Abstract: A method of utilizing an audio signal to transmit data for conducting electronic transactions includes in a user device, converting user identification data into a first audio signal and transmitting the first audio signal to a base device; in the base device, converting the first audio signal into the user identification data; in the base device, transmitting the user identification data and transaction content to a server device; and in the server device, obtaining authorization of a validation entity by utilizing the user identification data and the transaction content, for obtaining a transaction number and transmitting the transaction number to the base device.

Abstract: In accordance with embodiments of the present disclosure, an article of manufacture may include a non-transitory computer readable medium and computer-executable instructions carried on the computer readable medium, the instructions readable by a processor, the instructions, when read and executed, for causing the processor to receive software code for an executable file, receive a configuration file, output an executable file based on the software code and the configuration file, the executable file comprising one or more integrity windows of code embedded within the software code and not affecting operation of software code within the executable file, and output a map file setting forth metadata regarding the integrity windows.

Abstract: In order for effectively ensuring security for direct communication in ProSe, a ProSe Function acquires from a 3rd party root keys for each of UEs to derive a pair of session keys for securely conducting direct communication with different UEs, and distributes the acquired root keys to each of the UEs. Each of the UEs derives the session keys by using one of the distributed root keys. Moreover, a plurality of UEs, which form a communication system, and are allowed to conduct direct communication with each other when the UEs are in proximity to each other, share public keys of the UEs therebetween through a node which supports the direct communication upon successfully registering the UEs with the node. Each of the UEs verifies at least a request for the direct communication by using one of the public keys.

Abstract: Systems and methods for hash authenticated data are described. In one embodiment, the storage device includes a storage drive and/or a controller. In some embodiments, the controller is configured to identify data to be authenticated, compute a first hash of the data using a hash function, detect a trigger event associated with the storage drive, and authenticate, after the trigger event, the data based at least in part on the first hash of the data.

Abstract: A method for sharing data between blockchains in a multi-chain network comprising accessing a first block on a first blockchain of a multi-chain network, generating a cryptographic hash from the first block, defining a first anchor hash, recording the first anchor hash to a second block on a second blockchain of a multi-chain network, receiving a plurality of account addresses associated with the first and second blockchains and an account state for each account associated with the plurality of account addresses, a plurality of transactions, and a plurality of transaction receipts, generating a world state trie comprising a mapping between the first plurality of account addresses and the account states, a transactions trie comprising the plurality of transactions, and a transaction receipts trie comprising the plurality of transactions receipts, and root hashes thereof, and recording the root hashes to each block of the first and second blockchains.

Abstract: At least one node in a distributed hash tree verification infrastructure is augmented with either a function of a signature of a child computational node, or of a child entity attestation value derived from an HMAC value of the child entity, or both. A data signature, which includes parameters for recomputation of a verifying value, and which is associated with a digital input record, will therefore also include data that identifies at least one child entity in the hash tree path used for its initial registration in the infrastructure.

Abstract: Objects are identified by authentication tags, each configured with an authentication key that includes a first dataset comprised of a random distribution of three-dimensional elements, and with a second dataset comprised of machine-readable data elements. The authentication keys are readable by image capture and/or RFID reading devices, at least one of which is authorized to read at least one of the keys under predetermined conditions. An object is deemed genuine when the device reading a key has been authorized, and when the reading is performed when the conditions have been met.

Abstract: Conventional wireless interface (WiFi) controllers cannot resolve authentication for trusted client devices without calculation from a host processor. Leaving the host processor on or awaking it from a sleep state each time a non-authenticated trusted client device attempts to connect wastes power. A hostless authenticated wake service allows a host controller to enter a sleep state while the WiFi controller responds to multicast domain name service-service discovery (mDNS-SD) queries from trusted client devices. Once a client device is authenticated, the WiFi controller may respond to a trusted client request to awake the host processor for further command processing and service provision. Not only does this approach reduce power consumption by allowing the host processor to remain in the sleep state, it allows trusted client devices to discover its presence while ensuring security.

Abstract: Electronically signed data is persistently stored in data storage. After the passage of time, the data may be accessed and presented to a trusted entity for verification of the data. The trusted entity may have access to secret information used to sign the data. The trusted entity may use the secret information to verify an electronic signature of the data. One or more actions may be taken based at least in part on a response provided by the verification system.

Abstract: The present disclosures relates generally to digital watermarking and data hiding.

Abstract: This relates to a vehicle and, more particularly to, a vehicle configured to perform a secure firmware update. Some examples of the disclosure include receiving a firmware update package including updated firmware for one or more electronic control units (ECUs) of a vehicle. According to the disclosure, the firmware update package can be transmitted to and stored on an untrusted ECU and distributed to one or more target ECUs in a secure firmware update process monitored by a secure ECU.

Abstract: Facilities are provided herein for authenticating a user to use a processing device. A user predefines authenticators of one or more types and associates these with graphical images. Upon on attempt to activate the processing device, a graphical image, of the graphical images, is selected for presentation to the user. The selected graphical image is presented to the user, who then provides input to authenticate with the device. A determination is made as to whether the user is authenticated to use the device. The determination is made based on input received from the user and based further on the authenticator associated with the selected graphical image. Varying the selection of image(s), each associated with a predefined authenticator and authentication type, enables variability in the authenticator that is suitable for unlocking a device at a given time, providing greater security to the authentication process.

Abstract: A system for secure transfer of encrypted data involves a sender client, a recipient client, a main server, and a key server. The sender client receives instructions from a first user identifying transfer data and a recipient identifier, creates a key, encodes the transfer data using the key, and communicates the key and the recipient identifier to a server. The server creates a secure package identifier and communicates such to the sender client. The recipient client receives and identifies the secure package identifier and the encoded transfer data, receives from a second user a user identifier, and communicates the user identifier and the secure package identifier to the server. The server communicates the key to the recipient client only if the secure package identifier received from the recipient client matches the secure package identifier created by the server and if the user identifier matches the recipient identifier.

Abstract: Methods and systems for creating containers by composition are disclosed. For example, a container image includes multiple layers, including first and second layers, which an image engine determines are read only or unmodified by adding any other layers. Each layer is in either a broken or unbroken state. Layers remain unbroken if an associated identifying signature and contents of layer remain unmodified by any other layer. The layers adhere to a policy requiring each compliant layer to be read only and/or not to modify any other layer when added to container image. The policy requires compliant layers to only modify their own contents when updated and to remain unbroken. The first and second layers are compliant when a third layer replaces the first layer. The layers remain compliant after replacement.

Abstract: A method, system and computer program product for privacy control. A unique identifier for each data element of a group of data elements (e.g., driver's license contains a group of data elements, such as name, driver's license number) is created. These identifiers may be stored along with documentation (e.g., label) of the associated data elements in a manifest file. Alternatively, the identifiers may be stored in a file outside of the manifest file. In this manner, by utilizing a data element identifier which corresponds to a random number, security of privacy information is improved as one would only be able to obtain such sensitive information by obtaining such an identifier. Furthermore, the user only needs to send the requested data elements, as opposed to all the data elements of the group of data elements, to the challenger. In this manner, the user is preserving the security of other privacy information.

Abstract: In order to verify the authenticity of a product associated with a host device, the product contains, in segments of a non-volatile memory, several different functions stored in ciphered fashion. The host device sends a control signal for selecting and activating one of those ciphered functions. The product then deciphers and executes the function. The result of the function execution is then communicated back to host device when a decision on product authenticity is made.

Abstract: A Qualified Electronic Signature (QES) system configured to exchange data with first processing means of the requester configured to allow a requester to generate requests requesting a qualified electronic signature through said system to a recipient. The system comprises second processing means of the recipient configured to allow the recipient of the request to sign with his qualified electronic signature.

Abstract: A personal identification device may conserve power by delegating one or more operations to another device. For example, the one or more operations may be associated with the authentication of the personal identification device. In one example, the personal identification device may determine an amount of power greater than a power threshold will be consumed by the personal identification device to perform the one or more operations. The personal identification device may determine it can communicate with a mobile device that is capable of performing the one or more operations, and may then delegate the one or more operations to the mobile device to conserve power. In one example, the personal identification device may receive the results of the one or more operations from the mobile device, and may provide data associated with the results to a personal identification device detector for authentication of the personal identification device.

Abstract: A wireless communication system comprises two communication units (101, 03) which exchange public key identification data using both Near Field Communication (NFC) and Wi-Fi. Comparators (213) compare the public key identification data received over NFC to that received over Wi-Fi. If they do not match, communication controllers (203, 303) terminate a Wi-Fi communication, and specifically may terminate a secure Wi-Fi communication setup. If the public key identification data match, the communication controllers (203, 303) determine matching session keys and network keys from the public key identification data. The approach utilizes a full two-way device authentication based on two-way NFC communications to provide increased security and robustness to e.g. man-in-the-middle attacks.

Abstract: A user authentication system and method uses a contact list that may receive contact list information stored in an electronic device from the electronic device over a network. The system is further configured to store, in a database, and manage first contact list information received from a first electronic device of a user through the reception controller in association with an identifier of the user, compare second contact list information received from the first electronic device or a second electronic device to the first contact list information stored in the database in association with the identifier of the user, in response to a service request from the first electronic device or the second electronic device based on the identifier of the user; and determine whether to authenticate the user in response to the service request from the first electronic device or the second electronic device based on the comparison result.

Abstract: Computer-implemented techniques include detecting, using a camera of a computing device having one or more processors, a digital watermark displayed by a display of a computing system. The digital watermark can be a visual indicator that is detectable by the camera of the computing device, and the computing system can further comprise a set of speakers and a set of cameras. The techniques can include determining, by the computing device, a unique identifier for the computing system based on the digital watermark. The techniques can also include automatically coordinating, by the computing device, an audio/video conference session between the computing device and the computing system using the unique identifier.

Abstract: An information processing system includes a first information processing apparatus for setting a security policy, and a second information processing apparatus subject to a function restriction according to the security policy set by the first information processing apparatus. The first information processing apparatus includes a generation unit generating forced data based on the security policy to set. The forced data includes a setting value for determining an operation of the second information processing apparatus and control information for controlling prohibition of a change of the setting value in the second information processing apparatus.

Abstract: A method and system for supply of data, including generating a first digital certificate referred (empowerment certificate) signed with a first signing entity's electronic signature. The empowerment certificate includes attributes of the described entity, information identifying the first signing entity, indication of data relating to the described entity, indication of a source of the data, and identification of a relying entity to which the data can be supplied. The relying entity forwards the empowerment certificate to a source supplying the data indicated in the empowerment certificate. The data may be supplied to the relying entity by a second digital certificate (custom certificate), signed with a second signing entity's electronic signature. Custom certificates may appear in custom certificate revocation lists. A system and method for transfer of ownership of electronic property from a first entity to a second entity, and a method and system for electronic voting are also provided.

Abstract: A system and methods for registering and acquiring e-credentials using personal devices and an identity registry system that combines the method for handling digital seals with a proof-of-existence method. The identity registry system is used to register and verify e-credentials. Device owners register their e-credentials when created and updated and verify acquired e-credentials to safeguard against tampering and errors. When registering an e-credential, the e-credential is hashed and digitally sealed creating an identifying thumbprint that is stored in the identity registry system. When verifying an acquired e-credential, the e-credential is hashed, the identity registry system is searched to locate the identifying thumbprint, and the digital seal of the thumbprint is verified. A requesting owner can request an issuing owner to proof, attest, and digitally seal an e-credential of the requester.

Abstract: The mobile cluster-based audio adjusting method and apparatus provides for a highly configurable sound management apparatus and process that combines standard computing devices such as laptops, tablets, and mobile phones to measure various aspects of sound waves across multiple points, allowing a single user to visualize and adjust sound output accordingly.

Abstract: The present disclosure describes a computer-implemented platform for managing electronic endorsable instruments and electronic endorser verification information in order to validate endorser identity. A computer system receives an endorsable electronic instrument and a mobile phone number associated with a targeted potential endorser. The endorsable electronic instrument and a verification information request are sent to the mobile phone number by sending a link to a web-based application via SMS/MMS message. The endorsed electronic instrument and corresponding verification information are received and are associated to validate the endorsed instrument.

Abstract: There is disclosed herein techniques for use in authentication. The techniques comprise providing multiple selectable image portions. The techniques also comprise selecting a first image portion of the multiple selectable image portions. The said selecting of the first image portion comprises performing a first operation to associate a first marking with the first image portion in an identifiable manner. The techniques further comprise generating information for use in authentication based on the first image portion and the first marking associated with the first image portion.

Abstract: A method, system and network element are disclosed which allows securing, customizing and generally improving network equipment (device) configuration and DHCP network address identification, assignment and distribution mechanism, such that network address and parameter configuration, assignment and distribution in a communications network is performed in a more optimum and secure manner. The DHCP protocol is improved using policies based on roles (profiles) directly linked to the physical identification of the device (for example, to its MAC address).

Abstract: A virtual asset testing environment is provided that is distinct from a production computing environment. A virtual asset creation template associated with a class of virtual assets to be verified is identified, each virtual asset of the class of virtual assets being created using the virtual asset creation template. A designated test virtual asset is generated using the virtual asset creation template that is deployed in the virtual asset testing environment. The designated test virtual asset is then analyzed in the virtual asset testing environment to identify any vulnerabilities in the designated test virtual asset. If a vulnerability is identified in the designated test virtual asset, a remedy to the vulnerability is applied to the virtual asset creation template, and/or virtual assets created by the virtual asset creation template deployed in the production environment.

Abstract: In one embodiment, a first device in a network receives information regarding one or more nodes in the network. The first device determines a property of the one or more nodes based on the received information. The first device determines a degree of trustworthiness of the one or more nodes based on the received information. The first device attests to the determined property and degree of trustworthiness of the one or more nodes to a verification device. The verification device is configured to verify the attested property and degree of trustworthiness.

Abstract: A method of securely transmitting data comprising (1) obtaining an unencrypted data stream comprising a first sequence of values, (2) segmenting a first portion of the first sequence of values into an original first word having a word-length equal to a first variable, (3) segmenting a second portion of the first sequence of values into an original second word having a word-length equal to a second variable different than the first variable, (4) inserting random values at predetermined locations in the original first and second words to generate modified first and second words, the modified first and second words having a word-length equal to a third variable different than the first and second variables, and (5) combining the modified first and second words into a second sequence of values defining an encrypted data stream.

Abstract: A system and method for generating a signature for a document using credentials indicating an unsanctioned signing event. The system and method includes receiving a request to generate a signature of a signatory for a document, wherein the request includes a received set of credential data for a signatory, obtaining a token identifier for at least one computing device, and determining if the received set of credential data matches credentials indicating the unsanctioned signing event. The system and method further includes receiving the signature of the signatory, the document identifier, and the token identifier, and determining based at least in part on the signature, document identifier, and the token identifier, whether the received signature is associated with the unsanctioned signing event.

Abstract: A computing machine creates a local certificate authority (CA) that has certificate signing authority, creates a certificate signing request (CSR) that includes data of a local service that is hosted by the computing machine, creates a service certificate for the local service using at least a portion of the data in the CSR, signs the service certificate using a private key of the local CA, and provides the service certificate to the local service. The private key is stored locally on the computing machine.

Abstract: A method for generating a package identifier includes generating an image of a portion of a surface of a substrate of the package, generating a serial number of the package from the image, the serial number being based on at least one surface feature of the portion of the surface, and affixing a visual indicator on the package that is based on the serial number. The visual indicator affixed on the package is therefore based on the at least one surface feature of the package.

Abstract: A system described herein may allow for the frictionless authentication of a user and/or user device (e.g., without requiring that the user provide login details, such as a user name and password). The frictionless authentication may occur via a licensed wireless network, even when the user device is actively engaged in communications with an unlicensed wireless network (and/or is not engaged in communications with the licensed wireless network).

Abstract: A transaction card construction and computer-implemented methods for a transaction card are described. The transaction card has vector-formatted visible information applied by a laser machining system. In some embodiments, systems and methods are disclosed for enabling the sourcing of visible information using a scalable vector format. The systems and methods may receive a request to add visible information to a transaction card and capture an image of the visible information. The systems and methods may capture data representing the image. The systems and methods may also determine an ambient color saturation of the image. Further, systems and methods may translate the image based on the ambient color saturation of the image. The systems and methods may also map the translated image to a bounding box and convert the mapped image into vector format. In addition, the systems and methods may provide the converted image to a laser machining system.

Abstract: A system and method can support across-domain messaging in a transactional middleware machine environment. A transaction domain can import one or more services from a remote transaction domain, wherein said one or more services are registered in a service table that is associated with the transaction domain. Furthermore, a client in the transaction domain can find from the service table a remote server in the remote transaction domain that provides said one or more services, and send a message directly to the remote server to invoke said one or more services by passing one or more domain gateway servers in both the transaction domain and the remote transaction domain.

Abstract: The present disclosure provides a method of synchronizing an online game, and a server device, that do not require centralized information management, reduce the processing burden on each device during online communication, and allow for continuation of processing in an offline environment. A method, according to the present disclosure, of synchronizing an online game that allows for transmission and reception of information related to game processing between a first client terminal and a second client terminal via a server includes: receiving, from the first client terminal connected online, first information related to game processing on the first client terminal; determining whether the first information is information that determines a game status; and storing the first information on the server and transmitting the first information to the second client terminal when the first information is determined to be information that determines the game status.

Abstract: Methods to establish communication between a first and second device via at least one intermediate device comprise, at the first device, generating an offer data packet comprising a second device address, which includes a first identifier indicating a public key associated with the second device; transmitting the offer data packet to a first intermediate device for transmission to the second device based upon the address of the second device; receiving an answer data packet via the first intermediate device, the answer data packet including network information associated with the second device; establishing a communication channel with the second device based on the network information received; receiving over the communication channel a first handshake data packet including a public key; calculating a second identifier based upon the public key; comparing the first identifier with the second identifier; and warning if a relationship between the first identifier and the second identifier is not an expected re

Abstract: Adapting access rules for a data interchange between a first network and a second network by the second network is provided based on a service-specific integrity information item of the first network, wherein the first network processes data for carrying out a service and the service defines multiple components. A respective integrity status is transmitted for each of the components by each respective component via a communication link within the first network to a management unit of the first network. The service-specific integrity information item is computed based on each respective integrity status by the management unit. The service-specific integrity information item is transmitted by a network access point of the first network to a receiver in the second network for adapting the access rules. Access by the receiver to each respective integrity status is prevented.

Abstract: The present disclosure relates to an information processing apparatus, an information processing method, a program, and a content sharing system that allow for efficient use of an ACR service when content is shared.

Abstract: An image processing apparatus includes: an operation receiver, an image processor configured to perform image processing to add a digital watermark containing address information of the image processing apparatus to a first image to thereby generate a second image; a communication controller configured to receive a taking-out request to take out the digital watermark contained in the second image from an information processing device; and a storage controller configured to store a log in a storage unit. When receiving the taking-out request, the image processor performs image processing to take out the digital watermark contained in the second image to thereby generate the first image. The communication controller transmits the first image generated by the image processor to the information processing device.

Abstract: An electronic device and a method for improving iris recognition for providing access to the electronic device. The electronic device includes an iris scanner, an ambient light sensor, a memory and a processor. The memory includes computer program code for providing access control to the electronic device to a user by iris recognition of the user's iris. The processor causes the electronic device to prompt the user to provide iris samples of the user's iris to the iris scanner in a particular lighting condition measured by the ambient light sensor in occurrence of at least one of first event and second event. The first event occurs if the processor determines a missing information associated with an iris sample in the particular lighting condition in the electronic device. The second event occurs if the processor detects an unsuccessful iris recognition attempt for accessing the electronic device in the particular lighting condition.

Abstract: In one embodiment, a packet switching device determines that a packet matches one of a plurality of predetermined patterns, however, this matching may produce a false-positive match of one of the underlying rules corresponding to the plurality of predetermined patterns. In one embodiment, determining the packet matches one of the plurality of predetermined patterns includes determining a first pattern match of a packet when each particular portion of a plurality of different portions of the packet is found to be matching a corresponding particular pattern portion by performing a table lookup operation based on the particular portion as an address in a corresponding different current portion-iteration table to retrieve a corresponding partial result. In one embodiment, the first pattern match is filtered using a second validation technique for removing false-positive first pattern matches. In one embodiment, the second validation technique includes using hashing.

Abstract: Providing rich contextual information to a user in an authentication agnostic way with respect to the user. A method includes, at an application, receiving a request from a first user to access functionality of the application. The request from the first user comprises information identifying a second user who has consented to their social media information being used by the application. The method further includes sending information to the identity provider which includes information identifying the second user. The identity provider is managed by an entity separate from the application. The method further includes receiving, at the application, social media information common between the first user and the second user. The method further includes providing at least a portion of the common social media information, to the first user, in an authentication agnostic way with respect to the first user's authentication to the application.

Abstract: A method includes providing a plurality of variables and a variable. The variables differ from each other. The variables differ from the variable. The further method includes providing a lookup table indexing a plurality of characters via a plurality of values based on a first numeral system, converting a message into a first sequence of values based on the table, converting the first sequence into a second sequence of values based on a second numeral system different from the first system and according to a preset format, combining the second sequence into a single sequence via removing the format, generating a first plurality of subsequences from the single sequence based on segmentation of the sequence via alternating the variables, converting the first subsequences into a second plurality of subsequences such that each of the second subsequences is sized according to the variable, and transmitting the second subsequences.

Abstract: An embodiment includes peer-to-peer (P2P) pairing protocols that mutually authenticate both end points and do not rely upon a backend server or a central certificate provisioning server. An embodiment provides a persistent control path for sending inter-peer control information (e.g., synchronization messages). Another inter-peer path includes an “on-demand” data path enabled when a unit determines content is ready for sharing. After the content is shared, the data path may be deconstructed, which saves resources on both sides and makes the framework more scalable. Also, embodiments include graphical user avatars to whereby a first peer shares content with a second peer by dragging content over the avatar.

Abstract: It is described a network connection method and a user equipment, and relates to the field of network technologies. The method includes: scanning two-dimensional code provided by an access point device, to obtain data of a target access point; obtaining a configuration description file according to the data of the target access point, the configuration description file being used to connect to the target access point; and installing the configuration description file, and after detecting the target access point, connecting to the target access point according to the configuration description file. In embodiments of the present invention, a configuration description file of a closed system is generated by using data of a target access point in two-dimensional code, so that the data of the target access point may be installed in the system by using the configuration description file.

Abstract: A device is configured to perform a method that detects a trigger marker for an action corresponding to a segment of a multimedia signal. A fingerprint is generated based on the segment of the multimedia signal at a trigger time point. The generated fingerprint is stored in a database and communicated to the device. During playback of the multimedia signal, fingerprints of segments of the multimedia signal are generated and matched against fingerprints in the database. When a match is found, one or more associated actions for the segment are retrieved by the device. The trigger time point may be determined as a time point near or at the segment of the multimedia signal with the matched fingerprint. In this way, trigger markers for actions may be enabled without modifying the multimedia signal.

Abstract: Technologies for token-based access authorization to an application program interface (API) include an access management server to receive a service request message from an application executed by a remote computing device. The service request message includes a digitally signed license token previously generated by the access management server and distributed to the remote computing device. The service request message also includes a request from the executed application to access data or a service of the resource server via an exposed API. The access management server verifies the digital signature of the digitally signed license token and generates a digitally signed Security Assertion Markup Language (SAML) token. The digitally signed SAML token is transmitted to the resource server for verification and local caching. The resource server receives the service request message and determines whether access to the requested data or service is authorized based on the locally-cached SAML token.