A method for determining the authenticity of an item, the method comprising: receiving, by an item, a seed; storing the seed in a block of non-volatile memory in the supply item follower component; calculating, by the item follower component, an output of a cryptographic function with the input based on the seed and storing the output in the block of non-volatile memory; iteratively calculating, by the item, the outputs of the cryptographic function wherein for each iteration the input for the cryptographic function is based on the seed and all previous outputs, and for each iteration storing the output in the block of non-volatile memory; and determining the authenticity of the item based on a selected output of the cryptographic function of the item, the selected output being one of the outputs stored in the block of non-volatile memory.

A first network device nonce is computed. The first network device nonce is based on a first network device secret. A Change Token Table message (CTTM) is sent to a second network device. The CTTM comprises the first network device nonce. A Change Token Table Ack Message (CTTAM) with a second network device nonce is received from the second network device. A new token for a tokenization table is computed based on the first network device secret, the second network device nonce, a prime number, and a key derivation function. The new token for the tokenization table is also computed by the second network device based on a second network device secret, the first network device nonce, the prime number, and the key derivation function.

Various techniques related to authenticating and verifying the integrity of data received by a computer system from an external source (such as a sensor) are disclosed. Hardware circuits are disclosed that, along with the computer processor, allow for error-checking and authentication of data received by the computer system. For instance, the hardware circuits may generate a separate authentication code that can be compared to the authentication code in the data itself to determine whether or not the message is authentic and whether or not there is an error in the data. The disclosed techniques reduce the processing requirements of a computer system and can be implemented using simple hardware circuit designs.

In one implementation, a method for providing end-to-end communication security for a controller area network (CANbus) in an automotive vehicle across which a plurality of electronic control units (ECU) communicate is described. Such an automotive vehicle can include, for example, a car or truck with multiple different ECUs that are each configured to control various aspects of the vehicle's operation, such as an infotainment system, a navigation system, various engine control systems, and/or others.

A method of creating and applying a self-authenticating digital identity for a user having an identity is described.

A method for performing authentication of a client device using a hash chain includes: receiving a first data request from a client device, the first data request including at least a user identifier and a first hash value; transmitting a first data response message to the client device; receiving a second data request from the client device, the second data request including at least the user identifier and a second hash value; generating a validating hash value by applying a hashing algorithm to the second hash value; validating the first hash value as being equal to the generated validating hash value; and transmitting a second data response message to the client device upon successful validation of the first hash value, wherein the second data response message includes one or more data values associated with the user identifier.

A communication brokering device receives, from a first device, a measurement of at least one of a bit-error-rate (BER) or a signal-to-noise ratio (SNR) associated with receipt of a transmission at the first device. The communication brokering device determines whether the first device is vulnerable to message interception or eavesdropping based on the measurement of the at least one of the BER or the SNR. The communication brokering device controls communications between at least one second device and the first device based on the determination of whether the first device is vulnerable to message interception or eavesdropping.

An alarm management system includes a control arrangement, an alarm device, a blockchain, a blockchain application, and a plurality of nodal access sites. The arrangement includes a processor and a storage medium. The device is configured to output an event signal to the control arrangement. The blockchain is stored in the medium, and includes a plurality of transaction types. Each transaction type includes at least one linked transaction, and the at least one linked transaction is time stamped. The blockchain application is stored in the medium, and is executed by the processor, and is configured to time stamp each one of the transactions. The blockchain is applied by the application to determine a current associated transaction with any one of the transaction types, and output data associated with the current transaction. The plurality of nodal access sites are configured to receive and output the data associated with the current transaction.

Devices and techniques for replay protection nonce generation are described herein. A hash, of a first length, can be produced from a first input. A first subset of the hash can be extracted as a selector. A second subset of the hash can be selected using the selector. Here, the second subset has a second length that is less than the first length. The second subset can be transmitted as a nonce for a freshness value in a replay protected communication.

Various embodiments are generally directed to performing an authentication persistence check and, based on the check, allowing a previously successful authentication to persist on a user apparatus. The check may involve a stability check on the user apparatus. If the user apparatus is stable, device fingerprinting on the apparatus may be performed, the result of which may be compared to a snapshot of apparatus taken at the time of successful authentication. If the comparison reveals changes or drifts that are within a predetermined threshold, then the persistence of the authentication is allowed.