Abstract: A work process management system includes at least one work device and an individual controller that is directly or indirectly attached to a work object to control the work device. Each of the work device includes a work-device-side storage, a work-device-side communicator, a work part, and a work-device-side control part. The individual controller includes an individual-controller-side storage in which a work content of a work process performed with the work device and associated setting information are stored, an individual-controller-side communicator, and an individual-controller-side calculation controller that transmits the work content of the work process performed with the work device and the associated setting information in which a performance result is reflected to the work-device-side communicator, and additionally store the received performance result in the individual-controller-side storage.

Abstract: A method and system for negotiating a secure device-to-device communications channel between a first computing device and a second computing device, wherein the first computing device is associated with a first user and the second computing device is associated with a second user. The method comprises receiving, at a server, a first connection request comprising first address data and a first cryptographic key associated with the first computing device, the first connection request being received over a first secure communications channel, and receiving, at the server, a second connection request comprising second address data and a second cryptographic key associated with the second computing device, the second connection request being received over a second secure communications channel.

Abstract: A method for allocating an addressing identifier includes: notifying, by an access point, at least two stations of an encrypted new MAC address that corresponds to each station, and indicating a predetermined update condition, so that the at least two stations update respective MAC addresses to the respective new MAC addresses when the predetermined update condition is met; and when the predetermined update condition is met, updating, by the access point, the MAC addresses of the at least two stations to the new MAC addresses that correspond to the stations, so that when a message is subsequently received from the stations or sent to the stations, the new MAC addresses are used as the MAC addresses of the stations. In the foregoing manner, the present invention can prevent an eavesdropper from tracing, by using a MAC address, a terminal to acquire user privacy, ensuring security of the user privacy.

Abstract: Provided are a computer program product, system, and method for interacting with a remote server over a network to determine whether to allow data exchange with a resource at the remote server. Detection is made of an attempt to exchange data with the remote resource over the network. At least one computer instruction is executed to perform at least one interaction with the server over the network to request requested server information for each of the at least one interaction. At least one instance of received server information is received. A determination is made whether the at least one instance of the received server information satisfies at least one security requirement. A determination is made of whether to prevent the exchanging of data with the remote resource based on whether the at least one instance of the received server information satisfies the at least one security requirement.

Abstract: An apparatus includes a processor and a memory operatively coupled to the processor and associated with an instance of a distributed database at a first compute device. The processor is configured to select an anonymous communication path. Each blinded public key from a sequence of blinded public keys associated with the anonymous communication path is associated with a pseudonym of a compute device from a set of compute devices that implement the anonymous communication path. The processor is configured to generate an encrypted message encrypted with a first blinded public key. The processor is configured to generate an encrypted data packet including the encrypted message and a compute device identifier associated with a second compute device. The encrypted data packet is encrypted with a second blinded public key. The processor is configured to send the encrypted data packet to a third compute device.

Abstract: Disclosed is a content management system comprising: a server; a content database, configured within the server, within which are stored one or more channels, each channel comprising one or more stories, each story comprising a title and one or more files; and one or more user devices connected to the network, each user device being associated with a user, each user device being configured to allow the associated user to view one or more stories from a channel to which the associated user has viewing rights. The title of each story and the names of the files contained in the story are stored obfuscated in the content database, and the files are stored encrypted in the content database.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for managing, and enforcing policies on data security. A policy appliance includes a policy administration point, a policy decision point, a policy enforcement point and, optionally, an auditing module. The policy appliance can execute in a self-contained environment, e.g., a single virtual machine, a single physical machine, or a cluster of virtual machines or physical machines identically configured. The self-contained policy appliance can receive, manage, enforce and audit multiple policies that specify access privileges of multiple users on multiple databases. The databases can include heterogeneous databases that are configured separately and differently from one another. A single configuration of the policy appliance centralizes and unifies policy management of the heterogeneous database in the self-contained environment.

Abstract: Systems, devices, and methods are provided for the control of interfacing between applications that facilitate the monitoring of diabetes running on a mobile device, including the authentication of a third party user interface application by a sensor interface application. Control of the display of current analyte levels and critical events is also provided.

Abstract: A system for storing an object includes a card reader, a keypad, and a secure storage area. The card reader is configured to receive a card from a user. The keypad is configured to receive authentication information from the user. The secure storage area is configured to store a plurality of boxes including a first box that is assigned to the user. The first box is configured to be dispensed from the secure storage area to the user in response to the user requesting to physically receive the first box. The first box defines an internal volume that is configured to store one or more objects belonging to the user. The first box is configured to be returned to the secure storage area after the user adds the one or more objects to, or removes the one or more objects from, the internal volume of the first box.

Abstract: Methods, systems, and devices are described for the prevention of network peripheral takeover activity. Peripheral devices may implement an anti-takeover mechanism limiting the number of available device command classes when certain handshake and verification requirements are not met. Anti-takeover peripheral devices with protection enabled may be relocated within a controller network, or in certain cases, from one controller network to another controller network when certain conditions are met. That same device may be hobbled when removed from a controller network and may remain hobbled when connected to another network that fails to meet certain conditions. Unprotection and unhobbling of a device may occur through an algorithmic mechanism using values stored on the peripheral device and the controller device for one or more of anti-takeover code generation, anti-takeover code comparison, network identification value comparison, and manufacturer identification value comparison.

Abstract: A high availability (HA) Identity Bridge (IDBridge) between an on-premises Active Directory (AD) and a cloud-based Identity Cloud Service (IDCS) is provided. A connection to an AD, coupled to a first network, is established. A connection to an IDCS, coupled to a second network, is established, the IDCS including a System for Cross-domain Identity Management (SCIM) directory. A plurality of selectable AD OUs are displayed in a GUI, and a selection of one or more OUs is then received. Each member group of the selected OUs is displayed in the GUI, and a selection of one or more member groups of the selected OUs is then received. The users of the selected OUs and the selected member groups of the selected OUs are monitored to identify users and groups that have been added, modified or deleted. The identified users and groups are then synchronized to the SCIM directory.

Abstract: Methods, systems, and devices are provided for inquiring and storing Indicator of Compromise (IoC) information. In one example, a method of inquiring and storing IoC information can include determining a target IoC information to be identified when an event occurs, requesting an encryption socket communication module of a first user terminal to request the target IoC information from an IoC information providing server, requesting a P2P socket communication module of the first user terminal to request the target IoC information from a P2P socket communication module of at least one other user terminal, and storing the target IoC information that is received first from either the IoC information providing server or the P2P socket communication module of the at least one other user terminal.

Abstract: A semiconductor device includes a first storage unit including twin cells which are electrically rewritable and complementarily store 1-bit data based on a difference in a threshold voltage, a second storage unit including a memory cell which is electrically rewritable, data stored in the memory cell being erased when data in the twin cells is erased, at least one scrambler subjecting first data to a scramble processing by using scramble data to generate second data, a first write circuit which writes the second data into the twin cells in the first storage unit, a second write circuit which writes the scramble data into the memory cell in the second storage unit, and at least one descrambler subjecting the second data read from the first storage unit to a descramble processing by using the scramble data read from the second storage unit.

Abstract: Detection of abnormalities in multi-dimensional data is performed by processing the multi-dimensional data to obtain a reduced dimension embedding matrix, using the reduced dimension embedding matrix to form a lower dimension (of at least 2D) embedded space, applying an out-of-sample extension procedure in the embedded space to compute coordinates of a newly arrived data point and using the computed coordinates of the newly arrived data point and Euclidean distances to determine whether the newly arrived data point is normal or abnormal.

Abstract: Various aspects can be implemented for increasing offline to online sales conversion. In general, one aspect can be a method that includes generating a coupon identifier dynamically at a retail location based on a unique password. The method also includes assigning tracking information and a variable sales price discount associated with a variable expiration time to the coupon identifier. The method further includes issuing the coupon identifier to a customer at the retail location for use in a future online sales transaction. Other implementations of this aspect include corresponding systems, apparatus, and computer program products.

Abstract: The present application discloses a method and device for transmitting and receiving instruction information. The method for transmitting instruction information includes: acquiring a first audio signal that is output from an audio interface of a mobile terminal and carries first instruction information and/or second instruction information, wherein the first instruction information is used to instruct a receiving device to perform an operation corresponding to the first instruction information, and the second instruction information is used to instruct to send the first instruction information to the receiving device; and generating, according to the acquired first audio signal, a first transmission signal that carries the first instruction information, and sending the first transmission signal to the receiving device, where the first transmission signal is a light signal or a sound wave signal.

Abstract: Disclosed embodiments relate to a system having a processor adapted to activate multiple security levels for the system and a monitoring device coupled to the processor and employing security rules pertaining to the multiple security levels. The monitoring device restricts usage of the system if the processor activates the security levels in a sequence contrary to the security rules.

Abstract: The invention is an authentication framework that enables a user to log in to a website using an Internet-connected device, such as smartphone, smart watch, smart glasses, or tablet, while browsing on a computer. The framework makes it easier for people with certain disabilities to log in to a website, such as by removing the mandatory step of entering usernames and passwords while giving users multiple options through which they are establish their identity using Internet-connected devices. For example, gyroscope, camera, microphone, or the accelerometer can be used to provide credentials. This approach of the framework greatly reduces the number of barriers that a user with disability encounters when trying to use password-based authentication on the Internet.

Abstract: A visitor authorization management method is provided. In the method, an authorization object identifier and an authorization operation information corresponding to the authorization object identifier are obtained. The authorization operation information according to the authorization object identifier is cached. A current latest authorization operation information corresponding to the authorization object identifier is retrieved from the cache. A reference time is determined based on an authorization time in the current latest authorization operation information. When a preset time period having the reference time as an end is reached, an authorization operation is performed according to the current latest authorization operation information and the authorization object identifier.

Abstract: It is proposed that known digital rights management (EDRM: Enterprise Digital Rights Management) be extended such that control over the access to data stored in a cloud remains with the user or originator of the data. This requires the access information to be coordinated between a rights application in the cloud and a rights server in the region of the user (that is to say outside the cloud). A rights policy can be used for fine-grained regulation of the access for users (user groups), computers (client, server) and validity periods. In this context, the access comprises a wide variety of actions which can be performed with the data. In particular, it is advantageous that a server application is provided with (temporally limited) access to a portion of the data in order to index said data, for example, without the server being able to access the complete contents of the data in the process.