Abstract: Various embodiments of the present disclosure provide an aircraft engine monitoring system. Generally, the aircraft engine monitoring system includes an engine monitoring device and one or more sensors configured to sense engine parameters of an engine of an aircraft and to generate and send signals representing the sensed engine parameters to the engine monitoring device, which stores them as engine performance data. An external device is communicatively connectable to the engine monitoring device to retrieve the engine performance data if both (1) the engine monitoring device determines that the external device is a trusted device and (2) the external device determines that the engine monitoring device is a trusted device, the engine monitoring device is configured to encrypt and securely transmit some or all of the engine performance data to the external device.

Abstract: An electronic circuit includes an operator including logic gates configured to perform either one or both of encryption and decryption operations. The electronic circuit further includes a controller configured to control the operator to operate in a first mode in which each of the logic gates outputs a first logic value during a first time period of a clock signal, and operate in a second mode in which a number of first logic gates, each of which outputs the first logic value, among the logic gates, and a number of second logic gates, each of which outputs a second logic value, among the logic gates, are maintained constant during a second time period of the clock signal, in response to a control value indicating that either one or both of the encryption and decryption operations are performed.

Abstract: A radio transmission device includes: an information acquisition unit to externally acquire information data; an encryptor to encrypt the information data using one of a plurality of encryption processes used for encryption to generate transmission data; a radio field intensity setter having a different setting for each of the plurality of encryption processes used for encryption, the radio field intensity setter setting a radio field intensity at which the transmission data is to be transmitted; and a transmitter to transmit the transmission data at the set radio field intensity.

Abstract: In one aspect, computerized method for hardening security of an application includes the step of modifying a set of instructions of an application to include at least one sensor adapted to capture a set of information snapshots from within the application in a running state. The method includes the step of analyzing, from within the application, the set of information snapshots from the at least one sensor. The method includes the step of detecting a presence, a status, and a configuration of a security defense mechanism based on an analysis of the information snapshots; invoking an appropriate hardening action to improve the security defense mechanism of the application.

Abstract: Techniques are described herein to secure a packet data convergence protocol (PDCP) control protocol data unit (PDU). A base station may determine a security configuration for a PDCP control PDU based on various factors including the content of the PDCP control PDU. For example, the security configuration of the PDCP control PDU may be applied because the PDCP control PDU includes a retransmission request. A counter dedicated to PDCP control PDUs may be initialized. The security protocols may be based on the dedicated counter. Some types of security parameters may be shared in some contexts such as in handover procedures or dual connectivity procedures. For example, security configurations associated with a second communication link may be based on security configurations associated with a first communication link. PDCP control PDUs may be secured based on the security configurations, the security parameters, protection keys, or combinations thereof.

Abstract: This document discloses a heuristic data analytics method and system for analysing potential information security threats in information security events. In particular, the heuristic data analytics method and system analyses Binary Large Objects (BLOBs) of structured and unstructured information security events at high speed and in real-time to anticipate potential security breaches that will occur in the near future using algorithms and large scale computing systems.

Abstract: This disclosure relates to systems and methods for analyzing sensor data using incremental autoregression techniques for generating a vector of autoregression coefficients is provided. The system processes a time series data to obtain blocks of observation values, reads the observation values, updates pre-stored convolution values with the observation values, updates a partial sum by adding each observation value to the partial sum, increments a count each time an observation value is read, repeats the steps of updates and increments until a last observation value from a last block is read to obtain an updated set of convolution values, partial sum, and count. The system further computes a first matrix and a second matrix using the updated set of convolutions values, or summation of observation values computed from the updated partial sum, or the updated count, and generates a vector of autoregression coefficients based on the first and the second matrix.

Abstract: A sensitive element protection mechanism and a payment device using the sensitive element protection mechanism includes a circuit board; a sensitive element configured for storing, transmitting and/or processing user account information and user transaction information; a shield arranged in parallel with the circuit board; and an elastic member connecting the circuit board and the shield. The sensitive element is located on a side of the circuit board near the shield. The circuit board and the shield are provided and the sensitive element is provided between the circuit board and the shield so as to protect the sensitive element through the shield. The elastic member connects the circuit board and the shield to prevent the circuit board from being separated from the shield, thus preventing the circuit board from being opened to steal sensitive information in the sensitive element.

Abstract: A communication apparatus includes a counter, a reception portion, an update portion, a code generation portion, a determination portion, and a transmission portion. The reception portion receives a communication data from a different one of the communication apparatus. The update portion updates a value of the counter. The code generation portion generates a message authentication code based on the communication data received by the reception portion, the value of the counter, and a common key. The determination portion determines whether the message authentication code generated by the code generation portion matches a message authentication code set in the communication data. The transmission portion transmits a synchronization request when a number of times that the determination portion determines a mismatch between the message authentication codes becomes equal to or more than a predetermined number of mismatches.

Abstract: Embodiments presented herein use an audio based authentication system for pairing a user account with an audio-based periphery computing system. The audio-based authentication system allows a user to interface with the periphery device through a user computing device. The user can utilize a previously authenticated user account on the user computing device in order to facilitate the pairing of the audio-based periphery computing system with the user account.

Abstract: A method for authenticating a mobility management entity (MME) for outbound roaming subscribers includes maintaining a Diameter authentication information request (AIR)/update location request (ULR) mapping database at a Diameter edge agent (DEA). A Diameter AIR message is received at the DEA. The DEA determines that the AIR message includes a visited public land mobile network identifier (VPLMN ID) not of record in the database. The DEA records the VPLMN ID in the database. A Diameter ULR message is received at the DEA, and a VPLMN ID is read from the ULR message. The DEA determines that the VPLMN ID read from the ULR message does not match the VPLMN ID recorded for the subscriber in the database. In response to determining that the VPLMN ID does not match the VPLMN ID recorded for the subscriber in the database, the DEA rejects the ULR message.

Abstract: User events are processed to estimate a unique user count. An identifier hash, having a bucket index portion denoting one of a plurality hash buckets, is generated for each of the user events. At a processing node, each of the user events is allocated to one of a plurality of processing threads based on the bucket index portion of its identifier hash. A unique user count is estimated as follows: for each user event satisfying at least one query parameter, 1) determine a run length of a second portion of its identifier hash, 2) compare it with a value of the hash bucket denoted by the bucket index portion of that identifier hash, and 3) if the determined run length is greater, change that hash bucket value at that node to match the determined run length. The hash bucket values are used to estimate the unique user count.

Abstract: The privilege information management system stores a group tree configured with group nodes each representing a group configured with a member enabled to use a privilege, stores an object tree configured with object nodes each representing a target object to be used with a privilege, stores, in a releasable manner, privilege-valid link information indicating a connection between an arbitrary group node and an arbitrary object node in a privilege-valid mode, and regarding a first group node of the group nodes and a first object node of the object nodes connected by the privilege-valid link information, grants a privilege to use a target object of the first object node and a subordinate object node if there are any under the first object node to a member belonging to the first group node and a subordinate group node if there are any under the first group node.

Abstract: Key generation and roll over is provided for a cloud based identity management system. A key set is generated that includes a previous key and expiration time, a current key and expiration time, and a next key and expiration time, and stores the key set in a database table and a memory cache associated with the database table. At the current key expiration time, the key set is rolled over, including retrieving the key set from the database table, updating the previous key and expiration time with the current key and expiration time, updating the current key and expiration time with the next key and expiration time, generating a new key and expiration time, updating the next key and expiration time with the new key and expiration time, and updating the key set in the database table and the memory cache.

Abstract: A processing system includes an execution unit comprising a logic circuit to implement an architecturally-protected execution environment associated with a protected region in a memory, in which the execution unit is to execute application code stored in the protected region as a thread running in the architecturally-protected execution environment, determine that an access mode flag is set to a first value, detect an attempt by the thread to access data stored outside the protected region, and responsive to detecting the attempt and determining that the access mode flag is set to the first value, generate an exception.

Abstract: A first device may receive content from a second device based on a request for the content. The first device may be located between the second device and a third device. The first device may determine a value for a portion of the content using a function, where the value is to be used to analyze the content. The value may uniquely identify the portion of the content. The first device may determine whether a classification of the content can be determined. The first device may selectively determine the classification of the content by providing the value or the portion of the content corresponding to the value, to a fourth device when the classification cannot be determined, or determine the classification of the content using a data store when the classification can be determined. The first device may perform an action with respect to the content.

Abstract: Authentication can be performed on thin clients using independent mobile devices. Because many users have smart phones or other similar mobile devices that include biometric scanners, such mobile devices can be leveraged to perform authentication of users as part of logging in to a thin client desktop. A mapping can be created on a central server between a user's mobile device and the user's domain identity. A mapping can also be created between the user's domain identity and the user's thin client desktop. Then, when a user desires to log in to his thin client desktop, the user can employ the appropriate biometric scanner on his mobile device to perform authentication. The central server can then rely on this authentication to identify and log the user into his thin client desktop.

Abstract: A method for providing an on-premises virtual directory system for an LDAP (Lightweight Directory Access Protocol) to SCIM (System for Cross-domain Identity Management) proxy service is provided. The method includes providing an LDAP Directory Information Tree (DIT) including LDAP DIT entries, providing a SCIM directory including SCIM resource entries, migrating the LDAP DIT entries to the SCIM directory, creating a virtual LDAP hierarchy based on LDAP DIT hierarchical information stored in the SCIM directory, and displaying a graphical user interface (GUI) for a directory services application that includes a data tree pane that depicts the virtual LDAP hierarchy. Creating the virtual LDAP hierarchy includes storing the LDAP DIT hierarchical information in the SCIM directory by mapping LDAP containers to SCIM user or SCIM group attributes, mapping LDAP containers to special marker SCIM groups, mapping LDAP user DNs to SCIM user externalIDs, or mapping LDAP group DNs to SCIM group externalIDs.

Abstract: Method and intelligent subscriber management unit for enabling voice and text data service from a public communication network (7) to a mobile subscriber device (1). Authenticating the mobile subscriber device (1) is achieved using a home location register (8) and/or authentication center (9), while the mobile subscriber device (1) is in reach of an access point (2) of a data network (3). A challenge response is received from a subscriber identity module (SIM) of the mobile subscriber device (1), and includes the international mobile subscriber identity (IMSI (16)). The IMSI (16) is stored in a visitor location register (17) which is attached to the home location register (8). Then conversion of voice and text data service is executed between a first data format suitable for the public communication network (7) and a second data format suitable for the data network (3).