Abstract: Methods and systems for rules-based data access are described. In some embodiments, a request for access to customer data by a requesting entity is received; the data is categorized; the person's preferences with respect to allowing access to data are compiled; a requesting entity is determined; and the providing entity that collected each requested data item is determined. Data shareability rules are evaluated based on the policies that regulate the access of the customer data and the requesting entity, and the customer data is provided to the requesting entity according to the evaluation.

Abstract: An online system receives information describing a request from a user to perform an action within a guest application and information identifying a host application for determining whether to allow the user to do so. The information describing the request is communicated to the host application for comparison to a set of permissions. Upon receiving information indicating the information describing the request matches a permission identifying a user allowed to perform an action within the guest application, the online system communicates, to the host application, a message for display to the user including an option allowing the user to perform the action within the guest application. Upon receiving a selection of the option at the host application, the online system receives a token allowing the user to perform the action within the guest application and communicates it to the guest application. The host and guest applications also may communicate directly.

Abstract: Provided is a method for remotely communicating a software management task to certified software from a source to a software management module on an asset via a wireless communications link. The method includes encrypting the communications link between the source and the software management module to form a secure tunnel and verifying credentials of the source via the software management module when a software management task file is communicated. A load assurance check is performed on a portion of the communicated software management task file to confirm integrity of the communicated file when the credentials of the source are verified. Thee software management task is executed immediately when the file integrity is verified, the executing occurring automatically and being devoid of human intervention.

Abstract: A system for transmitting and receiving data based on a vehicle network and a method therefor are provided. The method includes generating, by a first hardware security module (HSM), a first session key using a first random number and a first fixed key and, encrypting, by a first electric control unit (ECU), a message using the first session. The method also includes generating, by a second HSM, a second session key using a second random number and a second fixed key, and decrypting, by a second ECU, the message using the second session key.

Abstract: Disclosed is a multi-source encrypted image retrieval method based on federated learning and secret sharing, including the following steps: S1. performing model training on a convolutional neural network of double cloud platforms based on federated learning, with an image owner joining the double cloud platforms as a coalition member; and S2. completing, by an authorized user, encrypted image retrieval based on additive secret sharing with the assistance of the double cloud platforms. The present disclosure provides a multi-source encrypted retrieval scheme based on federated learning and secret sharing, which simplifies the neural network model structure for retrieval by using federated learning, to obtain better network parameters. Better neural network parameters and a more simplified network model structure are achieved by compromising overheads on the image owner side, such that a better convolutional neural network can be used in encrypted image retrieval.

Abstract: A system to provide scalable and reliable communication mechanism between a plurality of requesters and a plurality of edge devices comprising one or more requests from said plurality requesters to one or more coordinators discovering one or more edge devices relevant to said request based on one or more search method and directing said requests to the one or more of said edge devices or to other coordinators, wherein the edge device comprises one or more data publishers providing data to an agent to execute said one or more request to create one or more responses and sending said one or more responses to the coordinators which are aggregating said one or more responses and sending to said one or more requesters for further processing.

Abstract: The invention provides a method and system for generating a watermark on the basis of graphic, a terminal, and a medium. The method includes acquiring a watermark image and at least one watermark unit image; acquiring watermark encryption information; determining the distribution information of the watermark unit images in the watermark image according to the watermark encryption information and a preset encryption model, the distribution information comprising imaging regions of the watermark unit images in the watermark image; and overlaying each watermark unit image into a corresponding imaging region in the watermark image to generate the watermark. The watermark encryption information has a one-to-one corresponding relationship with the distribution information of the watermark unit images in the watermark image, and the corresponding relationship can be defined by a user so that others cannot crack the watermark without knowing the encryption model, thereby improving the watermark cracking difficulty.

Abstract: A device may receive a secure signal message from an IoT device provided in a first security zone, and may provide the secure signal message from the first security zone to a second security zone, via a first secure data layer. The device may generate two processed secure signal messages from the secure signal message, and may provide the two processed secure signal messages from the second security zone to a third security zone, via a second secure data layer. The device may calculate a secure analytics message, that includes a graph, based on the two processed secure signal messages, and may provide the secure analytics message from the third security zone to a fourth security zone, via a third secure data layer. The device may store the secure analytics message in a data structure associated with the fourth security zone.

Abstract: A security event management system for an electronic connected network includes a public key infrastructure subsystem configured to generate a security ID for a connected device accessing the network, a digital ledger, a trigger list in operable communication with the digital ledger, and an event manager configured to (i) subscribe to the trigger list by defining at least one reportable event of which the trigger list is to advise the event manager, and (ii) receive a notification from the trigger list upon validation of the at least one reportable event behind the digital ledger.

Abstract: Technologies and techniques for anonymously providing data of a motor vehicle. A first dataset is generated by a motor vehicle, and the first dataset is anonymized using a vehicle computing unit. User related data and the anonymized first dataset are communicated to a first server system using the vehicle computing unit and the communicated user related data is deleted using the first server system. The anonymized first dataset is communicated to a second server system using the first server system after deletion of the user related data.

Abstract: This disclosure relates to computer systems that isolate data processing modules and methods of operating the same. In one embodiment of a method, a computer system receives a first data processing request for a first data file. The computer system may determine that a first data type of the first data file is supported by an encapsulated data processing module and determine a first communication protocol from a set of communication protocols that can be used to receive the first data file. The computer system can then receive the first data file from the first storage location in accordance with the first communication protocol and the encapsulated data processing module may be executed to convert the first data file in the first data format into second data in a second data format.

Abstract: A computer-implemented method according to one aspect includes creating an initialization vector, utilizing an instance of plaintext and a secret key; encrypting the instance of plaintext, utilizing the initialization vector, the secret key, and the instance of plaintext; combining the initialization vector and the encrypted instance of plaintext to create a ciphertext string; and sending the ciphertext string to a storage device performing deduplication.

Abstract: Systems, methods, and apparatus for satellite operations with a secure enclave for secure hosted payload operations are disclosed. In one or more embodiments, a disclosed method for payload operations comprises receiving, by a command receiver on a vehicle (e.g., a satellite), host commands from a host spacecraft operations center (SOC). The method further comprises reconfiguring a host payload on the vehicle according to the host commands. Also the method comprises transmitting, by a telemetry transmitter on the vehicle, host payload telemetry to the host SOC. In addition, the method comprises receiving, by a payload antenna on the vehicle, hosted commands from a secure enclave of the host SOC. Additionally, the method comprises reconfiguring a hosted payload on the vehicle according to the hosted commands. Further, the method comprises transmitting, by the payload antenna, host payload data, hosted payload data, and hosted telemetry to the secure enclave of the host SOC.

Abstract: Techniques to facilitate verification of in-situ network telemetry data of data packet of data traffic of packet-switched networks are described herein. A technique described herein includes a network node obtaining a data packet of data traffic of a packet-switched network. The data packet includes an in-situ network telemetry block. The network node obtains telemetry data and cryptographic key. The cryptographic key confidentially identifies the network node. The node encrypts at least a portion of the telemetry data based on the cryptographic key to produce signed telemetry data and updates telemetry-data entry of the in-situ network telemetry block. The telemetry data and signed telemetry data is inserted into the telemetry-data entry. The node forwards the data packet with the updated telemetry-data entry to another network node of the packet-switched network.

Abstract: Preventing misuse of a cryptographic key by receiving a request to carry out a cryptographic operation using a cryptographic key from a requesting entity, distributing the request to a quorum comprising multiple computerized devices, receiving a decision from the multiple computerized devices on whether or not the cryptographic operation using the cryptographic key is allowed, and carrying out the cryptographic operation using the cryptographic key according to the decision from the multiple computerized devices.

Abstract: An apparatus and a method are provided for an optical wireless communication (OWC) laser light communications device. The laser light communications device comprises one or more pairs of transmitting and receiving cells. The transmitting and receiving cells may be used in a variety of arrangements and configurations, and scaled appropriately for given data transmission needs. A laser light signal, comprising a communication layer and a high-energy protection layer, is sent from transmitting cells to receiving cells. The high-energy protection layer physically envelopers the communication layer. The protection layer provides for enhanced security and encryption, and ensures signal integrity when received and ultimately decoded and interpreted. The receiving cells may be configured to utilize the energy of the high-energy protection layer, such as by using the energy to charge a battery, or to provide energy for a subsequent transmission.

Abstract: A computer-implemented method is for providing a digital certificate to a device. In an embodiment, the method is based on receiving, from the device, authentication data via a secure communication channel. Furthermore, the method is based on receiving, from the device, or determining, by the server, a first certificate identifier. In particular, the first certificate identifier is a hash value. Further aspects of the method are verifying the authentication data and receiving, from the device, a first public key created by the device. In an embodiment, the method is furthermore based on sending a first certificate signing request related to a first domain name based on the first public key to a certificate authority. Herein, the first domain name comprises the certificate identifier, and a domain related to the first domain name is controlled by the server. In particular, the first domain name is a wildcard domain.

Abstract: A sensor may obtain sensor data. The sensor may transmit the sensor data to a controller via a sensor-controller interface. The sensor may determine, based on the sensor data, a security characteristic for the sensor data. The sensor may encrypt the security characteristic to generate an encrypted security characteristic. The sensor may transmit the encrypted security characteristic to the controller via the sensor-controller interface.

Abstract: An electronic device is provided processor configured to: receive a biological signal of a user; detect whether the electronic device is attached to or detached from the user based on at least the biological signal; and control an I/O device operationally connected to the electronic device based on whether the electronic device is attached to or detached from the user.

Abstract: A method includes linking a first application with a first Transport Layer Security (TLS) library, linking a second application with a second TLS library, obtaining a sequence of cryptographic keys by a first agent, the sequence of cryptographic keys based on an agent key and provided from the first agent to the first TLS library, obtaining the sequence of cryptographic keys by a second agent, the sequence of cryptographic keys based on the agent key and provided from the second agent to the second TLS library, establishing communication between the first TLS library and the first agent to create a first trusted relationship, establishing communication between the second TLS library and the second agent to create a second trusted relationship, and establishing a third trusted relationship between the first agent and the second agent.