Abstract: A method of providing continuous user authentication for resource access control includes launching a continuous authentication service at a boot time of a first device, wherein the first device includes a processor, a memory, and one or more sensors configured to collect authentication information. Additionally, the method includes receiving authentication information comprising one or more of explicit authentication information or implicit authentication information, and receiving a request for access to a resource of the first device. Further, the method includes the operations of determining, by the continuous authentication service, a current value of a security state, the current value of the security state based in part on a time interval between a receipt time of the authentication information and a current time and controlling access to the resource based on the current value of the security state.

Abstract: Embodiments of the present disclosure provide a music playing method and device, where the method includes: receiving a first operation instruction in a first application with a function of video playing; and invoking a music player to play music in the first application in response to the first operation instruction. According to the embodiments of the present disclosure, music can be played in a first application through a first operation instruction of a user, avoiding that the user exits from the first application and then enters the music application to play music, and reducing an operation complexity of the user.

Abstract: A mobile communications device includes a near field communications (NFC) port and processor. The processor executes a trusted application within a trusted execution environment (TEE) for processing sensitive data. Additionally, the processor executes a NFC driver within the TEE for providing a secure channel between the trusted application and the NFC port such that sensitive data being exchanged across the secure channel are inaccessible to other processes being executed by the processor.

Abstract: A method for operating an electronic device, the method including spawning a name space tool (NST) as part of a boot process of a host OS, wherein the NST is a process with a plurality of root privileges of the host OS. The method further includes spawning, by the NST, a container for a guest OS, wherein the container for the guest OS is mapped to a dedicated domain in the host OS, and dropping, by the NST, a root privilege of the host OS in response to spawning the container for the guest OS.

Abstract: A method and apparatus for data security incorporating device state. The method includes encrypting sensitive data written to an electronic device while the electronic device is in a locked state using a public key of an asymmetric master key pair. The method also includes, in response to detecting that the electronic device enters an unlocked state, converting asymmetric encryption of the sensitive data into symmetric encryption of the sensitive data using a symmetric master key. Encrypting of the sensitive data may include encrypting the sensitive data using a data encryption key (DEK) and encrypting the DEK using the public key. Converting of the asymmetric encryption of the sensitive data into the symmetric encryption may include decrypting the encrypted DEK using a private key of the asymmetric master key pair and re-encrypting the DEK using the symmetric master key without decrypting and re-encrypting the sensitive data.

Abstract: A connected device includes an application processor, a secure element, and a control module. The application processor is configured to receive a control command from an electronic device. The secure element is connected between the application processor and a control module and is configured to authenticate the control command. The control module is configured to receive the control command when the control command is authenticated by the secure element, execute the control command to activate at least one function of the connected device, and transmit a response to the electronic device.

Abstract: A user device comprising: i) transmit path circuitry and receive path circuitry configured to communicate with a payment server; and ii) processing circuitry configured to control the transmit path circuitry and receive path circuitry. The processing circuitry is further configured to: a) receive a user input related to a payment process; b) calculate a risk score indicative of a likelihood of fraudulent activity associated with the payment process, wherein the risk score calculation is based on confidential information associated with the user that is stored on the user device; and c) transmit to the payment server a payment action and the risk score associated with the payment action without disclosing the confidential information. The confidential information comprises personally identifiable information and/or private information of the user. The processing circuitry calculates the risk score using a risk base model received from a model server.

Abstract: A user device comprising: i) transmit path circuitry and receive path circuitry configured to communicate with a payment server; and ii) processing circuitry configured to control the transmit path circuitry and receive path circuitry. The processing circuitry is further configured to: a) receive a user input related to a payment process; b) calculate a risk score indicative of a likelihood of fraudulent activity associated with the payment process, wherein the risk score calculation is based on confidential information associated with the user that is stored on the user device; and c) transmit to the payment server a payment action and the risk score associated with the payment action without disclosing the confidential information. The confidential information comprises personally identifiable information and/or private information of the user. The processing circuitry calculates the risk score using a risk base model received from a model server.

Abstract: A method for operating an electronic device, the method including spawning a name space tool (NST) as part of a boot process of a host OS, wherein the NST is a process with a plurality of root privileges of the host OS. The method further includes spawning, by the NST, a container for a guest OS, wherein the container for the guest OS is mapped to a dedicated domain in the host OS, and dropping, by the NST, a root privilege of the host OS in response to spawning the container for the guest OS.

Abstract: A method is provided for wireless data transfer. The method includes determining, at a mobile device, communication capability of another device for receiving data. The method also includes selecting an optimal communication protocol for communicating the data based on the determined communication capability. The method also includes communicating the data with the other device using the selected optimal communication protocol.

Abstract: A method of providing continuous user authentication for resource access control includes launching a continuous authentication service at a boot time of a first device, wherein the first device includes a processor, a memory, and one or more sensors configured to collect authentication information. Additionally, the method includes receiving authentication information comprising one or more of explicit authentication information or implicit authentication information, and receiving a request for access to a resource of the first device. Further, the method includes the operations of determining, by the continuous authentication service, a current value of a security state, the current value of the security state based in part on a time interval between a receipt time of the authentication information and a current time and controlling access to the resource based on the current value of the security state.

Abstract: A mobile communications device includes a near field communications (NFC) port and processor. The processor executes a trusted application within a trusted execution environment (TEE) for processing sensitive data. Additionally, the processor executes a NFC driver within the TEE for providing a secure channel between the trusted application and the NFC port such that sensitive data being exchanged across the secure channel are inaccessible to other processes being executed by the processor.

Abstract: An apparatus and method of a hardware isolated secure element protecting a plurality of mission critical subsystems are provided. The method includes performing an actuation operation received across an unsecure path that modifies the state of a mission critical subsystem, performing a diagnostic operation received across the unsecure path that requests state information of the mission critical subsystem, storing information used to determine which of the diagnostic operation and the actuation operation received across the unsecure path are performed, and flashing an execution image of an electronic control unit when the execution image of the electronic control unit is received across the unsecure path.

Abstract: An apparatus and method for operating a relational database (DB) are provided. The method includes determining a sensitivity classification for a column of a table in the DB, performing encryption, using a data encryption key (DEK), of sensitive data when writing the sensitive data to the column determined to be sensitive, performing decryption, using the DEK, of the encrypted sensitive data when reading the sensitive data from the column determined to be sensitive, and performing writing to the column and reading from the column of unencrypted non-sensitive data when the column is determined to be non-sensitive.

Abstract: A Position Emission Tomography (PET) system is provided in the present disclosure. According to an example, the PET system includes a detector and a host computer, where the detector includes: a plurality of detector rings; each of the detector rings including n number of collecting modules arranged in a circumferential direction of the detector ring, where n is an integer greater than 1; a first collecting module of the n number of collecting modules coupled with the host computer; an n-th collecting module of the n number of collecting module coupled with a (n?1)-th collecting module; and an i-th collecting module coupled with an (i?1)-th collecting module, where i is an integer greater than 1 and less than n.

Abstract: An apparatus and method of an attachment device for interfacing with an on-board diagnostic system of a vehicle is provided. The device includes an application processor configured to receive input from a terminal, control processing of the input by the on-board diagnostic system, transmit a result of the processing of the input by the on-board diagnostic system to the terminal, and a secure element interposed in the communication path between the application processor and the on-board diagnostic system, the secure element configured to filter the input of an on-board diagnostic operation that is untrusted.

Abstract: Methods, systems, and machine-readable storage mediums for clock synchronizing among detectors in a clock synchronizing configuration are provided. An example clock synchronizing method includes: providing a clock of a preset frequency in each of N modules to be synchronized, coupling every two adjacent modules of the modules by a transmission line of the same length, N being an odd number, selecting two different modules from the modules as two reference modules respectively, controlling each of the reference modules to transmit a synchronizing signal to the other modules, determining a clock error between every two modules having the same transmission distance from the reference module according to a moment of the synchronizing signal reaching each of the other modules, selecting a calibrating module from the modules, and implementing clock synchronization between each of the modules and the calibrating module according to the respective clock errors associated with the two reference modules.

Abstract: An apparatus and method for generating an application container are provided. The method includes selecting a target application from among a plurality of applications included in an electronic device, acquiring a policy file corresponding to the target application, determining whether the policy file includes a category of the target application, and executing the application container which includes the target application.

Abstract: Methods, devices and computer-readable mediums for clock synchronization are provided. The methods include receiving a synchronizing clock in a unit clock cycle of a measuring clock, calibrating position information of a rising edge of the synchronizing clock in the unit clock cycle, determining a phase difference between the measuring clock and the synchronizing clock in the unit clock cycle based on the calibrated position information, and compensating a photon time in the unit clock cycle with the determined phase difference as a time compensation value.

Abstract: A method for verifying data integrity of a block device is provided. The method includes providing a secure world execution environment configured to monitor changes to data blocks of a block device, within the secure world execution environment, generating a hash for changed data blocks of the block device, and within the secure world execution environment, verifying and generating a cryptographic signature.