Abstract: A method and system for authenticating answers to Domain Name System (DNS) queries originating from recursive DNS servers are provided. A verification component provides a verification that a DNS query originated from the recursive DNS server. An authoritative DNS server receives the query via a network, such as the Internet, and provides an answer to the query to an authentication component. The authentication component then provides an authentication, such as a digital signature, which confirms that the received answer was provided by the authoritative DNS server, and then communicates the answer and the authentication to the verification component via the network. The verification component then verifies that the authentication corresponds to the received answer and sends the answer to the recursive DNS server. When the verification component receives an answer in the absence of a corresponding authentication, the verification component drops the answer.

Abstract: The disclosure relates to systems and methods for managing state using relatively small assistance from protected hardware. Obfuscated code segments may communicate with supporting protected hardware, store encrypted state values in main memory, and/or communicate via secure channels to secure platform hardware components. In various embodiments, consistent state may be achieved, at least in part, by computing secure tag information and storing the secure tag information in a secure and/or otherwise protected device register. Consistent with embodiments disclosed herein, the tag information may be used to derive keys used to encrypt and/or decrypt stored state information. Tag information may further be used in connection with verification operations prior to using the information to derive associated keys.

Abstract: The system prepares PDF documents to be digitally populated or signed. The method may comprise converting a document into an image; detecting words on the document; searching the words for keywords; searching for an object on the document; determining an object field based on the keywords and the object; creating a tag with metadata about the object field; and associating the tag with the object field. The method may also comprise determining, by a processor, metadata about a document; creating, by the processor, a hash from the metadata; storing, by the processor, an association of the hash, the metadata and the document in a knowledge database; creating, by the processor, a new hash for a new document; comparing, by the processor, the hash with the new hash; and determining, by the processor, that the new document has similar characteristics as the document based on the comparing.

Abstract: Implementations generally relate to a banking kit. In some implementations, a method includes creating at least one cloud account of a plurality of cloud accounts, where the at least one cloud account is associated with an end user. The method further includes storing user data associated with the end user in a database associated with the end user. The method further includes enabling a client device associated with the end user to access the cloud account. The method further includes enabling a bank server to access the cloud account.

Abstract: Systems and methods for implementing trusted clients using secure execution environments. An example method comprises: receiving, by a server, a measurement from a client application running in a secure execution environment implemented by a client computing device; responsive to validating the measurement, transmitting a first confidential data item to the client application running in the secure execution environment; receiving, from the client application running in the secure execution environment, a second confidential data item derived from a local state of the client application modified by the first confidential data item; and updating, in view of the second confidential data item, a local state of a server application.

Abstract: Some examples of the present disclosure relate to generating artificially intelligent entities represented on a blockchain using a non-fungible token (NFT). In one such example, a system can generate an NFT on a blockchain. The NFT can represent an artificially intelligent entity. The system can also generate a personality dataset on the blockchain, the personality dataset describing personality characteristics of the artificially intelligent entity. The system can then correlate the NFT to the personality dataset, thereby assigning the personality characteristics to the artificially intelligent entity. Once generated, the artificially intelligent entity may reside in a virtual ecosystem in which it can perform tasks and learn over time.

Abstract: The system prepares PDF documents to be digitally populated or signed. The method may comprise converting a document into an image; detecting words on the document; searching the words for keywords; searching for an object on the document; determining an object field based on the keywords and the object; creating a tag with metadata about the object field; and associating the tag with the object field. The method may also comprise determining, by a processor, metadata about a document; creating, by the processor, a hash from the metadata; storing, by the processor, an association of the hash, the metadata and the document in a knowledge database; creating, by the processor, a new hash for a new document; comparing, by the processor, the hash with the new hash; and determining, by the processor, that the new document has similar characteristics as the document based on the comparing.

Abstract: Aspects of the disclosure relate to digital check processing. A computing platform may receive, from a first recipient, a request to transfer a first portion of funds, corresponding to the first digital check image, to a second recipient account and a second portion of the funds, corresponding to the first digital check image, to a third recipient account. The computing platform may generate second and third digital check images representative of the first and second portions of the funds respectively. Based on successful validation of the second digital check image and the third digital check image, the computing platform may embed, into the second and third digital check images, a digital chip that indicates the successful validation. The computing platform may send, to the second recipient account and the third recipient account, the second and third digital check images respectively.

Abstract: This disclosure provides techniques for securely communicating user equipment (UE) specific information from a UE to a network-side device. In particular, the UE may either encrypt the UE specific information using an encryption key to form an encrypted portion, where the UE specific information includes subscriber identity information and the encryption key is calculated in accordance with a public key of a home network of the UE. The UE generates a message authentication code (MAC) signature based on the encrypted portion and a first integrity key, where the first integrity key is calculated in accordance with the public key of the home network. The UE sends, to a network-side device, a request message including the encrypted portion, the MAC signature and a network identifier of the home network.

Abstract: The technical idea of the present invention relates to a method for forming virtual private network providing virtual private network through sealed key exchange based on post quantum cryptography and a virtual private network operating system performing same. A method for forming a virtual private network performed by a server according to an embodiment of the present invention comprises the steps of: generating a public key and a private key; transmitting the public key; receiving a key capsule corresponding to the public key; generating a verification capsule from the key capsule using the private key; generating a symmetric key by verifying the verification capsule; and performing communication through the virtual private network using the symmetric key.

Abstract: The present disclosure provides a system and method for delegating authority to cloud IoT devices, with such delegated authority enabling the cloud IoT devices to access second cloud services outside of a core network. The IoT device uses its IoT identity to obtain a token for accessing the second service within a predefined time window. The token may be used to access the second service without further authentication by the second service. Accordingly, the IoT device can take particular actions, such as downloading files, etc., during the predefined time window. After the predefined time window, the IoT device may no longer access the second service without obtaining another token.

Abstract: The present inventive concept relates to a method for forming a Bluetooth network performing communication based on post-quantum cryptography at an application level and a Bluetooth network operating system that performs the same. A method for forming a Bluetooth network performed by a master device to perform Bluetooth communication with a slave device, according to an embodiment of the present invention, comprises the steps of: completing pairing with the slave device; receiving a certificate and an authentication message from the slave device; authenticating the slave device by using the certificate and the authentication message; generating a public key and a private key; generating a symmetric key by using the public key and the private key; and performing Bluetooth network communication by using the symmetric key.

Abstract: An electronic resource tracking and storage computer system is provided that communicates with a distributed blockchain computing system that includes multiple computing nodes. The system includes a storage system, a transceiver, and a processing system. The storage system includes an resource repository and transaction repository that stores submitted blockchain transactions. A new resource issuance request is received, and a new resource is added to the resource repository in response. A new blockchain transaction is generated and published to the blockchain. In correspondence with publishing to the blockchain, the transaction storage is updated with information that makes up the blockchain transaction and some information that was not included as part of the blockchain transaction. The transaction storage is updated when the blockchain is determined to have validated the previously submitted blockchain transaction.

Abstract: A computing device in a trusted computing (TC) system and an attestation method thereof are provided. The computing device includes at least one processor configured to operate as instructed by program code, the program code including: transmission code configured to cause the at least one processor to transmit, to a master controller, a first identification (ID) for a first device selected among a plurality of devices included in the TC system, a second ID for a second device selected among the plurality of devices, and a nonce; and attestation code configured to cause the at least one processor to perform attestation for the first device and the second device based on an aggregated signature, wherein the aggregated signature is based on generation of a first signature, by the first device, by using the nonce, and generation of a second signature, by the second device, by using the first signature.

Abstract: A method for controlling a user terminal associated with a doorbell including a camera according to an embodiment of the present invention includes: storing, in a database, feature data units collected using the doorbell; generating one among a plurality of types of commands according to whether an object detected from an image of a visitor captured by the doorbell matches one of the feature data units; and displaying first and second graphic interfaces, which are different from each other, on the user terminal in responses to first and second commands, respectively, among the commands.

Abstract: What is provided is a method of generating a minimal forensic image of a target dataset to reduce upload demand. The method includes storing a set of criteria in an investigator device, wherein the set of criteria determines target data files of the target dataset which are to be included in the minimal forensic image, and wherein the set of criteria includes a plurality of file types and at least a first upload format for each file type in the plurality of file types, locating the target data files of the plurality of file types in the target dataset using the set of criteria, storing a representation of each target data file in the minimal forensic image in an MFI upload format determined according to the set of criteria, and transferring the minimal forensic image to a cloud server.

Abstract: An electronic device and a data transmission method thereof are provided. The data transmission method includes: setting dummy data having multiple dummy bits; inserting the dummy bits of the dummy data into transmission data according to an insertion type to generate encryption data; and transmitting the encryption data to a memory device.

Abstract: Apparatus and methods for content- and context-based biometric authentication are provided. The apparatus and methods may include using multiple biometric sensors and an authentication engine that decides which sensor(s) to use through a content- and/or context-based analysis. The apparatus and methods may include requesting authentication, analyzing the request to determine which sensor(s) is appropriate, prompting a user to use the sensor(s) and comparing the data received with data stored in a database to provide authentication.

Abstract: An image forming apparatus is equipped with a plurality of sheet feeders. A change request for changing settings information of a designated one of the plurality of sheet feeders is received. There is stored change permission/inhibition information in which a condition for permitting a change of the settings information is set on an sheet feeder-by-sheet feeder basis. Settings information of a sheet feeder designated by the change request is changed based on the change permission/inhibition information. In a case where a request source of the change request satisfies the condition for permitting a change of settings information, settings information of the designated sheet feeder is changed, whereas in a case where a request source of the change request does not satisfy the condition for permitting a change of settings information, settings information of the designated sheet feeder is not changed.

Abstract: Aspects of the disclosure relate to multicomputer processing and dissemination of data files. A computing platform having at least one processor, a memory, and a communication interface may search one or more social media platforms for unauthorized dissemination of a data file. The computing platform may correlate a unique identifying feature(s) of the disseminated data file to that of a copy of the data file previously distributed to a linked user account. The computing platform may transmit, via the communication interface, to an administrative computing device, an unauthorized dissemination report which, when processed by the administrative computing device causes a notification to be displayed on the administrative computing device. The notification may identify the linked user account associated with the unauthorized dissemination, the name, content, or general nature of the data file, and/or the social media platform(s) on which the data file was discovered.

Abstract: A computing system receives live event data corresponding to a live game. The live event data includes events occurring within the live game. The computing system analyzes the live event data to identify a potential error in the live event data. The computing system generates a ticket corresponding to the potential error flagged in the live event data. The computing system assigns the ticket to a first quality assurance agent to resolve. The computing system receives an indication that the ticket has been reviewed by the first quality assurance agent. the computing system provides the reviewed event data to an end user.

Abstract: A system and method may test a contact center or other entity by causing, by a computer processor, a number of computerized processes (e.g. a simulated caller or customer) to each initiate a telephone call to a contact center, each telephone call associated with a customer identification and intent and determine, for each telephone call if the contact center system data is correct. A number of computer processes (e.g. a simulated agent or other process) may each connect to a CRM system and connect to one of the telephone calls. A centralized process may organize and cause to be initiated a number of different such interactions, and afterwards check various components of the contact center to validate if the interaction data as known by the centralized process matches the data as recorded by the contact center.

Abstract: An encoder for encrypting a plaintext into a ciphertext. The encoder has an encoding submodule for acting as a deterministic random bit generator (DRBG) in an offline mode for generating one or more hash-key value candidates, and for acting as a stream encryptor in an online mode for encrypting the plaintext into the ciphertext; a hash key selector for selecting a hash-key value H from the one or more hash-key value candidates; and a hash submodule for generating a MAC tag using at least the ciphertext and the selected hash-key value H. A corresponding decoder is also provided.

Abstract: The present disclosure relates to methods and systems for evaluating a storage medium. The method may include receiving, via a user interface of a host, a user request to evaluate a storage medium coupled to a first controller. The method may also include determining whether there is a first binding history table associated with the storage medium stored in the host. In response to a determination that there is no first binding history table stored in the host, the method may include retrieving a binding history table from the storage medium via the first controller and determining the storage medium as a second-hand storage medium if there is at least one second controller different from the first controller in the binding history table.

Abstract: Aspects of the disclosure relate to mitigation and detection of steganographic modifications embedded in images. A computing platform may receive an image embedded with steganographic modifications. The computing platform may change or modify any number of bits of one or more color components of one or more pixels of an image, rendering the steganographic modifications ineffective. The computing platform may cause at an isolation zone system, execution of an image, including steganographic modifications, to identify images embedded with steganographic modifications. The computing platform may also compare an image with image stored in an image storage module. The computing platform may store an image from the image storage module with a highest visual comparison score rather than the image.

Abstract: Systems and methods for digital property authentication and management are disclosed. A document representing a trade secret may be requested to be registered with a trade secret registry. A document obfuscation value corresponding to the document may be generated and may be registered with a blockchain. A record of the registration may be generated for the trade secret registry. The registry may be searchable and/or offer functionality such as valuation, insurance provision, and/or verification, among other benefits and functionalities.

Abstract: Disclosed is technology that verifies, in pairwise manner, proof of ownership-association of decentralized online resources owned by or affiliated with a single entity by visiting a first resource using a first location identifier, ingesting a first scannable image that contains a first plurality of assertions of ownership of online resources by a single entity and extracting a first public key of the first resource. The technology also visits a second resource using a second location identifier, ingests a second scannable image that contains a second plurality of assertions and extracts a second public key of the second resource. Then, the technology verifies, using the first public key, a signature from the first complementary assertion, verifies, using the second public key, a signature from the second complementary assertion, and determines, based on the pair of verifications, whether the first and second resources are owned by a single entity.

Abstract: A computerized process is described for improving a computer's digital signing capabilities that results in digital signatures that are substantially more secure with enhanced proof of data integrity, signatory authentication, and signatory non-repudiation without modification to underlying signature algorithms. The process utilizes computing resources, plaintext to be signed, and eight asymmetric cryptography digital signature algorithms each utilizing a specified hash algorithm and different private key from a public-private key pair. A novel mechanism is described that copies bit values from common bit positions of plaintext bytes into eight partitions. Each partition of bytes is independently signed using a signature algorithm and the resulting partitions of signed bytes are combined to form a digital signature.

Abstract: Technologies for trusted I/O include a computing device having a hardware cryptographic agent, a cryptographic engine, and an I/O controller. The hardware cryptographic agent intercepts a message from the I/O controller and identifies boundaries of the message. The message may include multiple DMA transactions, and the start of message is the start of the first DMA transaction. The cryptographic engine encrypts the message and stores the encrypted data in a memory buffer. The cryptographic engine may skip and not encrypt header data starting at the start of message or may read a value from the header to determine the skip length. In some embodiments, the cryptographic agent and the cryptographic engine may be an inline cryptographic engine. In some embodiments, the cryptographic agent may be a channel identifier filter, and the cryptographic engine may be processor-based. Other embodiments are described and claimed.

Abstract: A computer-readable recording medium storing a program to be executed by a first apparatus in a system of issuing attribute certificate information of each user, the program including instructions for causing a processor of the first apparatus to execute processing including: obtaining, from a second apparatus in the system, a value unique to an identifier that uniquely identifies a user, the second apparatus being a device capable of verifying authenticity of an electronic document to be signed; creating certificate information that includes attribute information identified from the attribute certificate information, certification information that certifies the attribute information, and the obtained value; generating an electronic signature for the electronic document and the certificate information using a private key that corresponds to the identifier; and outputting the electronic document and the certificate information to which the generated electronic signature is attached in association with the iden

Abstract: A device management system comprises a device management service to perform device management; and a device to be managed. The device transmits a registration request to the device management service. The device management service determines, in response to the registration request, whether the device is a device to be registered as a shared device. If the device management service determines that the device is not a device to be registered as the shared device, the device management service transmits, to the device, a notification that the device can be registered as a private device. The device transmits, in response to the notification, a private device registration request along with user authentication information to the device management service. The device management service registers the device in association with a user identified by the user authentication information.

Abstract: A processing unit employs a residue code (RC) to perform error detection and correction for a multi-round transformation data encryption process. The processing unit generates a cipher based on a plurality of transformations. For each of the plurality of transformations, the processing unit generates a corresponding residue code of a plurality of residue codes. The processing unit performs error detection for the cipher based on the plurality of residue codes.

Abstract: A federation link is used to facilitate bi-directional identity federation between software applications. The federation link is created to include user and account identity information for software applications having respective authentication providers. The federation link is created by one of the software applications and shared, for example, with the authentication provider of the other software application. The federation link can be utilized by both software applications to facilitate automated user authentication when navigating in either direction between the software applications.

Abstract: A system includes a computing platform having processing hardware, and a memory storing software code. The software code is executed to receive content having a sequence of content segments, and marker data identifying a location within the sequence, identify, using the content and the marker data, segment boundaries of a content segment containing the location, determine, using the location and the segment boundaries, whether the location is situated within a predetermined interval of one of the segment boundaries, and re-encode a subsection of the sequence to produce a new segment boundary at the location. When the location is not situated within the predetermined interval, the subsection of the sequence includes the content segment containing the location. When the location is situated within the predetermined interval, the subsection of the sequence includes the content segment containing the location and a content segment adjoining the content segment containing the location.

Abstract: Apparatus, systems, articles of manufacture, and methods to identify media using watermarks and signatures are disclosed. An example apparatus includes at least one memory, instructions, and processor circuitry to execute the instructions to: determine a first time and a category indicated by a watermark detected in the media, determine a search window based on the first time indicated by the watermark, the search window to at least one of (i) extend a first duration of time before the first time indicated by the watermark or (ii) extend a second duration of time after the first time indicated by the watermark, and compare (i) a query signature associated with a second time within the search window with (ii) a subset of reference signatures associated with the category to identify the media, the query signature generated from the media, the subset of reference signatures generated from reference media associated with the category.

Abstract: Systems and methods are provided for processing an image of a financial payment document captured using a mobile device and classifying the type of payment document in order to extract the content therein. These methods may be implemented on a mobile device or a central server, and can be used to identify content on the payment document and determine whether the payment document is ready to be processed by a business or financial institution. The system can identify the type of payment document by identifying features on the payment document and performing a series of steps to determine probabilities that the payment document belongs to a specific document type. The identification steps are arranged starting with the fastest step in order to attempt to quickly determine the payment document type without requiring lengthy, extensive analysis.

Abstract: A method for reading a shared clock that is stored in a shared storage space of a storage system, the method may include (a) reading by a compute node a cached value of the shared clock when a time gap before a next update of the shared clock exceeds a time threshold, wherein the cached value is cached in the compute node and is valid during an allowable caching period, wherein the shared clock is shared by a group of compute nodes, wherein a default update of the shared clock has a cycle that exceeds the time threshold; and (b) reading by the compute node a read value of the shared clock when the time gap before the next update of the shared clock does not exceed the time threshold, wherein the read value of the shared clock is stored in the shared storage space.

Abstract: A method and device for consuming watermarked media content includes generating a manifest request to access a watermarked media content asset, receiving a custom manifest and a watermarking signature including a unique sequence of segment variants relating to the media content asset, and generating a segment request to an origin server having a plurality of composite segments for the media content asset. The client device receives, from the origin server, a composite segment that includes an authorized watermarked segment variant. Using the unique sequence, the client device extracts the authorized watermarked segment variant and assembles a combination of the main ISOBMFF track and authorized watermarked segment variant to form an output composite segment that is assembled only from the main ISOBMFF track and the extracted particular watermarked segment variant, and decrypts and decodes the output composite segment for rendering by a player application of the client device.

Abstract: The invention, which discloses a blockchain consensus method, apparatus and system, relates to the technical field of computers.

Abstract: This application provides an extended authentication method and apparatus for a generic bootstrapping architecture and a storage medium. A first network element obtains a bootstrapping transaction identifier (B-TID) and a key lifetime; and the first network element sends the B-TID and the key lifetime to the terminal, so that the terminal performs extensible authentication protocol (EAP)-based generic bootstrapping architecture (GBA) authentication and key agreement (AKA) authentication with the first network element based on the B-TID and the key lifetime.

Abstract: Systems and methods are provided for interacting with an Application Programming Interface (API) using a digital signature. In one embodiment, a system comprises one or more processors that execute the instructions to perform operations. The operations comprise receiving a digital signature from a requesting device, the digital signature comprising an array of one or more bits, wherein each position in the array is associated with a field in the database and with the data stored in the field of an API; identifying one or more requested fields; accessing the database to retrieve the information associated with the one or more requested fields, the information being associated with at least one API; and providing instructions to the requesting device, based on the retrieved information, causing the requesting application to use the API.

Abstract: Systems and methods for verifying the rendering of video content on information resources are provided herein. A server can receive, from a target client device, a tracking message purporting to relate to delivery of a target content item; determine whether the tracking message contains an identifier of a sending device that sent the tracking message; determine whether the sending device and the target client device are the same device; if the sending client device and the target client device are the same device: recover, from the tracking message, information about at least a portion of a frame of a content item processed by a trusted platform module of the client device; and compare the at least a portion of the frame of the content item processed by a trusted platform module of the client device with a target content item.

Abstract: Methods and systems for a configurable proxying application program interface (API) façade service. A method for using a proxying API façade service includes, for each proxying API façade, selecting exposed endpoint(s) associated with proxy subject API(s), each selected exposed endpoint corresponding to a mapped proxy endpoint in a proxying API façade, selecting one or more components, setting one or more rights and policies, storing one or more mapped proxy endpoints, the one or more components, and the one or more rights and policies as proxying API façade configuration data in an externalized configuration store, generating each proxying API façade by loading a corresponding proxying API façade configuration data from the externalized configuration store, and integrating a proxy client of each proxying API façade with a credential management server, the credential management server configured to authenticate access to a proxy subject API by a proxy client responsive to a client request.

Abstract: The present disclosure provides a method and apparatus for quickly pairing a dual-mode Bluetooth device. The method is applied to a master device, and includes: receiving, by the master device, Bluetooth identification information broadcast by a surrounding slave device; checking, by the master device, the Bluetooth identification information; and if the Bluetooth identification information is correct, performing, by the master device, Bluetooth pairing with the slave device. The method for quickly pairing a dual-mode Bluetooth device provided in the present disclosure simplifies a pairing operation and increases a pairing speed without increasing a cost. In addition, a pairing condition is not limited by a system version of a device, achieving high cost performance and strong applicability.

Abstract: Disclosed are various examples for dynamic application deployment in trusted code environments. In some embodiments, an application is identified for installation on a client device. The client device includes a security process that limits the client device to execute trusted code based on a trusted code policy. Characteristics of a file are identified from an installation package for a client application. A management agent is instructed to update the trusted code policy to whitelist the file by providing the characteristics of the executable file to the security process. A command to install the application is transmitted to the management agent, where the management agent is a trusted installer for the client device.

Abstract: The present disclosure relates to signal encoding and decoding, such as digital watermarking. One aspect of the technology relates a method of evaluating print quality of a test digital watermarking patch.

Abstract: An apparatus for checking the integrity of sensor-data streams (15) with a detection unit (1) having a sensor-data input. Individual sensor-data stream sections (11, 12, 13, 14) of a sensor-data stream (15) can also be checked for integrity independently of further processing in existing infrastructures (26), in particular in the case of transmission across a plurality of infrastructure nodes, with low resource consumption. The detection unit (1) comprises a control device (4), connected to the sensor-data input and to a hash tree memory (5), calculating and storing hash values on the basis of individual sensor-data stream sections (11, 12, 13, 14) and on the basis of subordinate hash values of the hash tree, and having a root hash output (19) outputting the most recently calculated root hash value.

Abstract: A first user device may be used to request provisioning of a secure credential on a second user device. A provisioning system may facilitate the provisioning in a manner that ensures security and privacy of the requesting parties. The provisioning requests may be made using an application on the first user device such as a third-party application or using a web application via a browser. The credential may be added to a digital wallet on the second user device. The credential may be useable by the second user device to perform one or more contactless transactions.

Abstract: Apparatuses, methods, and systems are disclosed for repeater configuration for initial access. An apparatus includes a transceiver that that receives an initial setup configuration from a base station of a mobile wireless communication network for establishing a forwarding link with a user equipment (“UE”) device, receives an initial access configuration from the base station, the initial access configuration comprising one or more configuration parameters that allow the UE to establish access to the mobile wireless communication network, and transmits feedback to the base station that indicates reception of one or more of the initial setup configuration and the initial access configuration.

Abstract: A method for providing online security may include: (1) receiving, by a validation computer program executed by a trusted entity backend for a trusted entity, a call from a web browser executed on a customer electronic device browsing a webpage for an online entity, the call comprising an online entity identifier for the online entity and a session identifier, wherein the webpage for the online entity may include a hidden <iframe> comprising code that causes the web browser to execute the call; (2) confirming, by the validation computer program, that a cookie for the trusted entity may be stored on the customer electronic device; and (3) returning, by the validation computer program, a first value indicating that the customer electronic device is known to the trusted entity or a second value indicating that the customer electronic device is not known to the trusted entity based on the confirmation.