Abstract: Systems and methods for token linking and unlinking in digital wallets are disclosed. In one embodiment, a method for token linking in digital wallets may include: an issuer wallet application executed by the information processing device requesting, from a token vault, an identification of a customer's accounts that are eligible for push-provisioning to a third party wallet application executed by the information processing device; receiving the identification of customer accounts from the token vault; identifying accounts provisioned in the third party wallet application; determining accounts from the customer accounts that have not been provisioned to the third party wallet application to provision to the third party wallet application; provisioning the determined accounts to the third party wallet application; and requesting the token vault link a token associated with the provisioned account to an issuer wallet associated with the issuer wallet application.

Abstract: Embodiments of the present invention provide systems and techniques for changing cryptographic keys in high-frequency transaction environments to mitigate service disruptions or loss of transactions associated with key maintenance. In various embodiments, a server device can employ a working key encrypted with a first master key to decrypt messages being communicated from a client device, whereby each message is encrypted with a first cryptogram that was generated based on the working key encrypted with the first master key. While the working key encrypted with the first master key is being employed, the server device can generate a notification including a second cryptogram generated based on the working key encrypted with a second master key for transmission to the client device. The transmitted notification can cause the client device to encrypt the messages being communicated with the second cryptogram.

Abstract: Systems, methods, tools and computer programming products for implementing a cognitive data lake that selects or recommends operational database based on historically created data lakes storing files having similar file types, categorizations, metadata, and/or frequency of file usage. Selecting the appropriate operational databases is streamlined by building a knowledge base that is accessible during the creation and/or registration of each data lake. The knowledge base maintains historical records of past data lakes, describing each historical data lake's file types, attributes, metadata, frequency of file usage and at least one operational database implemented to manage the files of the historical data lake.

Abstract: Aspects of the disclosure relate to processing systems for performing cross-sectional asset editing. A computing platform may receive permission to perform a first subset of event processing steps. The computing platform may delegate permission to an external event processor to perform a second subset of event processing steps and to an external resource management platform to perform a third subset of event processing steps. The computing platform may generate an element chain corresponding to the account. In response to receiving a request to process an event, the computing platform may add a sub-element to the element chain containing a fixed parameter corresponding to an expected value associated with the event and a variable parameter corresponding to an actual value associated with the event. In response to receiving a request to write the actual value to the element chain, the computing platform may modify the variable parameter of the sub-element accordingly.

Abstract: Systems and methods are provided for collaborating with different object models. Data corresponding to one or more source objects is received. The source objects is stored in a first object model, and each of the source objects is associated with information describing an entity. Matches between the respective information associated with the one or more source objects and respective information associated with one or more target objects are determined based on a query. The target objects are stored in a second object model. The one or more source objects are ranked based at least in part on the matches. A list of the ranked source objects are provided through an interface, the interface indicating a number of matching target objects for each of the source objects.

Abstract: Techniques are disclosed for validating a webhook post by a receiver. The receiver receives an HTTP (Hypertext Transfer Protocol) request associated with the webhook post from an application. The receiver extracts at least one parameter from the HTTP request, to be used for validation of the webhook post. The receiver, obtains, based on the at least one parameter, configuration information associated with validating the webhook post from a configuration template, wherein the configuration template comprises configuration information associated with validating webhook posts from each of a plurality of applications. The receiver then validates the webhook post based on the configuration information.

Abstract: An example operation may include one or more of receiving, by a committer node or peer of a blockchain network, a block comprising a lock request that locks a partial state of a smart contract, the lock request comprising a submitter identifier and a lock delay, the committer node or peer configured to process blocks of transactions, the method further comprising, validating the lock request, committing transactions comprising the submitter identifier with no delay, and committing transactions not comprising the submitter identifier after the lock delay.

Abstract: A system and method is introduced for separating computing devices that work together. The computing devices appear to the user as a single device such as through using a single display and other I/O means. The output of computing devices such as the display output, may be monitored for unwanted display output to the user which may be filtered from the user. The device displaying unwanted content may then be reverted to a known state. Computing devices may communicate among themselves using display data while remaining separated. Secure services from the cloud to a user device may be offered through the separated computing devices that work together, services that utilizes separating and securing the user I/O from internet connected devices, while allowing to monitor and filter the internet connected devices. These services preferably use a key that is non-extractable for communicating with the secure cloud.

Abstract: A computer-implemented method for performing authentication includes: determining, by a database server storing data in a blockchain ledger, a target ledger segment on which time service authentication is to be performed; generating a Merkle tree corresponding to the target ledger segment; determining a root hash of the Merkle tree, the root hash of the Merkle tree being based on a block hash of each data block in a set of one or more data blocks; executing a predetermined time capture process in a trusted execution environment to obtain a trusted time from an interface provided by a trusted time service organization; generating a digital signature for the trusted time and the root hash in the trusted execution environment; and generating a time service certificate including the trusted time, the root hash, and the digital signature.

Abstract: Automatically and dynamically ascertaining by means of autoconfiguration whether used or activated and usable cipher suites and/or key lengths are sufficiently strong for current cryptographic protection of the control communication and/or other service access by virtue of 1) “cipher-suite”-based/-specific information available in the network/system being called up to ascertain reference cipher suites and/or 2) block chain information available in the network/system, containing data records referred to as “proof of work” for solving complex computation tasks, being called up or ascertained, with the ascertainment of block chain difficulty parameters as key length estimation parameters to ascertain appropriate reference key lengths, in particular reference minimum key lengths required for cryptoalgorithms, and 3) the ascertained reference cipher suites and/or the reference key lengths ascertained by the key length estimation parameters being compared with the used or activated and usable cipher suites and/or k

Abstract: An information processing method is provided. The method includes acquiring a JavaScript (JS) template for filtering multimedia information from a backend server when determining a preset update condition is satisfied; and acquiring a filtering parameter corresponding to a target webpage from the backend server when detecting that a user requests to access the target webpage. The method also includes inserting the filtering parameter into the JS template; executing the JS template inserted with the filtering parameter, screening out multimedia information from webpage information displayed on the target webpage and shielding displaying of the multimedia information.

Abstract: For a host that executes one or more guest virtual machines (GVMs), some embodiments provide a novel encryption method for encrypting the data messages sent by the GVMs. The method initially receives a data message to send for a GVM executing on the host. The method then determines whether it should encrypt the data message based on a set of one or more encryption rules. When the process determines that it should encrypt the received data message, it encrypts the data message and forwards the encrypted data message to its destination; otherwise, the method just forwards the received data message unencrypted to its destination. In some embodiments, the host encrypts differently the data messages for different GVMs that execute on the host.

Abstract: Management and configuration of internet of things network connected devices is facilitated herein. A proxy device comprises a memory that stores executable instructions that, when executed by a processor, facilitate performance of operations that comprise determining a first identity and a first operational parameter of a first device and a second identity and a second operational parameter of a second device. The first device and the second device can be associated with a defined communication network. The proxy device can be provisioned within the defined communication network and can operate as a security update proxy node for the first device and the second device. The operations can also comprise facilitating a first security update at the first device and a second security update at the second device based on a determination that the first device and the second device have delegated responsibility for security synchronization to the proxy device.

Abstract: An access control device includes a processor configured to: receive a request for a connection via wireless communication from a terminal, issue a password from a first device for supporting a reading scheme for the terminal in response to a reception of the request for the connection, and transmit, to the terminal, a first program for generating a key information item of the terminal and acquiring authentication data corresponding to the password read by the reading scheme for the terminal, receive a response including the key information item and the authentication data from the terminal and determine whether the terminal is authorized based on the authentication data included in the response, and associate the key information item included in the response with identification information of the terminal and execute a process of establishing the connection to the terminal when the processor determines that the terminal is authorized.

Abstract: Novel tools and techniques might provide for implementing secure communications for IoT devices. In various embodiments, a gateway or computing device might provide connectivity between or amongst two or more Internet of Things (“IoT”) capable devices, by establishing an IoT protocol-based, autonomous machine-to-machine communication channel amongst the two or more IoT capable devices. For sensitive and/or private communications, the gateway or computing device might establish a secure off-the-record (“OTR”) communication session within the IoT protocol-based, autonomous machine-to-machine channel, thereby providing encrypted machine-to-machine communications amongst the two or more IoT capable devices, without any content of communications that are exchanged amongst the IoT capable devices over the secure OTR communication session being recorded or logged.

Abstract: A cloud operation interface sharing method, a related device includes: displaying, by a first terminal device, a first message sent by a cloud operating system of a second terminal device, where the first message carries first authentication information and address information of the cloud operating system, and the first message informs the first terminal device that the second terminal device authorizes the first terminal device to use the cloud operating system; requesting, by the first terminal device, authentication from the cloud operating system; after the authentication succeeds, establishing, by the first terminal device, a connection to the cloud operating system; receiving, by the first terminal device, interface information sent by the cloud operating system; and switching, by the first terminal device, a currently displayed first operation interface to a second operation interface corresponding to the interface information.

Abstract: An example operation may include one or more of identifying pending blockchain transactions in a transaction queue, determining states of the pending blockchain transactions, determining whether the pending blockchain transactions in the transaction queue are valid based on the determined states, retrieving a list of potential blockchain transaction conflicts associated with the pending blockchain transactions, and determining whether any conflicts exist for one or more of the pending blockchain transactions based on the list of blockchain transaction conflicts.

Abstract: An indication of a key generation function may be received from a server. A random value may be received based on a volatile memory of a device. A cryptographic key may be generated based on the key generation function from the server and the random value that is based on the volatile memory of the device. The cryptographic key may be stored at a non-volatile memory of the device.

Abstract: Systems and methods for tracking the download progress of a composite file. One system includes a notification server and a media server. The notification server provides a token to a user device that uniquely identifies a user session between a browser application and a cloud storage service. The media server receives the token from the browser application associated with a download request for a set of files, creates a composite file including the set of files, transmits the composite file to the user device, and, while transmitting the composite file, transmits progress information and the token to the notification server. The progress information includes a number of files in the composite file transmitted to the user device. The notification server receives the progress information and the token from the media server, determines the user session based on the token, and transmits the progress information to the user device.

Abstract: Systems, methods, and computer-executable instructions for protecting data that includes receiving a request for a first data value. A data store is queried for a first stored data value. The first stored data value is received which contains a security prefix and encrypted data. From the security prefix, a cryptography algorithm and a key are determined. The encrypted data is decrypted using the cryptography algorithm and the key. The decrypted data is returned.

Abstract: A system and method for validating proof of transit of network traffic through network nodes (N), the node (N) comprising a set of input interfaces (20) receiving incoming packets, a first module (A) to identify a matching route within a routing table (23) and storing means (22) to provide next modules (B, C, D) with two private keys if the packet is matched and/or the packet metadata includes OPoT information. The second module (B) decrypts the OPoT metadata using the first private key associated to the link of the node from which the incoming packets are received. The node (N) has SSS metadata to be processed by a third module (C) for the correct generation of cumulative validation parameters. When the SSS process is finished by the third module (C), the fourth module (D) re-encrypts the OPoT metadata using the second private key before packet forwarding to the subsequent node in the path through output interfaces (21).

Abstract: A cloud security system and method designed to protect users' data in case of accidental leaks in a cloud computing environment. Secured hashing of the names of folders stored on the cloud data storage are generated and persisted using multiple iterations of cryptographic hash functions along with a concatenated random number for each of the folder names, thereby providing protection against vulnerability of the folder names. The proposed system is a dual-layer framework consisting of a control layer and a data layer. The control layer is responsible for cryptographic hashing and persistence of the folder name, hashed name, salt, and iterations in a database. The control layer communicates with the data layer and provides the hashed folder names to persist the user data cloud storage.

Abstract: A technology is provided for mitigating an attack against a host service. Receive a connection from a client using a first cipher suite to authenticate the client. Identify that a distributed denial-of-service (DDoS) attack is occurring from a plurality of clients. Change the first cipher suite to a second cipher suite wherein the second cipher suite is more computationally intensive than the first cipher suite. Disconnect with the client and causing the client to reconnect using the second cipher suite.

Abstract: A trusted deployment and communications gateway for deployment, trusted execution, and secure communications system includes a trusted platform for deployment of trusted applications. The trusted platform may include a secure user profile comprising user data specifications that is stored in a secure storage location of the trusted platform, a kernel development engine configured to receive various application program instructions within a trusted environment, a testing and signing module configured to generate signed application program instructions in response to determining that the application program instructions do not violate one or more of the data specifications, a compiler configured to compile the signed application program instructions to generate a signed application kernel, and a kernel store configured to store the signed application kernels that are executable in the trusted platform.

Abstract: A messaging server receives a network packet that encapsulates a user packet that indicates a source domain and a destination domain. The user packet encapsulates a data message that indicates a code and comprises encrypted data. The messaging server transfers the user packet to a distributed ledger. The distributed ledger executes a distributed ledger transaction with the domains and the code to determine a receiving device. The distributed ledger commits the user packet and device identifiers to distributed ledger memory and transfers the user packet and the receiving device identifier to the messaging server. The messaging server encapsulates the user packet in a network packet for delivery to the receiving device. The user packet encapsulates that data message that indicates the code and comprises the encrypted user data.

Abstract: An approach for simulating items in an environment, such as a room, is disclosed. A package file can store information including an image of the environment and metadata including an identifier that uniquely identifies a selected image. The package file can be used to regenerate a simulation of the item arranged over the image of the environment. Later changes can be made to the simulation of the item by accessing the metadata.

Abstract: Systems and methods for inter-service authentication are disclosed. In one embodiment, a system may include a plurality of services and a cloud platform. The first service may generate a token comprising a first service identifier for communicating with a second service, and may request, from the cloud platform, a private key for the first service. The cloud platform may provide the private key to the first service. The first service may sign the token with the private key and may communicate a request to the second service with the signed token. The second service may retrieve the first service identifier and may request, from the cloud platform, a public key for the first service identifier. The cloud platform may provide the public key to the second service. The second service may validate the token using the public key, and may grant the request in response to the validation.

Abstract: A fare collection method and apparatus are provided. The apparatus comprises a camera; an NFC device; a processor, configured to: trigger a ride fare collection transaction upon a target object being detected within a set distance; determine whether a first payment information has been obtained by the camera; if yes, perform payment processing according to the first payment information; and if no, collect a near-field communication (NFC) signal through an NFC device to obtain second payment information, and perform payment processing according to the second payment information.

Abstract: The subject technology at a data system, an ingest request to ingest one or more files into a table. The subject technology, after obtaining the ingest request and prior to the ingesting of the one or more files, persists the one or more files in a first file queue that corresponds to the table, the first file queue further corresponding to a client account, and the data system further comprising a second file queue that corresponds to both a second client account and a second table. The subject technology ingests, by one or more execution nodes, the one or more files into one or more micro-partitions of the table, each of the one or more micro-partitions comprising contiguous units of storage of a storage device.

Abstract: Implementations of the present specification provide a method for updating a state Merkle tree, where the state Merkle tree is used to store a state of an account in a blockchain network. The method includes: accessing data related to a state Merkle tree that stores a state of an account in a blockchain network; determining to-be-updated nodes that need to be updated in the state Merkle tree due to a state change of the account; extracting one first subtree and M second subtrees from the state Merkle tree based on the to-be-updated nodes; allocating the M second subtrees to N worker threads, wherein two or more of the N worker threads process in parallel the M second subtrees to obtain each updated second subtree; and updating at least the first subtree based on hash values of root nodes of the updated second subtrees, to obtain an updated state Merkle tree.

Abstract: A method is presented to geographically control the distribution of protected data and ensure that it is not transmitted along any path which would encompass prohibited areas. A user wanting to so protect data can input geographic restrictions which are translated into geodeclaration metadata representing one or more geographic areas in which the data is either permitted or prohibited. The metadata may be in the form of an XML statement, and is sealed with the data using a digital certificate. When the data is received at a network router or at a destination device, the router/device can check its own current location (e.g., via GPS) and determine whether its location is within permissible boundaries. If not, the data is not transmitted or stored, and an error message is returned. If the router/device determines that it is within permissible boundaries, it proceeds to transmit or store the data.

Abstract: An external client requests the location of a UE using control plane signaling. The UE sends downlink location measurements, such as Reference Signal Time Differences, for a plurality of base stations (BSs) to a serving BS at a layer 1 or layer 2 protocol level and at first periodic intervals. The UE and the plurality of BSs send additional location measurements, such as receive time-transmission time differences, to the serving BS at second periodic intervals, which are longer than the first periodic intervals. The serving BS uses the additional location measurements and downlink location measurements to determine timing information, such as Real Time Differences, for the plurality of BSs. The serving BS determines the location of the UE using the downlink location measurements and the timing information at the first periodic intervals and sends the location to the external client using user plane signaling to reduce delay.

Abstract: Systems and methods are disclosed herein for a user to use a trusted device to provide sensitive information to an identity provider via QR (Quick Response) code for the identity provider to broker a website login or to collect information for the website. A user may securely transact with the website from unsecured devices by entering sensitive information into the trusted device. The identity provider may generate the QR code for display by the website on an unsecured device. A user running an application from the identity provider on the trusted device may scan the QR code to transmit the QR code to the identity provider. The identity provider may validate the QR code and may receive credential information to authenticate the user or may collect information for the website. Advantageously, the user may perform a safe login to the website from untrusted devices using the trusted device.

Abstract: A page request is received from a browser. A page script corresponding to the page request is allocated from a plurality of page scripts corresponding to the page request. The page script is transmitted to the browser for generation of a script execution parameter by execution of the page script by the browser. A page verification request is received from the browser, where the page verification request includes the script execution parameter. Whether a page verification request is expired is determined, where if the page verification request is expired, generating error prompt information indicating a page expiration. If the page verification request is not expired, whether the script execution parameter is valid, is determined. If the script execution parameter is valid, the validity is indicated, otherwise the page request is rejected.

Abstract: A system is provided for data object encryption. The system includes an encryption framework available across a plurality of runtime environments. The system is configured to receive a data object in one of the plurality of runtime environments, wherein the data object is capable of being encrypted using a content encryption key and determine an encryption module implemented in the encryption framework that is compatible with the one of the plurality of runtime environment, wherein the encryption module comprises a key service provider that provides a master key and a key wrapping algorithm for the content encryption key in the runtime environment. The system is further configured to encrypt the data object using the content encryption key, encrypt the content encryption key using the master key and key wrapping algorithm, and write the encrypted data object to networked database storage.

Abstract: A security function is provided by an intermediate device located between hosts and devices requesting for access to the hosts in a computerized network. The intermediate device receives a request for access to a host, and obtains at least one authenticator for use in the requested access to the host. The intermediate device then monitors for communications that use the at least one authenticator.

Abstract: Systems, methods, apparatuses, and software for a content delivery network that caches content for delivery to end user devices is presented. In one example, a content delivery network (CDN) is presented having a plurality of cache nodes that cache content for delivery to end user devices. The CDN includes an anonymization node configured to establish anonymized network addresses for transfer of content to cache nodes from one or more origin servers that store the content before caching by the CDN. The anonymization node is configured to provide indications of relationships between the anonymized network addresses and the cache nodes to a routing node of the CDN. The routing node is configured to route the content transferred by the one or more origin servers responsive to content requests of the cache nodes based on the indications of the relationships between the anonymous network addresses to the cache nodes.

Abstract: A system for identifying a schema for storing graph data includes a database containing a graph dataset of data and relationships between data pairs and a list of storage methods that each are a distinct structural arrangement of the data and relationships from the graph data set. An analyzer module collects statistics for the graph dataset, and a data classification module uses the collected statistics to calculate metrics describing the data and relationships in the graph dataset, uses the calculated metrics to group the data and relationships into a plurality of graph dataset subsets and associates each graph dataset subset with one of the plurality of storage methods. The resulting group of storage methods associated with the plurality of graph dataset subsets includes a unique storage method for each graph dataset subset. The data and relationships in each graph dataset subset are arranged in accordance with associated storage methods.

Abstract: Technologies for providing hardware resources as a service with direct resource addressability are disclosed. According to one embodiment of the present disclosure, a device receives a request to access a destination accelerator device in an edge network, the request specifying a destination address assigned to the destination accelerator device. The device determines, as a function of the destination address, a location of the destination accelerator device and sends the request to the destination accelerator device.

Abstract: Various computers will communicate messages back and forth over a communication network. These communications may exchange various information. In one aspect, an apparatus for communicating data over a communication network may comprise a computer processor, a receiver, and a memory. The computer processor may generate a request for transmission to a first server via the communication network. The request may include a data inquiry for data about an authorized user of a communication device. The computer processor may also generate a communication message for transmission to the authorized user with a prompt to provide user data via the communication device. The receiver may receive a response from the first server and user data from the communication device. The computer processor may further format the user data and generate a dynamic value based on the formatted response for display.

Abstract: Authentication of a networked device with limited computational resources for secure communications over a network. Authentication of the device begins with the supplicant node transmitting a signed digital certificate with its authentication credentials to a proxy node. Upon verifying the certificate, the proxy node then authenticates the supplicant's credentials with an authentication server accessible over the network, acting as a proxy for the supplicant node. Typically, this verification includes decryption according to a public/private key scheme. Upon successful authentication, the authentication server creates a session key for the supplicant node and communicates it to the proxy node. The proxy node encrypts the session key with a symmetric key, and transmits the encrypted session key to the supplicant node which, after decryption, uses the session key for secure communications. In some embodiments, the authentication server encrypts the session key with the symmetric key.

Abstract: With the interaction of a medical measuring system (3) with a ventilator or anesthesia device (5) via a data network (60), data transmission security and mutual authentication between the medical measuring system (3) and the ventilator or anesthesia device (5) is improved in a medical system (1) by the use of asymmetric encryption pairs. A classification of the measuring systems (3) is possible on the basis of an identification/authentication provided by the asymmetric encryption pairs. The classification may be used to adapt a ventilation by the ventilator or anesthesia device (5) in respect to different defined measuring systems (3), for example, measuring systems (3) for detecting an oxygen saturation (SpO2).

Abstract: An apparatus in one embodiment comprises a storage system having at least first and second storage tiers each comprising a plurality of storage devices. The first storage tier implements a file system having a user visible name space and a corresponding hidden data store. The second storage tier implements a cloud-based object store. The storage system is configured to controllably relocate files from the hidden data store of the file system of the first storage tier to the cloud-based object store of the second storage tier. In conjunction with the relocation of a given one of the files, the given file is replaced in the hidden data store with a corresponding stub providing user access via the user visible name space to an object comprising the given file in the cloud-based object store of the second storage tier. The controllable relocation is illustratively performed in accordance with one or more configured policies.

Abstract: Operating upon encrypted data with a particular data scope. A base encryption key is established and associated with the particular data scope, and then stored in a base encryption key store. That base encryption key store might be managed by an application or service that stores base encryption keys for multiple data scopes. A proxy encryption key acts as a kind of proxy for the base encryption key. The proxy encryption key may be used for frequent operations on encrypted data within the particular data scope. Thus, the principles described herein act as a frequency amplifier that allows key-based operations upon the particular data scope to be performed at much higher frequencies than otherwise would be possible by operating directly using the base encryption key.

Abstract: A computer-implemented method for performing authentication includes: determining, by a database server storing data in a blockchain ledger, a target ledger segment on which time service authentication is to be performed; generating a Merkle tree corresponding to the target ledger segment; determining a root hash of the Merkle tree, the root hash of the Merkle tree being based on a block hash of each data block in a set of one or more data blocks; executing a predetermined time capture process in a trusted execution environment to obtain a trusted time from an interface provided by a trusted time service organization; generating a digital signature for the trusted time and the root hash in the trusted execution environment; and generating a time service certificate including the trusted time, the root hash, and the digital signature.

Abstract: Described herein is a system and method for validating short authentication data by a server. Short authentication data associated with a particular user is received and a random number generated. The random number is stored by a client device. The short authentication data is committed by calculating a commitment value using the short authentication data, the generated random number and a secret value known only to the server. The server does not persistently store the short authentication data and/or the generated random number. The commitment value is utilized by the server in conjunction with a conjunction transaction to validate a presented short authentication data associated with a particular user and received random number. If a calculated value associated with the presented short authentication data equals the stored commitment value associated with the particular user, the computer transaction is allowed to occur. Otherwise, the computer transaction is blocked.

Abstract: An example system may comprise a first computing device comprising instructions executable by a hardware processor to: create, responsive to detecting a second computing device initially attempting to connect to a network, an unpopulated baseline profile for the second computing device; populate the baseline profile with initial processes running on the second computing device and initial system calls made by the initial processes during an initial operation time period of the second computing device; monitor, during a subsequent operation time period of the second computing device, subsequent processes running on the second computing device and subsequent system calls made by the subsequent processes; and detect an attack on the second computing device based on a comparison of the subsequent processes and the subsequent system calls to the populated baseline profile.

Abstract: The disclosure is directed to providing content access control in information centric networking (ICN) networks. Methods and systems include hardware and/or software that perform operations for sending to a content provider of an ICN network an access request for content in response to receiving a first content request from a client. The operations also include receiving from the content provider access control information for the content. The operations further include sending to the client a challenge. Additionally, the operations include receiving from the client an authorization of the content provider that includes information obtained by the client from the content provider based on the challenge. Furthermore, the operations include verifying the authorization received from the client using the access control information received from the content provider. Moreover, the operations include sending to the client the content.

Abstract: Compressed gas data is monitored and logged. A communication interface is coupled to a device supporting at least one of flow and storage of a compressed gas. The device senses data related to the compressed gas. The data is automatically collected via the communication interface at a first data store every first time increment of a first time period. Portions of the data from the first data store are automatically collected at a second data store every second time increment of each first time period. The second time increment is greater than the first time increment. The portions of the data are collected for a second time period which is greater than the first time period.

Abstract: Systems and methods for facilitating payment application provisioning and transacting are disclosed. According to one embodiment, a method for provisioning a token to a third party payment application on a mobile device may include (1) receiving a logon from a customer using a mobile application for a financial institution executed on a mobile device and a device identifier for the mobile device; (2) receiving a request to provision a token for a third party payment application; (3) authenticating the customer using the logon information and the device identifier; (4) provisioning a token for a payment device associated with the customer; and (5) providing the token to the third party payment application for transaction processing.