Abstract: Embodiments of the present invention include determining whether a cryptographic certificate can be trusted. A cryptographic certificate is received at a client device. The client device performs a first check on a first set of attributes of the cryptographic certificate. In addition, the client device sends the cryptographic certificate to a central verification server, which performs a second check on a second set of attributes of the cryptographic certificate. In the case that the first set of attributes passes the first check, and the second set of attributes passes the second check, the client device determines that the cryptographic certificate can be trusted.

Abstract: Provided are a computer program product, system, and method for detecting potentially malicious code in a host system accessing data from a storage. A trap storage unit is configured for data in the storage and the trap storage unit is indicated as a trap. Storage units are configured for data in the storage that are not indicated as a trap. A request is received to access the trap storage unit from a process executing in a host system. Notification is returned to the host system that the process requesting to access the trap storage unit is a potentially malicious process.

Abstract: Techniques and mechanisms for secure management of network device configuration and audit are provided. A configuration blockchain is received by a first network device of a plurality of network devices. Additionally, the first network device analyzes the configuration blockchain to identify a plurality of configuration records associated with a second network device of the plurality of network devices. For at least one respective configuration record of the plurality of configuration records, the first network device determines a respective configuration change reflected in the at least one respective configuration record, and implements the respective configuration change on the first network device.

Abstract: Techniques for implementing a “volatile” user ID are described. A system receives first input audio data and determines first speech processing results therefrom. The system also determines a first user that spoke an utterance represented in the first input audio data. The system establishes a multi-turn dialog session with a first content source and receives first output data from the first content source based on the first speech processing results and the first user. The system causes a device to present first output content associated with the first output data. The system then receives second input audio data and determines second speech processing results therefrom. The system also determines the second input audio data corresponds to the same multi-turn dialog session. The system determines a second user that spoke an utterance represented in the second input audio data and receives second output data from the first content source based on the second speech processing results and the second user.

Abstract: The present embodiments provide an environment where a user first creates or imports a document comprising of fields to be completed by one or more users. All users who have view-only access or can act on a document are considered to be “in the workflow.” All users in the workflow (except view-only users) can take actions in the document by editing, adding or entering values or signatures in those fields. When the document is complete, a computing device adds an encrypted token visualization element to the document that uniquely identifies and secures the document. Thereafter, a copy of the original document, all attachments, authentication, security and validation information, and all other relevant information about the document and users will be available to view in the chain of custody and audit trail by the authorized users by scanning the token visualization element within the platform (web application or mobile application).

Abstract: Technologies for providing certified telemetry data indicative of resource utilizations include a device with circuitry configured to obtain telemetry data indicative of a utilization of one or more device resources over a time period. The circuitry is additionally configured to sign the obtained telemetry data with a private key associated with the present device. Further, the circuitry is configured to send the signed telemetry data to a telemetry service for analysis.

Abstract: A method for generating a fourth color transform is disclosed, wherein said fourth color transform transforms an original picture into a target color graded version of said original picture.

Abstract: Systems and methods are described for verifying whether simulated phishing communications are allowed to pass by a security system of an email system to email account of users. The delivery verification campaign may be configured to include the selection of the one or more types of simulated phishing communications from the plurality of types of simulated phishing communications. The selected one or more types of simulated phishing communications of the delivery verification campaign may be communicated to one or more email accounts. It is determined whether or not each of the one or more types of simulated phishing communications was allowed by the security system to be received unchanged at the one or more email accounts.

Abstract: Systems and methods for encryption and authentication are disclosed. A system receives a document request over a network from a first computer system, the document comprising a plurality of fields configured to receive input data. The document is transmitted to the first computer system. Context data and the document, including field input data, are received from the first computer system. An encryption key is generated and used to encrypt the document field input data and the context data. A payload is generated including the encrypted document field input data, the encrypted context data, and a non-encrypted identifier linked to the key. The payload and an image of the document are provided to a second computer system. The document image is viewable using a portable document format viewer. A decryption key request including the identifier linked to the key is received. The decryption key is provided to the second computer system to decrypt the encrypted field input data and the encrypted context data.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for identifying copyrighted material based on embedded copyright information. One of the methods includes generating, by a computing device, a timestamp indicating a time at which an update to a text segment within the textual content is performed to provide an updated text segment; generating, by the computing device, a unique identifier (ID) based on the timestamp and copyright information associated with the textual content, wherein the timestamp, the textual content, the updated text segment, and the copyright information are recorded on a blockchain of a blockchain network; and embedding, by the computing device, the unique ID in at least a portion of the updated text segment to provide an information-embedded updated text segment that enables retrieval of the copyright information associated with the updated text segment from the blockchain based on the unique ID.

Abstract: Disclosed are an abnormality detection method, a network video recorder (NVR) and a video server. The method includes: an NVR receiving first keep-alive information from a front-end apparatus, the first keep-alive information carries first verification information, and the first verification information is generated according to a process run by the front-end apparatus while sending the first keep-alive information; the NVR carrying the first verification information in second keep-alive information, and sending the same to the video server; the video server determining, according to the first verification information and second verification information of the front-end apparatus, whether an abnormality has occurred in the front-end apparatus, the second verification information is generated according to a process run by the front-end apparatus in a normal operation status.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed for delivering extended payloads with composite watermarks. An example watermark encoder includes an first watermark embedder to embed a first watermark into a media stream in accordance with a first watermark technology, the first watermark including a first indicator bit and a first payload and a second watermark embedder to embed a second watermark into the media stream in accordance with a second watermark technology, the second watermark including a second indicator bit and a second payload, the first indicator bit and the second indicator bit to indicate whether the first payload and the second payload are to be combined when the first watermark and the second watermark are decoded.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for managing blockchain-based centralized ledger systems. One of the methods includes: receiving timestamps and associated signatures from an independent trust time server associated with a trust time authority by a centralized ledger server in a centralized ledger system, storing the timestamps and the associated signatures in a centralized trust timestamp blockchain that stores trust timestamp information of the trust time server for the centralized ledger system that stores data in blockchains each including a plurality of blocks, receiving a timestamp request for a block of a blockchain from a ledger server associated with the blockchain by the centralized ledger server, and transmitting a timestamp and associated signature that is stored in the timestamp blockchain and corresponds to the timestamp request to the ledger server by the centralized ledger server.

Abstract: Systems, computer-implemented methods, and non-transitory machine-readable storage media are provided for detecting recapture attacks of images. One method comprises extracting one or more features from an image captured by a device; applying the one or more features as input to a trained machine learning model, wherein the trained machine learning model outputs a first score based on the extracted features; obtaining metadata of the image; performing a statistical analysis of the metadata of the image; generating a second score based on the statistical analysis of the metadata of the image; and generating a probability that the image is a recapture of an original image based on the first score and the second score.

Abstract: The present invention is a system and method for detecting malicious use of a company email.

Abstract: An apparatus for use in a digital messaging system includes a storage device and a processor coupled to the storage device. The storage device storing software instructions for controlling the processor that when executed by the processor configured the processor to: generate a master private and public key pair; associate the master private and public key pair with a first certificate; and derive at least one domain-specific key from the one of the master private and public key pair. The first certificate is registered to a group comprising a plurality of domains. The domain-specific key is associated with one of the plurality of domains.

Abstract: An example operation may include one or more of creating a source file, segmenting the source file into source file segments, creating a number of auxiliary data segments corresponding to source file segments, performing a chameleon hash of the source file segments and the auxiliary data segments, obtaining a source file signature from the chameleon hash, performing a cryptographic hash of the auxiliary data segments, obtaining an auxiliary data signature from the cryptographic hash, and storing the source file and cryptographic signatures to a shared ledger of a blockchain network. Each auxiliary data segment includes a random string of data that is generated based on a corresponding source file segment.

Abstract: An encoding device sets a region of interest corresponding to an input image, and prepares, as an intermediate image, data in which the input image is associated with region-of-interest information, designates an embedding position, embeds the region-of-interest information in a pixel value form into the intermediate image in accordance with the embedding position, prepares, as a region-of-interest setting image, data associated with the region-of-interest information, encodes the image by using a predetermined image coding scheme, and outputs an encoded image. A decoding device analyzes a decoded image obtained through decoding, reads the region-of-interest information, prepares, as a region-of-interest information read image, data in which the decoded image is associated with the region-of-interest information, applies a post-filter on the basis of the region-of-interest information read image, and outputs a post-filtered image.

Abstract: Authenticated base digital document(s) are issued to client(s) by an issuing party, and aggregate digital document(s) are received. An aggregate digital document includes base digital document(s) and attachment(s). Authenticity of the aggregate digital document(s) is verified, resulting in authenticated aggregate digital document(s), which are stored and/or redistributed. Authentication challenge(s) are sent by a verifying party to a client requesting part or all of an aggregate digital document from the client be verified. The part or all of the aggregate digital document is received and authenticity and integrity are verified, resulting in an authenticated aggregate digital document. The client verifies authenticity of a base digital document and receives the authentication challenge(s) for an authenticated aggregate digital document and sends part or all of the authenticated aggregate digital document to the verifying party for verification by the verifying party.

Abstract: Content conversion verification, includes: converting, at a first computer system, an original content file to a target format, generating a converted content file in the target format; generating a checksum for the converted content file; and sending the original content file and the checksum to a second computer system. Key words include content verification and checksum.

Abstract: Pseudonym digital certificates (160p) are generated for devices (110/150) by a Pseudonym Certificate Authority (PCA), which communicates with devices via another entity—registration authority (RA)—so that the PCA and RA cannot associate certificates with devices. Each certificate is associated with a public signature key, and with a public encryption key used by PCA to encrypt the certificate to hide it from the RA. Both keys are derived by PCA from a single key. For example, the signature key can be derived from the public encryption key rather than generated independently. However, high security is obtained even when the PCA does not sign the encrypted certificate. Reduced bandwidth and computational costs are obtained as a result. Other embodiments are also provided.

Abstract: A security accelerator device stores a first credential that is uniquely associated with the individual security accelerator device and represents a root of trust to a trusted entity. The device establishes a cryptographic trust relationship with a client entity that is based on the root of trust, the cryptographic trust relationship being represented by a second credential. The device receives and store a secret credential of the client entity, which is received via communication secured by the second credential. Further, the device executes a cryptographic computation using the secret client credential on behalf of the client entity to produce a computation result.

Abstract: Described processes include: determining portions of instances of a cryptographic token to be allocated to record providers, like providers of an asset indicated by a record, wherein: the portions are determined based on network effects associated with the records the record provider supplied on performance of a computer-implemented network in which both record providers and record consumers participate, patterns indicative of inorganic consumption may be determined from one or more of interactions of individual consumers, interactions of collections of consumers, or consumer interactions in the aggregate for a given provider or record; and the effects on network performance are adjusted responsive to designation of one or more entities as exhibiting inauthentic behavior; and appending to a distributed ledger, records indicating the respective portions, and adjustments, are allocated to record providers.

Abstract: A circuitry is configured to calculate a measured average value based on measured current values obtained in a target period for determination, and determine whether a memory device is an authorized or an unauthorized product, based on a comparison result between a measured average value and a reference average value.

Abstract: A method for providing an authentication service by using a decentralized identity (DID) application of a first user device, a mobile device, is provided. The method includes steps of: (a) if a signature verification value is transmitted from a service provider server in response to a DID service requested by a second user device, a DID authentication server transmitting the signature verification value to the DID application so that the DID application transmits a user signature and a user DID to the DID authentication server, and (b) verifying the user signature by using a user public key and transmitting signature verification result information to the service provider server, or transmitting the user signature and the user DID to the service provider server, to allow the service provider server to verify the user signature by using the user public key, to thereby provide the DID service to the second user device.

Abstract: Disclosed herein are devices, methods, systems, and apparatus, including computer programs encoded on computer storage media, for managing trust points in ledger systems. One of the methods includes obtaining a request for establishing a trust point for a specified record in a series of records in a ledger system, determining whether the specified record is a candidate trust point that is trustworthy traceable to a preceding trust point, if so, determining whether the specified record is a timestamp record including trust timestamp information from a trust time server, in response to determining the specified record is not a timestamp record, identifying a timestamp record adjacent to the specified record, determining whether the timestamp record is trustworthily traceable to the specified record, and in response to determining the timestamp record is trustworthily traceable to the specified record, marking the timestamp record to be the trust point in the series of records.

Abstract: The method, computer system, and computer program product for using a key management server to protect visible content. The method, computer program product, and computer system may include a key management server which may receive, from an encryption device, an identification of one or more portions of clear information visible on a physical document. The key management server may receive, from the encryption device, one or more permission parameters. The permission parameters may include a time duration parameter, a location parameter, a start and end time parameter, or a device identification parameter. Further, the key management server may receive, from a decryption device, a request to access a portion of the clear information. The key management server may transmit, to the decryption device, information permitting access to the portion of clear information.

Abstract: A non-volatile memory is organized in pages and has a word writing granularity of one or more bytes and a block erasing granularity of one or more pages. Logical addresses are scrambling into physical addresses used to perform operations in the non-volatile memory. The scrambling includes scrambling logical data addresses based on a page structure of the non-volatile memory and scrambling logical code addresses based on a word structure of the non-volatile memory.

Abstract: A method includes storing basic input/output system (BIOS) firmware instructions at a first flash memory device included at an information handling system. The BIOS firmware includes an initial boot block. BIOS data is stored at a second flash memory device. A baseboard management controller validates instructions included at the initial boot block.

Abstract: Provided is a method for presenting images with embedded links for multi-channel redemption in a user interface. The method includes displaying an image including a first selectable portion and a second selectable portion, wherein a first link is embedded in the first selectable portion and points to a portal under control of a transaction handler, the first link identifying an offer for a merchant including at least one condition, and wherein a second link is embedded in the second selectable portion and points to the merchant. The method further includes, in response to a user selecting the first selectable portion of the image and following the first link, identifying, by the transaction handler and/or the portal, the user and an account of the user, and associating, by the transaction handler and/or the portal under control of the transaction handler, the offer with the account of the user.

Abstract: A method includes: generating, based on a hash function using at least one input including first data, a first digest; storing the first data in a memory; reading the first data from the memory; generating, based on the read data, a second digest; comparing the first digest and the second digest; and determining, based on comparing the first digest and the second digest, whether the read data is corrupted.

Abstract: The present disclosure concerns an electronic device configured for generating a control signal for controlling another device in a secured fashion when receiving a command signal from a mobile device, the electronic device being further configured for generating and storing a set of keys that are used for encrypting the command signal between the electronic device and the mobile device, each key being used only once. The present disclosure further pertains to a method for generating the control signal in a secured fashion in accordance with the command signal using the electronic device.

Abstract: Systems and methods for managing data stream identity are provided. Ownership information regarding a data stream may be analyzed to identify at least one owner. The data stream may be filtered to identify at least one portion that is associated with the identified owner. A unique identifier may be assigned to the identified portion. The identified portion may be stored in memory in association with the assigned unique identifier and information regarding the identified owner. Access to the identified portion may be controlled based on settings set by the identified owner.

Abstract: In one or more embodiments, one or more systems, methods, and/or processes may determine multiple digital signatures of respective multiple portions of information handling system firmware that is stored in a non-volatile memory medium of an information handling system; may determine that the multiple digital signatures match respective multiple stored digital signatures; may receive contents of a complex logic device of the information handling system; may determine a digital signature of the contents of the complex logic device; may determine that the digital signature of the contents of the complex logic device does not match a stored digital signature associated with the complex logic device; and, in response to determining that the digital signature of the contents of the complex logic device does not match the stored digital signature associated with the complex logic device, may program the complex logic device with a complex logic device firmware image.

Abstract: Systems, methods and techniques for automatically recognizing two-dimensional real world objects with an augmented reality display device, and augmenting or enhancing the display of such real world objects by superimposing virtual images such as a still or video advertisement, a story or other virtual image presentation. In non-limiting embodiments, the real world object includes visible features including visible security features and a recognition process takes the visible security features into account when recognizing the object and/or displaying superimposed virtual images.

Abstract: A set of certificates are received at a gateway device from a management server, where each one of the certificates was generated by the management server upon determination that the gateway device is associated with a respective wireless sensing device (WSD). The gateway device receives from a first WSD an advertisement message indicating it is available for connecting to a gateway device. In response to confirming based on a first certificate of the set of certificates associated with the first WSD, that it is authorized to connect to the WSD, the gateway device transmits to the first WSD the first certificate and an identifier of the gateway device for enabling authentication of the gateway device at the WSD. The gateway device receives data from the first WSD, upon confirmation at the WSD that it is authorized to connect with the gateway device.

Abstract: The present disclosure discloses a method for operating an expansion of a measuring transducer of process automation technology, comprising at least the steps: Starting the measuring transducer by starting its operating software; connecting the extension to the measuring transducer; establishing data communication between extension and measuring transducer, wherein the extension and the measuring transducer form an asymmetric cryptosystem; and the extension interacts with the measuring transducer.

Abstract: The present disclosure provides a method of synchronizing an online game, and a server device, that do not require centralized information management, reduce the processing burden on each device during online communication, and allow for continuation of processing in an offline environment. A method, according to the present disclosure, of synchronizing an online game that allows for transmission and reception of information related to game processing between a first client terminal and a second client terminal via a server includes: receiving, from the first client terminal connected online, first information related to game processing on the first client terminal; determining whether the first information is information that determines a game status; and storing the first information on the server and transmitting the first information to the second client terminal when the first information is determined to be information that determines the game status.

Abstract: Apparatus and methods are provided for post-recording, pre-streaming, pre-storing, video filtering and processing of personally-identifiable information (“PII”). The system may include a video recording device operable to record videos. The system may include a machine-learning, artificially-intelligent filtering module. The filtering module may receive recorded videos from the video recording device. The filtering module may analyze the recorded video to identify PII included in the recorded videos. The filtering module may delete the identified PII. The filtering module may enable streaming of the recorded video absent the PII. The system may include a streaming module. The streaming module may stream the video to a physical storage medium. The system may include a storage medium. The storage medium may receive the recorded streamed video absent the PII.

Abstract: The circuitry is configured to determine whether an appurtenance device is an authorized or an unauthorized product, based on a comparison result between a measured current value pattern produced for a predetermined period and a reference current value pattern obtained in advance for the predetermined period.

Abstract: Systems, methods, and apparatuses can protecting a secret on a device with limited memory, while still providing tamper resistance. To achieve the lower memory usage, embodiments can apply a memory-hard function MHF to the secret S to obtain a result Y, which can be used in an encoding process to obtain a code C. After applying the MHF, a prove function can generate a proof value that is used in a decoding (e.g., a verification of computation process) of the code C. The code C can include the proof value, the secret S, and the result Y, and can be sent to a decoding device that verifies the code C as part of a decoding process.

Abstract: A process distributing video streams to a plurality of addressees, comprising a marking step comprising adding at least one visual element to a video stream, which marking step is applied to an original video stream common to all the addressees and which is personalized for each addressee by addition of a visual element specific to the addressee that allows rapid visual identification of the addressee, wherein the added visual element replaces part of the original video stream that is stored in complementary information on a multimedia server.

Abstract: Introduced here are technologies for securely booting a network access device or a satellite device. A network-accessible server system may receive a boot request that includes a boot certificate to identify the network access device. The network-accessible server system may determine that the boot certificate corresponds with a verified boot certificate listed on a boot certificate registry. The network-accessible server system may determine that a geographical location of the network access device and a mobile application executing on an electronic device are within a predetermined range. The network-accessible server system may distribute a digital certificate to the network access device based on determining that the boot certificate corresponds with any verified boot certificate listed on the boot certificate registry and determining that the geographical location of the network access device and the mobile application executing on the electronic device are within the predetermined range.

Abstract: Firmware can be built to be capable of generating and outputting trace data, during execution, to assist in debugging firmware problems without substantially slowing operation of the firmware and without potentially disclosing secret information associated with the firmware. The firmware (e.g., BIOS) can output hash digests of various modules within the firmware, which can be compared with a pre-established mapping table to identify modules that successfully completed or did not successfully complete during execution of the firmware, such as during a startup procedure. The hash digest can be a one-way hash, which can be rapidly executable during operation of the firmware and can keep the code of the modules hidden from unauthorized reverse engineering.

Abstract: Systems and methods facilitating electronic signatures (E-Signatures) are provided. Multiple E-Signatures can be provided to electronic documents through a simple command, such as a selection of a single graphical element. A user's signatures, initials, or other identifier can be added to the electronic document in the appropriate fields upon receipt of the appropriate command or command set from the user.

Abstract: Provided are a method and an apparatus for detecting door image using machine learning algorithm that can easily detect a door image from a design drawing. The method for detecting a door image using a machine learning algorithm includes extracting a plurality of element images from the drawing; filtering the extracted element images using at least one of the size of the image and the number of right angle components; obtaining histogram information projected on the basis of a specific axis with respect to each of the filtered element images; and detecting at least one door image of the filtered element images by using the obtained histogram information as a feature information.

Abstract: A program execution device capable of protecting a program against unauthorized analysis and alteration is provided. The program execution device includes an execution unit, a first protection unit, and a second protection unit. The execution unit executes a first program and a second program, and is connected with an external device that is capable of controlling the execution. The first protection unit disconnects the execution unit from the external device while the execution unit is executing the first program. The second protection unit protects the first program while the execution unit is executing the second program.

Abstract: Systems and methods are provided for decoding secure tags using an authentication server and secure tag reader. The system can include at least one processor and at least one non-transitory memory. The memory can contain instructions that, when executed by the at least one processor, cause the secure tag reader to perform operations. The operations can include detecting a potential secure tag in an image and generating a normalized secure tag image using the image and a stylesheet. The operations can further include providing an identification request to an authentication server, the identification request including the normalized secure tag image. The operations can additionally include receiving rules for decoding tag data encoded into the secure tag as tag feature options and decoding the tag data using the received rules.

Abstract: Provided is an information processing apparatus capable of combining the addition of a plurality of items in an original file in various forms, and outputting the file. A storage unit correlates additional content identification information for identifying additional content that is content added to the original file or content after change; additional content manager information for identifying a manager of the additional content; and add location identification information for identifying a location where the additional content is to be provided in the original file with the additional content and stores the information. A control unit provides the additional content that is extracted from a file other than the original file based on the additional content identification information, or that is acquired from the manager based on the additional content manager information to the original file based on the add location identification information, and causes the file to be outputted as the output target file.

Abstract: Apparatus, systems and methods for agile network isolation through use of packet level non-repudiation (PLNR) are provided. Using a fast cryptography to verify that incoming packets are undeniably being received from the identified source, real-time attack notifications can be independently verified and shared among the network devices to remove compromised nodes from the network. The ability to collaborate among nodes without trust may be achieved via PLNR, to share attack notifications in real-time may be achieved via Telling Attack Layer (TATL), and to establish the identity of an attack in a permanent and binding way may be achieved via DISCOvery (DISCO).