Abstract: Described are embodiments of methods and systems for using a removable data storage device to efficiently transfer medical data from a medical device to a remote server. In some embodiments, the medical device tracks transfer statuses of medical data stored on a local storage. A transfer status assigned to a data portion of the medical data may inform the medical device of whether that data portion needs to be transferred, has been transferred, or has been successfully ingested at the remote server. The medical device can use information stored on the removable data storage device in conjunction with the tracked transfer statuses to determine which portions of the stored medical data should be transferred to a physically coupled removable data storage device. After completing a data transfer process, the medical device can update transfer statuses of portions of medical data that was transferred to the removable data storage device.

Abstract: Certain aspects of the present disclosure provide techniques for privacy preserving sharing and validation of sensitive information in a computing environment. An example method generally includes generating a hashed value of a sensitive data item. A set of modulo values is calculated for the hashed value of the first sensitive data item using a set of prime numbers between an upper bound number and a lower bound number. A request to validate the first sensitive data item is transmitted to a target computing system. The request includes the set of prime numbers and the set of modulo values. An indication of whether a match was found for each respective modulo value in the set of modulo values is received from the target computing system, and a request associated with the first sensitive data item is processed based on the indication.

Abstract: An information processing apparatus includes: a controller that outputs notification information based on input information; and a processor that functions as a system processing unit that executes system processing based on an operating system (OS) and a Basic Input Output System (BIOS) processing unit that executes control related to the performance of the system processing by control of a BIOS using the notification information output from the controller.

Abstract: Temporal key generation devices and methods are described. One such device of a first domain receives a “seed” to generate a private key associated with a public key for use in a second domain. The device uses the private key in cryptographic operations with the second domain. When the device loses power or is no longer connected to the second domain, the private key may be erased or no longer stored on the device.

Abstract: Tamper-proofing and secure identity validation techniques in a transaction processing system and secure electronic payment techniques are disclosed. A tamper-proof transaction processing device is provided and comprises at least two different strength adhesives to secure parts of the device together and a housing comprising at least a first and second protective layer. An electronic component comprising a secure element chip storing unique information relating to the chip is located between the first and second protective layer in the housing. In another aspect, a transaction processing system includes a payment instrument that is configured to approve only negative value and/or zero value transaction requests. Another aspect provides an identity card checking system and method where the identity card is brought into proximity of a data processing device and identity information is displayed on the screen of the data processing device for the period of time while the card is in proximity.

Abstract: Techniques are described for user authentication based on a signal that is transmitted through an individual's body, and detected using device(s) in physical contact with the individual. A signal, such as an electrical signal or a vibrational signal, may be transmitted from a first device and received by a second device that is in physical contact with the individual. The received signal may be employed to determine a body signature for the individual. The body signature may identify the individual among a population of individuals, given the particular alterations to the propagating signal caused by the individual's physiology. Accordingly, the body signature may be employed as a form of biometric data that is useable to authenticate the individual to access a secure area, log in to a device or an application, or for other purposes.

Abstract: Disclosed are a network and method for transferring media content experience from a first smart media device to a second smart media device via an electronic program guide. Each of the smart media devices are pre-configured to have a unique name which is viewable from the electronic program guide, and to establish two way communications between the uniquely named first and second smart media devices. The electronic program guide is run on at least one of the smart media devices, and the electronic program guide is viewed on a display associated with at least one of the smart media devices. A user is provided a plurality of options to interact with the electronic program guide, including the option to transfer and view the media content experience selected on the first media device to the second smart media device. Preferably, the user selects options via voice commands or manually inputted commands.

Abstract: A method including determining, by a device, an assigned key pair including an assigned public key and an assigned private key; determining, by the device for a group associated with a folder, a group access key pair including a group access public key and a group access private key; encrypting, by the device, the group access private key by utilizing the assigned public key; and accessing, by the device, the folder based at least in part on decrypting the group access private key. Various other aspects are contemplated.

Abstract: A lockout system for a metering pump is provided. The lockout system can include a user interface that is used to switch the pump between a locked configuration and an unlocked configuration. In the locked configuration, the operation of the pump cannot be adjusted through the user interface. In the unlocked configuration, the operation of the pump can be adjusted through the user interface. The lockout system can include a passkey notice that provides information regarding how to use the user interface to switch the pump between the locked and unlocked configurations.

Abstract: Various methods and systems are provided for autonomous orchestration of secrets renewal and distribution. A secrets management service (“SMS”) can be utilized to store, renew and distribute secrets in a distributed computing environment. The secrets are initially deployed, after which, SMS can automatically renew the secrets according to a specified rollover policy, and polling agents can fetch updates from SMS. In various embodiments, SMS can autonomously rollover client certificates for authentication of users who access a security critical service, autonomously rollover storage account keys, track delivery of updated secrets to secrets recipients, deliver secrets using a secure blob, and/or facilitate autonomous rollover using secrets staging. In some embodiments, a service is pinned to the path where the service's secrets are stored. In this manner, secrets can be automatically renewed without any manual orchestration and/or the need to redeploy services.

Abstract: A Universal-Serial-Bus interface communicatively couples a first electronic device and a second electronic device with one another. The Universal-Serial-Bus interface includes an electrical connection structure to electrically connect the first electronic device and the second electronic device with one another and a switch to disconnect the electrical connection structure. A measurement circuit to measure one or more electrical properties is associated with the electrical connection structure and/or the first electronic device. One or more processors configured to control the switch based on the measured one or more electrical properties.

Abstract: A method of authenticating a mobile device over Bluetooth advertisements according to one embodiment includes broadcasting, by an access control device, a first Bluetooth advertisement including a challenge message generated by the access control device, receiving, by the mobile device, the first Bluetooth advertisement including the challenge message, broadcasting, by the mobile device, a second Bluetooth advertisement including a challenge response message generated by the mobile device based on the challenge message, receiving, by the access control device, the second Bluetooth advertisement including the challenge response message, and determining, by the access control device, whether the mobile device is authorized to perform an action with respect to the access control device by verifying the challenge response message.

Abstract: Disclosed herein are methods, systems, and processes for facilitating security orchestration, automation, and response (SOAR) in cybersecurity computing environments that use biometric data or implement biometric data gathering. An instruction is periodically transmitted to a protected computing device to perform a security scanning operation that captures biometric data generated from a biometric device associated with the protected computing device. The biometric data received from the protected computing device includes a biometric identity of a trusted user or an untrusted user. A security database is accessed to determine whether the biometric identity matches a stored biometric identity of the trusted user.

Abstract: A method and system protect personally identifiable information stored in an onboard computing system of a vehicle to improve data security of drivers. The method and system are each configured to automatically trigger a deletion or encryption of personal data stored in the motor vehicle in response to an event or other information indicating that the vehicle is outside of the custody of the owner or some other loss of control event.

Abstract: Methods and systems for reconfiguring an interface device are described. The interface device may comprise a housing, one or more processors disposed in the housing, a display, a network interface that enables communication with a security system, and a module connector. One or more of a plurality of modules may be removably coupled, via the module connector, with the interface device. The plurality of modules may enable the interface device to perform different functions. An example module, when coupled to the module connector, may enable communication between multiple networks.

Abstract: In a vehicle master device, a first device includes an update data acquisition unit that is configured to acquire update data, an update data distribution unit that is configured to distribute the update data acquired by the update data acquisition unit to a rewrite target ECU, a process execution request unit that is configured to request the second device to execute at least a part of a process related to verification of the update data before the update data distribution unit distributes the update data, a processing result acquisition unit that is configured to acquire a processing result from the second device, and a verification unit that is configured to verify the update data using the processing result acquired by the processing result acquisition unit.

Abstract: In an example, a configuration circuit includes a connector and a controller communicatively coupled to the connector via one or more signal lines. The configuration circuit further includes a microcontroller communicatively coupled to the controller via an interface. The configuration circuit further includes a connection detection circuit communicatively coupled to the microcontroller and the one or more signal lines. The connection detection circuit is configured to determine whether communication traffic between the connector and the controller on the one or more signal lines is detected, and output an interrupt signal to the microcontroller in response to detecting communication traffic between the connector and the controller on the one or more signal lines. The microcontroller is configured to instruct the controller to wake from a low-power sleep mode in response to receiving the interrupt signal from the connection detection circuit.

Abstract: An information processing method implemented by a computer, the method includes the steps of transmitting authentication information to a destination specified by a first user, receiving, from a terminal used by a second user corresponding to the destination, the authentication information and a second identification information for identifying the terminal, authenticating the terminal if the authentication information from the terminal is received, and storing the second identification information received from the terminal in association with a first identification information for identifying the first user, if the terminal has been authenticated.

Abstract: A driving assistance device, including an automated driving switch; an emergency button; and a controller configured to provide either automated driving in which travel is performed along a current travel path of a host vehicle or automated stopping in response to manipulation by a driver of the automated driving switch or of the emergency button.

Abstract: A portable electronic device to be used as a keyless device of a vehicle includes a controlling circuit which includes a physiological feature detection module and a processing circuit. The physiological feature detection module is used for detecting a physiological feature of a person. The processing circuit is coupled to the physiological feature detection module and used for determining whether the person is an authorized user of the vehicle according to the detected physiological feature of the person, and for opening a car door of the vehicle or starting the vehicle when the person is identified by the processing circuit as the authorized user.

Abstract: Methods and apparatuses related to access to data stored in quarantined memory media are described. Memory systems can include multiple types of memory media (e.g., volatile and/or non-volatile) and data (e.g., information included in) stored in the memory media often are subject to risks of the data being undesirably exposed to the public. For example, requests to write data in the memory media can often be made and accepted without a user's awareness, which can lead to the undesirable exposure of the data. According to embodiments of the present disclosure, a particular portion and/or location in the memory media can provide a data protection scheme such that data stored in the particular location can be refrained from being transferred out of the computing system.

Abstract: A medical device has a sensor interface, a data network interface, a wireless interface, a computer, and a touch-sensitive display unit. The sensor interface detects a sensor signal indicative of at least one physiological parameter of a patient. The computer provides medical data derived from the sensor signal via the data network interface. The wireless interface receives wireless signals indicative of patient identification of a mobile device carried on the patient. The computer selects a patient identifications subset based on the wireless signals as well as determining respective image data sets based on the selected patient identifications and actuates the display unit to display respective image data sets in respective display fields and to derive a selection of a certain image data set based on a signal provided by the display unit, and to provide the identification assigned to the image data set via the data network interface.

Abstract: A biometric authentication smart card may include a biometric authentication sensor configured to sense at least two types of biometric information of a user and to generate raw images therefrom; and processing circuitry configured to, generate a matching template including biometric features based on the raw images, select a user index from among a plurality of user indices based on the matching template, and output, to a payment terminal, payment class information and payment means information set adaptively for the user index.

Abstract: Aspects of the disclosure relate to providing derived keys for connectionless network protocols. The derived key may be provided by receiving, at a host, a remote procedure call (RPC) sent by a remote host in response a request by an application executing on the remote host. The host may generate a derived key from a region key, the region key being associated with an application-specific memory region on the host. The host may transmit the derived key to the remote host.

Abstract: An equipment deploying system and method, which are adapted for a plurality of electronic equipment in an area, are provided. In the method, multiple sub-areas in the area are defined, and a corresponding operation configuration of the electronic equipment respectively for at least one of sub-areas in the area is set correspondingly. Location information of the electronic equipment physically located in the area and equipment information of the electronic equipment are obtained. Whether the location information of the electronic equipment corresponds to one of the sub-areas is determined. In response to the determination that the location information of the electronic equipment is corresponding to one of the sub-areas, the corresponding operation configuration is provided to the corresponding electronic equipment according to a location determined result and the equipment information. The electronic equipment can perform a corresponding operation according to the corresponding operation configuration.

Abstract: An identification system in communication with a vehicle control system comprises a communication circuit configured to communicate with a remote server and at least one scanning apparatus configured to capture a biometric data. A controller is in communication with the communication circuit and the scanning apparatus. The controller is configured to receive a request for a security authorization, capture the biometric data with the scanning apparatus, and compare the biometric data to authentication data in an identification profile. Based on the comparison, the controller is further configured to authenticate a vehicle operator and communicate with a mobile device associated with the vehicle operator via the communication circuit. The communication with the mobile device is configured to limit or restrict operations of the mobile device.

Abstract: An information processing device includes a memory; and a processor coupled to the memory and configured to identify a location where a user is present, when the user accesses a resource by using a remote desktop connection, set access authority of the user over the resource to an allowed state or a prohibited state in accordance with whether or not the location is within an allowed region in which access to the resource is allowed, when it is determined that the location is out of the allowed region while the user is accessing the resource by using the remote desktop connection, start measurement of time without setting the access authority of the user over the resource to a prohibited state, and when it is determined that a predetermined time has elapsed after the measurement is started, terminate the remote desktop connection.

Abstract: Example implementations relate to safe peripheral device communications. In one example, a host computing device can include a serializer/deserializer (SERDES), a PCIe bus, a video source, a connector coupled, via the SERDES, to the PCIe bus and the video source; and a host controller to operate in a safe mode and cause PCIe data from PCIe bus to be provided, via the SERDES and the connector, solely to a peripheral controller of a peripheral device.

Abstract: For a trigger-based contextual information feature, user generated content can be received and stored in a file. Context, including at least a timestamp, can be obtained and stored as metadata for the user generated content. A trigger to display contextual information can be received. In response to receiving the trigger, current context can be obtained, including at least a current timestamp. One or more contexts of the obtained context can be identified to provide as the contextual information based on the current context including an amount of time between the timestamp and the current timestamp; and provided for display along with the user generated content. Such a feature can facilitate effective recall of the purpose or original intent of content based, in part, on time from original note.

Abstract: A system for maintaining a two-site configuration for continuous availability over long distances may include a first computing site configured to execute a first instance associated with a priority workload, the first instance being designated as an active instance; a second computing site configured to execute a second instance of the priority workload, the second instance being designated as a standby instance; a software replication module configured to replicate a unit of work data associated with the priority workload from a first data object associated with the active instance to a second data object associated with the standby instance, and a hardware replication module configured to replicate an image from a first storage volume to a copy on a second storage volume, wherein the first storage volume is associated with the first computing site, and the second storage volume is associated with a third computing site.

Abstract: Systems, devices, media, and methods are presented for selectively partitioning and precaching data elements. The systems and methods identify a device context for a client device and identify a cell based on the device context. The cell is associated with one or more partition characteristics and a plurality of data elements stored in a precache of data elements. The systems and methods select a set of data elements corresponding to the cell and at least a portion of the one or more partition characteristics. The systems and methods then retrieve the selected set of data elements from the precache of data elements and cause presentation of at least one data element of the selected set of data elements at a display device coupled to the client device.

Abstract: A method, computer program product, and a system where a processor(s) obtains, from a client, permission to access computing device(s) utilized by the client to monitor the client and interact with the client and an identification of each interface of the device(s). The processor(s) obtains a computer-initiated interaction, from a host communicatively coupled to the processor(s), requesting delivery to the client and a response from the client. The processor(s) monitors, via the accessing the computing device(s), activities performed by the client. The processor(s) determines a real-time environmental context of the client at a point in time of receiving the computer-initiated interaction. The processor(s) cognitively analyzes data and metadata of the computer-initiated interaction to determine attributes. The processor(s) designates an interface of a computing device to receive the delivery and to obtain the response.

Abstract: A method, computer program product, and a system where a processor(s) obtains, from a client, permission to access computing device(s) utilized by the client to monitor the client and interact with the client and an identification of each interface of the device(s). The processor(s) obtains a computer-initiated interaction, from a host communicatively coupled to the processor(s), requesting delivery to the client and a response from the client. The processor(s) monitors, via the accessing the computing device(s), activities performed by the client. The processor(s) determines a real-time environmental context of the client at a point in time of receiving the computer-initiated interaction. The processor(s) cognitively analyzes data and metadata of the computer-initiated interaction to determine attributes. The processor(s) designates an interface of a computing device to receive the delivery and to obtain the response.

Abstract: A computer method and system for detecting denial of service network attacks by analyzing intercepted data packets on a network to determine a user account associated with a preselected target host sought to be accessed via a user account login attempt. Determine if the login attempt exceeds a predetermined login value for previous failed login attempts associated with the user account sought to be accessed. Determine a geographic location associated with the login attempt if determined the login attempt exceeded the predetermined login value. Determine if a prior login attempt to the user account sought to be accessed was successful from the determined geographic location. Authenticate the login attempt to the user account sought to be accessed in the event it was determined a prior successful login attempt was made to the user account from the determined geographic location or no prior login attempts originated from the determined geographic location.

Abstract: A policy system enforces data security policies for requests from accessing data stored on a distributed data storage system received from a client device. The policy enforcement system can determine user credentials from the requests. The enforcement system then determines whether the user credentials allow the request to retrieve the data and if yes, whether the user credentials allow the request to retrieve the data without obligations. Upon determining that user credentials allow the request to retrieve the data without obligations, the policy enforcement system directs the client device to communicate directly with a name node of the data storage system, short-circuiting additional data retrieval and filtering of the policy system.

Abstract: A system and method delivers a message from a first device of a first user to a second device of a second user. Message data corresponding to a message to the second user is received, and a user profile associated with the second user is determined. The second device determines that the second user is not proximate and searches for the second user. Once the second user is found, the message is delivered.

Abstract: A messaging service may be distributed in a cluster of nodes such that each node includes an instance of the messaging service. To ensure that messages are not lost in the messaging service through a load balancer, addresses for each of the nodes may be accessed, and messages may be retrieved from individual instances of the messaging service by addressing the nodes directly and bypassing the load balancer. To retrieve messages, a client may cycle through the node addresses and retrieve messages until each corresponding message queue is empty. Once a message queue is empty, the client may stop sending requests to the corresponding node until the message queues on the other nodes have been emptied. Various request patterns may be used to cycle through node addresses, including Round Robin patterns and patterns that correspond to traffic patterns seen by the load balancer.

Abstract: A system includes a behind-the-meter vehicle charging station. The vehicle charging station includes a vehicle-charging interface configured to supply the vehicle-charging power to a vehicle. The vehicle charging station further includes a communication unit configured to trigger a notification in response to a change in power availability. Additionally, the system includes a control system configured to modulate power delivery to the behind-the-meter charging station based on one or more monitored power system conditions or an operational directive.

Abstract: A system for enforcing restrictive access control with respect to a set of digital objects includes a first device. The first device is configured to: determine, based at least in part on a first access control rule, to block access to at least a first digital object included in the set of digital objects; determine, based at least in part on a second access control rule, to block access to at least a second digital object included in the set of digital objects; and provide, to a user of the first device, at least a third digital object included in the set of digital objects but not the first digital object and the second digital object.

Abstract: Embodiments of the present invention disclose a method, computer program product, and system for identifying biases of one or more users during a shared augmented reality session and modifying the display. A first login is detected of an augmented reality. A first set of biases associated with the first user are generated. Visual data is received from a device associated with the first user profile. A masked overlay for display is generated and displayed to the first user based on the received visual data and the first set of biases. A second login of the augmented reality session is received. A second set of biases associated with the second login is generated. In response to analyzing a generated heat map, a positivity score is calculated. Changes are monitored for, in the first set of biases and second set of biases. The masked overlay is displayed.

Abstract: Implementations of the disclosure provide for binding data to a network in the presence of an entity. In one implementation, a cryptographic system is provided. The cryptographic system includes a memory to store encrypted data, and a processing device, operatively coupled to the memory, to identify a public key for a communications device in response to an indication of a presence of the communications device on a network. A first intermediate is determined in view of the public key for the communications device and in view of an acquisitioning public key. The acquisitioning public key associated with the encrypted data. A second intermediate public key is received from the communications device in view of the first intermediate public key. Thereupon, the encrypted data is decrypted using an encryption key derived at least from the second intermediate public key.

Abstract: A method includes receiving, at a messaging server from a first device associated with a first user, an update message to change a meeting from a first time to a second time. The message is directed to a second user. The method also includes, without receipt of a response to the update message from a device associated with the second user and in response to a current time being less than a particular time from the second time, selecting a set of devices associated with the second user and sending an alert regarding the meeting from the messaging server to each device of the set of devices. The set of devices identify devices that satisfy a device capability needed to participate in the meeting and that are currently available for use.

Abstract: Systems and methods for developing and utilizing a contactability profile are disclosed. Contact information may be managed by receiving activity data associated with an entity, processing the received activity data, generating at least one contactability profile associated with the entity based upon a result of the processing, and storing the generated contactability profile.

Abstract: A system, method, and computer program product are provided for securing authorization tokens using client instance specific secrets. Tokens are valid for service requests only if time constraints and additional security constraints are met by additional information stored in the token in hashed form. A required comparison of a timestamp in a client service request header to the current server time limits the useful token life, e.g., to a few minutes. The service request header also includes data generated based on a secret previously assigned to a specific client instance. The secret may be generated by the server according to a public/private key scheme and sent to a particular client instance only once, e.g., during initial device registration. The secret may be omitted from service requests for public information. Service request headers may include device identifiers, so that service requests from known rogue clients may be ignored.

Abstract: A system is provided for allowing temporary access to a desired area. The temporary access may be for the purposes of making a delivery. The system comprises a trainable transceiver configured to transmit an activation signal to a remote device; a mobile communications device in selective communication with the trainable transceiver; and an accessory selectively securable to mobile communications device and capable of transmitting information to trainable transceiver.

Abstract: A system comprises a first computer interface that includes a first plurality of single bit bus lines that communicate with a computer accessory; and a second computer interface that includes a second plurality of single bit bus lines that communicate with a vehicle computer. The second plurality of single bit bus lines are less than the first plurality of single bit bus lines for preventing bits of the data bits that are on a most significant bit (MSB) bus of the first plurality of single bit bus lines from communicating with a region of an address space in a memory of the on-board vehicle computer.

Abstract: Methods for access control of contract data in a distributed system are provided. The distributed system includes a contract generator, a validation server, a database and a distributed ledger which are in communication via a network, the method including the steps of: at the contract generator, receiving digital contract data from a first electronic device, determining a permission setting for accessing contract content associated with the digital contract data based on the digital contract data, and setting the permission setting to the validation server via the network, obtaining a validation link corresponding to the digital contract data from the validation server, generating contract information for digital contract data according to partial content of the digital contract data and the validation link, and storing the contract information in the distributed ledger.

Abstract: An onboard computer system includes a first onboard computer configured to store a first public key certificate of a data delivering apparatus, a second onboard computer, and a secure element configured to store a second public key certificate relative to a second secret key used to generate the first public key certificate. The secure element verifies the first public key certificate by use of the second public key certificate. The first onboard computer includes an encryption processor configured to verify a first electronic signature attached to data delivered from the data delivering apparatus by use of the first public key certificate which is successfully verified by the secure element. The data attached with the first electronic signature, which is successfully verified by the encryption processor, is applied to the first onboard computer or the second onboard computer.

Abstract: Embodiments in the present disclosure relate generally to computer network architectures for machine learning, artificial intelligence, and dynamic patient guidance. Embodiments automatically update patient guidance in the patient care plan, based on the effectiveness of the guidance to date, attributes of the patient, other updated information, ongoing experience of the network, and updated predictions of possible patient outcomes and metrics.

Abstract: Temporal key generation devices and methods are described. One such device of a first domain receives a “seed” to generate a private key associated with a public key for use in a second domain. The device uses the private key in cryptographic operations with the second domain. When the device loses power or is no longer connected to the second domain, the private key may be erased or no longer stored on the device.