Abstract: Methods and systems are provided in this disclosure for operating an electronic device that includes a user interface, a microphone, and an electronic processor. The microphone captures an audio stream and the electronic processor analyzes the audio stream to identify spoken words captured by the microphone. The electronic processor detects a violation of a user assistance restriction for the current functional operation of the electronic device based at least in part on a correlation between one or more of the identified spoken words captured by the microphone and a current functional operation of the electronic device involving a manual text entry through the user interface of the electronic device. The electronic processor adjusts one or more operations of the electronic device in response to detecting the violation of the user assistance restriction.

Abstract: A technique to protect a cloud database located at a database server and accessible from a database client. In this approach, a communication associated with a database session is intercepted. A hostname or network address associated with the communication is then evaluated to determine whether such information can be found in or otherwise derived from data in a database protocol packet associated with the database session. The information typically is placed there unavoidably by the cloud database client and normally cannot be spoofed by a process that does not understand or speak the proper database protocol semantics. Upon a mismatch, the database session is flagged as being potentially associated with a man-in-the-middle (MITM), in which case a given action may then be taken with respect to the database session that is then active. The technique provides for a MITM checkpoint in a cloud database service environment.

Abstract: A technique to protect a cloud database located at a database server and accessible from a database client. In this approach, a communication associated with a database session is intercepted. A hostname or network address associated with the communication is then evaluated to determine whether such information can be found in or otherwise derived from data in a database protocol packet associated with the database session. The information typically is placed there unavoidably by the cloud database client and normally cannot be spoofed by a process that does not understand or speak the proper database protocol semantics. Upon a mismatch, the database session is flagged as being potentially associated with a man-in-the-middle (MITM), in which case a given action may then be taken with respect to the database session that is then active. The technique provides for a MITM checkpoint in a cloud database service environment.

Abstract: A system for providing entertainment on a vehicle for passengers is described. The system includes (a) a server storing media files and corresponding media keys and (b) monitors storing subsets of the media files and the corresponding media keys. The system includes a server disposed on the vehicle to store the media files and the media keys for the vehicle; monitors disposed on the vehicle to present media selections to passengers corresponding to the media files stored by the server, locally, or on other monitors disposed on the vehicle, and receive an input from a passenger for playing one of the selections. The system also includes selectively revoking the media keys on the server or the monitors. Program logic executed by the server and the monitors implements secure, digital rights management processes as they pertain to the media files presented on the vehicle.

Abstract: Techniques for refreshing an authentication token. Access is granted to a secure computing environment in response to receiving authentication information from a requesting computing device. The access is granted for a session and one or more client applications allow secure delegated access to server resources on behalf of a resource owner by utilizing an access token. The access token is refreshed without explicit user interaction utilizing the authentication information for the session while the session is valid. Access is granted to the secure computing environment in response to the refreshed access token.

Abstract: An information processing apparatus includes a controller that, in response to capturing of an operation target and an authentication object by an image capturing unit, controls notification of information used for operating the operation target.

Abstract: One or more embodiments of the present specification provide methods and apparatuses for copyright allocation for a blockchain-based work, which are applied to a blockchain network that includes an original author client device, a co-creation participating user client device, and a first node device. The method includes the following: obtaining, by the first node device, a first target transaction from a distributed database of the blockchain, where the first target transaction includes co-creation participating behavior data of the co-creation participating user for a target work, and the target work is originally created by the original author; and invoking a smart contract corresponding to copyright allocation for the target work, executing logic declared in the smart contract for allocating a copyright share to the co-creation participating user based on the co-creation participating behavior data, and allocating a copyright share of the target work to the co-creation participating user.

Abstract: Provided are a computer program product, system, and method for determining whether to destage write data in cache to storage based on whether the write data has malicious data. Write data for a storage is cached in a cache. A determination is made as to whether the write data in the cache comprises random data according to a randomness criteria. The write data in the cache to the storage in response to determining that the write data does not comprise random data according to the randomness criteria. The write data is processed as malicious data after determining that the write data comprises random data according to the randomness criteria.

Abstract: Example implementations relate to mobile virtual private network (mVPN) configuration. For example, a system for mVPN configuration may include a configuration selector to intercept an internet protocol (IP) packet in a mobile virtual private network (mVPN) and select a mVPN configuration for the IP packet using a lookup table. The system may further include a configuration adapter to adapt the IP packet according to the selected mVPN configuration.

Abstract: A computer-implemented method for invalidating an access token includes generating an access token and an HTML file in response to receipt of a request for issuing the access token, the HTML file comprising a set of instructions for rendering on one window in a browser, a code for generating a child segment in a memory which is controlled by the window, and a code for invalidating the access token in response to completion of rendering on the child segment, in response to completion of receiving, from a resource server, one or more resources requested by a client program executed on the child segment or in response to closing of the window, sending the access token and the HTML file to the browser, and invalidating the access token, in response to receipt, from the browser, of a request for invalidating the access token.

Abstract: A first certificate authority (CA) trust list comprising a plurality of CA identifiers is obtained by a first node of a blockchain network. A communication request comprising a public key certificate of the second node is received by the first node from a second node of the blockchain network. A first CA identifier is determined from the received public key certificate. A determination is made as to whether the first CA identifier matches one of the plurality of CA identifiers of the first CA trust list. In response to determining that the first CA identifier matches one of the plurality of CA identifiers of the first CA trust list, the communication request is approved by the first node. In response to determining that the first CA identifier does not match one of the plurality of CA identifiers of the first CA trust list, the communication request is denied.

Abstract: A computing device, a system, and a method are provided to receive a number of inputs associated with one or more sensors of the computing device. One or more processors are configured to determine input data based on the number of inputs and authenticate a user account based on the input data. A communication interface is enabled to communicate with one or more devices based on the authentication. Further, the system may aggregate the input data based on the number of inputs. The system may determine identity data of the user account based on the aggregation. The system may transmit an indication of the identity data to the computing device.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for implementing subscription contexts in a reactive programming system. One of the methods includes receiving, by a reactive programming system comprising one or more computers, a reactive programming program defining an ordering of a plurality of operators, the plurality of operators including a subscriber context operator that writes a value to a subscription context for a particular subscriber, wherein the ordering defines an upstream subscription flow ordering from the particular subscriber to a publisher and a downstream data flow ordering from the publisher to the particular subscriber. The operators are evaluated in the upstream subscription flow ordering, including updating a subscription context of each operator with the value written by the subscriber context operator.

Abstract: Systems and methods for analyzing SQL queries for constraint violations for injection attacks. Tokenizing a SQL query generates a token stream. A parse tree is constructed by iterating over lexical nodes of the token stream. The parse tree is compared to a SQL schema and access configuration for a database in order to analyze the SQL query for constraint violations. Evaluation flaws are also detected. A step-wise, bottom-up approach is employed to walk through the parse tree to detect types and to ascertain from those types whether the condition for SQL execution is static or dynamic. SQL request security engine logic refers to predetermined protective action data and takes the particular type of action specified by the predetermined protective action data. Security is further enhanced by limiting service of requests to requests of one or more specific, accepted data types. Each request is parsed into individual data elements, each an associated key-value pair.

Abstract: Some embodiments of the present disclosure provide a chip accessing method, a security controlling module, a chip and a debugging device. A chip accessing method is applied to a chip, including: after a debugging device is detected, triggering security authentication on the debugging device in which a security card that pre-stores a first private key is inserted; acquiring from the debugging device a first authentication information generated by the debugging device at least based on the first private key; determining whether the debugging device is authenticated according to the first authentication information; and enabling a debugging interface when the debugging device is authenticated to allow the debugging device to access the chip through the debugging interface. The embodiments in the present disclosure are advantageous for improving security, convenience, and flexibility when the debugging device is accessing a chip.

Abstract: There is disclosed a data protection system which comprises a backend server for providing a secure data storage facility to a network, the network being managed by an administrator. The system includes at least one key controller hosted on the network, and a hierarchy of cryptographic keys for cryptographically protecting data of the network. The hierarchy of keys are distributed between the network, the key controller and the backend server. The hierarchy of keys comprises first and second master keys Ax, Cx that are associated with the administrator and the key controller respectively. One or more derived keys are derived from the first and second master keys. At least one of the first and second master keys are kept resident on the network and at least one of the derived keys are kept resident on the backend server.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for enhancing blockchain network security. Implementations include receiving a request for data from the data source, transmitting the request to a relay system that is external to the blockchain network and that includes a multi-node cluster including a plurality of relay system nodes, receiving a result provided from a relay system node, the result being digitally signed using a private key of the relay system node, verifying that the relay system node is registered, verifying an integrity of the result based on a public key of the relay system node and a digital signature of the result in response to verifying that the relay system node is registered, and transmitting the result to a client in response to verifying the integrity of the result.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for enhancing blockchain network security. Implementations include receiving a request for data from the data source, transmitting the request to a relay system that is external to the blockchain network and that includes a multi-node cluster including a plurality of relay system nodes, receiving a result provided from a relay system node, the result being digitally signed using a private key of the relay system node, verifying that the relay system node is registered, verifying an integrity of the result based on a public key of the relay system node and a digital signature of the result in response to verifying that the relay system node is registered, and transmitting the result to a client in response to verifying the integrity of the result.

Abstract: Described herein are various technologies pertaining to creating and modifying a computer-readable file for a patient in response to receiving data about the patient. The computer-readable file is modified by appending a child file record to the computer-readable file, identifying a parent file record for the child file record in the computer-readable file, and storing a pointer in the parent file record to the child file record. The child file record comprises the data about the patient, an initially empty pointer portion, and an attribute of a user that has permission to access the data about the patient. The pointer portion may be later modified to include pointers to subsequently added file records in the computer-readable file.

Abstract: Systems and methods for obtaining access to a session with a remote cloud service server. The methods comprising: receiving, by a first client computing device, a user unique identifier from a mobile device located in proximity to the first client computing device; and performing facial recognition operations by the first client computing device subsequent to the reception of the user unique identifier. The facial recognition operations comprise: capturing an image of the mobile device's user; and analyzing the image to obtain a user name associated with the facial features represented therein. A determination is made as to whether the user name matches the user unique identifier. If so, a first session with the remote cloud service server is automatically launched.