Abstract: According to some aspects, disclosed methods and systems may include determining, by an electronic device, a value associated with a first parameter configured to dynamically change, and displaying, via a user interface, an object corresponding to the value associated with the first parameter. The methods and systems may also include receiving, via the user interface, an input intended to unlock the electronic device, unlocking the electronic device if the received input interacts with the object in a predefined manner, and maintaining the electronic device in a locked state if the received input does not interact with the object in the predefined manner.

Abstract: The present disclosure relates to a communication method and system for converging a 5th-Generation (5G) communication system for supporting higher data rates beyond a 4th-Generation (4G) system with a technology for Internet of Things (IoT). The present disclosure may be applied to intelligent services based on the 5G communication technology and the IoT-related technology, such as smart home, smart building, smart city, smart car, connected car, health care, digital education, smart retail, security and safety services. The present invention relates to an authentication method applied to a next generation 5G communication system and an apparatus for performing same, network slices, a method for managing the network slices, and an apparatus for performing the same.

Abstract: A method, a computer program product, and a computer system transmit an authenticated communication. The method being performed by a sending device includes transmitting a request to an authentication server indicating that the authenticated communication is to be transmitted. The method includes receiving a security token from a security device that is co-located with the sending device. The security token is received by the security device from the authentication server. The method includes generating the authenticated communication by incorporating the security token in a communication. The method includes transmitting the authenticated communication to a recipient device.

Abstract: Methods and apparatuses providing file type inspection in firewalls by moving the flow between deep inspection file and lightweight accelerated paths. The method includes obtaining, by a network security device, a packet flow of a file transfer session in which at least two files are transferred and determining, by the network security device, at least an offset parameter based on at least one attribute of at least a first packet in the packet flow. The offset parameter is for a first file being transferred of the at least two files and relates to an expected positon of a control data sequence within the packet flow. In this method, based on the offset parameter, directing, by the network security device, to an accelerated packet inspection path instead of to a deep packet inspection path, a portion of the packet flow including one or more packets that follow the first packet.

Abstract: A computer-implemented method of providing data governance as data flows within and between networks, comprising: using a global computing device, retrieving data stored in a plurality of local ledgers and written by a plurality of local computing devices, wherein validity of the data stored in the plurality of local ledgers has not been verified prior to writing; using the global computing device, determining that the plurality of local ledgers is cryptographically consistent and, in response to the determination, updating a global ledger with the data stored in the plurality of local ledgers.

Abstract: Communication buses enable devices to communicate and exchange information and control signals. There is a growing concern over the security of such types of buses. Since any device can transmit any message, and device on the bus which can be compromised poses a threat for the bus. Described is a system to authenticate the source of messages from various devices on a communication bus.

Abstract: This disclosure provides systems, methods and apparatus, including computer programs encoded on computer storage media, for onboarding one or more Multi-AP devices using a device provisioning protocol (DPP) and a Multi-AP communication protocol. In one aspect, a first Multi-AP device may determine, during an onboarding process, DPP configuration information that was derived using the DPP. The first Multi-AP device may establish a Multi-AP network configuration between the first Multi-AP device and a second Multi-AP device using the Multi-AP communication protocol based, at least in part, on the DPP configuration information. In one aspect, the DPP configuration information may be derived remotely by the network operator prior to device deployment. In one aspect, a configurator station (STA) may be delegated as the DPP configurator by the network operator, and may onboard one or more STAs into the Multi-AP network using the DPP and the Multi-AP communication protocol.

Abstract: A method used in an on-board network system, having electronic controllers that exchange messages and a fraud detecting electronic controller. The method includes determining whether a message transmitted conforms to fraud detection rules, and querying an external device whether there is delivery data for updating the fraud detection rules. When there is the delivery data for updating the fraud detection rules, receiving from an external device the delivery data, including updated fraud detection rules and network type information indicating a network type that the updated fraud detection rules are to be applied. The method also includes determining whether a vehicle in which the on-board network system is installed is running, and whether the network type information indicates a drive network that is connected to an electronic controller related to travel of the vehicle. When the network type information does not indicate the drive network, updating the fraud detection rules.

Abstract: Methods and systems may incorporate voice interaction and other audio interaction to facilitate access to prescription related information and processes. Particularly, voice/audio interactions may be utilized to achieve authentication to access prescription-related information and action capabilities. Additionally, voice/audio interactions may be utilized in performance of processes such as obtaining prescription refills and receiving reminders to consume prescription products.

Abstract: The present disclosure generally relates to managing content item collections. A collection management system receives a request for collection item metadata associated with a collection item. Collection management system obtains a content item identifier corresponding to the collection item identifier. Collection management system requests content item metadata from a content management system. Collection management system receives from the content management system content item metadata corresponding to the content item identifier. Collection management system filters the content item metadata to remove a portion of the content item metadata comprising privileged information. Collection management system retrieves collection item metadata using the collection item identifier. Collection management system adds the filtered content item metadata to the collection item metadata.

Abstract: Technology related to managing network traffic with sensitive data is disclosed. In one example, a method can include performing a cryptographic transformation of sensitive data of a request from a requestor for a resource. A portion of the cryptographic transformation of the sensitive data of the request can be transmitted to a sensitive data server. One or more possible matches to the cryptographic transformation of the sensitive data of the request can be received from the sensitive data server. A match to the cryptographic transformation can be identified within the one of the one or more possible matches. In response to identifying the match, an access policy for the requestor or the resource can be changed.

Abstract: A scrambling method of data on a J1939 communication system of a vehicle involves at least moving data from one of a PGN and a PGN/SPN location to another PGN or PGN/SPN location at a first controller on the vehicle before transmitting data and then re-ordering the data at a second controller. Some embodiments further comprise encrypting data either before or after shifting, but before transmitting so as to further complicate efforts to interpret meaningful data from the transmission. The second controller may be on the vehicle or may be remotely located.

Abstract: Techniques and examples pertaining to parking management and communication of parking information are described. A processor of a computing apparatus may obtain sensor data regarding a parking lot from a parking lot controller. The processor may analyze the sensor data. The processor may receive, from a client, a request for assistance with parking at the parking lot. The processor may provide, to the client, information on a location and status of a space (e.g., open space) in the parking lot, a path to the space, or both.

Abstract: Methods and systems for a device identification system may be provided. The device identification system may determine an identity of a user device associated with a transaction. The identity may be determined by network address information, hard link information, soft link information, and/or other such information. The network address information may include IPv4 information, IPv6 information, a device ID, and/or other such information. The identity of the user device may be determined and a transaction conducted from the user device may be assigned a fraudulent transaction risk score according to the information. Transactions that are determined to be at a high risk of fraud may be reviewed or otherwise flagged and/or canceled.

Abstract: Embodiments include apparatuses, methods, and systems including one or more servers and one or more storage devices, coupled with each other, to provide virtual storage service to store a file and meta data of the file for a client computing device. The file and the meta data of the file may be encrypted by the client computing device before providing to the virtual storage service. The file may be encrypted with a secret key of the client computing device, and the meta data of the file may be encrypted with a shared session key between the client computing device and the virtual storage service. The encrypted file may be stored in the one or more storage devices, and the encrypted meta data of the file may be stored in one or more secured areas of the one or more servers. Other embodiments may also be described and claimed.

Abstract: Security design and architecture for a multi-tenant Hadoop cluster are disclosed. In one embodiment, in a multi-tenant Hadoop cluster comprising a plurality of tenants and a plurality of applications, a method for identifying, naming, and creating a multi-tenant directory structure in a multi-tenant Hadoop cluster may include (1) identifying a plurality of groups for a directory structure selected from the group consisting of a superuser group, a plurality of tenant groups, and at least one application group; (2) creating an active directory for each of the groups; (3) adding each of a plurality of users to one of the plurality of tenant groups and the application group; (4) creating tenant directories and home directories for the users; and (5) assigning owners, group owners, default permissions, and extended access control lists to the tenant directories and the home directories.

Abstract: This disclosure describes methods and systems for a biometric identity management system capable of being deployed incrementally one organization at a time, and also reversibly, such that any organization can unsubscribe at any time. A biometric processing engine can perform biometric matching between records from a first database and a second database, whereby the databases have been established independently of each other. Each record comprises a biometric record and a corresponding identifier unique across databases. If a biometric record of a first record and a biometric record of a second record are from a same individual, the first record comprising a first unique identifier and the second record comprising a second unique identifier are linked. Using the first or second unique identifiers, access to information about the individual linked to both the first record in the first database and the second record in the second database is provided.

Abstract: A biometric verification system is disclosed. The system includes a portable device which stores a biometric reference template and authentication preferences, The portable device can be used with an access device. The access device can prompt the user for a biometric sample, The access device may create a biometric sample template from the biometric sample, and the biometric sample template can be compared to the biometric reference template to determine if a user is authentic.

Abstract: Methods for authenticating a genuine presence of a human involve directing one or more modulated probes towards a body part of the human, receiving a response to the probes from the body part, and analyzing the response to determine whether it contains spectral characteristics that match a class of responses to such probes for the human body part in a human population. Replay attacks are countered by varying the modulation of the probe temporally, spatially, and spectrally each time authentication is performed. The probes may include electromagnetic radiation, acoustic beams, or particle beams that generate a detected reflection, absorption pattern, scintillation, or fluorescence response of the body part. The analysis of the response may be directed to one or more of temporal, spatial, and spectral variations in accordance with the nature of the probes and the modulation.

Abstract: Data center management over a power plane, including: coupling, via a plurality of power planes, a management hub to one or more servers; and transferring, via the plurality of power planes, data between the management hub and the one or more servers.