Abstract: Techniques for managing access to a physical area are provided. In one technique, first data is extracted from a digital file. Based on identification data within the first data, a database is searched. A data item in the database is identified that matches the identification data. The first data is associated with the data item. After associating the first data with the data item, code data is generated. Encoded data that encodes the code data is then generated. The encoded data is sent over a computer network to a mobile device, or an account, of a user that is associated with the data item.

Abstract: In general, techniques are described by which provide verification of parts installed to a device. A device comprising one or more sensors one or more processors implemented in circuitry may be configured to perform the techniques herein. The one or more processors are in communication with the one or more sensors and are configured to determine, in response to detecting an installation of a component for the device, an operating characteristic of the component measured by the one or more sensors. The one or more processors are further configured to verify, based at least in part on a comparison of the operating characteristic of the component and an approved operating characteristic for the component stored in a blockchain, that the component is an approved component for the device.

Abstract: A computer-implemented method and a corresponding system of tamper-evident recording of a plurality of service data items are provided. Each service data item is associated with a data item verification fingerprint. A processing routine is conducted, in which an aggregated verification fingerprint is computed from at least a plurality of data item verification fingerprints using at least one one-way compression function, so that the aggregated verification fingerprint has a bit length, which is less than a bit length of a concatenation of the data item verification fingerprints. The aggregated verification fingerprint is then stored in at least one blockchain, so that a tamper-evident verification of each service data item is possible, while the storage of the aggregated verification fingerprint is decoupled from the service data items.

Abstract: A control system to control a work machine and a traveling vehicle traveling with the work machine, includes a first communication device and a second communication device each of which controls operation of the traveling vehicle and at least one of which includes an authenticator to authenticate the work machine by communicating with a third communication device to control operation of the work machine, and a notifier to notify the other one of the first communication device and the second communication device that the authenticator succeeded in authentication, the first communication device and the second communication device each being prohibited, unless the authenticator succeeds in authentication, from at least controlling operation of the traveling vehicle in accordance with information sent from the third communication device.

Abstract: According to certain embodiments, a method comprises performing a posture assessment at a trust anchor in order to determine whether a hardware component is authorized to run on a product. Performing the posture assessment comprises determining a random value (K), encrypting the random value (K) using a long-term key associated with the hardware component in order to yield an encrypted value, communicating the encrypted value to the hardware component, and determining whether the hardware component is authorized to run on the product based at least in part on whether the trust anchor receives, from the hardware component, a response encrypted using the random value (K). The method further comprises allowing or preventing the hardware component from running on the product based on whether the hardware component is authorized to run on the product.

Abstract: A digital identity, which may include a user interface that may be displayed on a mobile computing device, may be generated to include information extracted from a physical identification card (e.g., driver license or passport), as well as information regarding validation of the physical identification card and of the consumer's identity. The digital identity may be used in place of the physical identification card.

Abstract: A door driving system and a refrigerator having the door driving system according to the present invention are provided with a motor, a power transmitting device for transmitting the power generated by the motor to the hinge, and an auxiliary device for receiving the power generated by the motor and generating an auxiliary force to move a door positioned in a closing position in an opening direction, so that the torque to be applied to the hinge of the door for opening and closing the door may be reduced.

Abstract: Systems, apparatuses, methods, and computer program products are disclosed for providing passive continuous session authentication. An example method includes authenticating a session for a user of a client device. The example method further includes generating a video data structure comprising a video stream, deriving a set of biometric attributes of the user from the video stream, synchronizing temporal information with the set of biometric attributes derived from the video stream, generating an aggregated behavioral attribute data structure comprised of the video data structure and the set of biometric attributes derived from the video stream synchronized to the temporal information, and re-authenticating, by the session authentication circuitry at a second time after the first time, the session for the user of the client device based on the aggregated behavioral attribute data structure.

Abstract: Various aspects of the present disclosure generally relate to wireless communication. In some aspects, a user equipment may transmit a maneuver message for a maneuver of a vehicle associated with the UE; perform a negotiation, with one or more other UEs, associated with the maneuver message, wherein the negotiation includes at least one of: indicating, in the maneuver message, one or more remote vehicle maneuvers, or receiving, from a UE of the one or more other UEs, a response to the maneuver message indicating a suggested maneuver for the vehicle of the UE; and perform an action based at least in part on performing the negotiation. Numerous other aspects are provided.

Abstract: A method of and system for selecting users for a rollout process of a feature is carried out by receiving an indication of the rollout process for the feature being rolled out, accessing a rollout plan, the rollout plan including a plurality of stages for the rollout process, and selecting users from a user population for each of the plurality of stages of the rollout process. Selecting the users from a user population includes examining a property to determine if a user in the user population is indicated as opted into being a late-stage receiver, and upon determining that the user is opted into being the late-stage receiver, excluding the user from the user population for one or more early stages of the rollout and including the user into the user population in one or more late stages of the rollout process.

Abstract: The client makes an authorization start request by designating a resource identifier. An authorization server receiving the authorization start request inquires a resource sever of a resource owner of the designated resource identifier. After resolving the resource owner, the authorization server makes an authorization confirmation request to a user terminal corresponding to the resolved user identifier.

Abstract: An automotive gateway includes one or more interfaces and one or more processors. The one or more interfaces are configured to communicate with electronic subsystems of a vehicle. The one or more processors and configured to host one or more guest applications and to control communication traffic between the one or more guest applications and the electronic subsystems of the vehicle in accordance with a security policy.

Abstract: A single use probe, sterilizable by irradiation, for a single use component for use in a biopharmaceutical process, comprises at least one sensor relevant for the biopharmaceutical process, an RFID tag and a memory rewritable in principle, in which data with respect to an integrity check of the single use probe are stored. A method for quality assurance of such a single use probe comprises: providing the probe with an RFID tag and a memory rewritable in principle, in particular a FeRAM memory as part of the RFID tag; defining a measurement-principle-specific quality parameter of the single use probe; defining a tolerance value for the parameter; performing an integrity check of the probe by first determining and writing into the memory values of the defined quality parameter before sterilization of the probe by irradiation; determining the values of the defined quality parameter after irradiation; and comparing the values of the quality parameter determined before radiation to those determined after.

Abstract: Systems and methods of modifying a program binary by injecting code into a function of a program binary that tokenizes the return address of the function. The tokenization of the return address improves the robustness of the program binary against cyberattacks. For example, an attacker's attempt to hijack program flow before a function return will fail since any return address modified by the adversary will be tokenized (e.g., using a binary operation such as an XOR) resulting in an unusable address that will cause the system to crash. One advantage of the improved CFI consumes less average overhead and does not require all of the complications of the conventional CFI systems. In some embodiments, the tokenization includes applying a binary operation on a randomly-generated token and the return address. The token can be generated at transform time, load time, or run time.

Abstract: An electronic device is disclosed. In addition, various embodiments recognized through the specification are possible. The electronic device includes a housing, at least one antenna located in the housing, a Wi-Fi module that is electrically connected with the at least one antenna, supports a Wi-Fi protocol, and includes one core, a processor that is located in the housing and is operatively connected with the Wi-Fi module, and a memory operatively connected with the processor. The memory stores instructions, when executed, causing the processor to establish a Wi-Fi link on a first channel with an access point (AP), through the Wi-Fi module, establish a mobile hotspot link on the first channel with an external electronic device, through the Wi-Fi module, detect an event associated with a change in state of the Wi-Fi link, and change a state of the mobile hotspot link, based at least on the detected event.

Abstract: A vehicular removable battery removably mountable in an electric vehicle includes a time acquirer configured to acquire a current time, a time period storage storing a time period in which electric power is supplied, and an electric power supply controller configured to control the supply of the electric power stored in an electric power storage to the electric vehicle. After the electric power supply controller detects that an activation instruction of the electric vehicle has been issued, the electric power supply controller is configured to enable the supply of the stored electric power to the electric vehicle in a case where the acquired current time is included in the stored time period. The electric power supply controller is configured to prohibit the supply of the electric power to the electric vehicle in a case where the acquired current time is not included in the stored time period.

Abstract: A control device may be configured to transmit messages using an adaptive transmit power. The control device may determine a transmit power for transmitting the message based on a command in the message. The control device may determine a transmit power based on a change in lighting intensity caused by the command. The transmit power may be greater when the change in lighting intensity is above a threshold than when the change in light intensity is below the threshold. The control device may determine whether the message was successfully received based on the receipt of an acknowledgement message. The control device may increase the transmit power when the message fails to be received and retransmit the message including the command at an increased transmit power. The control device may store (e.g., learn) the increased transmit power for later use.

Abstract: A terminal control method includes obtaining, by a first terminal, text information that is input in a preset area of the first terminal, determining an operation type of the text information, recognizing, by the first terminal, the text information based on the operation type to obtain a key matching the text information, generating, by the first terminal, a key value of each key, and sending the generated key value to a second terminal to control the second terminal using the key value.

Abstract: A temperature sensing security token may include a first resistor having a first side connected to a voltage source, a second resistor having a first side connected to the voltage source, an analog comparator having a first input connected to a second side of the first resistor and a second input connected to a second side of the second resistor and an output that represents at least one bit of a key, and an analog to digital converter having an input connected to the second side of the first resistor wherein an output of said analog to digital converter is related to temperature by a temperature coefficient of resistivity of the first resistor. The first resistor and the second resistor may have the same nominal resistance. The first resistor, the second resistor and the analog to digital comparator may be encased in the same package. The package may be configured to inhibit inspection and discovery of components contained in said package.

Abstract: Verifying a set of remotely stored data is disclosed, including: requesting a first element corresponding to a first leaf in a base layer of a digital tree, wherein the digital tree corresponds to a set of remotely stored data; receiving the first element corresponding to the first leaf; and receiving a membership proof comprising a set of elements from one or more layers higher in the digital tree than the base layer of the digital tree, wherein the set of elements comprises a path from the first leaf to a root of the digital tree, wherein the set of elements is dependent on a plurality of additional leaves and wherein verification of the first element corresponding to the first leaf increases a level of confidence in an availability of the plurality of additional leaves.

Abstract: A cartridge memory is a cartridge memory used in a magnetic tape cartridge, including: an antenna unit; a storage unit that stores data; and a control unit that reads the data from the storage unit in response to a request from a recording/reproduction apparatus, adds an error correction code to the data, and transmits the obtained data via the antenna unit.

Abstract: Methods, devices, and systems for generating a model for a control panel of a fire control system are described herein. One computing device includes a memory and a processor configured to execute executable instructions stored in the memory to: receive a test string from a control panel of a fire control system, the text string comprising a number of values; receive a number of locations from a user, wherein each location of the number of locations is a location within the text string of a value of the number of values corresponding to a variable of a number of variables; generate a model for the control panel based on the number of locations and the number of variables; and store the model in the memory.

Abstract: Some embodiments provide a method for distributing a set of parameters associated with policies for authorizing Application Programming Interface (API) calls to an application. For a previously stored hierarchical first document that comprises a first set of elements in a first hierarchical structure, the method receives a hierarchical update second document that comprises a second set of elements in a second hierarchical structure corresponding to the first hierarchical structure, wherein at least a subset of elements in the first and the second documents correspond to the set of parameters for evaluating API calls. The method receives a first set of hash values for elements of the first document that are not specified in the second document, and generates a second set of hash values for a set of elements specified in the second document. The method generates an overall hash for the second document by using the received first set of hash values and the generated second set of hash values.

Abstract: A patient support apparatus includes a frame and a mattress supported by the frame and arranged to support a patient thereon. A sensor is included to detect moisture on the patient and/or the patient support apparatus. The sensor produces signals indicative of the presence of moisture on the patient support apparatus. One or more alerts are output in response to the signals provided by the sensor to notify a caregiver of the presence of moisture on the patient support apparatus.

Abstract: A database management system stores an entry in a journal. The journal, upon storage of the entry, comprising a hierarchy of nodes. A node in the hierarchy comprises a hash value computed by application of a symmetric hash operator to hash values of first and second child nodes. The symmetric hash operator generates equivalent output irrespective of the order of the operands. A cryptographic proof of the entry comprises successive application of the symmetric hash operator to a list of hashes from the hierarchy.

Abstract: An authentication method used in a server, includes: acquiring check-in information sent by user equipment (UE) of a user, wherein the check-in information includes information on the user and a check-in period; determining information on a room of the user based on the check-in information; sending the information on the room to the UE; determining unlocking information based on the check-in information; and sending the unlocking information to at least one of the UE or door lock equipment corresponding to the information on the room, wherein the door lock equipment is configured to authenticate the user based on the unlocking information during the check-in period, the unlocking information being invalid other than during the check-in period.

Abstract: It is provided a method for controlling access to a physical space. The method is performed in an access control device and comprises the steps of: communicating with an electronic key to obtain an identity of the electronic key; obtaining a plurality of delegations; determining, from one of the delegations, that there is an auxiliary condition, wherein the auxiliary condition is that access is approved for the electronic key by an auxiliary party, authenticated by a digital signature by the auxiliary party; and granting access to the physical space when the plurality of delegations comprises a sequence of delegations covering a delegation path from the access control device to the electronic key such that, in the sequence of delegations, the delegator of the first delegation is the access control device, the receiver of the last delegation is the electronic key, and the auxiliary condition is fulfilled.

Abstract: An image processing method, an image processing device, a computer readable storage medium and an electronic device are disclosed. The method includes: operating a camera module to acquire a target image in response to a first processing unit receiving an image acquisition instruction; and performing a predetermined processing on the target image.

Abstract: This application provides a key distribution and authentication method, system, and an apparatus. The method includes: a service center server distributes different keys to terminal devices, and then the terminal devices perform mutual authentication with the network authentication server based on respective keys and finally obtain communication keys for communication between the terminal devices and a functional network element. This provides a method for establishing a secure communication channel for the terminal device, having a broad application range.

Abstract: An agent can be installed that is separate from an unsecure application, such as a third party browser, executing on a client device. Content to be displayed by, or accessible to, the application can be rendered or determined remotely, such that only unrestricted data is received by the application. Restricted data to be stored on the device, as may include one or more authentication credentials, can be transmitted over a secure connection to the agent, which can store the sensitive information to a secure location on the client device that is inaccessible to the application. Such management allows the sensitive information to be stored on the client device and provided with requests for restricted data, for example, while preventing the restricted data from being exposed to the application on the client device.

Abstract: Systems and methods described herein may comprise RFID data acquisition technology which may be embedded in a fob or tag for use in completing financial transactions. This fob may a self-contained device which includes a transponder and which may be contained on any portable form factor and may comprise flexible circuitry. For instance, the fob may be housed in a wearable transaction instrument, such as a bracelet, ring, wrist band, retractable id, necklace, jewelry charm, lanyard, key ring fob, watch, band, pin, and/or the like. The fob is configured to be used in concert with an RFID reader device.

Abstract: An accessory device application executes on an accessory device of limited resources. The accessory device application includes an accessory device stub application and an interface definition. When a user interacts with the accessory device application, display changes are generated in response, in accordance with the interface definition, and are sent to a companion extension at an associated companion device. The companion extension receives the changes, and generates updated display values for the accessory device display. The updated display values are sent from the companion device daemon to the daemon of the accessory device, which displays the updated display values at the accessory device display. The functionality and operation of the accessory device application permit an accessory device of limited resources to leverage data processing and computational power of the companion device, to provide a more involving user experience at the accessory device.

Abstract: During a period of uni-directional, device-to-collector communication, a digital signature is created for at least one data set based on a public key, which is computed from at least one time-bound secret key. When collector-to-device communication becomes available, the collector signals to the device that the current data collection period may end, at which point the time-bound secret key(s) previously used may be revealed but are not longer usable.

Abstract: A method is provided to determine unique identifiers. A physical item has an RFID integrated circuit (IC) having a unique identifier and a secret. The RFID IC may be configured to provide an identifier portion and a response to a previously sent challenge, where the identifier portion by itself is insufficient to completely identify the IC or item and the response is based on the challenge and the secret. Attempts are made to verify the response using a set of potential secrets determined using the identifier portion. If the response is successfully verified using a certain secret, the secret may then be used to determine one or more other identifier portions. The unique, complete identifier may then be determined from a combination of at least the identifier portions.

Abstract: An authentication method for a tag device includes exchanging authentication codes between the tag device and an authentication server to perform mutual authentication. A reader device acts as a communications bridge between the tag device and the authentication server. The reader device may observe mutual authentication between the tag device and the authentication server as an indicator that the tag device is authentic. A failure of mutual authentication indicates that the tag device is not authentic.

Abstract: An information processing apparatus includes one or more processors to acquire a shape characteristic of a target entity; determine similarity between the shape characteristic of the target entity and a shape characteristic of a three-dimensional model; acquire a material characteristic of a material in a designated region of the target entity where the shape characteristic of the target entity matches with the predetermined shape characteristic; and determine an extent to which the acquired material characteristic matches a predetermined material characteristic based upon a magnitude of differences between the acquired material characteristic and the predetermined material characteristic.

Abstract: Communication objects and closed electrical circuits are worn by players within a gaming player verification system. These objects may communicate with associated player tracking units attached to gaming machines and other devices via radio frequency waves, and each communication object is adapted to alter its communication pattern in response to any break of its closed electrical circuit. Removal of such an object from a player cannot be accomplished without breaking the closed electrical circuit contained therein, thereby disabling or de-authenticating the device. A communications object may emit a signal which can be tied to one of two or more player accounts. One of the two accounts may be charged for a player transaction depending on the nature of the transaction. A computer server having a player verification program and database may also be used.

Abstract: An intelligent tracking system generally includes one or more tracking devices, some of which may be passive tracking devices. Each passive tracking device includes one or more transceivers and is energized by an energizing signal. Some of these passive tracking devices may operate in a first communication mode or a second communication mode based on the energizing signal. Some tracking devices may include encryption modules or authentication modules. Some of these devices may incorporate a bulk acoustic wave oscillator.

Abstract: An electric vehicle charging station system having, at least: an EV charging station that includes a supply part configured to supply electric energy to at least one vehicle battery, a computing device configured to manage supplying of electric energy to electric vehicles, and a transactions module of a station application stored in and executable by the computing device of the EV charging station. The transactions module and other modules of or associated with the EV charging station or an electric vehicle can leverage asymmetric cryptography and peer-to-peer networks and systems to provide secure supplying of electric energy from the EV charging station to an electric vehicle and recording of information on the station supplying electric energy to the vehicles.

Abstract: Disclosed are methods and apparatuses for creating a verified mutually authenticated transaction between a service provider and an on-line identity for a physical client person. A dynamic optical mark may be displayed on a device screen where the physical client person is using a web service. The dynamic optical mark may be recognized via scanning the dynamic optical mark by a personal mobile device equipped with a camera. The verified mutually authenticated transaction between the service provider and the on-line identity for the physical client person may be used for sharing personal data of the physical client person by using out-of-band optical mark recognition of the dynamic optical mark. The verified mutually authenticated transaction may be initiated with a time-limited one-time password comprising a sequence of numbers encoded in the dynamic optical mark.

Abstract: Guiding purchasing via smartphone by, determining, via smartphone input of a user, the smartphone user's intent to purchase a given product. At least one sequence of tasks to purchase each of a plurality of products is determined. The determined intent to purchase the given product is associated with a determined sequence of tasks to purchase one of the products in the plurality of products. The smartphone user's current state in the associated sequence of tasks is determined. The smartphone user is notified, via the smartphone, of the next uncompleted task from the associated sequence of tasks based on the smartphone user's current state in the associated sequence of tasks.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for transmitting push notification data to a computing device, the push notification data being processable by the computing device to display a push notification, receiving biometric data, the biometric data being provided from user input responsive to the push notification, determining that a user providing the user input is authenticated at least partially based on the biometric data, and inducing execution of a transaction in response to determining that the user is authenticated.

Abstract: A system and method to facilitate transactions between a customer and a vendor utilizing an advertising campaign reaching a plurality of potential customers is provided. The method includes receiving a request from the vendor for a bulk token for use in the advertising campaign, generating the bulk token, transmitting the bulk token to the vendor to embed into the advertising campaign associated with a mailto link, the bulk token being sent as part of the advertising campaign to at least one of the plurality of potential customer, receiving a reply SMTP email from a customer from the plurality of potential customers indicating a request for a transaction responsive to the advertising campaign by selecting the mailto link, decoding the bulk token to verify the transaction, performing an SPF and DKIM validation of the received SMTP email to validate the transaction, and processing the verified and validated transaction.

Abstract: A method, apparatus, and system for locating mobile devices. The system includes a location-aware mobile device. The location-aware mobile device includes a location-aware mechanism embedded in a platform firmware layer of the location-aware mobile device. The system also includes a central database to receive location information from the location-aware mobile device over a network. If the location-aware mobile device has been stolen, lost, or misplaced, the central database reports the stolen, lost, or misplaced location-aware mobile device and its location to appropriate persons to enable the location-aware mobile device to be recovered.

Abstract: A user equipment and network communication device in a communication system and wireless communication method. The user equipment includes: an application type determination module, configured to obtain application type information contained in a type field of an application module in the user equipment to determine the application type of the application module, different application types corresponding to different networking methods; and a networking module, configured to establish a communication network with another user equipment based on the networking method corresponding to the application type of the application module, so as to use the application module.

Abstract: Connectionless data transfer is disclosed. Authentication of a device and network node may be performed when data is sent from the device to an application server of an application service provider via a selected network. The transfer of data may take place in an absence of an existing device context between the network node interacting with the device and the core network through which the data travels. State management overhead and signaling overhead may be reduced by use of the exemplary aspects disclosed herein. For example, the device does not need to perform an authentication and key agreement (AKA) procedure to transfer the data and an existing (or pre-existing) device context need not be maintained at the core network.

Abstract: In accordance with embodiments of the present disclosure, an information handling system may include at least one information handling resource and a power system for delivering electrical energy to the at least one information handling resource. The power system may include a battery and a direct-current (DC) input for receiving a DC power source for delivering electrical energy to the at least one information handling resource and charging the battery. The power system may be configured to, based on at least one of an operational state the battery and a power mode of the information handling system, configure an input power draw limit via the DC input.

Abstract: A concavo-convex structure forming layer with a concavo-convex structure on one surface; and a light-reflecting layer on at least part of a surface of the concavo-convex structure. In the optical element, the concavo-convex structure forming layer includes a unit group made up of a plurality of units whose concavo-convex structures are different from each other; each of the units has a flat portion and either a plurality of convexities or a plurality of concavities, with an upper surface of each convexity or a bottom surface of each concavity being substantially parallel to a surface of the flat portion; the convexities or the concavities adjacent to each other have center-to-center distances that are not constant; the convexities or the concavities have a constant height or depth; and in the unit group, units having an identical concavo-convex structure are not arrayed at a pitch of less than 150 ?m.

Abstract: A challenge/response system separates a physically unclonable function from the challenge/response. Bits in a challenge are used to qualify random data values. The random data values are permuted to generate a result. The result is used to encrypt a response that is sent in reply to the challenge. Additional permuting mechanisms may be used to further obfuscate the response.

Abstract: A system for a secure display module includes a display element array, a driver controller, a communication interface, a host controller and a cryptographic engine. The display element array includes one or more segments, and the driver outputs are configured to drive the one or more segments, respectively. The host controller is configured to send commands and data to the driver controller via the communication interface and the cryptographic engine is configured to encrypt communication data between the display element array and the host controller.