The invention relates to a method for operating a container (100) providing a service to a user in a cloud environment, wherein the container is generated from a container image (51) which comprises an encrypted software package, the container image further comprising a decryption entity, wherein the method comprises the steps of receiving a message to set up the container (100) out of the container image (51), the message comprising an access identifier allowing access to a restricted area (60) to which the access is not provided without the access identifier, the restricted area comprising a plurality of decryption keys, and accessing the restricted area (60) using the access identifier received with the message, and retrieving a decryption key from the restricted area (60) based on the access identifier, and decrypting the encrypted software package with the retrieved decryption key in order to generate a decrypted software package, providing the service to the user based on the decrypted software package.

An information processing apparatus including a control unit configured to perform obtaining result data indicating a result of locking and unlocking performed by a locking and unlocking device that performs locking and unlocking based on authentication information obtained from a portable terminal carried by a user, and generating, based on the result data, proposal data including a proposal for a service to be provided to the user.

A transaction method for a user using a first and a second terminal and connected to a server via a first and a second communication channel, respectively. The first terminal sends a transaction amount to the server. The server establishes a verification code whose length depends on the transaction amount, then sends a request to the first terminal and the verification code to the second terminal. The user returns the request filled in with a copied code to the server using the first terminal. The server compares the verification code with the copied code and sends a transaction validation or invalidation message to the first terminal depending on the comparison.

A method for establishing a fully private, information secure interconnection between a source and a destination over a data network with at least a portion of a public infrastructure. The method comprising at the source creating n shares of a source data according to a predetermined secret sharing scheme, and encrypting the n shares using (n, k) secret sharing. Further, defining for at least one node vi a directed edge (Vi1, Vi2) that has a k−1 capacity. All outgoing links of vi are connected to vi2. Additionally, using a maximum flow algorithm to define the maximum number of shares outgoing from vi2, and therefore from vi, on each outgoing link. The number of shares forwarded by node vi does not exceed the number of maximum shares that were defined by the maximum flow algorithm.

A method for securing the time synchronization of an Ethernet on-board network of a motor vehicle, by: determining a delay time of a first signal on a first connecting path between a first control unit of the network and a second control unit of the network; determining a maximum speed of the first connecting path on the basis of the delay time; and determining a type of a transmission medium of the first connecting path on the basis of the maximum speed. The determination of the delay time of a first signal, the determination of the maximum speed of the first connecting path, and the determination of the type of a transmission medium of the first connecting path result in an entropy source being formed that is used to ascertain at least one dynamic key for the connecting path to encrypt a time synchronization message for the connecting path.

A method for distributing data to a computing device using device level authentication includes: receiving a single use key from a payment institution, the single use key encrypted by the payment institution using a first encryption, a server public key, and device data; wrapping a device public key using the server public key; electronically transmitting at least the device data, the wrapped device public key, and the single use key to a server; receiving the single use key encrypted using a second encryption from the server, the second encryption using the device public key to encrypt the single use key; decrypting the single use key encrypted with the second encryption using a device private key; and electronically transmitting the decrypted single use key and payment credentials to a point of sale device.

According to an embodiment, a device sends, to an access point device, a network access authentication request issued with respect to a first network. An authentication server device includes a first device-authentication processing unit that, in response to the network access authentication request, performs an authentication operation based on first-type authentication information. The access point device includes a transfer processing unit and a second device-authentication processing unit. When second-type authentication information is not included in the network access authentication request, the transfer processing unit transfers the network access authentication request to the authentication server device. When the second-type authentication information is included in the network access authentication request and when an authentication operation in the access point device is enabled, the second device-authentication processing unit performs an authentication operation based on the second-type authentication information.

Systems and methods for authentication may include an authentication server. The authentication server may include a processor and a memory. The processor may be configured to receive an authentication request. The processor may be configured to transmit a notification. The processor may be configured to receive a response that is responsive to the notification, the response comprising a ciphertext and input data. The processor may be configured to generate a Fast Identity Online (FIDO) key pair including a FIDO public key and a FIDO private key. The processor may be configured to encrypt a challenge using the FIDO private key. The processor may be configured to transmit the FIDO public key to decrypt the challenge so as to complete the authentication request.

Per CFR 1.121, Applicant hereby amends the abstract of the application by substitute abstract, by submitting: (i) instruction for the cancellation of the previous version of the abstract; and (ii) a substitute abstract in compliance with 37 CFR § 1.121(b)(2)(ii). RE i)

Please cancel the previous version of the abstract. RE ii)

A clean version of the substitute Abstract is set forth on the following page. No new matter has been added.

A system and apparatus for data confidentiality in a distributed ledger are disclosed. The system and apparatus preserve qualities of distributed ledgers, such as transparency, integrity, and redundancy, while also providing confidentiality, scalability, and security not previously available in distributed ledgers. The system includes a data confidentiality module that exploits a trusted execution environment for both transaction processing and key synchronization. The apparatus accessing the distributed ledger provides for new nodes joining the network, sending transactions to the ledger by existing nodes, securely processing the transaction using the trusted execution environment, securing transmission to the logic layer for application of business logic, reading and writing data to local storage, and reading encrypted transactions.