Abstract: Embodiments of the invention provide a computing device comprising one or more processors, each processor comprising one or more processing unit, said one or more processing units being configured to execute at least one program, each program comprising data and/or instructions, the computing device further comprising, for at least some of the processors, a processor cache associated with each processor, the processor cache being configured to access data and/or instructions comprised in the programs executed by the processor, the computing device comprising: an auxiliary cache configured to access metadata associated with the data and/or instructions comprised in said programs; a security verification unit configured to retrieve, from the auxiliary cache, at least a part of the metadata associated with data and/or instructions corresponding to a memory access request sent by a processor (11) to the processor cache (117).

Abstract: Embodiments of the present invention disclose a data transmission method and a related device and system. The system includes an access network device AN and user equipment UE. The AN is configured to receive a base key sent by a key management device in a core network, where the base key is a key generated from two-way authentication between the UE and the core; the AN and the UE are configured to process the base key according to a preset rule to generate an air interface protection key; the UE is configured to: protect a target field in an uplink protocol data unit PDU by using the air interface protection key; and the AN is configured to parse the target field in the uplink protocol data unit by using the air interface protection key.

Abstract: Centralized systems execute one or more applications for monitoring and operating a plurality of network enabled medical devices. An indication to start a selected application at the centralized system or at a network enabled medical device is received at the centralized system/network enabled medical device. The selected application may require a license to operate and, at the time the indication is received, may have a first license available. Instead of using the first license, the centralized system/network enabled medical device may determine to inherit at least a portion of a second license to operate the selected application. The centralized system/network enabled medical device may inherit at least the portion of the second license to form an inherited license, where the inherited license enables features of the selected application. Using the inherited license, the selected application is started with the enabled features. Related apparatus, systems, techniques and articles are also described.

Abstract: Provided are systems and methods for a cloud security system that learns patterns of user behavior and uses the patterns to detect anomalous behavior in a network. Techniques discussed herein include obtaining activity data from a service provider system. The activity data describes actions performed during use of a cloud service over a period of time. A pattern corresponding to a series of actions performed over a subset of time can be identified. The pattern can be added a model associated with the cloud service. The model represents usage of the cloud service by the one or more users. Additional activity data can be obtained from the service provider system. Using the model, a set of actions can be identified in the additional activity data that do not correspond to the model. The set of actions and an indicator that identifies the set of actions as anomalous can be output.

Abstract: A system for controlling access to encrypted vehicular data employs a hierarchical access control method that allows select encrypted vehicular data stored in a cloud server to be accessed by an authorized user in a hierarchical manner whereby the authorized user is then able to decrypt the select encrypted data and all child data associated with the select encrypted data.

Abstract: Securing an autonomous vehicle against remote interference. Electronic communications are classified and rated according to communication port and package content. Communication ratings are processed to assess risk of remote interference. At-risk communications trigger interference response actions according to pre-defined ratings thresholds.

Abstract: In one embodiment, a device in a network receives certificate data for an encrypted traffic flow associated with a client node in the network. The device determines one or more data features from the certificate data. The device determines one or more flow characteristics of the encrypted traffic flow. The device performs a classification of an application executed by the client node and associated with the encrypted traffic flow by using a machine learning-based classifier to assess the one or more data features from the certificate data and the one or more flow characteristics of the traffic flow. The device causes performance of a network action based on a result of the classification of the application.

Abstract: Aspects of secure inter-application data communications are described. In one example, a first application executing on a computing device obtains an identity certificate. The identity certificate can include a unique identifier of the computing device and a public key of the first application. To obtain the public keys of other applications executing on the computing device, the first application can query a management computing environment using the identity certificate. Once the computing device is authenticated by the management computing environment, the management computing environment can store the public key of the first application and return any public keys of other applications executing on the computing device. Once the public keys have been exchanged between the applications, the applications can encrypt and sign data packages for secure data communications between each other.

Abstract: A computer system utilizes a dataset to support a research study. Regions of interestingness are determined within a model of data records of a first dataset that are authorized for the research study by associated entities. Data records from a second dataset are represented within the model, wherein the data records from the second dataset are relevant for supporting objectives of the research study. Data records from the second dataset that fail to satisfy de-identification requirements are removed. A resulting dataset is generated that including the first dataset records within a selected region of interestingness and selected records of the second dataset within the same region. The second dataset records within the resulting dataset are de-identified based on the de-identification requirements. Embodiments of the present invention further include a method and program product for utilizing a dataset to support a research study in substantially the same manner described above.

Abstract: A computer system utilizes a dataset to support a research study. Regions of interestingness are determined within a model of data records of a first dataset that are authorized for the research study by associated entities. Data records from a second dataset are represented within the model, wherein the data records from the second dataset are relevant for supporting objectives of the research study. Data records from the second dataset that fail to satisfy de-identification requirements are removed. A resulting dataset is generated that including the first dataset records within a selected region of interestingness and selected records of the second dataset within the same region. The second dataset records within the resulting dataset are de-identified based on the de-identification requirements. Embodiments of the present invention further include a method and program product for utilizing a dataset to support a research study in substantially the same manner described above.

Abstract: A method for processing an account in a blockchain is provided. A freezing instruction with respect to a target account is received by a computer device. A freezing lock is generated by the computer device based on the received freezing instruction, the freezing lock including a freezing lock public key. A first freezing request is generated by the computer device based on the freezing instruction and the freezing lock public key. The first freezing request is transmitted by the computer device to a device in the blockchain. The first freezing request is a request based on which the target account is frozen by using the freezing lock and resource transfer of the target account is denied.

Abstract: A vehicle computing platform may receive driver sensor data indicating whether a driver seat in a vehicle is occupied. The vehicle computing platform may determine, based on the driver sensor data, an identity of a driver of the vehicle. The vehicle computing platform may receive passenger sensor data indicating whether a passenger seat in the vehicle is occupied. The vehicle computing platform may, based on the passenger sensor data indicating that the passenger seat in the vehicle is occupied, obscure information on a screen of the vehicle.

Abstract: Embodiments of the present invention disclose a network system. The system includes user equipment, a network authentication device, and a service authentication device. The service authentication device is configured to obtain reference information and generate a second shared key with reference to the reference information and a first shared key, where the first shared key is a shared key pre-configured between the user equipment and the service authentication device; the user equipment is configured to obtain the reference information and generate the second shared key with reference to the reference information and the first shared key; the service authentication device is configured to send the second shared key to the network authentication device; and the network authentication device is configured to receive the second shared key, where the second shared key is used by the user equipment and the network authentication device to generate a target shared key.

Abstract: Method of detecting an attack against a function on a client computer including generating a first hash value having a weak collision resistance; sending the first hash value to a server computer for storing to a database of known hash value pairs, a hash value pair including the first hash value and a second hash value calculated for the entity, the second hash value having a strong collision resistance, receiving a request for the entity with an object including a first hash value and a second hash value; accepting the received object and transmitting data relating to the received object to the server computer for a validity check when the first hash value of the received object is identical with the first hash value stored in the local database, and detecting a hash collision attempt when the hash value pairs do not match.

Abstract: An assistant computing device communicates with a requesting computing device. The requesting computing device communicates with a remote computing device. The remote computing device in communication with a dataset resides in a secured data center. The requesting computing device: employs credentials to communicate requests to the remote computing device over an external network and through a firewall; and receives query results generated by the remote computing device executing the requests. The assistant computing device: receives requests from the requesting computing device to query the dataset; generates access credentials; encrypts and communicates the access credentials to the requesting computing device; receives encrypted results from the requesting computing device; decrypts and communicates the results to the requesting computing device.

Abstract: The systems and methods described herein can provide a protocol escalation path in response to a client system's request or in response to a triggering event. For example, the computing system can provide an indication to a client system that the client system can upgrade from a regular connection channel to an upgraded connection channel if the client system can solve a certain proof-of-work. The computing system may also receive a request from the client system to access an upgraded connection channel. The upgraded connection channel may provide more bandwidth, stability, higher priority, etc., alone or in combination, comparing to the regular connection channel.

Abstract: A printed circuit (PC) card apparatus can, in an absence of external power provided to a Peripheral Component Interconnect Express (PCIe) PC card, prevent and detect unauthorized access to secure data stored on a memory device mounted on the PCIe PC card. The PCIe card includes a primary battery to supply, when external power is disconnected from the PCIe card, power to an electronic security device mounted on the PCIe card. The PC card apparatus also includes a PCIe edge connector protector enclosing electrically conductive fingers of a PCIe edge card connector. The PCIe edge connector protector includes a hidden supplemental charge storage device integrated into the PCIe edge connector protector. The PCIe edge connector protector also includes electrically conductive contacts to transfer supplemental power from the supplemental charge storage device to the electronic security device.

Abstract: The present invention relates to a method for operating a wireless communication device in a cellular network, the wireless communication device comprising a communication unit and a controlling appliance, interconnected by a control interface, the communication unit comprising a network access manager unit, the method comprising for the communication unit the steps of: —receiving from the cellular network a network access guidance —handling the received network access guidance at the network access manager unit, —as part of handling the network access guidance, interpreting the received network access guidance and providing information relating to the network access guidance resulting from said interpretation step to the controlling appliance, —ascertaining by means of the control interface from the controlling appliance a response relating to said network access guidance, —handling in the network access manager unit the response relating to said network access guidance.

Abstract: Techniques are described selecting consensus nodes in a blockchain. A voting process is performed by a plurality of shareholder nodes to generate a voting result for each shareholder node. The voting process comprises each shareholder node voting for a plurality of expected nodes, and the expected nodes and the plurality of shareholder nodes comprise a group of nodes associated with a blockchain. A shareholder node is a node that owns at least one share. A voting result is verified for each shareholder node. After the voting process, a number of shares owned by each node of the group of nodes id determined based on the voting result. A plurality of consensus nodes are selected from shareholder nodes based on the number of shares owned by each of the shareholder nodes.

Abstract: Electronic publications are increasingly replacing physical media but to date standards have evolved to mimic these physical media. Accordingly it is beneficial to provide electronic publication software systems and/or software applications to enable new paradigms that provide consumers, authors, publishers, retailers, and others with new models for releasing digital content from editorial and authorship viewpoints; new models for providing digital rights management with licensing, re-assignable rights and the ability to issue sub-rights or issue partial licenses with predetermined validity; new models for publishers to release revised editions, errata, new additions, etc; engaging social network type collaborative behavior within work and private environments with associated content (annotations) to the original release content; and supporting discussion and information dissemination within a wide variety of environments from education to business to book clubs etc.