Apparatus and method for device and data authentication in a computer network, such as but not limited to an IoT (Internet of Things) network. In some embodiments, a trust hub device is coupled to an interconnectivity device. The trust hub device includes a controller and non-volatile memory (NVM), and may be a network capable data storage device. The interconnectivity device is configured as an Internet of Things (IoT) or Operational Technology (OT) device, and includes a controller and a sensor. Data from the sensor are transferred from the interconnectivity device to the trust hub device. The trust hub device proceeds to attest a provenance of the data from the sensor to a remote entity associated with the interconnectivity device. The trust hub device includes a firewall to the external network, establishes a root of trust for the local interconnectivity device, and performs enrollment and signing services for the interconnectivity device.

A non-monetary incentive model defines a Distributed Consensus Protocol (DCP) for a blockchain based on a proof-of-play mining approach. The non-monetary incentive model employs a gamification approach where mining efforts are recorded responsive to achievement in a gaming environment, rather than the proof-of-work or proof-of-stake approaches commonly used for blockchain valuation. The incentive model draws on a participant volition in attaining or improving a gaming achievement. The approach records gaming moves or actions undertaken by a participant playing the game, based on a seed used to instantiate the game. Upon attaining a predetermined minimum score, and at a predefined difficulty, the gaming effort is deemed to warrant a new block in the blockchain.

The present invention relates to a method, apparatus, and system of distinguishing a human user and a simulated user. More particularly, the present invention relates to protecting networks against simulated human users via an image recognition arrangement. Aspects and/or embodiments seek to provide a method and system for verifying that a user is human, rather than a computer, in order to protect access to resources such as public facing websites.

According to certain embodiments, a method comprises performing a posture assessment at a trust anchor in order to determine whether a hardware component is authorized to run on a product. Performing the posture assessment comprises determining a random value (K), encrypting the random value (K) using a long-term key associated with the hardware component in order to yield an encrypted value, communicating the encrypted value to the hardware component, and determining whether the hardware component is authorized to run on the product based at least in part on whether the trust anchor receives, from the hardware component, a response encrypted using the random value (K). The method further comprises allowing or preventing the hardware component from running on the product based on whether the hardware component is authorized to run on the product.

According to certain embodiments, a method performed by a trust anchor comprises determining a random value (K), encrypting the random value (K) using a long-term key associated with a hardware component in order to yield an encrypted value, communicating the encrypted value to the hardware component, and receiving a response encrypted using the random value (K). The response is received from the hardware component. The method further comprise encrypting a schema using the random value (K) and sending the encrypted schema to the hardware component. The schema indicates functionality that the hardware component is authorized to enable.

Embodiments herein describe disconnecting, by an access node, a first device having a first media access control (MAC) address due to a network violation and receiving, by the access node, information about a second device having a second MAC address different from the first MAC address. In one embodiment, the information is generated by a certificate server based on a token generated by the second device. Further, when the access node determines, based on the information, that the second device is the first device, the access node denies a connection request from the second device.

Disclosed in some examples are methods, systems, and machine readable mediums for secure end-to-end digital communications involving mobile wallets. The result is direct, secure, in-band messaging using mobile wallets that may be used to send messages such as payments, requests for money, financial information, or messages to authorize a debit or credit.

Disclosed are an access rejection method, apparatus and system, where the access rejection method includes: a first base station receives an access request from a terminal; and the first base station sends an access rejection message to the terminal; where the access rejection message at least carries: a check value generated based on a key of the terminal and at least part of contents of the access rejection message. And further disclosed are related computer storage media and processors.

A semiconductor device includes a memory, a random number generation circuit, and a control circuit. The memory stores key information, and the random number generation circuit generates first and second random number signals. The control circuit generates sixth and seventh random number signals from the first random number signal and the key information, generates encrypted update data from update data using the seventh random number signal, transmits the first and second random number signals as request signals to an external terminal device, receives, from the external device, first and second response signals as response signals in response to the request signals, generates an eighth random number signal using the first response signal, the second and the sixth random number signals as input signals, and provides the encrypted update data for the external terminal device when the second response signal coincides with the eighth random number signal.

The techniques described herein may provide an efficient and secure two-party distributed signing protocol for the identity-based signature scheme described in the IEEE P1363 standard. For example, in an embodiment, a method may comprise generating a distributed cryptographic key at a key generation center and a first other device and a second other device and generating a distributed cryptographic signature at the first other device using the second other device.