Abstract: A device (40) for generating a watermarked stream (39), comprising: at least one input interface (41) configured to receive encrypted control messages (20) and conditional access streams (30) including a main stream (33) and protected watermarking data streams (35) from which a watermarking information (38) can be embedded in said watermarked stream (39); a security module (43) configured to process said control messages (20) and to control access to said conditional access streams (30); a descrambler (45) configured to remove protection applied on at least some of said conditional access streams (30); a watermarking unit (47) configured to generate the watermarked stream (39) from said conditional access streams (30) by selectively processing said watermarking data streams (35) depending on access data (AC, AR) included in some of said control messages (20).

Abstract: A computer implemented method of updating software of embedded devices connected to a central dispatch device, comprising using one or more processors of a central dispatch device, the processor(s) are adapted for executing a code for obtaining a respective update package for one or more of a plurality of embedded devices which are operatively connected to the central dispatch device via a communication interconnection, transferring a transient update agent to the embedded device(s) and transferring the update package to the embedded device(s), the one or more embedded devices execute the transient update agent to apply the update package in the one or more embedded devices. The one or more embedded devices discard the transient update agent after the update package is applied.

Abstract: According to one embodiment of the invention, a subtoken corresponding to a primary token is generated. The primary token corresponds to a credential. The credential may be, for example, a primary account number (PAN) corresponding to a payment account. The subtoken may be a temporary, one-time use subtoken based on a primary token associated with the credential that allows a user to conduct a transaction from his or her account, while still providing security for the user's sensitive data. The subtoken may contain a header and an obfuscated portion. The header of the subtoken routes the subtoken to the entity issuing the subtoken for translation into the primary token. The obfuscated portion acts as a pointer to the primary token and data associated with the primary token. A same check digit may be included in the subtoken, the primary token, and the credential, in order to ensure that the transaction is not improperly denied.

Abstract: A program writing method in which a program is written into a flash ROM that a microcomputer includes therein includes: a generating step for generating a version representative value indicating a version of a source directory from predetermined types of files included in the source directory; an additionally writing step for additionally writing the version representative value into a source file included in the source directory; and a program writing step for writing a program corresponding to the source directory generated by compiling the source file into which the version representative value has been additionally written into the flash ROM.

Abstract: The present disclosure relates to domain name resolution technology and discloses a DNS resolution method, an authoritative DNS server and a DNS resolution system. In some embodiments, the authoritative DNS server receives a target domain name resolution request sent by a LDNS server, where the target domain name resolution request includes content information; the authoritative DNS server determines a target domain name resolution result according to the content information, and returns the target domain name resolution result to the LDNS server.

Abstract: A vertically integrated retail system includes an embedded storefront adapted to operate in a distributed manner through independent units embedded in different web sites or content in other host applications. Each unit of the embedded storefront enables a user to purchase goods, services, or other entities without leaving the host application. The units are modules that may be inserted into a web page, application, game, or other electronic media. Units can include product content such as video or animation, images, text, audio, music, or any other type of interactive or non-interactive electronic content. A user may receive virtual currency, virtual goods (such as virtual items or enhancements within a game application), or other rewards for completing transactions using the unit in the host application. Units may be embedded in host content via hyperlinks included in the content or through an application programming interface of a host content provider.

Abstract: Provided is a system and method for implementing remote trust services for blockchain. In one example, the method may include one or more of retrieving block content from a portion of a blockchain via an application programming interface (API), in response to a triggering event being detected, calling an off-chain trust service to sign the retrieved block content, receiving accreditation results of the retrieved block content from the off-chain trust service, the accreditation results comprising an indication of whether the retrieved block content has been successfully signed, and writing the received accreditation results to a block within the blockchain.

Abstract: A method of registration and access control of identity for third-party certification is provided. The method has steps of registration and steps of access control. The steps of registration have: controlling a user-end computer apparatus to retrieve an identity image of an identity document of a user; executing processes on the identity image for obtaining identity data; retrieving embedded identity data from the identity document; and configuring and registering the identity data if the data are matched with each other. The steps of access control have: controlling the user-end computer apparatus to verify user's identity upon reception of request of identity access, and generating and returning return identity data to a request-end computer apparatus.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for electronically stamping a document. One of the methods include receiving an electronic stamping instruction, where the electronic stamping instruction comprises a to-be-stamped document and a stamping type. In response to determining that a format of the to-be-stamped document is a predetermined document format and the stamping type is a first stamping type, a first to-be-stamped area of the to-be-stamped document is determined. An electronic stamp corresponding to the to-be-stamped document is identified using an encryption algorithm interface. A first electronically stamped document is generated and include the electronic stamp in the first to-be-stamped area.

Abstract: Method for registering an electronically stored digital document (A), comprising the steps of a) providing to an owning party a digital document and a private ownership key, which private ownership key is a private key in an asymmetric cryptographic key pair also comprising a corresponding public ownership key; b) calculating a digital document hash value based upon the document (A); c) the owning party using the private ownership key to calculate a digital document signature of the document (A); d) digitally storing in an electronic digital document register not the document (A), but the document signature as well as the public ownership key and the document hash value. The invention also relates to a system.

Abstract: Concepts for defining authority for triggering an expression within an enterprise workspace from an external service outside the enterprise workspace are presented. Such concepts define a rolling key function configured to generate a rolling key. A secret is defined as a starting point for the rolling key function. The secret and the rolling key function are securely shared with the external service.

Abstract: Systems and methods for authenticating a user of a mobile electronic device to use a FIDO (fast identification online) compliant application in the device are provided. These entail receiving a user authentication input at the mobile electronic device and caching the authentication input. While the authentication input remains cached, the user is authenticated to use the mobile electronic device via the authentication input. The mobile electronic device is then unlocked and the FIDO compliant application is opened. Secure delayed FIDO authentication is then executed by providing the cached authentication input to the FIDO compliant application to open an authenticated session of the user on the FIDO compliant application.

Abstract: Data transmission system and method with high security are introduced for communicative connection of a transmitter device to a receiver device through a data transmission channel. The transmitter device includes multiple asymmetric encoding packers, and the receiver device includes a multiplex-decoding processor corresponding to the asymmetric encoding packers. After the transmitter device performs pre-processing on original data according to a source of the original data, the asymmetric encoding packers perform encoding packing on the pre-processed original data and generate multiple encoded data. The encoded data are sent to the receiver device through the data transmission channel, and are decoded by the multiplex-decoding processor to obtain restored data. Accordingly, enhancing security and convenience of data transmission are achieved.

Abstract: Systems and methods for generating certified images and incident reports are disclosed. An image capture device can be used to capture an image and integrate metadata from camera sensors as well as other ancillary device sensors into the image. The image and its metadata can then be certified upon a check that the image and its metadata are authentic and unaltered. The image and its metadata can then be included in or as a part of an incident or other report describing an incident or event such as an accident or a crime. The image and/or incident report may be maintained at a cloud-based server for viewing, authorized editing, and subsequent distribution.

Abstract: A method performed by a content management system (CMS) and an edge node of a content delivery network is provided. A server secret is shared between the CMS and the edge node, and CMS uses the server secret to generate a signing key which includes a signing secret generated using the server secret. The signing key is transmitted to a client system. The client system receives a request for a content asset from a user device. The client system uses the signing key to generate a signed URL for the content asset, and the user device is redirected to the signed URL. The edge node validates the signed URL using the server secret to rederive the signing secret based on the signed URL. Responsive to successful validation of the signed URL by the edge node, then the content asset is provided from the edge node to the user device.

Abstract: Rebalancing as a result of re-encoding a code chunk in response to scaling out of a geographically diverse storage system employing erasure coding technology is disclosed. After a scaling out event, a new erasure coding scheme can be selected. An old coding chunk generated according to an old erasure coding scheme can be re-encoded into a new coding chunk according to the new erasure coding scheme and based on a data chunk not previously protected by the old coding chunk. The re-encoding can be selected to diversify distribution of chunks, resulting in rebalancing occurring as part of re-encoding. In an embodiment, the new coding chunk can be generated in a new zone from the scaling out event. In another embodiment, the data chunk can be moved to the new zone from the scaling out event.

Abstract: A method for verifying a property of plaintext using ciphertext is disclosed. In an embodiment, a computing device may receive the ciphertext at a trusted execution environment (TEE) of the computing device. The TEE may decrypt the ciphertext to generate the plaintext using a private encryption key of an encryption key pair. The encryption key pair comprises a public encryption key and the private encryption key. The TEE may generate a digitally signed validation result by encrypting the validation result using a private signing key of a signing key pair. The signing key pair comprises a public signing key and the private signing key. The private key is retrieved from secure memory of the computing device, and the secure memory may only be accessible by the TEE. The computing device may then transmit the digitally signed validation result.

Abstract: An electronic terminal capable of using a function of payment includes a wearing detector, a communicator, and a processor. The wearing detector detects whether the electronic terminal is worn by a user. The communicator communicates with a wireless communication apparatus via near field communication. The processor changes, based on information that is obtained by the wearing detector and the communicator, whether to enable or disable use of the function of payment.

Abstract: The invention relates to an industrial testing device communicating with a data center located in a remote computer network, such as the cloud. Disclosed is a method of registering the device to the cloud and specifying the geographical location of the data center. The method includes selecting a data center from a list of available data centers based on regulations specific to a device type of the industrial testing device. Features are configured for communication between the device and the selected data center.

Abstract: There is provided an optical distance measurement system including an image sensor and a processing unit. The processing unit is configured to generate an image to be calculated according to at least one image captured by the image sensor, wherein different image regions of the image to be calculated correspond to different exposure times thereby improving the accuracy of the distance calculation.

Abstract: In example implementations, a mobile device is provided. The mobile device includes a first antenna, a second antenna, a radio module and a memory. The radio module includes four antenna ports. The first antenna is in communication with a first port of the four antenna ports and the second antenna is in communication with a second port of the four antenna ports. The memory stores a configuration of the radio module that deactivates a third port and a fourth port of the four antenna ports of the radio module.

Abstract: Provided herein are systems and methods for secure document sharing in a database system. For example, a system includes at least one hardware processor and a memory. The memory stores instructions that cause the at least one hardware processor to perform operations including receiving a query for a data set from a client device. The data set is shared in a data exchange by a data provider. The operations further include retrieving a data file responsive to the query for the data set. A security function is applied to the retrieved data file to generate a modified data file. A scoped uniform resource locator (URL) associated with the modified data file is encoded for transmission to the client device. The scoped URL includes an encrypted hash with a storage location of the modified data file.

Abstract: An information handling system includes a basic input/output system that checks for a first-time password in NVRAM, and prompts a user for a password when the first-time password is present. A processor compares the password to the first-time password, deletes the first-time password from the NVRAM when the password matches the first-time password, and boots the information handling system when the password matches the first-time password.

Abstract: A data provision system includes a data provision device and a data security device installed in a vehicle. The data provision device includes a vehicle interface configured to transmit data to and receive data from the vehicle; and an cryptographic processing unit configured to generate an electronic signature of application data to be applied to an in-vehicle computer installed in the vehicle by using a secret key of the data provision device, wherein application data with the electronic signature, which is obtained by attaching the electronic signature to the application data, is transmitted to the vehicle through the vehicle interface. The data security device includes an interface unit configured to transmit data to and receive data from a device outside the data security device; and an cryptographic processing unit configured to verify the electronic signature of the application data with the electronic signature received from the data provision device.

Abstract: Methods of authenticating a file are disclosed. A method may include selecting, via an identifier, a subset of data segments of a file. The method may also include executing, via a microcontroller, a cryptographic function on only the subset of data segments of the file to generate a digest. Further, the method may include generating, via the microcontroller, an authenticator based on the digest and a private key. The method may also include conveying the file, the identifier, and the authenticator to a cryptography element. In addition, the method may include executing, via the cryptography element, the cryptographic function on the subset of data segments of the file to generate a second digest. Furthermore, the method may include authenticating, via the cryptography element, the file via verification of the authenticator based on the second digest and a public key of the microcontroller.

Abstract: A system and method of setting and checking a Bloom filter is provided. The system generates a set of hashed values by applying a number of hash functions to an input value; determines each bit address of a bloom filter corresponding to a hashed value of the set of hashed values; maps each determined bit address from the bloom filter into a corresponding byte address of a register, such that each bit address corresponds to one byte address; writes a byte value into the register for the byte address, wherein each bit of the byte value corresponds to a bit address of the bloom filter and writes each bit of the byte value from the register into the bloom filter for each bit address of the byte address.

Abstract: An information processing apparatus automatically deletes an electronic certificate according to acquisition of another electronic certificate.

Abstract: A processing system of a device having at least one processor may obtain a set of codes from a virtual machine orchestrator via a virtualization security controller of the processing system, obtain a first virtual machine configuration file from the virtual machine orchestrator via a hypervisor of the processing system, and pass at least one code of the set of codes from the virtualization security controller to the hypervisor. The processing system may then apply, via the hypervisor, a decryption to the first virtual machine configuration file using the at least one code, determine that a threshold percentage of content of the first virtual machine configuration file comprises dictionary-recognizable words in accordance with the decryption, and instantiate, via the hypervisor, a first virtual machine in accordance with the first virtual machine configuration file when it is determined that the threshold percentage of the content comprises dictionary-recognizable words.

Abstract: A method for producing a cryptographic timestamp for a digital document using multiple time servers is provided. In the method, a nonce value is produced and a current hash value is formed from the nonce value and the digital document. Then, a time server is repeatedly selected, the current hash value is transmitted to the selected time server, a response comprising a digital signature of the current hash value and a time indication is received by the selected time server, and an additional hash value is determined from the received response and used as the current hash value. The cryptographic timestamp for the digital document is formed from the nonce value and the multiple received responses. The method produces a tamperproof timestamp on a majority basis and is suitable for dating and protocolling in the field of automation and IoT.

Abstract: A computing system includes a server. The server is communicatively coupled to a data repository and is configured to store a data in the data repository. The server is further configured to create, via a visual information flow creation tool, at least one information flow object. The server is additionally configured to create, via the visual information flow creation tool, an electronic signature field in the at least one information flow object, and to provide the at least one information flow object to communicate an electronic signature request to an electronic signature system.

Abstract: A computer system is provided that communicates with a distributed blockchain computing system that includes multiple computing nodes. The exchange stores an order book and a plurality of digital wallets associated with different clients. The computer system receives new data transaction requests that are added to the order book. A match is identified between data transaction requests and hashes associated with the digital wallets associated with the respective data transaction requests are generated. The counterparties receive the hashes of the other party along with information on the match and each party causes blockchain transactions to be added to the blockchain of the blockchain computing system. The computing system then monitors the blockchain to determine if both sides of the match has been added to the blockchain.

Abstract: It is desired to try to increase the security of a computing system running computer applications that may access data in a data storage system. In some embodiments, a token associates a user with a task that is being executed by a computing node. It may therefore be possible to determine which user executed which tasks. In some embodiments, the validity of a token is tied to the lifespan of a task associated with the token, rather than to a fixed amount of time. Therefore, if the task associated with the token is complete, the token may become invalid, rather than remaining valid for a duration of time that possibly exceeds the lifespan of the associated task. In some embodiments, a token is used to enforce data access control, e.g. to deny certain users access to certain data in the data storage system.

Abstract: Transferring control over a device. A method includes, receiving a first indication, including a first verifiable token, from a first entity that at least a portion of control of a device should be relinquished by the first entity. A second indication is received from the second entity, including a second verifiable token, that the at least a portion of control should be transferred to the second entity. The first token and the second token are verified. As a result of verifying the first token and the second token, the at least a portion of control of the device is transferred from the first entity to the second entity. Transferring the at least a portion of control of the device from the first entity to the second entity includes updating the device with configuration applicable to the second entity.

Abstract: Embodiments of the present disclosure provide method, device and computer program product for file search. The method for file search comprises: determining a hash value associated with an identification of a file to be searched; determining, from a plurality of candidate location chains, a target location chain associated with the hash value; determining, from the target location chain, a target element based on the identification, the target element indicating an address of the file to be searched in a memory; and acquiring the file from the memory based on the address.

Abstract: It is desired to try to increase the security of a computing system running computer applications that may access data in a data storage system. In some embodiments, a token associates a user with a task that is being executed by a computing node. It may therefore be possible to determine which user executed which tasks. In some embodiments, the validity of a token is tied to the lifespan of a task associated with the token, rather than to a fixed amount of time. Therefore, if the task associated with the token is complete, the token may become invalid, rather than remaining valid for a duration of time that possibly exceeds the lifespan of the associated task. In some embodiments, a token is used to enforce data access control, e.g. to deny certain users access to certain data in the data storage system.

Abstract: A cryptographic method for signing a message m by a user device on behalf of a group managed by a group manager, which has a secret key generated from two variates x and y, the group having a public key formed from a plurality of elements comprising an element g and an element gz pertaining to a cyclic group of order p, p being a whole prime number and z a variate, and an element h, an element hx, an element h1/z and an element hy/z pertaining to a cyclic group of order p. The method includes: receiving a certificate from the group manager, including elements S1=gr, S2=gr(x+y.u) and S3=gz.r where r is a variate selected by the group manager for the user device; and generating a group signature for the message m, based on the certificate, a variate t generated by the user device, and the secret u.

Abstract: This disclosure aims to overcome at least some of the drawbacks associated with today's content sharing applications. In one aspect, this disclosure enables decentralized sharing of content based on crypto protocols and distributed database technology (e.g., blockchain technology). In one aspect, the content to be shared is encrypted and included in a session document that is stored in a distributed database that can be shared without requiring a central administrator.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for blockchain-based image processing are provided. One of the methods comprises: obtaining, by a computing device, copyright-related information corresponding to an original image; sending, by the computing device, the copyright-related information to one or more blockchain nodes configured to obtain ciphertext information by encrypting the copyright-related information and to store the ciphertext information in the blockchain; obtaining, by the computing device, the ciphertext information from the blockchain; and performing, by the computing device, obfuscation on a pixel matrix of the original image based on the ciphertext information to generate a target image carrying the copyright-related information.

Abstract: A software architecture encoded on a non-transitory computer readable medium, where the software architecture includes a creation protocol, wherein the creation protocol is configured to create a plurality of dealing messages. The software architecture additionally includes a reading protocol, wherein the reading protocol is configured to read the dealing message to a receiver node of the selected group, wherein the receiver node is different from a dealer node whose information is contained in the corresponding dealing message. Moreover, the software architecture includes a verification protocol, wherein the verification protocol is configured to verify veracity of the corresponding dealing message, wherein the verification protocol is configured to be run by the receiver node. Further, the software architecture includes a complaint protocol, wherein the complaint protocol is configured to generate a complaint message, wherein the complaint message is signed by the receiver node.

Abstract: The present disclosure involves systems, software, and computer implemented methods for remotely executing binaries in a containerized computing environment using a lightweight inter-process communications protocol (IPC) and UNIX domain sockets. One example method includes establishing, in a shared computing image comprising a plurality of containers, a listening UNIX domain socket, where the listening UNIX domain socket is shared between all containers in the shared computing image. A request to execute a binary in the target container is received at a target container and from a client container using the listening UNIX domain socket. A worker service is generated in the target container. The worker service executes the binary in the target container. A return exit code associated with the executed binary is received and sent to the client container using the UNIX domain socket.

Abstract: Embodiments of the present invention are directed to methods, apparatuses, computer readable media and systems for securely processing remote transactions. One embodiment of the invention is directed to a method of processing a remote transaction initiated by a mobile device. The method comprises receiving, by a mobile payment application on a secure memory of the mobile device, transaction data from a transaction processor application on the mobile device. The method further comprises validating that the transaction processor application is authentic and in response to validating the transaction processor application, providing encrypted payment credentials to the transaction processor application. The transaction processor application further initiates a payment transaction with a transaction processor server computer using the encrypted payment credentials.

Abstract: A security driver loads early in the boot process for a compute instance and detects processes that are subsequently launched. The detected processes can be recorded, and then scanned with any suitable malware scanning tool(s) once a user mode is available on the compute instance. After the operating system is installed and a user mode is available, other scanning tools may also be deployed (e.g., in the user mode) to augment security of the compute instance.

Abstract: Systems, devices, and techniques for service authorization are described. A described device includes a transceiver to communicate with an authorization server, and a processor. The processor can set an authorization timer for a first time period based on obtaining an authorization from the authorization server, and activate device features for a duration of the first time period. The processor can receive from the authorization server an authorization message that includes an authorization key hash based on a shared secret key and a server timestamp, determine a local key hash based on the shared secret key and a local timestamp, set the authorization timer for a second time period based on the authorization key hash matching the local key hash, and maintain an activation of the features for a duration of the second time period.

Abstract: The invention provides, in some aspects, a system for implementing a rule derived basis to display anonymized image sets. In various embodiments of the invention, users with the appropriate permission can launch a function inside a system in order to anonymize and export the currently loaded study or studies, or one or more studies identified by a search criteria. The data from the studies that were identified is then anonymized on the system using predefined rules. In an embodiment of the present invention, the data from selected studies is anonymized on a server, and only then transmitted to another network device thus minimizing the risk that protected health information can be inadvertently disclosed. In an alternative embodiment of the present invention, the data from selected studies is anonymized on a server, and only the anonymized data is stored to the hard disk or other media of a user viewing the study.

Abstract: A circuit device includes an image processing circuit and a comparison circuit. The image processing circuit performs a first mapping process and a first rotation process on an input image to generate an image for a head up display. The image processing circuit performs, on an image, a second mapping process that is a reverse mapping process of the first mapping process and a second rotation process that is a reverse rotation process of the first rotation process to generate an image. The comparison circuit performs a comparison between the image and the image and outputs a result of the comparison as information for detecting an error in the image.

Abstract: An electronic access control system and method comprising a computer platform product configured to enable an integrated end-user interface for administration and control of disparate wireless security locking devices from multiple vendors. Embodiments of an electronic access control system and method may incorporate a predefined data routing routine to enable support of a variety of devices and products from different manufacturers. An instance of computer program product executing on a mobile electronic device may process a predefined data structure for device interfacing without the need to exchange proprietary information with the device. Exemplary embodiments may incorporate multiple levels of a secured method for defining multivendor applications and connected devices. An application and/or application interface may enable an end-user to integrate one or more vendor specific software systems for the management of multiple electronic access control devices within a single integrated platform.

Abstract: Systems, devices, apparatuses, components, methods, and techniques for building customized media programs for a specified duration are provided. An example media-playback device for generating customized media programs for a route to a specified duration includes a user preferences engine to determine a user's listening preferences, a duration engine to determine a duration of the route, and a duration-based media program engine for building a playlist of news and entertainment media content based on the duration of the route and the preferences of the user.

Abstract: Disclosed are a system and techniques for identity and electronic signature verification that utilizes blockchain technology. An enterprise system enables computing devices to engage the enterprise and prospective users for the purposes of executing a document or a smart contract. Users may obtain a computer application from an enterprise system and may utilize the computer application to retrieve a document or select a smart contract. The identity of all users who execute the document may be verified based on an authentication by a trusted independent system. Information related to the respective signers, the document or smart contract, and the authentication may be stored as transactions in a blockchain. The transactions may be stored in the blockchain under a user's address, a document or smart contract address, or a digital wallet, if available.

Abstract: A plurality of dice having at least a first die and a second die. The first die can generate a measure of the first die using a cryptographic algorithm, a public key and a private key, and a digital signature according to the measure and the private key. The digital signature can include a digest encrypted by the private key. The digest can include the measure. The first die can communicate the measure, the digital signature, and the public key to the second die. The second die can store a validation code representative of a measure of the first die and validate the digital signature using the public key as well validate the measure by comparing the measure to the validation code.

Abstract: A specialized apparatus for recording medical transactions designed to protect patient privacy when necessary to record private biometric individual data. The mechanisms and proprietary methods scramble the biometric data within the recording device, unrecoverable when leaving recording device with high assurance, yet an audit copy can forward to outside permanent storage and systems.