Abstract: Embodiments include a system, method, and computer program product that enable secure access to cameras in smart buildings. Some embodiments control outbound video from an environment such as a local network through an intelligent on-event video pushing mechanism. The local intelligent on-event video pushing mechanism hides the IP address of a source video camera, transcodes the video to a reduced size for wide area distribution, and pushes video to a recipient upon an event triggered received within the local environment (e.g., the local network.) Embodiments enable a remote video client on the far-side of the local network firewall to view the video streams of cameras on the near-side of the local network firewall when an event or trigger occurs.

Abstract: Systems, devices and methodologies for generating a vehicle identification hash value and verifying the integrity of the vehicle. The vehicle identification hash value is generated based on hashes provided by each vehicle component. The generated overall vehicle identification hash value may be dynamic and reflects changes that occur to the vehicle at the component level.

Abstract: A communication control apparatus includes a collection control unit, an analysis unit, and a coordination unit. The collection control unit collects communication performed with a device connected to a subordinate network, and controls communication performed by the device based on a first control condition; The analysis unit analyzes the communication collected by the collection control unit to extract device identification information indicating characteristics of the communication performed by the device. The analysis unit specifies a device name of the device and the first control condition corresponding to a normal communication range extracted from the device identification information, based on the device identification information.

Abstract: Techniques are provided for authentication using pairwise secrets constructed from partial secrets. One method comprises obtaining, by a first entity of a communication between the first entity and a second entity, partial secrets associated with the first and second entities; generating a constructed secret for the communication by applying a cryptographic function to the partial secrets associated with the first and second entities; and authenticating the communication using the constructed secret. A control entity may assign a substantially unique partial secret to each of multiple first and second entities and distribute at least a subset of the assigned partial secrets to at least some of the first and second entities. A communication between given first and second entities can be authenticated using a pairwise constructed secret for the given communication generated by applying the cryptographic function to the partial secrets associated with the first and second entities.

Abstract: A method, performed by a server device, may include receiving a request to activate an application session, the request being received from a user equipment on behalf of a particular application installed on the user equipment. The method may further include determining one or more application requirements associated with the particular application; determining conditions associated with one or more application servers; selecting a particular one of the one or more application servers based on the determined one or more application requirements and based on the determined conditions; and setting up the application session between the user equipment and between the selected particular one of the one or more application servers.

Abstract: In particular embodiments, a data processing consent management system may be configured to utilize one or more age verification techniques to at least partially authenticate the data subject's ability to provide valid consent (e.g., under one or more prevailing legal requirements) in order to collect, store, and or process the subject's personal data. For example, according to one or more particular legal or industry requirements, an individual (e.g., data subject) may need to be at least a particular age (e.g., an age of majority, an adult, over 18, over 21, over 13, or any other suitable age) in order to provide valid consent. Data processing systems may generate and store one or more consent records memorializing valid consent for data processing from data subjects in response to confirming that the data subject is old enough to provide such consent.

Abstract: A method to protect code against altering includes reading immutable boot code from a ROM. A code image is loaded from an external memory and a hash is calculated by a core unit. The hash is initially authenticated using the boot code for decrypting the hash of the external memory. A salted hash for each equivalent of a cache line of the code image is concurrently calculated by a cache protection block and the salted hash for each cache line in an internal hash table is stored. If the authentication succeeds, a part of the code image is loaded into a secure cache of the embedded micro-processor.

Abstract: Encryption is enabled at a low load in a storage system. An encryption processing device 20 uses, as an expectation value for key validation, a value that is uniquely identified from a storage location address of encrypted text data in a storage drive. The encryption processing device 20 encrypts the expectation value and plain text data, respectively, using a same encryption key, substitutes a DIF according to the encrypted text data obtained by encrypting the plain text data, and stores the encrypted expectation value in the substituted DIF. Upon receiving a read request of the encrypted text data, the encryption processing device 20 decrypts the encrypted expectation value stored in the substituted DIF using a decryption key, and validates whether the encryption key and the decryption key are properly corresponding by comparing the decrypted expectation value and the expectation value identified from the address at the time of reading.

Abstract: Method and devices for wirelessly transmitting data packets in a meter reading system, wherein the method comprises generating at the meter device, a first data packet including payload data and a first message authentication code computed based the payload data and associated meter data stored in a memory of the meter device, transmitting the first data packet from the meter device to the receiver, and performing a primary authentication check of the first data packet and verifying the associated meter data at the receiver by recalculating the first message authentication code using the received payload data and current associated meter data stored in a memory of the receiver, as input.

Abstract: Aspects of the current subject matter are directed to performing privacy-preserving analytics over sensitive data without sharing plaintext data and without requiring a trusted third party. Implementations provide for utilizing a trusted execution environment within a server to compute the privacy-preserving result. Data owners via user devices send their encrypted data directly to an enclave managed by a trusted execution environment, without the server and the cloud service provider for the server seeing the plaintext data. The enclave computes the analytics directly on the data and releases the privacy-preserving result that can be ensured by code analysis and remote attestation from all parties.

Abstract: A blockchain integrated station receives a configuration instruction after accessing a blockchain network. The blockchain integrated station configures, based on the configuration instruction, a first network address corresponding to a certificate authority center and a second network address corresponding to a first blockchain node in the blockchain network. The blockchain integrated station initiates an authentication request to the certificate authority center based on the first network address. The blockchain integrated station receives, from the certificate authority center, a digital certificate after the certificate authority center determines that the authentication request passes verification. The blockchain integrated station sends, based on the second network address, the digital certificate to the first blockchain node, where the digital certificate is used by the first blockchain node to add the blockchain integrated station as a new blockchain node in the blockchain network.

Abstract: The disclosure relates to a motor vehicle having a data network via multiple control devices of the motor vehicle for exchanging message data (that are coupled together, wherein the data network is subdivided into different domains and via each of the domains respectively some of the control devices are coupled to the data network and in each domain respectively other of the control devices are included and the exchange of message data is blocked between the control devices of different domains or permitted only as a function of an authorization check of at least one domain transition is provided. The disclosure provides that the data network also includes an overall domain and each of the control devices is also coupled via the overall domain to the data network.

Abstract: Management of network nodes comprised in a communication network. A management node receives, from at least some of said network nodes, LLDP information based on one or more LLDP messages received from neighboring network nodes that are neighbouring said at least some network nodes. The LLDP information comprises security status information regarding said neighbouring network nodes, indicating if a neighbouring network node has been verified to be authentic and indicates if the neighbouring network node has been verified to be not authentic.

Abstract: A customer blockchain data store is provided. An exemplary method comprises obtaining a blockchain associated with a given customer of an enterprise having multiple customer communication channels, wherein the blockchain comprises transaction data for the given customer with the customer communication channels; obtaining new transaction data for the given customer for a given one of the customer communication channels; providing the new transaction data for the given customer to additional customer communication channels; receiving a validation of the new transaction data from the additional customer communication channels based on one or more predefined validation criteria; and storing the validated new transaction data for the given customer in the blockchain associated with the given customer.

Abstract: Verification of entities associated with a communication platform are described. An instruction to create a communication channel on a communication platform is received. The communication channel can be associated with an organization that is registered with the communication platform. Data associated with an entity (e.g., the organization and/or a user associated therewith) can be analyzed to determine whether to verify the entity. Based at least partly on a determination that the entity is verified, an indicator can be presented in association with the entity on a user interface associated with the communication platform and a first set of permissions can be associated with the entity. The first set of permissions can be different than a second set of permissions associated with unverified entities. Use of the communication channel and/or the communication platform by the entity can be controlled based at least partly on the first set of permissions.

Abstract: Minting a physical computing device based on unique key generation, wherein the key generation is configured to create a private-public key pair. In implementations, the key pair may be generated upon initialization of the physical computing device, such that the physical computing device is minted with the key pair. The key pair may be utilized as a token for supply-chain billings, payments, auditing, etc. associated with the physical computing device.

Abstract: In one aspect the present invention disclose system for recording and handling media for use as evidence in legal proceeding. In one other aspect the present invention discloses a device for recording media for use as evidence in legal proceedings. In another aspect the present disclosure provides a server also referred to herein as an evidence vault or vault for handling media from a media recording device for use as evidence in legal proceedings. The all three aspects the invention benefit from a double layer symmetrical and asymmetrical encryption method to protect the media recordings of the device, the server and the system as a whole as well as the transmission of media between different components.

Abstract: A method for setting permissions of a user in a system in an information exchange unit is disclosed in the present invention, including: setting multiple information sections for the information exchange unit; setting participation roles for each information section respectively, wherein the participation role includes one or more roles in the system; and setting permissions of each of the participation roles in the information section, wherein each role is an independent individual not a group/a class, one role can only be related to a unique user during the same period, and one user is related to one or more roles; and creating relations between users and roles in the system. According to the present invention, when an employee changes his/her work content or is transferred from a post, permissions of the employee in an information section of the information exchange unit do not have to be set separately.

Abstract: A protocol that is managed by a coordinating network element or third-party intermediary or peer network elements and utilizes tokens prohibits any subset of a union of the coordinating network element or third-party intermediary, if any, and a proper subset of the processors involved in token generation from substantively accessing underlying data. By one approach, processors utilize uniquely-held secrets. By one approach, an audit capability involves a plurality of processors. By one approach, the protocol enables data transference and/or corroboration. By one approach, transferred data is hosted independently of the coordinating network element. By one approach, the coordinating network element or third-party intermediary or a second requesting network element is at least partially blinded from access to tokens submitted by a first requesting network element. By one approach, a third-party intermediary uses a single- or consortium-sourced database.

Abstract: Events within a computer system are grouped in order to identify security threats and, in some cases, perform an action to mitigate the threat. In some aspects, a computing system event that meets a criterion, are identified. A first layer of computing resources is determined which includes computing resources referenced during the computing system event. A second layer of computing resources is then determined, the second layer including one or more of a parent process or file loaded by the first layer processes, a process writing to a file included in the first layer of computing resources, or a previous version of a file included in the first layer of computing resources. Similarities between computing resource pairs in the first and second layers are determined, and a group of high similarity pairs related to each other is identified. In some embodiments, a mitigating action is identified based on the group.