Abstract: Systems and methods for a client-server system including a client and a runtime server to provide extended management services utilizing declarative service management plugins. The client may transmit client service data associated with a set of extension declarations of a service plugin package using a client service plugin. The runtime server may add the set of extension declarations to the first set of the management services. The runtime server may receive the client service data from the client. The runtime server may provide a management service of a set of management services for the client that may be based on the client service data and a subset of the set of extension declarations corresponding to the first management service. The first subset of the set of extension declarations may specify how the first management service is provided to the client.

Abstract: Systems, apparatuses, methods, and computer program products are disclosed for authenticating handwriting on paper-based documents. An example method includes receiving, by an embedded chip device, signature information from a signature device in communication with the embedded chip device. The example method further includes transmitting, by the embedded chip device, document identification information to the signature device. The example method further includes receiving, by the embedded chip device, authentication information from the signature device. Subsequently, the example method includes storing, by the embedded chip device, the signature information and the authentication information as signature authentication metadata in association with the document identification information.

Abstract: A controller and a device generate a shared key by performing mutual authentication using a public key certificate of the controller and a public key certificate of the device. The controller and the device set an expiry for the shared key to one of the expiry of the public key certificate of the controller and the expiry of the public key certificate of the device. The controller and the device perform the mutual authentication using neither the public key certificate of the controller nor the public key certificate of the device, but the shared key, if the expiry set for the shared key has not passed.

Abstract: Example embodiments of systems and methods for data transmission system between transmitting and receiving devices are provided. In an embodiment, each of the transmitting and receiving devices can contain a master key. The transmitting device can generate a diversified key using the master key, protect a counter value and encrypt data prior to transmitting to the receiving device, which can generate the diversified key based on the master key and can decrypt the data and validate the protected counter value using the diversified key.

Abstract: A system that includes a first network node configured to store a first ledger, a second network node configured to store a second ledger, and a third network node. The third network node includes a transformation engine configured to obtain a plurality of enriched shares from at least one ledger using an index identifying enriched shares linked with a data entry. The number of obtained enriched shares is at least a threshold value corresponding to the number of enriched shares needed to determine the data entry. The transformation engine configured to remove enriched data from the plurality of enriched shares to generate a plurality of shares and perform polynomial interpolation using the plurality of shares to determine the result of the polynomial interpolation at zero. The result of the polynomial interpolation at zero is equal to the data entry.

Abstract: Systems and methods for controlling access to digital works are described herein, e.g., including receiving a request for a digital work from a requestor; retrieving the digital work from a repository; incorporating a digital signature throughout the digital work specific to a device, wherein the incorporated digital signature includes information identifying the device having the ability to access to the digital work; providing the identified device with a device key associated with the device; encrypting the digital work, wherein the digital work is decryptable using the device key and the identified device; and providing the requestor with the encrypted digital work.

Abstract: Utilizing error correction (ECC) for secure secret sharing includes computing an encrypted key using a key and a number of random values, computing, based on a first ECC scheme, a key ECC for the encrypted key and the random values, and storing a number of key fragments on a number of storage servers, the number of key fragments includes the encrypted key, the random values, and the key ECC.

Abstract: A system and method for enriching a concept database with homogenous concepts. The method includes determining, based on signatures of a first multimedia content element (MMCE) and signatures of a plurality of existing concepts in the concept database, at least one first concept; generating a reduced representation of the first MMCE, wherein the reduced representation excludes the signatures of the first MMCE that match the at least one first concept; comparing the reduced representation to signatures representing a plurality of second MMCEs to select a first plurality of top matching second MMCEs; generating, based on the reduced representation and the first plurality of top matching second MMCEs, at least one second concept; determining, for each second concept, whether the second concept is a homogenous concept, wherein each homogenous concept uniquely represents the same content; and adding each homogenous concept to the concept database.

Abstract: A method for a terminal performing communication using a TDD frame in a wireless communication system may comprise the steps of: receiving a synchronization signal (SS) from one symbol of a first subframe of a TDD frame; and transmitting uplink control information via an uplink control zone comprising at least one last symbol in the first subframe.

Abstract: There is described a validation and authentication system and method for authenticating and validating messages. The system comprises a data store storing one or more digital fingerprints associated with user imaging devices. There is also a communication module configured to: receive a message M; receive a request for validation and authentication and receive an image PM of the message M captured using a user imaging device. The system comprises an image validation module for analysing the received image PM using one or more image processing techniques to determine if the image is valid and authentic. If the received image PM is determined to be authentic and valid, the image validation module generates a response to the request.

Abstract: Representative embodiments of secure authentication to a resource in accordance with a predefined, electronically stored quorum-based authentication policy include causing electronic interaction among multiple devices that constitute a quorum in accordance with the policy, computationally determining whether the interaction satisfies the policy, and if so, electronically according access to the resource to one or more individuals associated with the interacting device(s).

Abstract: Image-based machine learning approaches are used to classify audio data, such as speech data as authentic or otherwise. For example, audio data can be obtained and a visual representation of the audio data can be generated. The visual representation can include, for example, an image such as a spectrogram or other visual or electronic representation of the audio data. Before processing the image, the audio data and/or image may undergo various preprocessing techniques. Thereafter, the image representation of the audio data can be analyzed using a trained model to classify the audio data as authentic or otherwise.

Abstract: Various embodiments relate to a method of receiving an original message, share-holder list, and threshold amount. The original message is tokenized resulting in a tokenized message. A plurality of shares are generated from the tokenized message using a message sharing algorithm of a secret sharing scheme. Each of the plurality of shares is signcrypted using a public key and a private key associated with the shared secret provider computing system and a public key of a respective one of the share-holders included in the share-holders list, resulting in a plurality of signcrypted shares. The plurality of signcrypted shares is distributed to the respective ones of the share-holders according to the public key used to signcrypt the respective signcrypted share. The authenticity and data integrity of each of the plurality of signcrypted shares can be determined by using the public key associated and a public/private key pair associated with the share-holder.

Abstract: In one implementation, a system calculating a product risk profile includes a criticality score engine to calculate a criticality score via an aggregation of values assigned to a plurality of descriptions of a component of a product criticality. In addition, the system includes a vulnerability score engine to calculate a vulnerability score via an aggregation of a quantity of security risks found during a security assessment for the product. In addition, the system includes a product risk profile engine to calculate a product risk profile for the product via a multiplication of the criticality score and the vulnerability score.

Abstract: The claimed invention discloses a system for securing a cryptographic key, comprising multiple computerized nodes, each of them is configured to store a public key and a share of the cryptographic key and configured to encrypt the share of the cryptographic key stored in the computerized node and to generate a zero-knowledge proof using a set of predefined instructions. The system also comprises a processing module electrically coupled to the multiple computerized nodes, configured to transmit a request to each of the nodes for encrypted backup of each share and a zero-knowledge proof, said zero-knowledge proof enables the processing module to verify that the encrypted backup share is valid without revealing the encrypted backup. The processing module then receives the encrypted backup of each share of the cryptographic key from the multiple computerized nodes and computes a predefined equation to validate correctness of each of the encrypted backup of each share of the cryptographic key.

Abstract: An administration machine for a digital escrow server stores integer values each corresponding to a machine of a group of administration machines. An initialization function calls a polynomial function, unique to the administration machine, of a degree less than or equal to the number of administration machines, with each integer value, in order to obtain first secret values. The function constructs a message including, for each administration machine, the first secret value corresponding to the integer value of said machine. In response to a message having, for each administration machine, a second secret value obtained on calling the polynomial function of said machine on the integer value of the administration machine, the function constructs a resulting secret value from the first and second secret values. An overlay function processes a digital escrow using the resulting secret value unique to the administration machine and resulting secret values unique to similar administration machines.

Abstract: A method, apparatus, and computer program product for improved pseudo-random number generation are provided. An example method includes receiving, by a computing device, a request for a pseudo-random number, selecting, by randomization circuitry of the computing device, a first attribute from a biometric attribute dataset, and obtaining a first value for the first attribute. The method further includes selecting, by the randomization circuitry, a second attribute, and obtaining a second value for the second attribute. The method includes convoluting, by convolution circuitry, the first value with the second value to generate the pseudo-random number.

Abstract: A method for generating a secure nonce using a one-time programmable (OTP) memory within an integrated circuit to provide persistence, the method including randomly selecting k currently-unprogrammed bits in the OTP memory, creating a data set using data derived from current contents of the OTP memory altered by changing the states of the k currently-unprogrammed bits of the OTP memory, and employing as the secure nonce the data set or data derived from the data set. The selected k bits are programmed in the OTP memory.

Abstract: A method begins by a processing module of a dispersed storage network (DSN) generating a signed registry information packet, dispersed storage error encoding the signed registry information packet to produce a set of encoded registry information slices, and generating a set of signed encoded registry information slice packets for storage in storage units of the DSN. The method continues with the processing module retrieving a decode threshold number of signed encoded registry information slice packets. For each of the decode threshold number of signed encoded registry information slice packets, the method continues with the processing module recovering an encoded registry information slice.

Abstract: A method is presented for secure communication, the method including generating a signature using a private key, a nonce, and at least one of an identifier and a key component; and transmitting the signature, the nonce, a security parameter, and the at least one of the identifier and the key component, wherein the security parameter associates a user identity with a public key, the public key being associated with the private key.

Abstract: Method for authenticating a user, comprising the steps of a) providing a central server (101), in communication with at least two authentication service providers (110,120,130) and at least one user service provider (150); b) associating each authentication service provider with at least one respective available level of authentication; c) receiving a request from the user service provider to authenticate a particular user accessing the user service provider via an electronic device (170,180); d) identifying a minimum level of authentication; e) the central server identifying a selected one (110) of said authentication service providers; f) either providing user credential data directly to the selected authentication service provider, without said user credential data being supplied to the central server, or determining that the selected authentication service provider has an active authentication session for the particular user; and g) causing the selected authentication service provider to authenticate the

Abstract: Systems and methods for preventing fraud are disclosed. The system includes, for example, a front end device that is operatively coupled to a back end device. The front end device is configured to generate a first dynamic device identification based on dynamic device characteristics of the front end device. The back end device is configured to generate a second dynamic device identification based on the dynamic device characteristics of the front end device to authenticate the front end device. The front end device can also authenticate itself through an Internet of Things (IoT) device that has a trusted connection to the back end device.

Abstract: Embodiments of the present application relate to a method and system for determining whether a terminal logging into a website is a mobile terminal. The method includes receiving a login request to access a website from a terminal, generating a first token, sending information including a redirect script to the terminal, the redirect script configured to cause the terminal to execute the redirect script and to access an activation link, receiving a verification request from the terminal, determining whether the version of the first token included in the verification request is valid relative to the generated first token, sending an indication that the first token is valid to the terminal, receiving an access request, the access request including the second token, determining whether the second token is valid, and determining whether the terminal is a mobile terminal according to whether the second token is valid.

Abstract: A method for distributed trust authentication of one or more users attempting to access one or more service providers operating on a network includes performing primary authentication of a user using a first authentication factor, generating a first partial digital signature for a first authentication response to the primary authentication, performing secondary authentication of the user using a second authentication factor, generating a second partial digital signature for the second authentication response to the secondary authentication, combining the first and second partial digital signatures to form a composite digital signature, and validating the composite digital signature.

Abstract: The present technology relates to a data processing device and a data processing method capable of performing appropriate stream processing. An input stream is split into a split stream for each of a plurality of channels. A stream to be generated includes the split stream, and signature information unique for each of the input streams containing the split stream, or includes the split stream, the signature information, and location information about a transmission frequency band of a split stream constituting the input stream and different from the split stream included in the generated stream. The present technology is applicable to a channel bonding (CB) technology which splits an input stream into streams of a plurality of channels and transmits the split streams, for example.

Abstract: Online retailers may operate one or more services configured to detect requests generated by automated agents. A CAPTCHA may be transmitted in response to requests generated by automated agents. The CAPTCHAs may be included in a modal pop-up box configured to be displayed by a client application displaying a webpage to a customer of the online retailer. Automated agents receiving the CAPTCHAs may not be blocked or otherwise restricted from the resources requested and therefore may not be configured to interact with the CAPTCHAs contained in the modal pop-up box.

Abstract: A system for continuous authentication of internet of things (IoT) devices in a communication network utilizes lightweight authentication for a sequence of message transmissions in a specific time-frame. A claimer device and a verifier device are in communication with the network. The claimer is configured to define a time frame and a time flag for an authentication session for a predetermined maximum number of messages, generate a time-bound share from a secret key, calculate a share authenticator for the share, combine a claimer identity (ID), a verifier ID, a message payload, the share, the share authenticator, a time flag, a timestamp, and message authenticator into a message, and send the message to the verifier within the time period. The verifier is configured to receive the message from the claimer, verify the message freshness, verify authenticity of the time flag and timestamp, and reveal and check the authenticity of the share.

Abstract: There is provided a method of authenticating data, comprising the following elements. Firstly, a voice biometric system is trained to identify a user from a message spoken by the user. Then a spoken message is received from the user, the spoken message comprising word content to be authenticated. The word content is then authenticated by using the voice biometric system to identify the user, and thereby authenticating the word content in the spoken message as word content spoken by the identified user. Suitable apparatus and systems are also disclosed.

Abstract: Documents that have been compromised by malware are detected and recovered. A hash of a portion of a file of a document is generated. An identifier of the file includes a signature that is embedded in the file, with the identifier including the hash of the portion of the file and other file information, such as a pathname of the file. A list that includes the identifier of the file is consulted before generating a backup copy of the file. The file is restored from the backup copy of the file in response to detecting that the file has been encrypted.

Abstract: A method for distributed trust authentication of one or more users attempting to access one or more service providers operating on a network includes performing primary authentication of a user using a first authentication factor, generating a first partial digital signature for a first authentication response to the primary authentication, performing secondary authentication of the user using a second authentication factor, generating a second partial digital signature for the second authentication response to the secondary authentication, combining the first and second partial digital signatures to form a composite digital signature, and validating the composite digital signature.

Abstract: A method is provided to share a content stored on a secured server. The content is associated to a first electronic device and encrypted using a public key of the first electronic device. The secured server stores a first re-encryption key from the first electronic device to a second electronic device. The method is implemented by the secured server and includes the steps of determining association of the content with the second electronic device, re-encrypting the content using the first re-encryption key, sending the content to the second electronic device for encryption using a second device public key and storing the encrypted content received from the second electronic device in association with the second electronic device.

Abstract: The present invention relates to a method for accessing service/data of a first network from a second network for service/data access via the second network, comprising the steps of a) Pairing of a user device with the first network, b) Attaching the user device to the second network, c) Authenticating the user device with the second network, d) Providing connectivity information for services/data of the first network to the second network, e) Providing available services/data information by the first network to the second network, f) Accessing a service and/or data of the first network by the second network. The present invention relates also to a system for accessing service/data of a first network from a second network for service/data access via the second network.

Abstract: A method for distributed trust authentication of one or more users attempting to access one or more service providers operating on a network includes performing primary authentication of a user using a first authentication factor, generating a first partial digital signature for a first authentication response to the primary authentication, performing secondary authentication of the user using a second authentication factor, generating a second partial digital signature for the second authentication response to the secondary authentication, combining the first and second partial digital signatures to form a composite digital signature, and validating the composite digital signature.

Abstract: A user credential comprising a user password and a one-time password (OTP) may be provided to access a computing system. The user password is authenticated and the network connection status of the computing system is determined. If the computing system is offline, the user password and the OTP are stored in memory and the user is granted a first level of access to the computing system. Upon detecting that the network connection status of the computing system has changed to online, the user password and the OTP are provided to an authentication server for authentication. If the authentication of the user password and the OTP is successful, the user is granted a second level of access to the computing system, the second level of access being higher than the first level of access.

Abstract: A server is configured to communicate with a group of clients over a network in one embodiment. The server maps the group of clients into a plurality of subgroups of bounded size, communicates to a given one of the clients information identifying the particular subgroup to which that client belongs as well as the other clients in that subgroup. The given client utilizes the communicated information to generate a ring signature over the corresponding subgroup of clients based on the communicated information. The subgroup size may be bounded to a minimum size and a maximum size in accordance with a variable privacy parameter. The server can increase or decrease the value of the parameter in order to provide respective increased or decreased privacy to the clients, by making it respectively more or less difficult to determine which client in a corresponding one of the subgroups produced the received ring signature.

Abstract: A method for distributed trust authentication of one or more users attempting to access one or more service providers operating on a network includes performing primary authentication of a user using a first authentication factor, generating a first partial digital signature for a first authentication response to the primary authentication, performing secondary authentication of the user using a second authentication factor, generating a second partial digital signature for the second authentication response to the secondary authentication, combining the first and second partial digital signatures to form a composite digital signature, and validating the composite digital signature.

Abstract: Apparatus and method for providing unique device identification values for a network accessible device. In accordance with some embodiments, a unique device identifier value is generated in response to a data exchange operation with a network accessible device. The identifier value is subsequently transmitted by the device as a unique device identifier value in conjunction with the transmitting of a request for a subsequent data exchange operation with the device.

Abstract: A disclosed example involves managing power states, signing a suspend-to-RAM (STR) data structure by: generating a header key, a scatter/gather table key and a dynamic random access memory (DRAM) key using a root key generated by the secure processor. Generating a header signature using the header key, the header signature based on a table header and a random or pseudo-random value. Generating a scatter/gather table signature using the scatter/gather table key, the scatter/gather table signature based on a scatter/gather table header and a random or pseudo-random value. Generating a DRAM signature using the DRAM key and a value from a region of DRAM. Storing the header signature, the scatter/gather table signature and the DRAM signature in the STR data structure. Resume the processor system from the low-power mode when the data structure is valid based on a comparison of a first signature and a second signature.

Abstract: A method and apparatus are provided for verifying authenticity of a data acquisition peripheral to be used, which has at least one identifier. The method includes: receiving the identifier by means of an authentication server, verifying, by the authentication server, an association of the identifier with a referenced authentic peripheral, delivering a decision of identification; and transmission, by the server, of the decision of identification.

Abstract: Described is a system for proactively secure multi-party computation (MPC). Secret shares representing data are constructed to perform computations between a plurality of parties modeled as probabilistic polynomial-time interactive turing machines. A number of rounds of communication where the plurality of parties jointly compute on the secret shares is specified. Additionally, a threshold of a number of the plurality of parties that can be corrupted by an adversary is specified. The secret shares are periodicially refreshed and reshared among the plurality of parties before and after computations in each of the rounds of communication. The data the secret shares represent is proactively secured.

Abstract: Innovations in the area of hardware-protected digital rights management (“DRM”) systems are presented. For example, a hardware-protected DRM system includes a trusted layer and untrusted layer. In the untrusted layer, a control module receives source media data that includes encrypted media data. The control module processes metadata about the media data. The metadata, possibly exposed by a module in the trusted layer, is not opaque within the untrusted layer. In the trusted layer, using key data, a module decrypts encrypted media data, which can be the encrypted media data from the source media data or a transcripted version thereof. A module in the trusted layer decodes the decrypted media data. A host decoder in the untrusted layer uses the metadata to manage at least some aspects of the decoding, rendering and display in the trusted layer, without exposure of decrypted media data or key data within the untrusted layer.

Abstract: Facilitating single sign-on (SSO) across multiple browser instances such that user authentication at one browser instance is used as a basis to permit access to protected resources (hosted on server systems) from other browser instances. In an embodiment, the different browser instances are executing on different client systems. An authentication server may maintain a registration data indicating the different client systems/browser instances registered by a user for SSO feature. After a user is authenticated for a first session from one browser instance, the authentication server enables the user to access any protected resource from registered client systems/browser instances without requiring further authentication (based on the presence of the authenticated first session).

Abstract: A content providing method of an electronic apparatus communicably connected with an external apparatus is provided. The method includes receiving a command for transferring content to the external apparatus; checking whether the content includes information indicating that the content is transferable to the external apparatus, the information being set by determining, based on a meta data included in the content, whether a predetermined condition is satisfied; and transferring the content, based on the checked information, to the external apparatus.

Abstract: The present invention provides a seamless entry system that comprises a universal session manager. Users connect to the host service provider with a unique username and password. Then, through a series of data exchanges between the universal session manager, a validation database, and the remote service module, the customer may be transparently logged into remote service providers. Internet banking customers utilize a browser system to connect to a host server providing a range of banking services supported by a remote or distinct server. According to the method, the customer first enters a username and password to gain access to the host service provider. The universal session manager transmits data required for login to the remote service provider. The user is thus able to utilize the remote services with his/her web browser system without having entered a username or password particular to the remote service.

Abstract: The invention provides for a telecommunication method of securely exchanging unencrypted data between a telecommunications device and a first server computer system via a digital cellular wireless telecommunications network, wherein the telecommunications device is a battery powered mobile end user telecommunications device, wherein the method comprises the steps of: encrypting the unencrypted data using a first encryption algorithm into first encrypted data, sending the first encrypted data to a second server computer system via a first network connection of the digital cellular wireless telecommunications network, storing the first encrypted data by the second server computer system, sending an order request to the first server computer system via a second network connection of the digital cellular wireless telecommunications network by the telecommunications device, sending a data publishing request to the second server computer system, generating a cryptographic key pair, sending the first encrypted data,

Abstract: A method for verifying the security of a device for generating private and public cryptographic keys. Such a method includes generating at least one pair of private and public cryptographic keys by the device from at least one random variable coming from a random-variable generator; transmitting at least one constituent element of a generated private or public key to at least one device for verifying; and determining a level of security of the device from the at least one transmitted element, as a function of pieces of information stored by the device for verifying.

Abstract: In a secret sharing process based on an improved threshold scheme, secret data is shared as shared data parts equal to or greater than a threshold value in number such that the secret data cannot be reconstructed from shared data parts less than the threshold value in number. Each of the shared data pieces is created essentially from a different combination of the secret data pieces and the data pieces for secret sharing computation. The secret sharing process allows an algorithm desired by the user to be freely incorporated, and can prevent the secret data to be easily reconstructed even when more shared data parts than the threshold value are acquired by a third party.

Abstract: A mobile payment method to be implemented using an electronic device includes: receiving transaction information, establishing wireless short-range communication with a mobile device provided with a payment card, during the wireless short-range communication, transmitting the transaction information to the mobile device and receiving a payment command generated based on the transaction information from the mobile device, transmitting the payment command to a payment institution server, and receiving a payment result therefrom. The payment command enables the payment institution server to identify validity of the payment card and to process the payment. The payment result is generated after completing the payment.

Abstract: A management device 200d comprises: a key share generation unit 251d generating a plurality of key shares by decomposing a decryption key, the decryption key being for decrypting an encrypted application program generated as a result of encryption of the application program; and an output unit 252d outputting each of the key shares to a different one of a plurality of detection modules. The detection modules acquire and store therein the key shares. The protection control module 120d comprises: an acquisition unit 381d acquiring the key shares from the detection modules; a reconstruction unit 382d reconstructing the decryption key by composing the key shares; a decryption unit 383d decrypting the encrypted application program with use of the decryption key; and a deletion unit 384d deleting the decryption key, after the decryption by the decryption unit is completed.

Abstract: A method of encrypting data using a first key and multiple encryption keys at least in part based on the first key. The method includes encoding the data into a redundant representation by distributing the information content of the data among a number of groups, each group being associated with a respective encryption key of the multiple encryption keys, each encryption key being associated with at least one group, the redundant representation allowing recovery of the data in the absence of the groups associated with the at least one of the multiple encryption keys, and encrypting each group by the respective associated encryption key.