Abstract: An improved password manager runs on an electronic communication device. It derives an encryption key from a user master password and generates a master encryption key. The manager uses the encryption key to twice encrypt the master encryption key. It uses the mater encryption key to encrypt secret data items. The manager generates a second tier encryption key and uses it to twice encrypt the master encryption key. The encrypted data is stored. The second tier encryption key is encrypted using a hardware encryption element and shared with a trusted password manager. When the master password becomes unavailable, the manager requests the encrypted second tier encryption key is requested from the trusted manager. Once the master encryption password is recovered, it is used to decrypt the encrypted secret data items.

Abstract: Methods, systems, and computer program products for implementing an administrative unit management process. An object membership request that includes a membership access change for an object for one or more administrative units of a plurality of administrative units is received at a management service from a client device. Membership evaluation information associated with the object is obtained from a directory service for the plurality of administrative units. A membership change action is determined based on the membership evaluation information. Instructions are provided to at least one administrative unit of the plurality of administrative units to implement the membership change action. A membership change notification is sent to the client device.

Abstract: There are provided systems and methods for targeted authentication queries based on detected user actions. A user may perform various actions during a day, including online, electronic, or digital actions, such as social networking, messaging, and media consumption, as well as real-life actions, such as exercise, travel, and purchases. The actions may be used to determine a user history for the user by a service provider. When the user wishes to login to an account or otherwise authenticate the identity of the user, the user may provide login or authentication credentials. The credentials may be used to look up the user history and cause the service provider to generate an authentication—query for the user based on events associated with the user in the user history. The query may be utilized to further authenticate the user by requiring the user to respond with the event associated with the user.

Abstract: A method for starting a system-on-a-chip, SoC, without read only memory, ROM, comprises the steps of receiving, by a processor comprised by the SoC, a reset signal, monitoring, by a monitoring component comprised by the SoC, a connection between the processor and at least a non-volatile memory, both comprised by the SoC, upon occurrence of a first read access of the processor to the non-volatile memory via the connection checking, by the monitoring component, whether a data value returned in response to the first read access via the connection conforms to a pre-set value, and if the returned data value differs from the pre-set value, stopping, by the monitoring component, operation of the processor.

Abstract: A network isolation device includes an internal network interface to connect the network isolation device to an internal network and an external network interface to connect the network isolation device to an external network. The network isolation device further includes an airgap device that operates to (i) close an air gap to connect the internal network to the external network, (ii) open the air gap to disconnect the internal network from the external network. The device further includes a signal receiver that receives a signal from a signal source, and based on the signal, performs an authentication process to determine whether the signal or the signal source are authorized. In response to determining that the signal or the signal source is authorized, the receiver operates the airgap device to close the air gap and connect the internal network to the external network.

Abstract: Aspects described herein may use behavioral biometric data to authenticate an individual that requests performance of an action related to a financial account. In response to the request, challenge questions relating to recent transactions conducted with the financial account may be generated. The challenge questions may be provided to the individual and may prompt the individual for audile response and/or touch input responses. Behavioral biometric data may be extracted from the responses and may be used to determine a likelihood the individual is an authorized user of the account.

Abstract: A modified measured boot approach is utilized for establishing a secure communication link between two devices. Each device may execute a respective boot process until the device reaches the stage responsible for establishing the communication link with the other device. Each device may exchange its respective self-signed certificate and extend its certificate chain with the self-signed certificate received from the other device. A secure link can be established using the public key of the other device as a based key for a key exchange protocol.

Abstract: A system and method provide streamlined restricted access to a secure server through a communications network. A client identifier parameter value is established and uniquely associated with a user registering with an authentication server, and is stored in at least first and second predetermined storage forms within a data storage system, the first form readable exclusively by a client device of the user and the second form readable by the authentication server. The client device then authenticates by retrieving the client identifier parameter value from the data storage system and providing it to the authentication server, which independently retrieves the client identifier parameter value from the data storage system for comparison, and initiates an interactive communication session between the client device and the secure server responsive to the comparison. Between comparisons, the client identifier parameter values are stored exclusively on the data storage system and deleted from all other devices.

Abstract: A privacy information transmission method, an apparatus, a computer device and a computer-readable medium are disclosed. The method may include: generating authentication information in response to receiving of an identity registration request message sent by a terminal device via a base station, and encrypting the authentication information with a first private key to generate encrypted authentication information; sending a first identity identification request message carrying the encrypted authentication information to the terminal device; and receiving an identity identification response message returned by the terminal device, and acquiring privacy information from the identity identification response message.

Abstract: A method for use in a IEEE 802.11 device, comprising: wirelessly connecting, by the device, to a gateway that is part of a wireless local area network (WLAN), the gateway configured to operate as an access point (AP) for the WLAN and bridge the WLAN to the Internet; receiving, by the device from the gateway, an announcement message including a network identifier (NI) of a subnetwork of the WLAN, the subnetwork including the gateway and a first node that is also configured to operate as an AP for the WLAN; transmitting, by the device to the gateway, a request message to join the subnetwork; receiving, by the device from the gateway, a response message including a confidential credential for connecting to the subnetwork; establishing a first connection to the first node based on the confidential credential and the NI and beginning to operate as an AP for the WLAN.

Abstract: The present invention broadly comprises crowd-sourced computer-implemented methods and systems of collecting and transforming portable device data. One embodiment of the invention may be implemented as a system including an electronic device including a sensor configured to collect data, the device configured to begin collection of data based on a command from a user of the electronic device; and a server configured to issue a command to the electronic device to turn on the sensor and transmit data collected by the sensor to the server without any input by the user of the electronic device when a condition is met.

Abstract: The client includes a random number generation unit which generates a random number, a concealed information storage unit which stores concealed information generated by concealing registered information and the generated random number using a secret key, and a response computation unit which, on the basis of a challenge transmitted from the server, the collation information input for collation with the registered information, and the concealed information, computes a response corresponding to the challenge and including a concealed index, generated by concealing an index indicating closeness between the registered information and the collation information. The server includes a challenge generation unit which generates the challenge using a public key corresponding to the secret key, and a determination unit which uses the public key and the random number transmitted from the client to determine whether or not the response transmitted from the client corresponds to the challenge.

Abstract: System and method are described for seamlessly installing applications on remote virtual desktops from installation files located on the local client device by redirecting the installation to the virtual desktop, while giving users an experience akin to installing applications on the local operating system. A request can be received on the client device to install an application from a corresponding installation file located on the client device, in a remote virtual desktop. In response to the request, a virtual desktop session can be established on the virtual desktop and the installation file can be redirected to the virtual desktop, where it can be launched to begin installing the application. To enable user interaction during the installation process, the application installation user interface (UI) can be streamed to the client device and user inputs into the installation UI can be conveyed back to the virtual desktop to be effectuated therein.

Abstract: A method for positioning a device includes: sending a query instruction to a server, wherein the query instruction is configured to query a target coordinate location of the terminal device. The method also includes receiving a query response from the server. The query response includes the target coordinate location and a target public key digest. The target coordinate location is obtained by encrypting a coordinate location that is positioned for the device. The target coordinate location is sent to the server as well as the target public key digest synchronously. The method also includes determining a target private key based on the target public key digest; and decrypting the target coordinate location using the target private key to obtain the coordinate location located by the device.

Abstract: Techniques are provided herein for remediating storage of sensitive data on a hardware device. In one example, a request to remediate storage of sensitive data on a hardware device is obtained. In response to the request, a database is automatically searched. The database correlates the hardware device with an indication of how to remediate the storage of the sensitive data on the hardware device. Based on the database, the storage of the sensitive data on the hardware device is remediated.

Abstract: A method for tracking events of a client device is provided. The method may receiving, at a client device, a tracking script, wherein the tracking script provides instructions for the client device. The method may include tracking events of the client device as instructed by the tracking script. The method may include analyzing tracked events tracked as instructed by the tracking script. The method may include, upon occurrence of one or more analytical results corresponding to requirements indicated by the tracking script, sending tracking information to an analytics collection engine.

Abstract: Systems, methods, and machine-readable media to migrate data from source databases to target databases are disclosed. Data may be received, relating to the source databases and the target databases. For each source database, a migration assessment may be generated based on analyzing the data, and a migration method may be selected. A migration plan that specifies a parallel migration of a set of databases to the target databases may be created, with a first migration method to migrate a first subset of the set of databases and a second migration method to migrate a second subset of the set of databases. The parallel migration may be executed according to the migration plan may be caused so that the first subset of the set of databases is migrated with the first migration method while the second subset of the set of databases is migrated with the second migration method.

Abstract: To analyze cybersecurity threats, an analysis module of a processor may receive log data from at least one network node. The analysis module may identify at least one statistical outlier within the log data. The analysis module may determine that the at least one statistical outlier represents a cybersecurity threat by applying at least one machine learning algorithm to the at least one statistical outlier.

Abstract: Provider Edge (PE) circuitry transfers a PE Hardware Trust (HWT) hash to a controller. The controller verifies PE HWT based on the PE HWT hash and transfers a Trusted Execution Environment Identifier (TEE ID), PE ID, PE HWT certificate, and PE keys to the PE circuitry. Customer Edge (CE) circuitry transfers a CE HWT hash to the controller. The controller verifies CE HWT based on the CE HWT hash and transfers the TEE ID, CE ID, CE HWT certificate, and CE keys to the CE circuitry. The PE circuitry and the CE circuitry exchange and verify their HWT certificates based on their keys. The PE circuitry encrypts and decrypts user data based on the PE keys. The PE circuitry exchanges the TEE ID, the PE ID, and the encrypted user data with the CE circuitry. The CE circuitry encrypts and decrypts the user data based on the CE keys. The CE circuitry exchanges the TEE ID, the CE ID, and the encrypted user data with the PE circuitry.

Abstract: Among other things, we describe a system that includes a first medical device for treating a patient at an emergency care scene, the first medical device including a processor and a memory configured to detect a request for a connection between the first medical device and a second medical device for treating the patient at the emergency care scene, the request for connection including an identifier of the second medical device, responsive to receiving the request for connection, enabling a wireless communication channel to be established between the first medical device and the second medical device based on the identifier of the second medical device and an identifier of the first medical device; and enabling transmission and/or exchange of patient data between the first medical device and the second medical device via the wireless communication channel. Such communications with more than two devices may also be possible.

Abstract: A collaborative work environment can include multiple collaboration tools. A first collaboration tool can be configured to receive a single sign-on token from a client application and, in response obtain first content from a database of the first collaboration tool. The first collaboration tool and/or a client application coupled to the collaboration tool is configured to extract an identifier referencing content stored in a second collaboration tool. In response the first collaboration tool and/or the client application submit a request with the SSO token to the second collaboration tool for second content. Thereafter, the first content is merged with the second content and displayed in a common user interface.

Abstract: A method for authorizing access to an associated resource based on processing a series of barcode orientation scans. The method receives, by a barcode reader, a series of barcode orientation scans. The method further determines if the series of barcode orientation scans match a pre-selected combination of barcode orientations stored on the barcode reader and authorizes access to an associated resource, in response to the series of barcode orientation scans matching the pre-selected combination of barcode orientations stored on the barcode reader.

Abstract: The present disclosure relates to systems and methods for using haptic vibration for inter-device communication. In one implementation, a system for inter-device communication using haptic vibration may include at least one force gauge configured to measure displacements caused by an external device in contact with the at least one force gauge; at least one memory storing instructions; and at least one processor configured to execute the instructions to: receive an identifier associated with a user; retrieve a pattern associated with the received identifier; receive, from the at least one force gauge, one or more measurements over a period of time; assess a degree of difference between the received one or more measurements and the retrieved pattern; and, when the degree of difference is below a threshold, authenticate the user.

Abstract: The embodiments provide a system and method for improved CAPTCHA challenges that utilize user-specific information. In some embodiments, personalized information about assets currently or previously owned assets, including properties and/or vehicles, are collected. The system then builds a dataset (a “user-specific CAPTCHA dataset”) that is comprised of images including the user-owned assets. The user-specific CAPTCHA dataset can then be used to create personalized, or user-specific, CAPTCHA challenges that include images from the datatset. For systems that implement CAPTCHA challenges for multiple different users, each user-specific dataset may be associated to a particular user identifier (such as a username or email address).

Abstract: A computer-implemented method for providing a system-specific secret to a computing system having a plurality of computing components is disclosed. The method includes storing permanently a component-specific import key as part of a computing component and storing the component-specific import key in a manufacturing-side storage system. Upon a request for the system-specific secret for a computing system, the method includes identifying the computing component comprised in the computing system, retrieving a record relating to the identified computing component, determining the system-specific secret protected by a hardware security module and determining a system-specific auxiliary key. Furthermore, the method includes encrypting the system-specific auxiliary key with the retrieved component-specific import key, thereby creating a auxiliary key bundle, encrypting the system-specific secret and storing the auxiliary key bundle and a system record in a storage medium of the computing system.

Abstract: Methods, systems, and apparatuses are described herein for improving the accuracy of authentication questions using e-mail processing. A request for access to an account may be received from a user device. A plurality of organizations may be identified. One or more e-mail associated with the account may be identified. The e-mails may be processed to identify one or more organizations that correspond to transactions conducted by a user. A modified plurality of organizations may be generated by removing, from the plurality of organizations, the one or more organizations. An authentication question may be generated and provided to the user device. A response to the authentication question may be received, and the user device may be provided access based on the response.

Abstract: This disclosure is directed to a computer system and method to assist in identifying data feature intersection or overlap between private datasets without revealing any specific data items or data features in the datasets. Various technical components including natural language processing, lexical optimization, and encryption and key management technologies such as homomorphic encryption and secret sharing and coding, are integrated into the disclosed system and method to achieve the data feature intersection identification. Such a system and method may be employed in circumstances where data feature intersection is important for collaborative efforts between entities.

Abstract: A system and method control login access of computer resource assets. The system comprises a computer resource asset and a gateway sub-system. The gateway sub-system has a processor to monitor N login failure conditions of a user, and to control access of the computer resource asset by the user depending on the user meeting the N login failure conditions. The method comprises storing predetermined login information associated with a user, receiving inputted login information from the user at a communication interface, evaluating the inputted login information by a processor configured by software therein, determining a matching or not matching of the predetermined login information, monitoring N login failure conditions of the user, in which N is greater than 1, and controlling access of a computer resource asset by the user depending on the user meeting the N login failure conditions. A method comprises steps performed during operation of the system.

Abstract: A transaction system avoids the storage of any single information item that can be used to provide access to sensitive information. To gain access to the sensitive information, information elements from at least two different databases must be provided, none of the information elements being sufficient to gain access to the sensitive information. In an example embodiment, a payment company encrypts the sensitive information, then partitions the encrypted information into at least two parts. These at least two parts are stored in at least two databases, each database being controlled by a different entity. To gain access to the sensitive information, each of the different entities must provide their part of the encrypted information. Absent any one of the parts of the encrypted information, it is virtually impossible to access the sensitive information.

Abstract: Disclosed are exemplary embodiments of systems and methods for processing a payment transaction using a pseudo-PAN. In an exemplary embodiment, a method generally includes periodically generating an encryption salt and receiving an authorization message for a payment transaction to a payment account, where the authorization message includes a token. The method also includes decrypting the token based on an encryption algorithm and the encryption salt most recently generated, prior to receipt of the authorization message, and searching in memory for the decrypted token. The method then includes determining that the decrypted token does not match any of a plurality of actual primary account numbers (PANs) in the memory, whereby the token is determined to not be a pseudo-PAN, and transmitting the authorization message without modification to a computing device associated with one of an acquirer and an issuer of said payment account.

Abstract: The present disclosure presents a system and methodology for cryptocurrency trading. The system comprises a home-based trading machine, one or more servers and at least one database, each of which communicating via a network. The home-based trading machine is configured to encrypt at least one set of API credentials accessible to at least one currency exchange application in an encrypted packet; receive, from an electronic processing device operable by a vendor of the encrypted packet, the encrypted packet; implement the encryption key to decrypt the API key and the API secret key to unlock the encrypted packet to perform a cryptocurrency trade; and upon completion of the cryptocurrency trade, re-encrypt the API credentials.

Abstract: A method of separating identity IPs for identification of applications from the locator IPs for identifying the route is provided. A virtual service layer (VSL) protocol stack uses the IP addresses assigned by network administrators to the application endpoints to support the TCP/IP stack as the identity IP addresses that are not published to the underlay network for routing. On the other hand, the VSL stack uses the IP addresses assigned by the underlay network to the VSL enabled endpoints and VSL enabled routers as the locator IP addresses for routing packets. The VSL stack formats application flow packets with identity headers as identity packet and encapsulates identity packet with the locator header to route the packet. The separation of the identity and locator identifications are used to eliminate the network middleboxes and provide firewall, load balancing, connectivity, SD-WAN, and WAN-optimization, as a part of the communication protocol.

Abstract: Disclosed herein are systems and methods for rapid password evaluation. A method may include: configuring a web application firewall (WAF) to monitor login credentials for one or more web applications; intercepting, using the WAF, a password input during a login attempt to a web application by an entity; calculating a hash value of the password input; transmitting the hash value to a dedicated server configured to: determine whether the hash value is in a database of hashes corresponding to weak passwords; and in response to determining that the hash value is in the database of hashes, transmit a message to the WAF indicating that the password input corresponds to a weak password; and generating for display, using the WAF, a web page prompting for a password reset for the web application.

Abstract: A method and system for facilitating communication in an organization. The method comprises creating a hierarchical messaging structure including one or more hierarchy levels of the organization. The hierarchical messaging structure incudes a plurality of circles structured in a genesis circle and one or more sub-circles, such that each circle includes one or more members. A message is published by a member from at least one of the one or more members of the genesis circle and the sub-circles, wherein the message is dynamically routed according to privilege rights defined in at least one of the genesis circle and the one or more sub-circles. Finally, the message is displayed selectively, at least in one of the genesis circles and one or more sub-circles of the organization.

Abstract: Systems, computer program products, and methods are described herein for secure file-sharing. The present invention may be configured to receive a request to store data on a network, process the request through a firewall. Processing the request includes: generating a first electronic digital certificate, storing the first electronic digital certificate on a distributed ledger, encrypting the data using the first electronic digital certificate, storing the encrypted data on at least one of the plurality of data server nodes, and recording the request on the distributed ledger. The present invention is further configured to receive and process a second request. Processing the second request includes: decrypting the data using the second electronic digital certificate, providing the decrypted data to the second requestor, and recording the second request on the distributed ledger.

Abstract: A container that manages access to protected resources using rules to intelligently manage them includes an environment having a set of software and configurations that are to be managed. A rule engine, which executes the rules, may be called reactively when software accesses protected resources. The engine uses a combination of embedded and configurable rules. It may be desirable to assign and manage rules per process, per resource (e.g. file, registry, etc.), and per user. Access rules may be altitude-specific access rules.

Abstract: Methods and systems for managing the operation of data processing systems are disclosed. A data processing system may include a computing device that may perform various operations using hardware devices. The operation of the hardware devices may be updated by storing data in secure locations of the hardware devices. To store data in the secure locations, a delayed write may be stored in an unsecure storage location of a hardware devices during an unsecure phase of operation of a data processing system. Once the data processing system enters a more secure phase of operation, the delayed write may be validated and used to update the data in the secure locations during the more secure phase of operation of the data processing system.

Abstract: A computer system includes a token repository configured to store payment tokens, and a server system. The server system includes a processor and instructions stored in non-transitory machine-readable media, the instructions configured to cause the server system to receive a request to provision a payment token based on a financial product, wherein the request includes information related to the financial product, provision a payment token based on the token request, including authenticating the financial product based on the financial product information and generating the payment token upon authenticating the financial product, wherein the payment token is useable to make a payment via the financial product, and store the payment token in the token repository.

Abstract: A method including receiving, by an infrastructure device from a manager device configured to manage network services provided by the infrastructure device, a manager request for requesting performance of an action associated with managing the network services, the manager request including a signature header signed by utilizing a manager private key associated with the manager device and a timestamp header identifying a point in time when the signature header was signed; determining, by the infrastructure device, a time difference between the point in time when the signature header was signed and a current time; authorizing, by the infrastructure device, the manager request based on determining that the determined time difference satisfies a predetermined duration of time; and enabling, by the infrastructure device, performance of the action associated with managing the network services based on authorizing the manager request is disclosed. Various other aspects are contemplated.

Abstract: Systems and methods enable a marketplace system to display, in an interface accessible to a user, first digital tokens maintained in a first token-holding data structure of a first token-holding data structure provider of a blockchain network. A selection of a second token-holding data structure provider and a selection of a second token-holding data structure associated with the second token-holding data structure provider may be received from the user. An authentication message may be received, the authentication message including encrypted information which may be decrypted to extract information for authentication of the user as owner of the second token-holding data structure. Upon authentication, a link to the second token-holding data structure may be established, and information about second digital tokens maintained in the second token-holding data structure may be received via the link to display the first digital tokens and the second digital tokens in the interface.

Abstract: The present invention provides a certificate issuing system based on a block chain, the system having a means for directly generating a certificate-specific public key and a certificate-specific private key in a user terminal operated by a user, guiding the certificate-specific public key and the certificate-specific private key so as to be generated in a state in which a network in the user terminal is blocked, and eliminating the costs incurred for constructing, operating, and maintaining the certificate issuing system having a high-grade security system linked therewith so as to block hacking, which occurred in the past, as much as possible, since the certificate-specific public key requiring maintenance is stored and managed in an electronic wallet, installed in servers that hold block chains, through a peer-to-peer network (P2P)-based distributed database, not by a server run by a certificate authority (CA).

Abstract: Device identification scoring systems and methods may be provided that can increase the reliability and security of communications between devices and service providers. Users may select and configure additional identification factors that are unique and convenient for them. These factors, along with additional environmental variables, feed into a trust score computation that weights the trustworthiness of the device context requesting communication with a service provider. Service providers rely on the trust score rather than enforce a specific identification routine themselves. A combination of identification factors selected by the user can be aggregated together to produce a trust score high enough to gain access to a given online service provider. A threshold of identification risk may be required to access a service or account provided by the online service provider.

Abstract: This application relates to a financial payment method using biometric information, in which biometric information of an individual collected in a mobile device of an affiliated member is transmitted to a mobile device of the individual to allow the biometric information to be authenticated in the mobile device of the individual. After the authentication of the biometric information, a substitute key that corresponds to a card password preset by the individual is inputted, and a financial payment is requested based on the payment content.

Abstract: A multiple dwelling house interphone system includes a collective entrance machine and a dwelling room master device. Each automatic door requires an unlock operation to pass through for proceeding to each area, and a part of the areas are occupied by facilities other than dwelling units. The collective entrance machine includes a card information input section, and the automatic doors each include an unlock operation section for unlocking using the card medium. The collective entrance machine further includes a card authentication section, an unlocking door storage section, and a card information storage section. The card authentication section permits the unlocking by the card medium when the information input to the card information input section matches the information registered in the card information storage section. The permitted card medium enables unlocking the automatic door stored in the unlocking door storage section in association with the information of the card medium.

Abstract: A client device determines that a telephony outage is occurring. The client device connects to an on-premises telephony node using an encrypted password at the client device. The client device accesses a set of telephony services via the on-premises telephony node.

Abstract: A system, method, and computer-readable medium are disclosed for performing a data center connectivity management operation. The connectivity management operation includes: providing a data center asset with a data center asset client module; establishing a connection between an end user device browser and a connectivity management system, the connectivity management system comprising a connectivity management system aggregator; submitting a request to the connectivity management system via the end user device browser to establish connectivity with the data center asset client module; establishing a connection between the data center asset client module and the connectivity management system based upon the request; and, exchanging information between the data center asset client module and the data connectivity management system via the secure communication channel between the data center asset client module and the connectivity management system aggregator.

Abstract: Aspects of the disclosure relate to using a machine learning system to process a corpus of documents associated with a user to determine a user-specific consequence index. A computing platform may load a corpus of documents associated with a user. Subsequently, the computing platform may create a first plurality of smart groups based on the corpus of documents, and then may generate a first user interface comprising a representation of the first plurality of smart groups. Next, the computing platform may receive user input applying one or more labels to a plurality of documents associated with at least one smart group. Subsequently, the computing platform may create a second plurality of smart groups based on the corpus of documents and the received user input. Then, the computing platform may generate a second user interface comprising a representation of the second plurality of smart groups.

Abstract: In an example embodiment, an efficient, automated method to generate password guesses is provided by leveraging online text sources along with natural language processing techniques. Specifically, semantic structures in passwords are exploited to aid system in generating better guesses. This not only helps cover instances where traditional password meters would indicate a password is safe when it is not, but also makes the solution robust against fast-evolving domains such as new slang in natural languages or new vocabulary arising from new products, product updates, and services.

Abstract: Provided is a method and system for verifying a virtual code based on a sphere. A method for verifying a virtual code based on a sphere includes: a virtual code reception operation of receiving, by a virtual code verifying means, a virtual code from a virtual code generating means, wherein the virtual code includes a fixed code and a plurality of detailed codes; a storage location search algorithm selection operation of determining, by the virtual code verifying means, a group, to which the virtual code generating means belongs, through the fixed code and selecting a storage location search algorithm for the group; a detailed code extraction operation of extracting, by the virtual code verifying means, the plurality of detailed codes included in the virtual code.

Abstract: A server device is connected through a network to a plurality of clients configured to participate in a virtual space, a synchronization target object in the virtual space being synchronized between clients of a synchronization group including a client that has ownership of the object and a client that does not have ownership of the object, and the server device includes: data reception means configured to receive a difference of the synchronization target object from the client that has ownership of the object; data update means configured to update replicas obtained by replicating the synchronization target object by using the difference; and data transmission means configured to transmit the difference to a client other than the client that has ownership among the plurality of clients.