Abstract: There is described a system and method of committing a transaction within a UWB network comprising a plurality of anchors, the UWB network covering a predetermined area having at least one trigger area, the method comprising waking up a mobile device upon entering the predetermined area, receiving initial network data at the mobile device, verifying that the UWB network is genuine based on the initial network data, initiating communication between the mobile device and an anchor, including partial mutual authentication, generating a session key for secure communication between the mobile device and the UWB network, tracking the location of the mobile device within the predetermined area based on secure communication between the mobile device and one or more anchors within the UWB network using the session key, and committing the transaction, if the location of the mobile device is within the at least one trigger area.

Abstract: A device and a computer-implemented method for classifying data, in particular for a Controller Area Network or an automotive Ethernet network. A plurality of messages is received from a communications network. A message that has a predefined message type is selected for an input variable for an input model of a plurality of input models of an artificial neural network associated with the predefined message type. The input variable is determined as a function of the message, and in an output area of the artificial neural network a prediction is output that is usable for classifying the message as a function of the input variable, or a reconstruction of an input variable is output that is usable for classifying the message as a function of this input variable.

Abstract: A locking apparatus according to an embodiment includes an approach detector, a signal transmitter, a measurer, and a controller. The approach detector detects an approach of a user carrying a terminal. The signal transmitter transmits a key authentication signal for authenticating a pre-shared digital key to the terminal using first short-range wireless communication when the approach of the user is detected. The measurer connects a session by generating a security channel with the terminal using second short-range wireless communication and measuring at least one of a distance to and an angle with respect to the terminal when the digital key is authenticated through the key authentication signal. The controller determines whether or not to unlock an access facility in accordance with at least one of the distance to and the angle with respect to the terminal.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer-storage media, for platforms for managing database content distribution. In some implementations, a system stores a data set comprising monitoring data collected from remote devices. The system receives a data sharing request, and in response to the data sharing request generates a data sharing record that specifies a data sharing recipient, a portion of the data set to be shared, and a limited set of operations that can be performed using the shared portion of the data set. The system configures a customized portal for the data sharing recipient based on the data sharing record, wherein the customized portal is configured to provide access limited to the shared portion of the data set with functionality limited to the limited set of operations. The system provides the data sharing recipient access to the customized portal.

Abstract: A remote controlled battery cell monitoring and control system that utilizes empirical and theoretical data to compare performance, sensor data, stored patterns, historical usage, use intensity indexes over time and tracking information to provide a sophisticated data collection system for batteries. This tracking is designed to better the specifications, designs, training, preventative maintenance, and replacement and recycling of batteries.

Abstract: Systems and methods of mitigating leakage of credentials of a user of a computer network, including monitoring at least one data source to scrape data that is compatible with credential data, applying a machine learning algorithm to the scraped data to identify at least one potential leaked credential, wherein the at least one potential leaked credential is identified using at least one neural network, authenticating the identified at least one potential leaked credential by a database of valid credentials of the computer network, and replacing credentials corresponding to the at least one leaked credential.

Abstract: At a client computer, a web browser is connected to a local web server. The local web server is coupled with a local utility executing on the client computer that is distinct from the web browser. The web browser sends, to the local web server via a first communications channel, a first open-ended message that does not require a return message. The local web server waits until the local utility determines there is information to be provided to the web browser and sends, via the first communications channel, a first return message responsive to the first open-ended message. The web browser, in response to and upon receiving the first return message responsive, maintains communication with the local web server by sending, using a second communications channel distinct from the first communications channel, a second open-ended message that does not require a return message to the local web server.

Abstract: The embodiments described herein describe technologies to address initial establishment of device credentials in an Internet of Things (IoT) infrastructure. The embodiments are directed to unifying secure credential establishment regardless of the endpoint type, thus addressing the challenge of a great diversity among IoT devices. This approach is designed to address a challenge of initial trusted enrollment of the IoT endpoints into a secure infrastructure, which allows secure communications between the devices in the IoT environment.

Abstract: A system for detecting whether a device seeking communication with a server is a returning device that previously communicated with the server includes a database that stores groups of device attributes based on observable device characteristics and unique identifiers. The database is generally not accessible to the devices. Each attribute group and the associated device identifier (DID) can uniquely identify a particular device, and the associated DID is generally not derivable from the attributes. The database may satisfy a uniqueness property so that each attribute value in the database may also uniquely identify a device.

Abstract: Methods are disclosed for setting up a microservice, enhancing a ledger of microservices with a further microservice and accessing medical datasets stored in a microservice. The microservice contains the medical dataset in an encrypted form. The microservice includes an access logic based on accessing entity information. The access logic defines access conditions to the medical dataset and is configured to grant access to the medical dataset upon the access conditions being fulfilled.

Abstract: Embodiments of the disclosure provide a method, device and computer readable medium for authentication. According to embodiments of the present disclosure, only the first terminal device in a group of terminal devices which requests to connect to a network needs to finish the whole authentication. Upon the first terminal device successfully accesses to the network, the remaining terminal devices in the same group can ignore the authentication. In this way, time for authentication is reduced and the calculation efforts related to authentication is reduced for a large number for terminal devices.

Abstract: Techniques that facilitate layered stochastics anonymization of data are provided. In one example, a system includes a machine learning component and an evaluation component. The machine learning component performs a machine learning process for first data associated with one or more features to generate second data indicative of one or more example datasets within a degree of similarity to the first data. The first data and the second data comprise a corresponding data format. The evaluation component evaluates the second data for a particular feature from the one or more features and generates third data indicative of a confidence score for the second data.

Abstract: Embodiments of the present invention provide a system for authorizing entity users based on augmented reality and LiDAR technology. In particular, the system may be configured to determine that a user has accessed an entity application provided by an entity via a user device, receive a unique identifier from the user device of the user, via the entity application, where the unique identifier is scanned using LiDAR technology present in the user device of the user, determine location of the user based on the unique identifier, determine an entity device associated with the unique identifier and location of the user, perform authentication of the user using at least one authentication method, determine that the authentication is successful, and in response to determining that the authentication is successful, provide access to an entity device.

Abstract: The disclosure provides an approach for authenticating a user of a computer system, wherein the computer system implements a virtual desktop infrastructure (VDI), the method comprising connecting to a computing device through a network, receiving from the computing device authentication credentials, and determining whether the authentication credentials match an authorized user of the computer system. The approach further comprises extracting from the computing device features of the computing device, retrieving a machine learning (ML) model associated with the authorized user, wherein the ML model is at least one of (a) a supervised ML model or (b) an unsupervised ML model, and executing the ML model to authenticate the features of the computing device.

Abstract: In some embodiments, Uniform Resource Locator (URL) parameters may be used to bind access tokens to authorize web-browser-initiated network operations. In some embodiments, a user input at a data exchange gateway associated with a first website to perform a first network operation (e.g., a request to access resources associated with the first website) may be detected. In response to the detected user input, an access token may be generated based on user specific information associated with the user, where the access token is associated with one or more network operation parameters. In response to a use of the access token for authorizing the first network operation and successful authorization of the first network operation, the access token may be configured to be bound to a first URL identifier parameter associated with the first website.

Abstract: A method that includes operating a bus monitoring system having at least one interface configured to be coupled to at least one communication bus and receive bus traffic transmitted over the communication bus(es). The method also includes, using a device authentication system of the bus monitoring system, analyzing the bus traffic received via the at least one interface. Analyzing the bus traffic includes obtaining a message in the bus traffic (where the message identifies a source), identifying a support vector machine that corresponds to the source of the message, applying a wave transform to a waveform of the received message in order to generate a transformed waveform, inputting the transformed waveform to the identified support vector machine, and taking action in response to the identified support vector machine determining that the transformed waveform or the associated information does not correspond to the source.

Abstract: A system includes a plurality of tracking devices, such as RFID tags, affixed to items, such as vehicles, a data collection engine, client devices and backend devices. The backend devices include trained machine learning models, business logic, and attributes of a plurality of events. A plurality of data collection engines and systems send attributes of new events to the backend devices. The backend devices can track the items and predict particular outcomes of new events based upon the attributes of the new events utilizing the trained machine learning models.

Abstract: Techniques for providing flow meta data exchanges between network and security functions for a security service are disclosed. In some embodiments, a system/process/computer program product for providing flow meta data exchanges between network and security functions for a security service includes receiving a flow at a network gateway of a security service from a software-defined wide area network (SD-WAN) device; inspecting the flow to determine meta information associated with the flow; and communicating the meta information associated with the flow to the SD-WAN device.

Abstract: The present invention provides a method of allowing a wearable device connected to a user equipment device to communicate with a mobile communications network, wherein the user equipment device transmits non-access stratum messages to the mobile communications network for performance of an identification and an authentication of the wearable device in the mobile communications network and monitors transmissions sent by the mobile communications network in paging occasions, wherein paging occasions for paging messages intended for the wearable device are time aligned with paging occasions for paging messages intended for the user equipment device.

Abstract: A first host receives a packet from a first compute node for a second compute node of a second host. The payload is larger than a maximum transmission unit size. The first packet is encapsulated with an outer header. The first host analyzes a length of at least a portion of the outer header in determining a size of an encrypted segment of the payload. Then, the first host forms a plurality of packets where each packet in the packets includes an encrypted segment of the payload, a respective encryption header, and a respective authentication value. The payload of the first packet is segmented to form a plurality of encrypted segments based on the size. The first host sends the packets to the second host and receives an indication that a packet was not received. A second packet including the encrypted segment is sent to the second compute node.