Abstract: A system and method for detecting a vulnerable workload deployed in a cloud environment based on a code object of an infrastructure as code file utilizes a security graph. The method includes: extracting the code object from a state file, which includes a mapping between the code object to a first deployed workload and a second deployed workload; generating a node representing the code object in the security graph; generating a connection in the security graph between the node representing the code object and a node representing the first workload and a connection between the node representing the code object and a node representing the second workload; and determining that the second workload is a vulnerable workload, in response to detecting that the first workload node is associated with a cybersecurity threat, and that the nodes representing the workloads are each connected to the node representing the code object.

Abstract: Disclosed is a method for defending against a malicious data traffic, the method includes: monitoring, by a defender device, data traffic flowing through a network device; generating a first control signal, by the defender device, in response to a detection that the data traffic includes a predefined amount of malicious data traffic, to cause a delivery of the data traffic to the defender device; terminating the malicious data traffic in the defender device. Also disclosed is an apparatus implementing the method, a computer program product and a system.

Abstract: A computer-readable medium storing a program for causing a computer to execute processing in one of stages of a supply chain, the processing including: obtaining, from an immediately upstream stage, a first cumulative value being from a most upstream stage to the immediately upstream stage and a first random number used to generate a first commitment obtained by concealing the first cumulative value; generating, based on the first random number, a link commitment obtained by concealing information indicating a relationship between the immediately upstream stage and the stage; calculating, based on the first cumulative value, a second cumulative value being from the most upstream stage to the stage; generating a proof indicating that the second cumulative value is calculated using the correct first cumulative value and that is a zero-knowledge proof based on the link commitment; and causing the link commitment and the proof to be recorded in a blockchain.

Abstract: An access manager determines whether access will be granted to a guarded species or space utilizing a controller including a digital processor with a memory for storing an ID library and a transducer block coupled with the processor for accessing a plurality of different ID types and an access control block coupled with the processor for granting or denying access.

Abstract: A method includes receiving, by a first device, a request from a second device to participate in a session, the request being a message compliant with a webRTC framework and including an identifier of a process hosted by the second device; verifying, by the first device, a type of the process hosted by the second device based on the identifier; initiating, by the first device, one or more actions on the first device in response to verification of the type of the process, the actions being other than those to communicate data between the first device and second device; and establishing, by the first device, the session with the second device after initialization of the actions on the first device.

Abstract: A system and method for real-time fraud detection with a social engineering phoneme (SEP) watchlist of phoneme sequences may perform real-time fraud prevention operations including receiving incoming call interactions and grouping the call interactions into one or more clusters, each cluster associated with a speaker's voice based on voiceprints. For a pair of voiceprints in a cluster, a phoneme sequence is extracted for each voice print. From the extracted phoneme sequences, a similarity score is then calculated to determine if a match exists between the extracted phoneme sequences based on a threshold. If determined a match exists, the phoneme sequence may be added to a SEP watchlist.

Abstract: In exemplary embodiments of the present invention, a router determines whether or not to establish a stateful routing session based on the suitability of one or more candidate return path interfaces. This determination is typically made at the time a first packet for a new session arrives at the router on a given ingress interface. In some cases, the router may be configured to require that the ingress interface be used for the return path of the session, in which case the router may evaluate whether the ingress interface is suitable for the return path and may drop the session if the ingress interface is deemed by the router to be unsuitable for the return path. In other cases, the router may be configured to not require that the ingress interface be used for the return path, in which case the router may evaluate whether at least one interface is suitable for the return path and drop the session if no interface is deemed by the router to be suitable for the return path.

Abstract: User data is aggregated across a plurality of electronic communication channels and domains. An online system initially authenticates a user for access to the online system over a network. The online system provides a user identifier for the user to an authentication service. The authentication service generates a non-repeatable challenge from the aggregated user data for the user identifier and provides the non-repeatable challenge to the online system. The online system provides the challenge to the user and receives a response from the user. The online system provides the response to the authentication service and the authentication sends a success or failure back to the online system based on the response to the challenge, and based on the success or failure the online system makes a final determination for authenticating the user for accessing to the online system.

Abstract: A mobile communication device operates to: pair with a remote device, generate first control data to control an auxiliary device coupled to a home automation device also paired to the mobile communication device; establish a group of the plurality of home automation devices; generate second control data corresponding to the group of auxiliary devices associated with the group of the home automation devices; establish tasks, via user interaction with the graphical user interface, the tasks each having an associated action to be performed by one or more of the home automation devices; display a menu of the tasks; receive selection of a selected task; and generate third control data in response to selection of the selected task, transmits the third control data to the one or more of the home automation devices associated with the selected task to perform the associated action corresponding to the selected task.

Abstract: A computer-implemented method is provided for exchanging cryptographic key information between a device and a central point comprises obtaining a cryptographic secret, wherein the cryptographic secret is known to the central point. The method furthermore comprises obtaining a public key of the central point. The method furthermore comprises generating a cryptographic key pair for the device with a private key of the device and a public key of the device. The method furthermore comprises signing the cryptographic secret with the private key of the device. The method furthermore comprises encrypting the cryptographic secret signed with the private key of the device with the public key of the central point. The method furthermore comprises providing the encrypted and signed cryptographic secret, an address of an electronic mailbox of the device, and the public key of the device for the central point via an electronic mailbox of the central point.

Abstract: Disclosed is a system for providing a personal information-based speech information processing service, and a system for providing a speech information processing service based on personal information protection, in which speech information including personal information is prevented from being fraudulently used in a cloud network or a public network, and personal information that needs to be protected is blocked not to be transmitted to/stored in/managed by a cloud service server regardless of a user's recognition.

Abstract: Presented herein are systems and methods for enabling and providing safe and secure last resort access to a computing system. Embodiments may leverage trusted platform modules that exists in information handling systems to provide a more convenient and more secure rescue account. In one or more embodiments, the last resort access may be based on federated approval from a vendor/provider and a customer. In one or more embodiments, part of the cryptographic information is stored/controlled by a provisioner (or vendor), and another part is stored/controlled by the customer. Since both parts are involved in the last resort access process in order to gain access, neither entity alone can gain access to the information handling system.

Abstract: A cloud security control platform and method enforces security controls across multiple cloud environments, services and disparate teams while providing a frictionless “Permissions on Demand” mechanism for approvals and exceptions. In contrast to the prior art, security is evaluated on a permission by permission basis, with the default being that all permissions are denied and then only given to a particular identity on an as-needed basis. This approach reduces the security risks associated with the vast capabilities available in Public Cloud environments and permits an organization that uses the platform to grant access, approve exceptions and delegate approvals with the appropriate compliance.

Abstract: There are provided systems and methods for an authorization and access control system for access rights using relationship graphs. A service provider may provide an authorization and access control system that allows users within the service provider and/or customer entities to assign and change access rights or permissions to computing resources. When providing control of these access rights, the service provider may utilize relationship graphs, queried and generated using a graph database, to visualize and determine access rights that are inherited through different relationships and policies defining these access rights. The relationship graph may show edges for nodes that correspond to related objects, such as actors, groups, and resources. Paths over the relationship graph may be used to determine access rights that may be inherited by users. Once determined, these access rights may be established and/or updated with computing systems.

Abstract: Methods and systems are disclosed herein for a media guidance application that allows access restrictions to be modified in a flexible manner based on a deviation in a user's projected location. Specifically, the media guidance application determines at an end of a first time period whether a user is in a projected location for a second time period. If the user is in a projected location for the second time period, the media guidance application sets a second level of media access restriction. However, if the media guidance application determines that the user is not in the projected location for the second time period, the media guidance application maintains the first level of media access restriction.

Abstract: Methods and systems are described herein for bypassing secondary tiers of authentication for particular security categories. An authentication system, when authenticating a user, may receive an authentication request with authentication data enabling authentication through a multi-tier authentication mechanism. When the request has been authenticated through a multi-tier authentication mechanism, the authentication system may identify a category associated with the request and generate a temporal unlock flag for that category of future requests, such that the temporal unlock flag indicates that multi-tier authentication is not required for a predetermined amount of time for requests of that category. The temporal unlock flag may be inserted into the user's record. When future requests of that same category are received, only a single-tier authentication mechanism may be required for authentication.

Abstract: In one embodiment a Hardware Server Module (HSM) (10) implementing a distributed quorum authentication enforcement is provided, whereby user access to a resource (40) on the device (10) is enforced via an API gateway (16). The HSM comprises one or more resources, a separate resource manager API for accessing the one or more resources, an enforcement module for enforcing access to the one or more resources via the API gateway according to a quorum policy, and a quorum manager for generating and storing a quorum request in a database. The API gateway (16) can be a RESTful API using HTTP requests to produce and consume data related to quorum services via at least one of a GET, PUT, POST, PATCH and DELETE command type. Other embodiments are disclosed.

Abstract: Data records associated with an account may be used to track incidents in a supply chain. Incident records associated with a supply chain are accessible and modifiable by users with an active user account associated with an incident management application. The application may receive requests to perform user actions on multiple incidents. Each request may be validated according to account-specific permissions and user-specific privileges. Multiple users may be grouped according to user classes indicative of their status as internal users or external users. Non-users may be invited to perform user actions on incident data through access links generated by the application instance. Access links may allow a non-user to become an invited or registered external user. A registered external user may be promoted to a named external user. Various visibility groups may limit the user actions that any given user of a particular user class can perform on incident data.

Abstract: A computer stores, within a single user account, multiple supervised computing resources and multiple additional computing resources. The multiple supervised computing resources are associated with a security policy. The computer executes a first instance of a specified application that lacks read access and lacks write access to any and all of the multiple supervised computing resources. The computer executes, simultaneously with the first instance, a second instance of the specified application that accesses at least a portion of the multiple supervised computing resources. The computer applies rules from the security policy to the second instance of the specified application while foregoing applying the rules from the security policy to the first instance of the specified application.

Abstract: The invention relates to an electronic device, and more particularly, to systems, devices and methods of authenticating the electronic device using a challenge-response process that is based on a physically unclonable function (PUF). The electronic device comprises a PUF element, a processor and a communication interface. The PUF element generates an input signal based on at least one PUF that has unique physical features affected by manufacturing variability. A challenge-response database, comprising a plurality of challenges and a plurality of corresponding responses, is set forth by the processor based on the PUF-based input and further provided to a trusted entity. During the trusted transaction, the processor generates a response in response to a challenge sent by the trusted entity based on the PUF-based input, and thereby, the trusted entity authenticates the electronic device by comparing the response with the challenge-response database.

Abstract: An embodiment includes a method to increase the efficiency of security checkpoint operations. A security checkpoint kiosk serves as a Relying Party System (RPS). The RPS establishes a secure local connection between the RPS and a User Mobile-Identification-Credential Device (UMD). The RPS sends a user information request to the UMD, via the secure local connection, seeking release of user information associated with a Mobile Identification Credential (MIC). The RPS obtains authentication of the user information received in response to the user information request. The RPS retrieves user travel information based on the user information. The RPS determines that the user travel information matches the user information. When the user travel information matches the user information, the RPS approves the user to proceed past the security checkpoint kiosk.

Abstract: Systems and methods are provided herein for enabling a user to download a blocked asset. These systems and methods allow a user to request that a parent, or another user, can approve download of the blocked asset. The request may be transmitted as a notification to a mobile phone or another suitable device, such that the parent, or the other user, can approve the request, even though they may be remote from the requesting user. Both the requesting user and the user whose approval is required to unblock the media asset (i.e., the approver), are identified by the system based on an identifier associated with each user. This informs the approver which user submitted the request. Additionally, this also adds a layer of security, since the approver must enter an identifier to authenticate their identity to the system before being able to unblock the asset for the requesting user.

Abstract: Zero trust and micro-segmentation techniques may be collectively used to enhance network security. To establish, refine, and enforce a zero-trust least-privileged policy, the network may be segmented to put each device of the network into a respective network of one, which forces all network traffic to pass through a zero-trust gatekeeper. The gatekeeper may then monitor and analyze the traffic to establish, refine, and enforce the zero-trust least-privileged policy, which reduces network access to only a limited set of network actions and/or paths. Using the gatekeeper, network traffic may be monitored to progressively establish the policy as well as to continually refine the policy. Recommended actions may be determined based on the analysis of the monitored network traffic and provided to the user to allow user feedback on the communication rules of zero-trust policy.

Abstract: A cyber security appliance can inoculate a fleet of network devices by analyzing each endpoint of a secure connection. The appliance can receive a hostname for a malicious web server. The appliance can generate an unencrypted target fingerprint based on sending a series of unencrypted connection protocol requests to the malicious web server and an encrypted target fingerprint based on sending a series of encrypted secure connection protocol requests to the malicious web server. The appliance can build a combined web server fingerprint for the malicious web server based on both the encrypted target fingerprint derived and the unencrypted target fingerprint. The appliance can determine a set of suspicious IP addresses based on the combined web server fingerprint for the malicious web server. The appliance can inoculate a fleet of network devices against a cyberattack using the IP addresses to preemptively alert the fleet of cyber-attack.

Abstract: Various aspects of the disclosure relate to automated compliance verification systems for authenticating and verifying compliance associated with electronic transactions. A compliance verification platform may be an intermediary between an application for managing and/or recording transactions and a transaction processing platform for processing a transaction. Based on successful compliance verification and authentication, the compliance verification platform may send notifications to the transaction processing platform to process a transaction requested via the application.

Abstract: Techniques described herein relate to a method for predicting results using ensemble models. The method may include receiving trained model data sets from a model source nodes, each trained model data set comprising a trained model, an important feature list, and a missing feature generator; receiving a prediction request data set; making a determination that the prediction request data set does not include an input feature for a trained model; generating, based on the determination and using a missing feature generator, a substitute feature to replace the input feature; executing the trained model using the prediction request data set and the substitute feature to obtain a first prediction; executing a second trained model using the prediction request data set to obtain a second prediction; and obtaining a final prediction using the first prediction, the second prediction, and an ensemble model.

Abstract: Embodiments of the present invention provide a system for interconnection, translation, and transition between disparate digital ecosystems. The system is configured for determining that a user is requesting to access a first digital ecosystem, receiving a first authentication credentials of the user from the first digital ecosystem for verification, determining that the verification of the first authentication credentials is successful and provide access to the first digital ecosystem, determining that the user is requesting transition to a second digital ecosystem from the first digital ecosystem, receiving second authentication credentials of the user from the second digital ecosystem for verification, determining that the verification of the second authentication credentials is successful and provide access to the second digital ecosystem, and preparing and transmitting a data payload to the second digital ecosystem.

Abstract: A user plane integrity protection method sending, by a user equipment (UE), user plane integrity protection information of the UE to a first base station, wherein the user plane integrity protection information indicates whether the UE supports a user plane integrity protection, and enabling the user plane integrity protection according to a user plane integrity protection algorithm when the UE supports the user plane integrity protection.

Abstract: A method for extended authentication sessions on an electronic device may include an authentication service computer program executed by an authentication service electronic device: receiving a customer identifier for a customer and a unique identifier for a mobile electronic device; authenticating the customer based on the customer identifier and the unique identifier for the mobile electronic device; setting a device cookie that is specific to the mobile electronic device on the mobile electronic device; and providing the device cookie and a client secret to an OAuth services backend, wherein the OAuth services backend validates the customer identifier and client secret and generates a first token and a second token, the first token having an expiration that is shorter than that of the second token. The mobile electronic device is configured to receive and store the first token and the second token.

Abstract: Embodiments of the present disclosure provide methods, systems, apparatuses, and computer program products that enable client devices to install integrations of a third party application that supports variable host address identification.

Abstract: A security system generates a digital signature for a small cell of a wireless network and assigns the digital signature to the small cell for connecting to the wireless network. The digital signature can be generated based on a connectivity schedule for the small cell. When the security system obtains a connection request from the small cell to connect to the wireless network, the security system compares an instance of the digital signature included in the connection request with an expected digital signature and compares the point in time when the connection request was communicated with an expected time indicated in the connectivity schedule. The security system detects an anomaly when the instance of the digital signature deviates from the expected digital signature or the point in time deviates from the expected time, and causes performance of an action based on a type or degree of the anomaly.

Abstract: An electronic device is provided. The electronic device identifies, in a state paired with a first external device providing content data, an occurrence of event for pairing with a second external device; releases the pairing with the first external device and performs the pairing with the second external device; sets up the electronic device as a primary device for pairing with the first external device; transmits information about the primary device to the first external device to perform the pairing with the first external device; and based on the content data received form the first external device, outputs content and transmits the content data to the second external device.

Abstract: A solution is proposed for facilitating a maintenance of an access control system. A corresponding method comprises evaluating one or more trigger policies according to one or more policy parameters; the policy parameters of the trigger policies in part relate to risks of the access control system and/or to countermeasures for mitigating the risks. A revision of the access control system, comprising a corresponding mining activity, is triggered according to a result of the evaluation of the trigger policies. A computer program and a computer program product for performing the method are also proposed. Moreover, a system for implementing the method is proposed.

Abstract: Aspects of the technology described herein provide for controlled access to a secure computing resource. A first device may receive a child token from a second device having a parent token. The child token may grant the first device access to a subset of data accessible to the second device. Based on a degree of physical proximity between the first device and a third device associated with a user satisfying a threshold proximity, an indication of a user identifier for the user may be received from the third device. A request for access to a secure computing resource associated with the user may be sent to the second device. The request may include the indication of the user identifier and an indication of the secure computing resource. Access to the secure computing resource may be granted based on the child token and the indication of the identifier.

Abstract: A method of operating a media scanner to protect a target machine from malware on a removable storage device is disclosed. The target machine and the removable storage device each include a respective data line, and the media scanner comprises a data switch. Data is scanned on the removable storage device with malware detection software of the media scanner via a first data path, the first data path comprising the data line of the removable storage device connected to the data line of the media scanner by the data switch in a first switching state. After the data has been scanned with the malware detection software, the data switch is operated to switch from the first switching state to a second switching state, thereby disconnecting the data line of the removable storage device from the data line of the media scanner and connecting the data line of the removable storage device to the data line of the target machine.

Abstract: Systems and method for verifying an identity of a user during interaction with a resource provider are disclosed. Embodiments enable using an authorization request message to inquire about an identity attribute (e.g. age) of a user during an interaction between the user and a resource provider. An authorizing entity (e.g. issuer) or a processing entity provides an answer to the inquiry within an authorization response message. The answer to the inquiry may establish whether the consumer meets a threshold (e.g. minimum age requirement).

Abstract: In one embodiment, an apparatus comprises a processor to: receive a request to configure a secure execution environment for a first workload; configure a first set of secure execution enclaves for execution of the first workload, wherein the first set of secure execution enclaves is configured on a first set of processing resources, wherein the first set of processing resources comprises one or more central processing units and one or more accelerators; configure a first set of secure datapaths for communication among the first set of secure execution enclaves during execution of the first workload, wherein the first set of secure datapaths is configured over a first set of interconnect resources; configure the secure execution environment for the first workload, wherein the secure execution environment comprises the first set of secure execution enclaves and the first set of secure datapaths.

Abstract: A computing device includes a high-security OS application, a low-security OS communication application, and a user interface application. The high-security OS application runs on a high-security operating system. The low-security OS communication application and the user interface application run on a low-security operating system whose security level is lower than the high-security operating system. A data communication between the high-security OS application and the low-security OS communication application is performed by an in-chip applications communication or a wired communication. Data transmitted from the high-security OS application to the low-security OS communication application is encrypted. The low-security OS communication application is configured to decrypt the encrypted data and control, based on the decrypted data, contents displayed on a display.

Abstract: A computer-implemented method is for providing a digital certificate to a device. In an embodiment, the method is based on receiving, from the device, authentication data via a secure communication channel. Furthermore, the method is based on receiving, from the device, or determining, by the server, a first certificate identifier. In particular, the first certificate identifier is a hash value. Further aspects of the method are verifying the authentication data and receiving, from the device, a first public key created by the device. In an embodiment, the method is furthermore based on sending a first certificate signing request related to a first domain name based on the first public key to a certificate authority. Herein, the first domain name comprises the certificate identifier, and a domain related to the first domain name is controlled by the server. In particular, the first domain name is a wildcard domain.

Abstract: Private network request forwarding can include receiving a request from a user for Internet services over a public network. Private network request forwarding can include analyzing the request and determining whether the request is legitimate. Private network request forwarding can include forwarding the request to an entity through a private network when it is determined that the request is legitimate, wherein the user has access to the entity through a proxy.

Abstract: Systems, methods, and instrumentalities are provided for vehicle to everything (V2X) service oriented link establishment. A first wireless transmit receive unit (WTRU) may broadcast a direct communication request message. The direct communication request message may include a first security context identifier (ID). The first WTRU may receive a direct security mode command message from a second WTRU. The direct security mode command message may include a second security context ID. The first may determine a third security context ID by combining the first security context ID and the second security context ID. The first WTRU may establish, using the third security context ID, a secure direct communication link with the second WTRU. The first WTRU may generate, based on the third security context ID, a security context entry for the secure direct communication link with the second WTRU.

Abstract: A health ticket minting process operates in a secure enclave on a computing device to ensure liveness of the enclave should a maliciously-compromised operating system deny service to starve the enclave. Cryptographically-secured health tickets provided by the minting process reset an authenticated watchdog timer (AWDT) that reboots the device from a hardware-protected recovery operating system if the timer expires. The health tickets are written to a secure channel using a symmetric key that is provisioned by repurposing an existing Intel SGX (Software Guard Extension) Versioning Support protocol that enables migration of secrets between enclaves that have the same author. In the event that the enclave fails to make forward progress and health tickets are not minted, then the AWDT expires and forces the reboot and re-imaging to a known good state to evict the malware from the computing device.

Abstract: There are provided systems and methods for an authorization and access control system for access rights using relationship graphs. A service provider may provide an authorization and access control system that allows users within the service provider and/or customer entities to assign and change access rights or permissions to computing resources. When providing control of these access rights, the service provider may utilize relationship graphs, queried and generated using a graph database, to visualize and determine access rights that are inherited through different relationships and policies defining these access rights. The relationship graph may show edges for nodes that correspond to related objects, such as actors, groups, and resources. Paths over the relationship graph may be used to determine access rights that may be inherited by users. Once determined, these access rights may be established and/or updated with computing systems.

Abstract: Examples to restore a trusted backup configuration for a node. Example techniques include failover to an alternate firmware of the node, in response to an unverifiable condition of an existing firmware of the node. The node may validate a first configuration file stored in the node. The first configuration file includes a first backup configuration. The node may validate a second configuration file stored in the node based on the validation of the first configuration file. The second configuration file includes a second backup configuration. In response to the validation of at least one of the first configuration file and the second configuration file, the node may select one of the first backup configuration and the second backup configuration, and apply the selected backup configuration to the node.

Abstract: Systems and methods are described for authorizing users and/or devices. An example method may comprise receiving, from a user device, a request to access a function associated with a service account. The request may comprise an identifier of the user device. The example method may comprise determining, based on the identifier, a primary authority holder of the service account. The example method may comprise determining that a first record on a first distributed ledger associated with the primary authority holder indicates that the user device is associated with the primary authority holder. The example method may comprise determining that a second record on a second distributed ledger associated with the user device indicates that the user device is associated with the primary authority holder. The example method may comprise granting, based on the request, the first record, and the second record, the user device access to the function.

Abstract: Techniques for verifiable computation for cross-domain information sharing are disclosed. An untrusted node in a distributed cross-domain solution (CDS) system is configured to: receive a first data item and a first cryptographic proof associated with the first data item; perform a computation on the first data item including one or more of filtering, sanitizing, or validating the first data item, to obtain a second data item; generate, using a proof-carrying data (PCD) computation, a second cryptographic proof that indicates (a) validity of the first cryptographic proof and (b) integrity of the first computation on the first data item; and transmits the second data item and the second cryptographic proof to a recipient node in the distributed CDS system. Alternatively or additionally, the untrusted node may be configured to transmit a cryptographic proof to a trusted aggregator in the CDS system.

Abstract: Systems and methods are provided for a computer-implemented method of implementing an on-demand computing network environment. A network specification is received from a user. Resources from one or more resource providers are provisioned. The on-demand computing network is configured, where configuring comprises assigning a first provisioned resource as an interior device and assigning one or more second provisioned resources as rim devices.

Abstract: Methods, systems, and devices for memory write access control are described. In some examples, memory systems may include storage that is access-protected (e.g., write access protected). To enable access to the protected storage, a server node may communicate a command to the memory system that is signed with a private key that is inaccessible to the memory system. They memory system may verify the command using a public key and may enable access to the protected storage. Access commands associated with the protected storage may be processed until access to the protected storage is disabled.

Abstract: Secure user authentication is provided by leveraging the use of quantum keys, steganography and random user keys/passcodes. Random user passcodes limit both the entity's control over the user and potential exposure of the passcode to wrongdoers. From a security standpoint, use of quantum keys and quantum communication channels heightens security during transmission of keys, such that if a wrongdoer would attempt to hack the transmission, the quantum sequence would break, which would not only prevent the hack but also result in remedial actions, such as preventing the authentication-requiring event, providing alerts and the like. Further, use of steganography also heightens security by preventing exposure to the keys during transmission and/or while the authentication process is occurring on the display of the user's mobile device.

Abstract: Embodiments of the present disclosure leverage near field communication (NFC) technology to provide dynamic and interactive monitoring of an environment. NFC devices may be used to check items in and out of a storage facility, obtain readings from instruments or other machinery present in the environment (e.g., to perform tests on the items, etc.), track movement of users and items within the environment, and to prompt users with information about the environment, such as information about the instruments or machinery currency being used to perform operations with respect to one or more items checked out to the user. Additionally, the NFC device may be used to configure the instruments with appropriate settings for the particular item(s) for which the instrument is currently being used or for other purposes.