be-verified node in the system, the ownership declaration; and sign, in a case that the verification is successful, the ownership declaration to be returned to the to-be-verified node, so that the signed ownership declaration is verified by other nodes in the system and a record regarding the ownership declaration is added to the blockchain. According to the embodiment of the disclosure, it is possible to verify the newly introduced object in the blockchain-based system without binding with a cipher coin, while maintaining a peer-to-peer architecture of the blockchain-based system.

Abstract: Disclosed are embodiments directed to security methods applied to connections between components in a distributed (networked) system including medical and non-medical devices, providing secure authentication, authorization, patient and device data transfer, and patient data association and privacy for components of the system.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for enhancing blockchain network security. Implementations include receiving a request for data from the data source, transmitting the request to a relay system that is external to the blockchain network and that includes a multi-node cluster including a plurality of relay system nodes, receiving a result provided from a relay system node, the result being digitally signed using a private key of the relay system node, verifying that the relay system node is registered, verifying an integrity of the result based on a public key of the relay system node and a digital signature of the result in response to verifying that the relay system node is registered, and transmitting the result to a client in response to verifying the integrity of the result.

Abstract: An example operation may include one or more of storing a first hashed timelock request in a first storage structure, where the first hashed timelock request is hashed based on a first secret, generating a second secret based on the first secret and a public key of a client, hashing the second secret to generate a hashed second secret, and transmitting a request for a second hashed timelock request to the client, where the request comprises the generated hashed second secret.

Abstract: Systems and methods to migrate unstructured objects such as, but not limited to, attachments and platform change documents from a database to a cloud-provided external object storage. The unstructured objects may be designated for migration based on their creation date and/or other characteristics. Migration of an object may include conversion of the object to a serialized file in an object notation format. The database may maintain a header of the migrated object indicating the location to which the object was migrated.

Abstract: A system and method for tripartite encryption is given. In this system and method of encryption, a distributing party distributes keys, checksums and encrypted data among two receiving parties, so that the two receiving parties may authenticate each other without the distributing party's further intervention and encrypt and decrypt data among themselves.

Abstract: There is provided mechanisms for enabling secure communication between a first communications device and a second communications device. A method is performed by the first communications device. The method comprises performing a network attachment procedure with an authentication server. The method comprises establishing, during the network attachment procedure, a shared secret between the first communications device and the authentication server. The shared secret is established by running an authentication and key agreement protocol as part of the network attachment procedure with a network access identity of the first communications device as input. The method comprises deriving an application level shared key for the first communications device from the shared secret. The shared key is to be used for secure communication between the first communications device and the second communications device.

Abstract: Disclosed herein are methods, devices, and apparatuses, including computer programs stored on computer-readable media, for testing signature verification for a blockchain system. One of the methods includes: obtaining a testing configuration from a configuration file, wherein the testing configuration specifies a cryptography algorithm used in the blockchain system, a group of one or more private keys corresponding to the cryptography algorithm, and a predetermined execution result based on the cryptography algorithm and the group of one or more private keys; signing a transaction, by encrypting data representing the transaction based on the cryptography algorithm and the group of one or more private keys, to generate one or more signed transactions; sending the one or more signed transactions to the blockchain system and receiving an execution result from the blockchain system; and determining whether the predetermined execution result is satisfied based on the execution result.

Abstract: The present invention relates generally a method to authenticate a data carrier, such as passports, licenses, identification card . . . by hiding at least two optically encoded image within a data carrier so that the data carrier is authenticated through at least two factor authentication process. In the methods of the present invention, at least two reliable, readable optically encoded image are hidden within the data carrier wherein each of the encoded image is visible through a same decoder device but under different specific lighting conditions without the former having influence on the quality of the latter. The authentication methodology of the present invention provides an improved security, being even more difficult to reproduce by infringers, even more difficult to remove, replace or exchange and easy to check.

Abstract: Described are various embodiments of an integrated multi-level or cross-domain network security appliance and system.

Abstract: A storage controller coupled to a storage array comprising one or more storage devices that performs at least one data reduction operation on decrypted data, encrypts the reduced data using a second encryption key to generate a second encrypted data, and stores the second encrypted data on the storage array.

Abstract: An example apparatus can include a host device and an apparatus including a memory device and a controller coupled to the memory device, wherein the host device is configured to send a command to read an image to configure the host to boot from the memory device to the controller and wherein a base address register is configured to receive the command, indicate the size of the image, and redirect the command to a first image in memory using a first register that indicates a size of the first image and a second register that indicates a location of the first image.

Abstract: An authentication system is provided for authenticating users in accordance with an encryption/decryption algorithm using first and second separately unique encryption keys that are time variable and are uniquely associated with each user, having a first user controlled computing device under the control of the user for generating said first encryption key using an encryption key generating algorithm. The first user controlled computing device includes a key transmitter for transmitting wirelessly within the immediate vicinity of the user the first encryption key, a second user controlled computing device, operating as a coordinating device under the control of the user, for generating the second encryption key using the encryption key generating algorithm. The second user controlled computing device includes a key receiver for receiving the first encryption key.

Abstract: An executable memory page validation system for validating one or more executable memory pages on a given endpoint, the executable memory page validation system comprising at least one processing resource configured to: obtain a plurality of vectors, each vector of the vectors being a bitmask indicative of valid hash values calculated for a plurality of executable memory pages available on the endpoint, the valid hash values being calculated using a respective distinct hash function; calculate one or more validation hash values for a given executable memory page to be loaded to a computerized memory of the endpoint for execution thereof, using one or more selected hash functions of the distinct hash functions; and determine that the given executable memory page is invalid, upon one or more of the validation hash values not being indicated as valid in the corresponding one or more vectors.

Abstract: An example image forming apparatus includes a communication device, a print engine to form an image, and a processor to, based on a first event in the image forming apparatus, generate first log data regarding the first event, generate first integrity inspection data regarding the first log data, generate a first signature value regarding the generated first integrity inspection data, and control the communication device to transmit the generated first log data, the first integrity inspection data and the first signature value to a server device.

Abstract: Systems and methods are described herein for computer user authentication using machine learning. Authentication for a user is initiated based on an identification confidence score of the user. The identification confidence score is based on one or more characteristics of the user. Using a machine learning model for the user, user activity of the user is monitored for anomalous activity to generate first data. Based on the monitoring, differences between the first data and historical utilization data for the user determine whether the user's utilization of the one or more resources is anomalous. When the user's utilization of the one or more resource is anomalous, the user's access to the one or more resource is removed.

Abstract: Systems and methods are described herein for providing content item recommendations based on a video. Specifically, content item recommendations are provided using a machine learning model. The machine learning model is trained using feature vectors that are correlated to one another. The correlated feature vectors include information indicative of a texture and shape intensity of an image. Using the feature vectors (e.g., image or video signatures), a recommendation system improves content recommendation using analytic and quantitative characteristics derived from a frame of a content item rather than merely manually labeled bibliographic data (e.g., a genre or producer).