Abstract: A system for enhanced public key infrastructure is provided. The system includes a computer device. The computer device is programmed to receive a digital certificate including a composite signature field including a plurality of signatures. The plurality of signatures include at least a first signature and a second signature. The computer device is also programmed to retrieve, from the digital certificate, a first key associated with the first signature from the digital certificate. The computer device is further programmed to retrieve the first signature from the composite signature field. In addition, the at least one computer device is programmed to validate the first signature using the first key.

Abstract: Aspects of the disclosure relate to a transmission logic for selecting an authorized signatory as a recipient for an electronic document for signature. The transmission logic forms a part of a communications platform. The platform, including a first electronic communications pathway and a second electronic communications pathway, conducts and supports communication between a first entity and a second entity. The logic may generate an electronic document together with a request for an electronic signature, flag the document and transmit the document along the first electronic communications pathway to an authorized signatory at the second entity. The logic may also select a signatory according to a predetermined protocol, determine the availability of the selected signatory, confirm the selection, and transmit the electronic document to the authorized signatory for signature. Upon notification of the electronic signature, the logic may transmit, along the second pathway, the document to the first entity.

Abstract: Methods, apparatuses, and computer programs products for connection parameter awareness in an authenticated link-layer network session are disclosed. A client sends, to a network access server (NAS), an initiation packet announcing the initiation of an authentication session. The client establishes an authenticated link-layer session with the NAS. The client receives, from the NAS, a network policy packet including a network policy defined by one or more connection parameters for the link-layer session. The client then enforces the network policy.

Abstract: An example operation may include one or more of receiving, from a blockchain peer node, a sequence of blocks stored in a hash-linked chain of blocks on a distributed ledger, where each block in the sequence of blocks includes a reduced-step hash of block content from a previous block in the sequence, performing an approximate hash verification on the reduced-step hashes stored among the sequence of blocks, and determining whether the sequence of blocks has been tampered with based on the approximate hash verification on the reduced-step hashes.

Abstract: Systems, apparatuses, methods, and computer program products are disclosed for authenticating handwriting on paper-based documents. An example method includes receiving, by an embedded chip device, handwriting information from a signature device in communication with the embedded chip device. The example method further includes transmitting, by the embedded chip device, document identification information to the signature device. The example method further includes receiving, by the embedded chip device, authentication information from the signature device. Subsequently, the example method includes storing, by the embedded chip device, the handwriting information and the authentication information as handwriting authentication metadata in association with the document identification information.

Abstract: A method for decrypting encrypted data/message whereby a computing device derives the prime numbers that are used to make up a public key by searching the decimals of the inverse of the quasi-prime number that is the public key. The computing devices designates a search range around a jump point of the decimals of the inverse of the public key and searches within the search range for prime numbers by testing them against the quasi-prime. When the prime numbers are found, the computing device then uses them to derive the private key and decrypt the data.

Abstract: Disclosed is a method of generating digital signature information comprising: receiving a message; computing a particular solution in which a result of calculating the particular solution in a public key becomes a function-processed output value predetermined in the received message; and generating digital signature information for the message using the computed particular solution, wherein the public key is computed using a ring having a dimension (d) represented by a power of 2 and an integer multiplication of 3 or more.

Abstract: Broadly speaking, the present technique provides methods, apparatuses and systems for performing a TLS/DTLS handshake process between machines in a manner that reduces the amount of data sent during the handshake process.

Abstract: A method for providing a digital product according to the present invention comprises the steps of: receiving a request to provide a digital product of a digital product providing server from a terminal of a user; obtaining a login server user identifier of the user for a unique application identifier by logging in to a login server using the unique application identifier; storing digital product providing information in a database in association with the login server user identifier on the basis of the request to provide the digital product of the digital product providing server; and transmitting the digital product providing information to the digital product providing server in association with the login server user identifier, thereby being able to conveniently provide the digital product by synchronizing a user account.

Abstract: A system, method, and computer-readable medium are disclosed for performing event risk score generation operation. The event risk score generation operation includes identifying an anomalous event from a plurality of events enacted by the entity; generating a first event risk severity score based upon the anomalous event; generating a second event risk severity score based upon a historical entity risk function, the historical entity risk function providing an indication of historical security risk of the entity; generating an entity risk severity score for the entity, the generating using the historical entity risk function and the event risk severity score; performing a risk-adaptive prevention operation, the risk-adaptive prevention operation using the entity risk severity score, the risk-adaptive prevention operation adaptively responding to mitigate risk associated with the anomalous event.

Abstract: The techniques described herein may provide an efficient and secure two-party distributed signing protocol for the identity-based signature scheme described in the IEEE P1363 standard. For example, in an embodiment, a method may comprise generating a distributed cryptographic key at a key generation center and a first other device and a second other device and generating a distributed cryptographic signature at the first other device using the second other device.

Abstract: A computer-implemented method for providing a secured updated kernel module of an electronic device, wherein the method comprises the following steps: inserting by a computer a chameleon hash of a kernel module, a kernel module private key of the kernel module and an updated kernel module of the kernel module in a chameleon hash collision function thereby obtaining a collision data, combining by the computer, the updated kernel module with the collision data obtaining thereby a secured updated kernel module. Additionally, it is further described a computer-implemented method for secure updating at least one kernel module of an electronic device, a system comprising a server and an electronic device, computer programs and a computer-readable medium.

Abstract: Systems and methods providing access control and data privacy/security with decentralized ledger technology are disclosed. To ensure data privacy the decryption or access to data by a non-data owner requires joint orchestration of decentralized system nodes to provide partial decryption components with n-of-x required to fulfill request. Data can be encrypted, and access control policy can be decided including required number of key fragments to fulfill decryption. Access control policies can be stored in the decentralized ledger based system. Key information can be stored in the system in a decentralized manner with partial key fragments encrypted and split among system nodes. An access request can be sent to the system to fetch a data file, without disclosing the requester's identity in the system. The decentralized ledger based system can verify a legitimate request to access the data and denies access to malicious or faulty participants.

Abstract: Example embodiments of systems and methods for data transmission system between transmitting and receiving devices are provided. In an embodiment, each of the transmitting and receiving devices can contain a master key. The transmitting device can generate a diversified key using the master key, protect a counter value and encrypt data prior to transmitting to the receiving device, which can generate the diversified key based on the master key and can decrypt the data and validate the protected counter value using the diversified key.

Abstract: Provided are an apparatus and method for forgery prevention of digital information. The apparatus for forgery prevention of digital information includes: a digital information obtaining unit configured to obtain digital information in real time; a seed value generator configured to generate a seed value carrying characteristics of the digital information obtained using the digital information obtaining unit; an information piece generator configured to divide the digital information obtained using the digital information obtaining unit, into continuous information pieces with a sequence; and a hash value generator configured to generate a hash value of a first information piece from the seed value and the first information piece and generate a hash value of a subsequent information piece by using a hash value of a previous information piece and the subsequent information piece as inputs.

Abstract: A system and method includes a blockchain operation stack which may control access to reading and writing operations for a blockchain. The blockchain operation stack may include a credential authority layer that may control permissions for profiles maintained by the credential authority layer. When the permissions are granted by the credential authority layer, a presentation layer may generate a display that may include information on the blockchain structure. Integrity outputs stored in a successor block may verify that a predecessor block has been rewritten and is valid. The presentation layer may provide tools to facilitate write layer operations to rewrite and append to the blockchain.

Abstract: A cryptographic method includes providing memory locations for storing encrypted data. The memory locations have respective addresses and are accessible via a communication bus. The method includes receiving over the communication bus access requests to the memory locations, wherein the access requests include burst requests for access to respective sets of the memory locations starting from respective start addresses, and calculating as a function of the start addresses encryption/decryption cryptographic masks based on cryptographic keys. Plain text data is received for encryption and the method includes applying the cryptographic masks to the plain text data to obtain therefrom encrypted data, and including the encrypted data into output data for transmission over the communication bus.

Abstract: Among other things, embodiments of the present disclosure are directed to providing authorization code management for published static applications. Other embodiments may be described and/or claimed.

Abstract: A computer-implemented method for submitting feedback for an entity to a blockchain is disclosed. The method, which is implemented at one of a plurality of participating nodes, includes: obtaining a first key, the first key being one of a fixed set of keys distributed to participating nodes that are eligible to submit feedback for the entity; generating first feedback (rj) of the entity for submission to the blockchain; encrypting the first feedback (rj) using at least the first key; and submitting the encrypted first feedback to a mixing service, the mixing service being configured to generate a mixed transaction based on the encrypted first feedback and at least one other encrypted feedback submission from one or more eligible participating nodes.

Abstract: A method for accessing a service supplied on a mobile terminal by an application server contributing to supplying the service. The method is implemented by the mobile terminal and includes: transmitting a request having a subscriber identifier of a subscriber of a subscription with a mobile operator, the subscriber identifier being based on a piece of information supplied by a security module of the mobile terminal, and inserted in the request without intervention of the user; receiving a response including an identification code relating to the subscriber identifier; transmitting an authentication request Including the identification code, the request being transmitted to an authentication server of the mobile operator; receiving an authentication response including an authentication code relating to the identification code; and transmitting a service access request including the authentication code to the application server.

Abstract: A method begins by a processing module of a dispersed storage network (DSN) receiving a signature contribution request and payload, logging the request and determining whether a timestamp for the request compares favorably to a timing template. When the timestamp for the request compares favorably to the timing template the method continues with the processing modules determining whether the request compares favorably to a functionality template and when it compares favorably to a functionality template retrieving a key share based on sharing function parameters and outputting a signature result. When the timestamp for the request does not compare favorably to the timing template or the request does not compare favorably to the functionality template the method continues with the processing module outputting a signature contribution request rejection message.

Abstract: According to one embodiment, a system receives, at a host system a public attestation key (PK_ATT) or a signed PK_ATT from a data processing (DP) accelerator over a bus. The system verifies the PK_ATT using a public root key (PK_RK) associated with the DP accelerator. In response to successfully verifying the PK_ATT, the system transmits a kernel identifier (ID) to the DP accelerator to request attesting a kernel object stored in the DP accelerator. In response to the system receives a kernel digest or a signed kernel digest corresponding to the kernel object from the DP accelerator, verifying the kernel digest using the PK_ATT. The system sends the verification results to the DP accelerator for the DP accelerator to access the kernel object based on the verification results.

Abstract: A data source device (“device”) can generate a plurality of data segments, each of which can include data that is owned by a specific entity. The device can calculate and store a hash for each data segment of the plurality of data segments as part of a message footer of a data message. The device can calculate and store a further hash that includes a combination of the plurality of data segments and the hashes for the plurality of data segments as part of the message footer. The device can encrypt each data segment to create a plurality of encrypted data segments. The device can assemble the data message to include the plurality of encrypted data segments and the message footer. The device can send the data message to a gateway for further processing.

Abstract: Certain embodiments of the disclosure relate to an electronic device for authenticating a user by using user's biometric information, and an operating method thereof.

Abstract: An encrypted communication is correctly decrypted even when key exchange completion notification is delayed. A key storage (10) stores at least one common key which is shared with another encrypted communication device. A key selecting unit (11) selects an encryption key from the at least one common key stored in the key storage (10). An encrypting unit (12) generates encrypted data by encrypting, by using the encryption key, data to be transmitted to the other encrypted communication device. A transmitting unit (13) transmits, to the other encrypted communication device, the encrypted data with a key index, by which the encryption key is uniquely identified, added thereto. A receiving unit (14) receives the encrypted data with the key index added thereto from the other encrypted communication device. A key obtaining unit (15) obtains, from the at least one common key stored in the key storage (10), a decryption key corresponding to the key index added to the encrypted data.

Abstract: An emergency token for one-time, highly restricted, access to an arbitrary WiFi network, while maintaining full network security and integrity, is disclosed. When an IoT medical device (IMD) detects failure in the IMD, or detects the patient having a medical emergency, IMD detects local active WiFi networks, and attempts connecting to a monitoring center through one of the networks. If the network is password protected, the connection may fail. The IMD retries the connection request using factory-installed one-time use token that is only for emergency calls only. If successful, the IMD sends an emergency message to the monitoring center, which dispatches emergency responder to the location of the IMD. Monitoring center invalidates the token with the central on-line token registrar when both the IMD and the monitoring center acknowledges that the notification is successful. A person having the proper security authorization can install a new one-time use token.

Abstract: A biometric authentication method causes a processor of a biometric authentication device to execute a process. The process may include: receiving user identification information and sensor type information from a terminal; confirming whether or not the received sensor type information has a predetermined relationship with a registered sensor type information corresponding to the received user identification that is among sensor type information of biometric sensors that have acquired biometric data registered for respective user identification information; and controlling, based on the confirmed sensor type information having the predetermined relationship, the issuance of a password to be used to re-register biometric data.

Abstract: A server system receives a digital media asset captured by a media capture device along with a dataset associated with the digital media asset. The server system generates a modified digital media asset by overlaying or embedding a glyph that encodes information pointing to the network location of the information page onto the digital media asset. A requesting device scans the glyph from the modified digital media asset and decodes from the glyph the information pointing to the network location. The information includes a certification that the digital media and the dataset associated with the digital media asset are unaltered. The requesting device may transmit communications to the server system to indicate approval or disapproval of the digital media asset, or to edit the digital media asset. The server system receives the communication and may modify the information to reflect comments, approvals, disapprovals, or edits.

Abstract: A method secures a system that includes an application owner, a master application, and a plurality secure platforms. The master application receives from the application owner an application and an input. The application computes a function to calculate an output from the input. The master application deploys replicas of the application on a number of the secure platforms. The master application establishes a secure channel with each of the replicas, and sends at least a portion of the input to the replicas. The master application receives a result calculated by each of the replicas. The result is determined according to the function and the at least the portion of input. The master application determines the output based on the result received from each of the replicas; and sends to the application owner, the output.

Abstract: A system for defending a network against one or more cyber-threats. The system can include a network bus that includes a first node and a second node, such that network traffic flows from the first node to the second node. The system can include an intrusion defense unit connected to the network bus, such that network traffic between the first node and the second node passes through the intrusion defense unit, wherein when a potential cyber-threat is detected in the network traffic, the intrusion defense unit is configured to engage an associated switch to filter the network traffic until the cyber-threat is neutralized.

Abstract: A plurality of communicatively coupled, networked assets may be threatened or attacked by a cybersecurity attack. The operational resiliency of the computer network determines whether the cybersecurity attack leads to a shutdown of one or more assets, or even the entire computer network. Machines and processes are disclosed to improve operational cybersecurity resiliency of software on the computer network. Machine learning is used to identify potential vulnerabilities from a vulnerability database. Chaos stress testing using a machine learning algorithm can be performed on software to exploit the vulnerabilities. A blast radius can be set to minimize any potential negative side effects of the testing. Software can be remediated to account for responses to the testing by reconfiguring to prevent exploitation of the vulnerabilities. A financial impact of the exploited vulnerabilities can be calculated and reports can be generated.

Abstract: The present invention is a method for authenticating a voter and casting their vote comprising: receiving, a voter's identification information, wherein the identification information is associated with a voter's account, processing, the voter's identification information in relation to governing bodies requirements for a voter's eligibility, encrypting, a portion of the voter's identification information and storing the encrypted portion of the voter's identification information and the remaining portion of non-encrypted voter's identification information in a block of a blockchain, receiving, a request from the voter account to cast a vote, accessing, the voter's account, receiving, a vote from the voter's account, wherein the vote is accompanied by a signature of the voter account, and indexing, a first portion of the vote data in a block in an encrypted format, and a second portion of the vote data in a block in a non-encrypted format in the block chain.

Abstract: A Secure, Reliable, and Decentralized Communication (“SRDC”) system may initialize primary and auxiliary processes associated with a mobile application, including creation of an Obfuscated Symmetric Primary Key (“OSPK”) and an Obfuscated Symmetric Auxiliary Key (“OSAK”). A cipher key manager may apply a two-way function f( ) to generate two subkeys: SPAK1 (designated (SPAK)primary) and SPAK2 (designated (SPAK)auxiliary). (SPAK)auxiliary may be encrypted using (SPAK)primary to obtain (E-SPAK)auxiliary. OSAK may be de-obfuscated to obtain Symmetric Auxiliary Key (“SAK”) and (E-SPAK)auxiliary may be encrypted using SAK to obtain (EE-SPAK)auxiliary. A key obfuscator may be called to de-obfuscate OSPK to obtain Symmetric Primary Key (“SPK”). (SPAK)primary may then be encrypted using SPK to obtain (E-SPAK)primary. The SRDC system may communicate with a CP mobile service and store (E-SPAK)primary in a storage service.

Abstract: A system and method for generating personalized multimedia content element clusters. The method includes determining, based on at least one interest, at least one personalized concept, wherein each personalized concept represents one of the at least one user interest; obtaining at least one multimedia content element related to a user; generating at least one signature for the at least one multimedia content element, each generated signature representing at least a portion of the at least one multimedia content element; determining, based on the generated at least one signature, at least one multimedia content element cluster, wherein each cluster includes a plurality of multimedia content elements sharing a common concept of the at least one personalized concept; and creating at least one personalized multimedia content element cluster by adding, to each determined cluster, at least one of the at least one multimedia content element sharing the common concept of the cluster.

Abstract: A system and method for secure and intuitive payment transactions at an ecommerce merchant website with a client device. The system has a trusted platform that hosts a Mediator site and Manifest database that includes a plurality of Manifest files. Each Manifest file includes a unique identifier and mapped payor information for a payment entity. The platform uses the Manifest to validate trusted payment entities and provide the Mediator site. The Mediator site generates cookies with payor information from the Manifest files, which are transmitted stored on user devices. These cookies are employed to facilitate trusted and intuitive transactions at merchant websites using dynamic interface objects presented on the user's client device interface.

Abstract: A public key architecture (160) includes a dual certificate hierarchy which facilitates two independent authentication functions. One of the authentication functions authenticates an authentication device (164) to a verification device (166). The other authentication function authenticates a configuration device (162) to the authentication device (164). In some embodiments, the authentication process uses a lightweight certificate formed in conjunction with a lightweight signature scheme (370).

Abstract: A method of performing out-of-band user authentication includes, by a service electronic device associated with a service a request to initiate a session of the service, generating an authentication token, encrypting the authentication token to generate an encrypted authentication token, and transmitting the encrypted authentication token to the electronic device.

Abstract: Various embodiments relate to a method of receiving an original message, share-holder list, and threshold amount. The original message is tokenized resulting in a tokenized message. A plurality of shares are generated from the tokenized message using a message sharing algorithm of a secret sharing scheme. Each of the plurality of shares is signcrypted using a public key and a private key associated with the shared secret provider computing system and a public key of a respective one of the share-holders included in the share-holders list, resulting in a plurality of signcrypted shares. The plurality of signcrypted shares is distributed to the respective ones of the share-holders according to the public key used to signcrypt the respective signcrypted share. The authenticity and data integrity of each of the plurality of signcrypted shares can be determined by using the public key associated and a public/private key pair associated with the share-holder.

Abstract: An encryption/decryption system to provide a means for user authentication and document authentication using face biometrics. The encryption/decryption system comprises a key storage means for storing a plurality of keys, a face authentication means for determining whether a prospective user of a key in the plurality of keys is the associated user of the key, an encryption/decryption means for encrypting and decrypting data using the plurality of keys when the face authentication means authenticates the prospective user, and a document authentication means that authenticates the user for access to their plurality of keys to digitally sign a document and display the users face used to authenticate access to their plurality of keys in or associated with the document acting as a witness to the signing of the document.

Abstract: A method for verifying proof of assertion of a value using a hash-oriented transaction scheme includes: receiving a confirmation request; identifying a confirmation message, wherein the confirmation message includes at least one or more chain values and is one of: included in the confirmation request or stored in a block included in a blockchain and identified using a reference identifier included in the confirmation request; identifying a declaration message, wherein the declaration message includes at least an asserted value and an identity hash value; generating a check hash value by hashing at least the asserted value and the one or more chain values; verifying the check hash value using the identity hash value; and transmitting a result of the verification of the check hash value in response to the received confirmation request.

Abstract: Image-based machine learning approaches are used to classify audio data, such as speech data as authentic or otherwise. For example, audio data can be obtained and a visual representation of the audio data can be generated. The visual representation can include, for example, an image such as a spectrogram or other visual or electronic representation of the audio data. Before processing the image, the audio data and/or image may undergo various preprocessing techniques. Thereafter, the image representation of the audio data can be analyzed using a trained model to classify the audio data as authentic or otherwise.

Abstract: Provided are a method of processing payment based on a blockchain, which is performed by a payment service providing server.

Abstract: A system and a method are provided for a parameter update. In an embodiment, the method includes obtaining, by a first entity, a function and parameter data from a second entity; selecting data samples provided by the first entities; providing a plurality of mutually isolated computing instances; assigning and providing the selected data samples to the computing instances; calculating, within each computing instance, results of the function; calculating averages over the results; determining whether the function fulfils a security criterion, and, if so: providing the calculated average for the gradient of the loss function and/or the calculated average of the output value and/or updated parameter data to the second entity.

Abstract: This document describes a system and method for generating a common session key for encoding digital communications between devices. In particular, the system allows two devices to verify the veracity of each device before these authenticated devices proceed to generate a common session key that is then utilized to encode digital communications between these two devices.

Abstract: A communication device of a communication network receives, via a network, a challenge, generates a first Diffie Hellman, DH, parameter, a first verification code for the first DH parameter, forwards the challenge or a derivative thereof to an identity module, receives at least one result parameter as response from the identity module, determines, based on the result parameter, whether the first DH parameter is authentic, and if the first DH parameter is authentic, generates and sends a second DH parameter to the network device for session key generation based on the first DH parameter and the second DH parameter.

Abstract: In daily business life, the personal signature on paper is being increasingly superseded by electronic signatures. In this situation, however, the problem of authentication of the signature exists. Since a signature card, for example, can also be used by a third party, it cannot be reliably determined with it that a signature in question also really originated from the alleged signer. Likewise, it cannot be assured that manipulations of the documents or signatures will not be performed at a later time. The present invention therefore proposes saving documents in a database and also verifying, via signatures files, signatures affixed in connection with the document. The signature files for this purpose are generated on the basis of a certificate of the signer and likewise stored in the online archive, wherein a fingerprint is created both for the signature file as such and also for its link to the document. In the case of a manipulation of even only one of the three components, the signature becomes invalid.

Abstract: Revocable biometric-based keys for digital signing are provided by, in part, generating a revocable public key at a secure device and transmitting the public key to a registration system for registration to facilitate linking the public key to the secure device user's identity for use in accessing a protected resource. Generating the revocable public key may include generating a salt, storing the salt on the secure device, and temporarily obtaining, by the secure device, biometric data of the user of the secure device. The biometric data is obtained from user biometrics, and the temporarily obtaining is absent storing the biometric data in persistent storage. A public and private key pair is generated at the secure device based, at least in part, on the stored salt and the user's temporarily obtained biometric data.

Abstract: A computer system utilizes a dataset to support a research study. One or more regions of interestingness are determined within a model of a first set of data records that are authorized for the research study by associated entities. A second set of data records is represented within the model, wherein the second set of data records are relevant for supporting objectives of the research study after de-identification. Records from the second dataset that are particularly useful for supporting objectives of the research study are identified, and authorization is requested from the corresponding entities of the identified data records from the second set of data records. After receiving authorization, those records are included with the first set to generate a resulting dataset. Embodiments of the present invention further include a method and program product for processing requests for health information in substantially the same manner described above.

Abstract: Provided are a method of updating firmware of a device, a device, and a mobile system including the device. The method includes: receiving, from a host, a first hash value and a signature, the first hash value corresponding to a firmware image at the host; performing a pre-verify operation for at least one of integrity verification and signature certification on the firmware image using the received first hash value and the received signature; receiving the firmware image from the host according to a result of the pre-verify operation; and obtaining a second hash value from the received firmware image to perform a post-verify operation for at least one of integrity verification and signature certification on the received firmware image.

Abstract: Described is a system for anonymous job allocation and majority voting in a cloud computing environment. The system broadcasts a job to physical nodes, each of the physical nodes having a control operations plane (COP) node and one or more service nodes associated with the COP node. A set of redundant job assignments is distributed to individual COP nodes pursuant to a private job assignment schedule, such that each individual COP node is only aware of its own assignment and corresponding job. The service nodes execute the job assigned to the COP nodes such that the service nodes each complete a task associated with the job and forward an individual result to their associated COP node. A privacy-preserving result checking protocol is performed amongst the COP nodes such that secret shares of a majority result are obtained and the majority result is provided to a client.