Abstract: This disclosure provides systems, methods and apparatus, including computer programs encoded on computer storage media, for onboarding one or more Multi-AP devices using a device provisioning protocol (DPP) and a Multi-AP communication protocol. In one aspect, a first Multi-AP device may determine, during an onboarding process, DPP configuration information that was derived using the DPP. The first Multi-AP device may establish a Multi-AP network configuration between the first Multi-AP device and a second Multi-AP device using the Multi-AP communication protocol based, at least in part, on the DPP configuration information. In one aspect, the DPP configuration information may be derived remotely by the network operator prior to device deployment. In one aspect, a configurator station (STA) may be delegated as the DPP configurator by the network operator, and may onboard one or more STAs into the Multi-AP network using the DPP and the Multi-AP communication protocol.

Abstract: A method used in an on-board network system, having electronic controllers that exchange messages and a fraud detecting electronic controller. The method includes determining whether a message transmitted conforms to fraud detection rules, and querying an external device whether there is delivery data for updating the fraud detection rules. When there is the delivery data for updating the fraud detection rules, receiving from an external device the delivery data, including updated fraud detection rules and network type information indicating a network type that the updated fraud detection rules are to be applied. The method also includes determining whether a vehicle in which the on-board network system is installed is running, and whether the network type information indicates a drive network that is connected to an electronic controller related to travel of the vehicle. When the network type information does not indicate the drive network, updating the fraud detection rules.

Abstract: Methods and systems may incorporate voice interaction and other audio interaction to facilitate access to prescription related information and processes. Particularly, voice/audio interactions may be utilized to achieve authentication to access prescription-related information and action capabilities. Additionally, voice/audio interactions may be utilized in performance of processes such as obtaining prescription refills and receiving reminders to consume prescription products.

Abstract: The present disclosure generally relates to managing content item collections. A collection management system receives a request for collection item metadata associated with a collection item. Collection management system obtains a content item identifier corresponding to the collection item identifier. Collection management system requests content item metadata from a content management system. Collection management system receives from the content management system content item metadata corresponding to the content item identifier. Collection management system filters the content item metadata to remove a portion of the content item metadata comprising privileged information. Collection management system retrieves collection item metadata using the collection item identifier. Collection management system adds the filtered content item metadata to the collection item metadata.

Abstract: Technology related to managing network traffic with sensitive data is disclosed. In one example, a method can include performing a cryptographic transformation of sensitive data of a request from a requestor for a resource. A portion of the cryptographic transformation of the sensitive data of the request can be transmitted to a sensitive data server. One or more possible matches to the cryptographic transformation of the sensitive data of the request can be received from the sensitive data server. A match to the cryptographic transformation can be identified within the one of the one or more possible matches. In response to identifying the match, an access policy for the requestor or the resource can be changed.

Abstract: A scrambling method of data on a J1939 communication system of a vehicle involves at least moving data from one of a PGN and a PGN/SPN location to another PGN or PGN/SPN location at a first controller on the vehicle before transmitting data and then re-ordering the data at a second controller. Some embodiments further comprise encrypting data either before or after shifting, but before transmitting so as to further complicate efforts to interpret meaningful data from the transmission. The second controller may be on the vehicle or may be remotely located.

Abstract: Techniques and examples pertaining to parking management and communication of parking information are described. A processor of a computing apparatus may obtain sensor data regarding a parking lot from a parking lot controller. The processor may analyze the sensor data. The processor may receive, from a client, a request for assistance with parking at the parking lot. The processor may provide, to the client, information on a location and status of a space (e.g., open space) in the parking lot, a path to the space, or both.

Abstract: Methods and systems for a device identification system may be provided. The device identification system may determine an identity of a user device associated with a transaction. The identity may be determined by network address information, hard link information, soft link information, and/or other such information. The network address information may include IPv4 information, IPv6 information, a device ID, and/or other such information. The identity of the user device may be determined and a transaction conducted from the user device may be assigned a fraudulent transaction risk score according to the information. Transactions that are determined to be at a high risk of fraud may be reviewed or otherwise flagged and/or canceled.

Abstract: Embodiments include apparatuses, methods, and systems including one or more servers and one or more storage devices, coupled with each other, to provide virtual storage service to store a file and meta data of the file for a client computing device. The file and the meta data of the file may be encrypted by the client computing device before providing to the virtual storage service. The file may be encrypted with a secret key of the client computing device, and the meta data of the file may be encrypted with a shared session key between the client computing device and the virtual storage service. The encrypted file may be stored in the one or more storage devices, and the encrypted meta data of the file may be stored in one or more secured areas of the one or more servers. Other embodiments may also be described and claimed.

Abstract: Security design and architecture for a multi-tenant Hadoop cluster are disclosed. In one embodiment, in a multi-tenant Hadoop cluster comprising a plurality of tenants and a plurality of applications, a method for identifying, naming, and creating a multi-tenant directory structure in a multi-tenant Hadoop cluster may include (1) identifying a plurality of groups for a directory structure selected from the group consisting of a superuser group, a plurality of tenant groups, and at least one application group; (2) creating an active directory for each of the groups; (3) adding each of a plurality of users to one of the plurality of tenant groups and the application group; (4) creating tenant directories and home directories for the users; and (5) assigning owners, group owners, default permissions, and extended access control lists to the tenant directories and the home directories.

Abstract: This disclosure describes methods and systems for a biometric identity management system capable of being deployed incrementally one organization at a time, and also reversibly, such that any organization can unsubscribe at any time. A biometric processing engine can perform biometric matching between records from a first database and a second database, whereby the databases have been established independently of each other. Each record comprises a biometric record and a corresponding identifier unique across databases. If a biometric record of a first record and a biometric record of a second record are from a same individual, the first record comprising a first unique identifier and the second record comprising a second unique identifier are linked. Using the first or second unique identifiers, access to information about the individual linked to both the first record in the first database and the second record in the second database is provided.

Abstract: A biometric verification system is disclosed. The system includes a portable device which stores a biometric reference template and authentication preferences, The portable device can be used with an access device. The access device can prompt the user for a biometric sample, The access device may create a biometric sample template from the biometric sample, and the biometric sample template can be compared to the biometric reference template to determine if a user is authentic.

Abstract: Methods for authenticating a genuine presence of a human involve directing one or more modulated probes towards a body part of the human, receiving a response to the probes from the body part, and analyzing the response to determine whether it contains spectral characteristics that match a class of responses to such probes for the human body part in a human population. Replay attacks are countered by varying the modulation of the probe temporally, spatially, and spectrally each time authentication is performed. The probes may include electromagnetic radiation, acoustic beams, or particle beams that generate a detected reflection, absorption pattern, scintillation, or fluorescence response of the body part. The analysis of the response may be directed to one or more of temporal, spatial, and spectral variations in accordance with the nature of the probes and the modulation.

Abstract: Data center management over a power plane, including: coupling, via a plurality of power planes, a management hub to one or more servers; and transferring, via the plurality of power planes, data between the management hub and the one or more servers.

Abstract: System and methods for synchronizing and encrypting profile information are provided. A method establishes a first browser instance on a first virtual machine being in communication with a first browser profile sync and encrypt agent. The method also establishes a second browser instance on a second virtual machine. The method may use the first browser profile sync and encrypt agent acting through a profile helper service to encrypt profile changes involving the first browser instance on an encrypted master profile and use the second browser profile sync and encrypt agent acting through the profile helper service to encrypt profile changes involving the second browser instance on the encrypted master profile. The method maintains a browser profile persistence for the first browser instance and for the second browser instance, using the encrypted master profile, on a single on-disk profile.

Abstract: Decrypting synthetic transactions with beacon packets is provided. A probe receives, from a client device, a start beacon packet that identifies a test of a service provided by one or more servers. The probe establishes, responsive to receipt of the start beacon packet, a log for the test. The probe stores, in the log established responsive to the start beacon packet, data packets transmitted between the client device and the one or more servers subsequent to the start beacon packet and encrypted with a key using a security protocol. The probe receives, from the client device, key information used to decrypt the data packets of the test encrypted with the key using the security protocol. The probe provides at least one of the data packets for evaluation or decryption using the key information to determine a performance of the service.

Abstract: A method for monitoring and identifying changes in one or more parameters of an OS is disclosed. The method includes performing a measurement by a measurement application of a first computer system of the one or more parameters of a first OS executing on the first computer system, receiving the measurement of the one or more parameters of the first OS by an appraisal application, and storing the measurement of the one or more parameters of the first OS in a data store. The method also includes comparing the measurement with one or more first OS parameter norms associated with the first network slice, and identifying a change in the one or more parameters of the first OS by the appraisal application in response to comparing the measurement of the one or more parameters of the first OS with the one or more first OS parameter norms.

Abstract: Embodiments of the present invention provide a system for employing a smart device for secure and authenticated event. The system may include a smart assistant device that receives an audible request from a user for an event with a merchant. The smart assistant device then establishes a secure active session with a mobile device associated with the user over a wireless network. The smart assistant device determines a digital voice ID for the received audible request for the event and transmits the digital voice ID and event information to the mobile device of the user. A smart assistant application of the mobile device validates the digital voice ID based on stored reference data. Event information and additional user execution information is then provided to an event processing system for asynchronous processing.

Abstract: The invention relates to a method for controlling a security system of a charging station for charging electric vehicles, the security system comprising the following elements: a charging plug, the charging plug comprising a sensor unit for recording biometric data of a user that are used for authenticating the user on the security system, and a control unit for evaluating biometric data of the user. For this purpose, according to the invention, the control unit extracts a plurality of features from the biometric data of the user, and the control unit evaluates the features of the biometric data in a plurality of stages.

Abstract: Techniques for changing the presentation of information on a user interface based on presence are described. In an example, a computer system determines, based on an image sensor associated with the system, a first presence of a first user relative to a computing device. The computer system also determines an identifier of the first user. The identifier is associated with operating the computing device. The operating comprises a presentation of the user interface by the computing device. The computer system also determines, based on the image sensor, a second presence of a second person relative to the computing device. The computer system causes an update to the user interface based on the second presence.