Abstract: Systems, computer products, and methods are described herein for an improved secure certificate system that utilizes multiple digital signatures, and in some cases multiple public keys within one or more certificates. The improved secure certificate systems allows for additional security by having multiple certification authorities validate the organization as the owner of the organization application (e.g., website, dedicated application, or the like), as well as allowing for the use of the multiple digital signatures and/or certificates to provide seamless verification of the organization application should one or more of the digital signatures and/or certificates become compromised. Moreover, security may be improved by utilizing multiple public keys to encrypt a session key for use in sending and receiving data.

Abstract: A system includes one or more processors to receive a registration request, the registration request comprising a representation of a username and a password, verify the username and the password and transmit a one-time-use password, receive the one-time-use password and first device identifier information from a mobile computing device, receive an access request from the mobile computing device comprising the representation of the username and the password, second device identifier information, and application key information, verify the username, the password, the second device identifier information, and the application key information, and transmit a token to the mobile computing device, and receive a resource request from the mobile computing device comprising the token and third device identifier information.

Abstract: A method, computer program product, and computer system for identifying potential social engineering activity associated with one or more communications on a first communication channel of a plurality of communication channels. Restriction of at least partial access to at least a second communication channel of the plurality of communication channels may be requested based upon, at least in part, the identification of the potential social engineering activity associated with the one or more communications on the first communication channel.

Abstract: Provided are an electronic stamp system for security intensification, a control method thereof, and a non-transitory computer readable storage medium having a computer program recorded thereon. According to the invention, it is possible to generate an encrypted value based on a membership ID related to a user of a terminal provided from the terminal and an one-time password such as an OTP generated in the electronic stamp and provide the generated encrypted value to the terminal in the electronic stamp, provide the membership ID, electronic stamp information, and the encrypted value to an electronic stamp server from the terminal, and obtain a decryption key based on the electronic stamp ID extracted from the electronic stamp information and then decrypts the encrypted value based on the obtained decryption key, and verify authenticity of the electronic stamp by comparing the decrypted value and the membership ID in the electronic stamp server.

Abstract: Disclosed is improved technology for authenticating electronic images and storing proof of tampering or non-tampering on the blockchain. An image authentication application of a user device may generate an image. The user device may generate an image hash of the image using a hash function. The image hash may be written to the blockchain. This may occur immediately after the image has been taken. The user device may upload the image to an authentication server, which authenticates the image. At various times, such as after receipt, during authentication, and/or after authentication, the authentication server may generate an image hash of the image using the hash function. The authentication server may write the image hash(es) to the blockchain. As such, a state of the image at various times may be recorded on the blockchain to determine whether or not the image has been tampered with between various times.

Abstract: Systems, computer products, and methods are described herein for an improved secure certificate system that utilizes multiple digital signatures, and in some cases multiple public keys within one or more certificates. The improved secure certificate systems allows for additional security by having multiple certification authorities validate the organization as the owner of the organization application (e.g., website, dedicated application, or the like), as well as allowing for the use of the multiple digital signatures and/or certificates to provide seamless verification of the organization application should one or more of the digital signatures and/or certificates become compromised. Moreover, security may be improved by utilizing multiple public keys to encrypt a session key for use in sending and receiving data.

Abstract: A method may include establishing a connection with a physical device, by a device. The method may include receiving information identifying the physical device, by the device. The method may include determining physical device information based on receiving the information identifying the physical device, by the device. The physical device information may be a description of the physical device. The method may include generating a set of model elements based on the physical device information, by the device. The set of model elements may include program code associated with simulating a behavior associated with the physical device. The method may include associating the set of model elements with a device model corresponding to the physical device, by the device.

Abstract: A method of operation of an automated assembly system includes: detecting a socket adapter having an adapter identifier and an adapter cryptographic chip; calculating a primary key hash based on a primary key in a programming cryptographic chip; calculating an adapter hash based on the adapter identifier using the adapter cryptographic chip; matching the primary key hash to the adapter hash to update an authentication token with the adapter identifier for authenticating the socket adapter on the device programming system; and programming programmable devices in the socket adapter based on the authentication token.

Abstract: A data processing apparatus includes a memory storing a program and a processor configured to execute the program to implement a process of reading signed data including a predetermined number (n) of secret sharing data sets generated for each section of time series data and a signature value calculated for the each section of time series data based on a secret sharing protocol. The n secret sharing data sets include n units of data acquired from each section of time series data and parameter information for a polynomial of a predetermined degree calculated based on the acquired n units of data. The processor further implements processes of acquiring the predetermined degree, and editing the signed data by extracting a specific number of the secret sharing data sets from the n secret sharing data sets for the each section of time series data according to the acquired predetermined degree.

Abstract: A device is provisioned and authorized for use on a network. The device may be required to generate a cryptographic key and provide a digital certificate the cryptographic key, a hardware identifier, and attribute information to an authorization host as part of the provisioning process. The authorization host may use attribute information to determine whether to authorize the device for use on the network, and whether the generated cryptographic key should be trusted for use on the network.

Abstract: In general, one innovative aspect of the subject matter described in this specification may be embodied in methods that include verifying a digital identification using visual indicators displayed to an authorized user. For instance, the visual indicators may be a set of graphical representations that are variably selected to be displayed on the digital identification. The visual indicator information may be provided to the authorized user to enable verification of the digital identification without any additional detector devices.

Abstract: Generally discussed herein are systems, devices, and methods for entwined encryption and error correction and/or error detection. An entwined cryptographic encode device can include a memory including data indicating a set of relatively prime, irreducible polynomials stored and indexed thereon, entwined encryption encoding circuitry to receive data, transform the data to a set of data integers modulo respective polynomial integers representative of respective polynomials of the polynomials stored on the memory, and perform a Da Yen weave on the transformed data based on received cipher data, and provide the weaved transformed data to a medium.

Abstract: A method of protecting a network-connected device from an advanced persistent threat cyber-attack is provided. A network-connected device having an operating system, a memory, memory instructions holding executable program instructions, and being communication enabled, is protected from an advanced persistent threat by steps of detecting the advanced persistent threat due to the presence of rogue software in the memory instructions of the network-connected device and locking-down the communications of the network-connected device. The network-connected device may be provided with low-level routines that are correlated to the memory instructions. Detecting the advanced persistent threat may be comprised of authenticating the memory instructions of the network-connected device by using the installed low-level routines.

Abstract: A method may include, in a computing device comprising at least one processor and a memory, generating at least one information beacon from each of a plurality of applications installed on the computing device. Each information beacon may include application analytics data associated with a corresponding application while the corresponding application is running on the computing device. The at least one information beacon from each of the plurality of applications may be stored in a common location in the computing device. The stored at least one information beacon may be dispatched from each of the plurality of applications to a network device communicatively coupled to the computing device. The generating may be triggered by beacon generation code implemented in each of the plurality of applications installed on the computing device.

Abstract: A system including: at least one processor; and at least one memory, having stored thereon computer program code that, when executed by the at least one processor, controls the at least one processor to: receive a first sequence of values; segment the first sequence of values into a first subsequence having a first length and a second subsequence having a second length; modify the first subsequence by inserting one or more values into the first subsequence to create a modified first subsequence of a third length; modify the second subsequence by one or more inserting values into the second subsequence to create a modified second subsequence of the third length; combine the modified first subsequence and the modified second subsequence to create a second sequence of values; and output the second sequence of values.

Abstract: A protective case includes a shell for receiving and at least partially covering an electronic device. The shell includes a first material and has a back portion and side portions extending from the back portion. The back portion is configured to be adjacent to the back surface of the electronic device when the electronic device is installed. The case also includes a core comprising a second material having a magnetic permeability substantially greater than a magnetic permeability of the first material. The core is affixed to the back portion of the shell at a location that coincides with a center region of the wireless charging coil of the wireless charging circuitry of the installed electronic device. The core increases magnetic coupling between the wireless charging coil of the installed electronic device and a source charging coil when the protective case is placed in proximity to the source charging coil.

Abstract: A method for generating a message signature intended to be validated by a verifier server. A client device is configured to hold a private key and a corresponding public key. The method includes offline pre-computation by a hardware security module of a signature token, a result of encryption using a homomorphic encryption function, storage of the signature token generation of the signature of the encrypted message by the homomorphic encryption function from the result of the encryption by the homomorphic encryption function of the private key stored by the client device, of the signature token and of the message. The signature is intended to be validated by the verifier server by the public key.

Abstract: Techniques to block unwanted third party calls are disclosed. In various embodiments, an indication is received that third party code included on a web page is attempting to write to the web page content associated with an unauthorized third party call. The unauthorized third party call is blocked. In some embodiments, the unauthorized third party call is blocked by blocking the web page content associated with the unauthorized third party call from being written to the web page.

Abstract: In a general aspect, a supersingular isogeny-based cryptography process is performed. In some aspects, a first generator point is computed based on a secret integer of a first entity and a pair of elliptic curve points defined by a supersingular isogeny-based cryptosystem. An image curve is computed based on the secret integer, and a shared secret value is computed based on the image curve. An encrypted generator point is computed from the first generator point and the shared secret value. A public key of the first entity is sent to a second entity to enable the second entity to compute the shared secret value. The encrypted generator point is sent to the second entity to enable the second entity to validate the public key of the first entity.

Abstract: A terminal device including a transmitter and circuitry. The circuitry is configured to detect a relay device accessible to the terminal device via a communication network, reproduce content, control the transmitter to transmit the content to the relay device via the communication network, generate a request for the relay device to send a query in accordance with the content to one or more of a plurality of servers, control the transmitter to transmit the request to the relay device via the communication network, and acquire a response to the request. The response is received via the communication network from the relay device and includes information from the one or more of the plurality of servers responsive to the query. The circuitry is configured to acquire, responsive to the acquired response, an application. Further, the circuitry is configured to execute the application to display additional information corresponding to the content.

Abstract: A method (400, 500) of advertising. The method can include communicating to a client (106) a hyperlink corresponding to a virtual world (300) and associating with the hyperlink an identifier corresponding to an advertisement (302) to be presented to a user (108) in the virtual world during a user session. The method also can include identifying an identifier (114) corresponding to an advertisement to be displayed in a virtual world during a user session in response to receiving a request (116) from a client identifying a uniform resource identifier corresponding to the virtual world, and presenting the advertisement within the virtual world during the user session. A method (600) of providing financial incentives for advertising can include receiving an advertising activity indicator (120, 122) and processing the advertising activity indicator to determine financial incentives to be provided to an entity associated with the website.

Abstract: An information code is provided as a light transmissive object in which an information code is formed. When visible light is radiated to the object, the object maintains its light transmissive state, with no presentation from an information code in the object. Light of a first wavelength band, which differs from the visible light, is radiated to the object, the information code produces an image on light of a second wavelength band which differs from the first wavelength band. From an information code reader, the light of the first wavelength band is radiated to the information code medium, during which the light of the second wavelength band from the code is received by the reader. Based on reception results of the light of the second wavelength band, the information code is decoded. By way of example, decoded results are used to determine if the information code is authentic.

Abstract: A method and system for graduated security in an identity management system utilize differing levels of time sensitivity, channel security and authentication security to provide a multi-dimensional approach to providing the right fit for differing identity requests. The differing levels of security can be selected by user preference, membersite request or homesite policy.

Abstract: A client establishes a cryptographically protected communications session with a server. To detect a man-in-the-middle, the client echoes information about a certificate purportedly received from the server. The information echoed by the client is digitally signed so as to be verifiable by the server without any cryptographic key used in the cryptographically protected communications session or its establishment, thereby rendering the echoed information unmodifiable by a man-in-the-middle without invalidating the signature. The server can therefore verify both the echoed information and the digital signature to determine whether it has established a cryptographically protected communications session with the client or with a man-in-the-middle purporting to be the client.

Abstract: An image transmitting apparatus is provided that automatically displays an address before transmission if a user gives an instruction for adding a mark such as “CONFIDENTIAL” or “IMPORTANT”. The image transmitting apparatus of the present invention is the image transmitting apparatus transmits image data to a specified address includes an image adding portion that adds a predetermined specific image to the image data in accordance with a user's operation, wherein displays a specified address of image data before transmitting the image data to which it is indicated to add the specific image and transmits the image data with the specific image added in accordance with a user's confirming operation.

Abstract: An anti-eavesdropping system for mobile phone communication is disclosed, wherein a mobile phone is paired with a Bluetooth headset for voice data encryption and decryption, the Bluetooth headset having a microprocessor unit to perform encryption and decryption of voice data, wherein the Bluetooth headset transmits the encrypted voice data to the mobile phone, and decrypts the voice data from the mobile phone and outputs the decrypted voice data to a speaker.

Abstract: Methods and systems for generating electronic signatures are disclosed. In some embodiments, the method includes: storing pixel features of a signing device; capturing, via an imaging device, a plurality of image frames including the pixel features of the signing device; identifying in the plurality of image frames, by a processor, first pixels matching the stored pixel features of the signing device; generating, by the processor, a first image including the identified pixels; and connecting, by the processor, the identified pixels to form at least one line drawing representing a signature.

Abstract: An original has a first pattern on and a second pattern, and the first pattern and the second pattern include relatively lighter markings within a relatively darker background. The relatively lighter markings appear at a first spacing interval in the first pattern, and at a larger second spacing interval in the second pattern. The first pattern and the second pattern cover and equally block a region of the original from reflecting ultraviolet light. A scanner is only capable of detecting patterns of markings having a spacing interval larger than the first spacing interval, which causes a copy of the original to not include the relatively lighter markings appearing at the first spacing interval. Thus, the copy lacks markings at locations corresponding to where the relatively lighter markings appear at the first spacing interval in the original. The copy reflects the ultraviolet light more where the copy lacks markings.

Abstract: Data acquired, for example by a mobile platform, such as a sequence of images observed by a mobile platform, is grouped. A signature is computed for each group and is transmitted along with frame data to a reception system, which verifies correct transmission based on the group signature. The signature may be a root value of a hash tree that has at least selected ones of each group as inputs. Transmission events may also be separately signed as a whole using an event validation system. Although the signature maybe computed for all frames in a group, it may also be computed based on only a subset, selected pseudo-randomly.

Abstract: In one implementation, a method for providing security on an externally connected controller includes launching, by the controller, a security layer that includes a whitelist of permitted processes on the controller, the whitelist including (i) signatures for processes that are authorized to be executed and (ii) context information identifying permitted controller contexts within which the processes are authorized to be executed; determining, by the security layer, whether the particular process is permitted to be run on the controller based on a comparison of the determined signature with a verified signature for the particular process from the whitelist; identifying, by the security layer, a current context for the controller; determining, by the security layer, whether the particular process is permitted to be run on the controller based on a comparison of the current context with one or more permitted controller contexts for the particular process from the whitelist.

Abstract: A telecommunications device includes an electronic memory to store at least a network address and a random number code, and a sound unit to transmit the network address and the random number code via ultrasonic sound waves. The telecommunications device also includes a network interface to communicate via a data network using the network address and a processor to establish a communication session with another device over the data network based upon receipt of a response from the other device via the data network, the response including at least the random number code. The telecommunications device does not establish the communication session with the other device if the random number code is missing from the response or if the random number code in the response does not match the random number code transmitted in the ultrasonic sound waves.

Abstract: A document signing platform implemented on one or more computers implements a process for capturing data evidencing valid execution of a document. The process comprises: receiving, from an originator computing device, a submission comprising a document to be signed by a signatory; providing the signatory electronic access to the document and to an indication of a set of one or more substantiation actions to be performed; and receiving and recording event data from a signatory device associated with the signatory. The event data includes data associated with affixation of an electronic signature to the document, and additionally includes substantiation event data representing performance of the set of one or more substantiation actions on the signatory device. The process further comprises validating completion of the set of substantiation actions based on the received event data; and generating a certificate of evidence that comprises at least some of the event data.

Abstract: Some embodiments provide a method for a first device to join a group of related devices. The method receives input of a password for an account with a centralized entity and a code generated by a second device in the group. When the second device determines that the code input on the first device matches the generated code, the method receives an authentication code from the second device for authorizing the first device with the entity as a valid device for the account. The method uses the password and information regarding the first device to generate an application to the group. After sending the application to the second device, the method receives information from the second device that enables the first device to add itself to the group. The second device verifies the generated application, and the method uses the information received from the second device to join the group.

Abstract: A method is provided for redirecting signed code images. The method includes the steps of receiving a code image from an origin device at a proxy machine, invoking a code signing client at the proxy machine, receiving signing request information indicating a requested cryptographic operation, sending a code signing request to a code signing server, receiving a signed code image at the code signing client from the code signing server, storing the signed code image in a restricted memory, invoking a software repository client at the proxy machine, and sending the signed code image from the restricted memory location to a software repository.

Abstract: A method for authenticating a data stream includes selecting a number of data fragments of the data stream, defining at least two granularity levels for the selected data fragments, dividing each of the selected data fragments according to the granularity levels, generating a hierarchical authentication structure including elements representing hash values of the divided selected data fragments on the different granularity levels, selecting at least a portion of the hash values of the hierarchical authentication structure for transmission to a receiver, reconstructing the granularity value on the top level of the hierarchical authentication structure based on the transmitted hash values, and performing authentication of the data fragments of the data stream based on comparing the reconstructed value on the top granularity level of the hierarchical authentication structure with the signed value on the top granularity level of the generated hierarchical authentication structure.

Abstract: A digital marking module in a first computer memory receives a data file including original media content. The digital marking module accesses, from a second computer memory, identifying information corresponding to a recipient of the data file. The digital marking module generates altered media content to include the identifying information and substantially include the original media content. The data file with the altered media content is transmitted to a recipient device. The altered media content is received by a digital mark reader. The identifying information corresponding to the recipient of the data file is read from the altered media content.

Abstract: Systems and methods for validating and applying modifications to a policy control function (PCF) of a station. The methods include generating a PCF package including a modification to a PCF, and determining whether the PCF package is to be transmitted to the station by a first or second entity. The methods further include when the PCF package is to be transmitted by the first entity, including a first signature of the first entity in a deliverer field of the PCF package, and when the PCF package is to be transmitted by the second entity, including the first signature in an owner field and a second signature of the second entity in the deliverer field. The methods further include receiving the PCF package from the first or second entity, determining whether the PCF package is valid, and applying the modification to the PCF when it is determined the PCF package is valid.

Abstract: Techniques for integrating advertising content into client applications are presented. Events occurring within client applications are monitored and when a predefined event is encountered and external advertising service is consulted for acquiring external content. The external content is then integrated into one or more portions of presentations associated with the client applications.

Abstract: Virtual machines in a network may be isolated by encrypting transmissions between the virtual machines with keys possessed only by an intended recipient. Within a network, the virtual machines may be logically organized into a number of community-of-interest (COI) groups. Each COI may use an encryption key to secure communications within the COI, such that only other virtual machines in the COI may decrypt the message. Virtual machines may be automatically provisioned with configuration information, such as the encryption keys, when the virtual machine is started. The provisioning information may be created based on a template stored on a configuration server.

Abstract: Techniques allow for automatic signing of a digital document in response to some event and/or when the document satisfies some predefined condition. The document may be, for example, an agreement, a technical paper for publication, a press release or marketing materials, or any other digital document that might need to be assented to, approved by, and/or attributed to one or more persons or representatives. The techniques may further provide support for automatic signature tracking and notification in order to assist with auditability. In one example embodiment, the techniques are implemented in the context of an e-signature application or service, which may be installed locally on the user's computer or provided to the user via a network from a server. In one example embodiment, the e-signature service is configured to automatically impress a signer's signature into a given document, if the signer's pre-established auto-sign criteria is met.

Abstract: A system for information confirmation using a cloud computing platform to provide a service by which an individual's video recorded and fingerprint authenticated sworn affidavit or statement called a “Confirmation” can be given upon request of another individual and stored in a third party service provider's cloud based vault for future retrieval in the case of any legal or other forms of action that may need to be taken in the future.

Abstract: A system and method for automated MFP notarization includes a display and a user input for receiving a notary request for document notarization. A device controller with processor and associated memory commences electronic notarization upon receipt of a notary request. A tangible document is scanned into electronic form under direction of the controller. The processor confirms acceptability of the electronic document relative to preset acceptance criteria and commences document verification when acceptability is confirmed. The user is prompted for execution of a verified document. User input corresponding to execution of the verified document is obtained and an electronic notarization is executed. A notarized electronic document comprised of the executed, electronic document inclusive of indicia corresponding to applied electronic notarization.

Abstract: A transaction card construction and computer-implemented methods for a transaction card are described. The transaction card has vector-formatted visible information applied by a laser machining system. In some embodiments, systems and methods are disclosed for enabling the sourcing of visible information using a scalable vector format. The systems and methods may receive a request to add visible information to a transaction card and capture an image of the visible information. The systems and methods may capture data representing the image. The systems and methods may also determine an ambient color saturation of the image. Further, systems and methods may translate the image based on the ambient color saturation of the image. The systems and methods may also map the translated image to a bounding box and convert the mapped image into vector format. In addition, the systems and methods may provide the converted image to a laser machining system.

Abstract: The authenticity of a program executed by a processor is determined by a security element that computes a hash code over re-ordered segments of a known-to-be-authentic copy of a program executed by the processor. The authenticity of the same segments are re-ordered by and provided by the processor to the security element, which computes a second hash code for the re-ordered segments received from the processor. If the hash values for the segments are identical, the program segments are identical. If the hash values for any segment are different, the two programs are different. When a processor's program is determined to be different from a known good copy, the processor can be stopped or an alarm signal generated.

Abstract: A system and method for providing Java cloud services for use with a cloud computing environment. In accordance with an embodiment, a cloud environment, such as Oracle Public Cloud (OPC), can include a Java cloud services (JCS) infrastructure, which allows a suite of software applications, middleware, and database offerings to be delivered to customers in a self-service, elastically scalable manner. In accordance with an embodiment, the JCS infrastructure can orchestrate, in combination with other cloud environment components, the creating and/or updating of a platform instance of a Java cloud service, including provisioning and deployment of the platform instance and/or deployment of software applications, and one or more personality injection or application deployment processing. Additional resources and/or services, such as a database service, can be wired to or otherwise associated with the Java cloud service, for use by customer applications that are deployed to the cloud.

Abstract: In some implementations, a mobile device can be configured to monitor environmental, system and user events. The occurrence of one or more events can trigger adjustments to system settings. In some implementations, the mobile device can be configured to keep frequently invoked applications up to date based on a forecast of predicted invocations by the user. In some implementations, the mobile device can receive push notifications associated with applications that indicate that new content is available for the applications to download. The mobile device can launch the applications associated with the push notifications in the background and download the new content. In some implementations, before running an application or accessing a network interface, the mobile device can be configured to check energy and data budgets and environmental conditions of the mobile device to preserve a high quality user experience.

Abstract: In one embodiment, a method for automating regression testing of a software application is disclosed. The method includes receiving, by a test automation system, input data associated with the regression testing of the software application and predicting, by the test automation system, a test automation framework for execution of a regression test suite by analyzing the input data. Further, the method includes obtaining, by the test automation system, test scenarios from execution of historical regression test suites upon predicting the test automation framework and identifying, by the test automation system, availability of devices for executing each test scenario based on one or more device parameters. Further, the method includes transmitting, by the test automation system, information corresponding to the test scenarios to the identified devices based on the availability to automate the regression testing of the software application.

Abstract: An image forming apparatus which eliminates a need for a user to operate a mobile terminal each time he or she sends an image file from the image forming apparatus using a cloud service and therefore enhances ease of operation. First user authentication of the user is performed for the image forming apparatus. Image data read from a scanner is converted to an image file, which in turn is sent to a destination set on a transmission destination setting screen. Based on the authenticated user, an access token to be used is selected from at least one access token managed in a hard disk of the image forming apparatus so as to use a function of an external server. Second user authentication for the external server is performed using the selected access token. After that, the image file is sent using the function of the external server.

Abstract: According to an example embodiment of the present invention there is provided an apparatus comprising a receiver configured to receive a pair of cryptographic keys comprising a public key and a secret key, the public key being cryptographically signed, a memory configured to store the secret key, and a transmitter configured to send the cryptographically signed public key to a correspondent node and participate in establishment of a cryptographic network protocol session based at least in part on the pair of cryptographic keys.

Abstract: A method of utilizing an audio signal to transmit data for conducting electronic transactions includes in a user device, converting user identification data into a first audio signal and transmitting the first audio signal to a base device; in the base device, converting the first audio signal into the user identification data; in the base device, transmitting the user identification data and transaction content to a server device; and in the server device, obtaining authorization of a validation entity by utilizing the user identification data and the transaction content, for obtaining a transaction number and transmitting the transaction number to the base device.