Abstract: A system includes a management system, a managed system that is coupled to the management system through a network. The managed system comprises a managed device, a key identifier storage, a first managed device locking system coupled to the managed device and the key identifier storage, and a second managed device locking system coupled to the managed device, the key identifier storage, and the first managed device locking system. The first managed device locking system is configured to store a key identifier of the managed device in the key identifier storage and to provide access to a locking key of the managed device based upon the key identifier of the managed device, stored in a management system. The second managed device locking system is configured to monitor the managed device for an event that triggers unlocking the managed device, monitor operating status of the first managed device locking system.

Abstract: A network authorization system includes an authorization interface, an authorizer, and a network interface. The authorization interface receives a network connection request to access an external network and generates a characteristic of a portable component. The authorizer compares the characteristic to a predetermined characteristic, generates an authorization token responsive to the characteristic matching the predetermined characteristic, uses the authorization token to authenticate the network connection request, and transmits a first notification to the authorization interface that the characteristic matched the predetermined characteristic.

Abstract: A set of root keys is loaded as a first part of a secure boot process of a secure system. a first trusted key from a set of trusted keys is verified using a first root key from the set of root keys as a second part of the secure boot process. The set of trusted keys is loaded when an affirmative verification for a subset of trusted keys is received. The subset of trusted keys includes the first trusted key. As a third part of the secure boot process, an immutable portion of a file is validated using the first trusted key. As a fourth part of the secure boot process, the file is loaded when each portion of the file is successfully validated. The first, second, third, and fourth parts of the secure boot process occur before an integrity management configuration takes over the secure boot process.

Abstract: One example embodiment may provide a system for trace-based transaction validation and commitment in a network. The system includes at least one endorser peer and at least one committer peer. The at least one endorser peer is configured to generate a binary trace during simulation of a transaction, resulting in an endorsed trace. The at least one committer peer is configured to validate the transaction by executing a smart contract and using the endorsed trace as a witness.

Abstract: A method for executing an operation by a circuit, may include executing a first operation to process an input data, the circuit generating during the execution of the first operation a first signal, and executing in the circuit a second operation receiving the input data and configured to add to the first signal, between first and second instants during the execution of the first operation, a continuous second signal. A combination of the first and second signal forming a resultant signal in which the second signal may be indistinctly measurable with the first signal from outside of the circuit. The second signal and the resultant signal varying as a function of the input data.

Abstract: Described herein are systems, methods, and software to enhance network traffic management for virtual machines. In one implementation, a network policy controller may maintain firewall rules at one or more hosts of a computing environment, wherein the firewall rules define network packet forwarding policies for application groups available to virtual machines in the environment. The network policy controller further identifies an application group for attachment to one or more virtual machines, and in response to the identification, adds the one or more virtual machines to a security group for a firewall wall rule corresponding to the application group.

Abstract: Disclosed are a network sharing method, a network accessing method and a system. The network sharing method comprises: detecting whether a terminal device enables a WiFi function as receiving a WiFi hotspot creating operation; creating a virtual WiFi hotspot configured with preset hotspot name and password through a Bluetooth Generic Attribute (GATT) as detecting that the WiFi function is enabled; and establishing a Bluetooth PAN connection with an access terminal through the virtual WiFi hotspot to achieve network sharing.

Abstract: There is a need for solutions that perform entity sensitivity classification for a database entity associated with plurality of database elements. This need can be addressed by, for example, for each database element, generating element tokens for the database element based on a textual identifier for the database element, generating token combinations for the database element based on the element tokens for the database element and a token order associated with the textual identifier, generating a token-combination document for the database element based on the token combinations for the database element, and generating element feature data for the database element based on the token-combination document for the database element, and determining the entity sensitivity classification on each element feature data associated with a database element of the plurality of database elements and using a sensitivity classification model.

Abstract: Systems and methods for applying k-anonymity to data from a database are provided. An initial extraction of data from a database is performed. Initial anonymized data is produced based on the extracted data and a configuration of quasi-identifiers. An actual k-anonymity level is calculated based on the initial anonymized data. The actual k-anonymity level is compared to a desired k-anonymity level. The configuration of quasi-identifiers is adjusted based on the comparison. The calculating, comparing, and adjusting are iteratively repeated until the actual k-anonymity level equals the desired k-anonymity level or the adjusted configuration of quasi-identifiers has reached a limit. Final anonymized data is produced based on the adjusted configuration of quasi-identifiers. A subsequent extraction of data from the database is performed. Subsequent anonymized data is produced based on the extracted subsequent data and the adjusted configuration of quasi-identifiers.

Abstract: A method for asymmetric encryption based on a gene chip includes the steps of (a) obtaining original information in text or image or other form and converting the same into a binary code, and (b) preprocessing the binary code to obtain a binary matrix. In (c), an encryption key is obtained, the encryption key comprising a gene expression solution. In (d), the gene expression solution is placed on a gene chip according to an arrangement and correspondence of the binary matrix.

Abstract: Provided are an apparatus and a method for generating an identification key with improved reliability by: providing a plurality of resistances which are generated according to a random connection state between conductive layers of a semiconductor due to process variation of the semiconductor; discriminating a first group which has a resistance value greater than a first threshold value and less than a second threshold value among the plurality of resistances; and reading at least one resistance which does not belong to the first group out of the plurality of resistances and reading an identification key in the form of a digital value.

Abstract: Disclosed is a biometric information-based authentication method and apparatus, in which various types of biometric information extracted from a user are used.

Abstract: A network monitoring apparatus, and a remote encryption and remote activation method, device and system thereof are provided. The method includes the following steps: receiving an encrypted activation password sent by a client terminal; decrypting the encrypted activation password to obtain an original activation password; determining whether the original activation password meets a predetermined password strength requirement; when the original activation password meets the predetermined password strength requirement, activating the network monitoring apparatus and setting the original activation password as an administrator password; and returning information indicating that the network monitoring apparatus is successfully activated to the client terminal. A network monitoring apparatus, an encryption method of a network monitoring apparatus based on a client terminal, a client terminal, and a remote activation system based on a network monitoring apparatus are also provided.

Abstract: An IoT E2E Service Layer Security Management system supports methods and procedures to allow an application to establish, use, and teardown an IoT SL communication session that has application specified E2E security preferences and that targets one or more SL addressable targets (e.g., an IoT application, device, or gateway SL addressable resource). E2E SL Session based methods and procedures described herein achieve a required overall E2E security level, by allowing IoT SL instances to influence and coordinate hop security for a multi-hop communication path spanning across multiple intermediary nodes. The methods and procedures described herein reduce overhead, simplify and obviate the need for E2E service level nodes (initiation and termination nodes) from having to perform security service negotiation, in order to establish secure hop-by-hop security associations aligned with an E2E security requirement.

Abstract: A security device for securing a peripheral link between a computing device and a peripheral comprising is interposed on the peripheral link, between said computing device and said peripheral. The security device queries an identifier of a peripheral, and imitating said peripheral to said computing device by way of a host port of said security device. Once interposed the security device intercepts data transferred between the computing device and the peripheral device; and obfuscates selected portions of said data intercepted by the security device. Obfuscation may be performed by transferring the data to a tokenizing server, and replacing the data with a corresponding token received from the tokenizing server. The data may be securely stored at the tokenizing server, for later retrieval using the token.

Abstract: A machine-implemented method of encoding/decoding data is described. The encoding method comprises steps of receiving a message of a given size, the message being represented by a series of units of data, configuring multiple encoding elements (50) in an arrangement having a given frame size, and encoding the message by passing each unit of data through the arrangement so that each unit is processed by at least one of the encoding elements. The frame size of the arrangement is the maximum number of units of data that can pass through the arrangement without any unit of data passing through the arrangement and being processed in the same way as another unit of data.

Abstract: A method and system for authorizing a subject user to perform an action within an electronic service, receiving, a request to access the electronic service, the request including an indication of the subject user, of an object, and of the action that the subject user is desirous of performing on the object within the electronic service, based on at least one of the indication of the subject user and the object, retrieving, by the server, a set of predetermined rules each predetermined rule having been coded and stored, by the server, as a respective bytecode portion, executing the set of predetermined rules, analyzing an outcome rendered by the execution of each rule of the set of predetermined rules, and responsive to the outcome being indicative of a positive result, authorizing the subject to perform the action on the object.

Abstract: A method for the management and maintenance of an aircraft including a zone with a high degree of security, a man-machine interface of the aircraft being included in the zone with a high degree of security and necessary for a maintenance operation to be performed by a maintenance operator on a device of the aircraft to be maintained placed outside the zone with a high degree of security. The method includes: connection of a first device to the high-security zone; connection of a second device to a third device; reception of the first device by the second device of the man-machine interface of the aircraft and transfer of information for display of the man-machine interface of the aircraft to the third device; and connection of the second device to a server by means of the telecommunication network in order to obtain information from the server intended for the third device.

Abstract: Computer-implemented methods, software, and computer systems for authenticating a user. Authentication includes presenting on a first user interface a challenge set of cognitive information elements (400) to the user that comprises a cognitive challenge that has a reference solution based on an intersection of the challenge set of cognitive information elements and a secret set of cognitive information elements. Biometric features of the user can be extracted from a response made by the user to the cognitive challenge on a second user interface, and the user can be authenticated if the biometric feature extracted from the response matches a reference biometric feature.

Abstract: Various embodiments of the present disclosure provide an aircraft engine monitoring system. Generally, the aircraft engine monitoring system includes an engine monitoring device and one or more sensors configured to sense engine parameters of an engine of an aircraft and to generate and send signals representing the sensed engine parameters to the engine monitoring device, which stores them as engine performance data. An external device is communicatively connectable to the engine monitoring device to retrieve the engine performance data if both (1) the engine monitoring device determines that the external device is a trusted device and (2) the external device determines that the engine monitoring device is a trusted device, the engine monitoring device is configured to encrypt and securely transmit some or all of the engine performance data to the external device.