Abstract: A non-transitory computer readable medium (107, 127) stores instructions readable and executable by at least one electronic processor (101, 113) to provide an operating mode for a medical device (120) to provide medical diagnostic and/or medical treatment functionality; instructions readable and executable by the at least one electronic processor to provide a service mode for the medical device that provides service functions for servicing the medical device; and instructions readable and executable by the at least one electronic processor to: perform a validation process at an end of a servicing session of the medical device performed using the service mode to determine whether the medical device is in an incorrect operating state; and display, on a display device (105) operable by a service engineer and in response to determining the medical device is in the incorrect operating state, an indication that the medical device is in the incorrect operating state.

Abstract: The invention relates to a system for connecting rigid pipes and for connecting flexible pipes. The pipes have corresponding outer diameters, with a press jaw having a press contour, with at least one first fitting for press-fitting to a rigid pipe, the at least one first fitting having a first press sleeve with a first outer contour, with at least one second fitting for press-fitting to a flexible pipe, the at least one second fitting having a second press sleeve with a second outer contour, the at least one second fitting having a second press sleeve with a second outer contour has a second press sleeve with a second outer contour, the outer contour of the first press sleeve and the outer contour of the second press sleeve in each case being adapted at least in sections to the press contour of the press jaw of the press jaw and can be pressed by the press jaw and wherein the outer contours of the first press sleeve and of the second press sleeve correspond at least in sections.

Abstract: Some embodiments are directed to a categorization system for categorizing a sensitive data field in a dataset, e.g., a disease classification according to the ICD classification. A client device is to obtain categories for one or more records of the dataset. The client device determines categorization data for the categorization. The categorization data comprises homomorphic encryptions of possible values of the sensitive data field and encodings of the categories associated to the respective possible values, thus keeping the categorization secret. A data provider device stores the dataset and determines homomorphic encryption indicating differences between the value of the sensitive data field for a record and respective possible values. A categorization device determines which of those encryptions indicates a match and provides a category encoding associated with a matching possible value to the client device. The client device associates the encoded category to the record.

Abstract: A mechanism for determining the trustworthiness of training a first neural network, and thereby of the trained first neural network. Values of a set of weights of the first neural network are monitored during the training process. The monitored values are used to determine the trustworthiness of the training of the first neural network.

Abstract: A system or method generates de-identified output from a data set of patient data comprising unstructured text (100) in natural language phrases. A blacklist (105) has word items that are not allowed. The unstructured text is processed to determine a word count (110) comprising a list of low-rate word items that have a number of occurrences (k) in the unstructured text below a threshold (120). Subsequently, the low-rate word items and the blacklist word items are masked (130) in the unstructured text to generate the de-identified output (140).

Abstract: Some embodiments are directed to a categorization system for 100 categorizing a sensitive data field in a dataset, e.g., a disease classification according to the ICD classification. A client device is to obtain categories for one or more records of the dataset. The client device determines categorization data for the categorization. The categorization data comprises homomorphic encryptions of possible values of the sensitive data field and encodings of the categories associated to the respective possible values, thus keeping the categorization secret. A data provider device stores the dataset and determines homomorphic encryption indicating differences between the value of the sensitive data field for a record and respective possible values. A categorization device determines which of those encryptions indicates a match and provides a category encoding associated with a matching possible value to the client device. The client device associates the encoded category to the record.

Abstract: The resource metering system comprises: an end-point device (25) consuming a resource, in particular for usage in a building (2) or in an outdoor lighting system, said device comprising a detection unit that produces status information and an indicator of usefulness; a smart meter (20) comprising: a communication circuitry provided with an interface adapted for receiving from said device status information and said indicator of usefulness; a metrology device connected to a medium (17) that provides the resource to said device; and a control circuitry connected to the metrology device for collecting resource consumption data, the control circuitry being connected to the communication circuitry and adapted to produce monitoring data to be securely transmitted to a server (10) after processing the status information and said indicator. Monitoring data are used when determining consumption tariffs, so as to encourage energy efficient usage of the device.

Abstract: This invention relates to a system and a method of generating an Authorized Domain (AD) by selecting a domain identifier, and binding at least one person (P1, P2, . . . , PN1), at least one device (D1, D2, . . . , DM), and at least one content item (C1, C2, . . . , CN2) to the Authorized Domain (AD) given by the domain identifier (Domain_ID). Hereby, a number of verified devices (D1, D2, . . . , DM) and a number of verified persons (P1, P2, . . . , PN1) that is authorized to access a content item of the Authorized Domain (100) is obtained. In this way, access to a content item of an authorized domain by a person operating a device is obtained either by verifying that the content item and the person are linked to the same domain or by verifying that the device and the content item are linked to the same domain. Thereby, enhanced flexibility for one or more persons when accessing content in an authorized domain is obtained while security of the content is still maintaining.

Abstract: This invention relates to a method of healthcare data handling by a trusted agent possessing or having an access to decryption keys for accessing healthcare data. A request is received from a requestor requesting accessing healthcare data. A log is generated containing data relating to the request or the requestor or both. Finally, the requestor is provided with an access to the healthcare data.

Abstract: A method of performing measurement of a subject comprises measuring a physiological parameter of a subject, deriving data from the measured parameter, optionally, obtaining metadata relating to the measurement of the physiological parameter, determining the quality of the derived data from the derived data and/or the obtained metadata, and if the determined quality matches a predefined criteria, performing a predefined corrective action. In one embodiment, the method further comprises calculating one or more qualifiers from the derived data and/or from the obtained metadata, and wherein the step of determining the quality of the derived data comprises determining the quality of the derived data from the calculated qualifiers.

Abstract: A system for executing a virtual machine instance is provided. An executing environment (11) is arranged for creating a virtual machine instance (10). The virtual machine instance (10) comprises an instance authorization unit (1) for receiving an instance authorization credential, wherein the instance authorization credential is uniquely associated with the virtual machine instance (10). A data key unit (2) is arranged for generating a request for a data key, based on the instance authorization credential associated with the virtual machine instance (10). A decryption unit (3) is arranged for decrypting a data item (7) based on the data key. A key server system (6) is arranged for issuing keys to a virtual machine instance (10). An instance authorization providing unit (22) is arranged for providing the instance authorization credential to the virtual machine instance (10).

Abstract: This invention relates to a method (100) for creating, on a device (200), an authorized domain (102) for sharing a (103) of a content item (104) between a first person (105) and a second person (106). The method (100) alleviates the hassle of having end-users managing authorized domains. If the first person is bound (107) to the right (103), and the device is bound (108) to the first person (105), the device (200) grants (110) the second person (106) the right (103) in response to the device (200) associating (109) to the second person (106).

Abstract: A system for executing a virtual machine instance is provided. An executing environment (11) is arranged for creating a virtual machine instance (10). The virtual machine instance (10) comprises an instance authorization unit (1) for receiving an instance authorization credential, wherein the instance authorization credential is uniquely associated with the virtual machine instance (10). A data key unit (2) is arranged for generating a request for a data key, based on the instance authorization credential associated with the virtual machine instance (10). A decryption unit (3) is arranged for decrypting a data item (7) based on the data key. A key server system (6) is arranged for issuing keys to a virtual machine instance (10). An instance authorization providing unit (22) is arranged for providing the instance authorization credential to the virtual machine instance (10).

Abstract: This invention relates to a system and a method of generating an Authorized Domain (AD) by selecting a domain identifier, and binding at least one person (P1, P2, . . . , PN1), at least one device (D1, D2, . . . , DM), and at least one content item (C1, C2, . . . , CN2) to the Authorized Domain (AD) given by the domain identifier (Domain_ID). Hereby, a number of verified devices (D1, D2, . . . , DM) and a number of verified persons (P1, P2, . . . , PN1) that is authorized to access a content item of the Authorized Domain (100) is obtained. In this way, access to a content item of an authorized domain by a person operating a device is obtained either by verifying that the content item and the person are linked to the same domain or by verifying that the device and the content item are linked to the same domain. Thereby, enhanced flexibility for one or more persons when accessing content in an authorized domain is obtained while security of the content is still maintaining.

Abstract: This invention relates to a system and a method of generating an Authorized Domain (AD) by selecting a domain identifier, and binding at least one person (P1, P, PN1), at least one device (D1, D2, . . . , DM), and at least one content item (C1, C2, . . . , CNZ) to the Authorized Domain (AD) given by the domain identifier (Domain ID). Hereby, a number of verified devices (D1, D2, . . . , DM) and a number of verified persons (P1, P2, . . . , PN1) that is authorized to access a content item of the Authorized Domain (100) is obtained. In this way, access to a content item of an authorized domain by a person operating a device is obtained either by verifying that the content item and the person are linked to the same domain or by verifying that the device and the content item are linked to the same domain. Thereby, enhanced flexibility for one or more persons when accessing content in an authorized domain is obtained while security of the content is still maintaining.

Abstract: A method of controlled access to content, comprising joining an access sharing network, obtaining a content item from the access sharing network which requires access control data to enable playback, obtaining the access control data, determining from the access control data that a particular other device is authorized to play back the content item, and enabling playback of the content item in accordance with the access control data upon a positive determination that said other device is a member of said access sharing network. Preferably the access control data is used also during a predetermined period of time after making a determination that said other device has ceased to be a member of the access sharing network. Also a device (101) configured to carry out the method.

Abstract: This invention relates to a system and a method of generating an Authorized Domain (AI)), the method comprising the steps of selecting a domain identifier (Domain ID) uniquely identifying the Authorized Domain, binding at least one user (P1, P2, . . . , PN1) to the domain identifier (Domain ID), and binding at least one device (D1, D2, . . . , DM) to at least one user (P1, P2, . . . , PN1), thereby obtaining a number of devices (D1, D2, . . . , DM) and a number of users (P1, P2, . . . , PN1) that is authorized to access a content item (C1, C2, CN2) of said Authorized Domain (100). Hereby, a number of verified devices (D1, D2, . . . , DM) and a number of verified persons (P1, P2, . . . , PN1) that is authorized to access a content item of said Authorized Domain (100) is obtained. Additionally, it is possible to enable automatic assignment of imported content being imported on a device belonging to the Authorized Domain (AD) since it now is given to which person a given authorized device belongs to.

Abstract: In a domain comprising a plurality of devices, the devices in the domain sharing a common domain key, a method of enabling a entity that is not a member of the domain to create an object that can be authenticated and/or decrypted using the common domain key, the method comprising providing to the entity that is not a member of the domain a diversified key that is derived using a one-way function from at least the common domain key for creating authentication data related to said object and/or for encrypting said object, the devices in the domain being configured to authenticate and/or decrypt said object using the diversified key.

Abstract: The resource metering system comprises: an end-point device (25) consuming a resource, in particular for usage in a building (2) or in an outdoor lighting system, said device comprising a detection unit that produces status information and an indicator of usefulness; a smart meter (20) comprising: a communication circuitry provided with an interface adapted for receiving from said device status information and said indicator of usefulness; a metrology device connected to a medium (17) that provides the resource to said device; and a control circuitry connected to the metrology device for collecting resource consumption data, the control circuitry being connected to the communication circuitry and adapted to produce monitoring data to be securely transmitted to a server (10) after processing the status information and said indicator. Monitoring data are used when determining consumption tariffs, so as to encourage energy efficient usage of the device.

Abstract: Authentication of a user to an electronic device in a communication network is described. The method comprises obtaining a biometric characteristic of the user, transmitting, to a social networking service, information that specifies at least one primary user of the device, receiving, from the social networking service, information that specifies a group of persons who have a social relationship with the at least one primary user, obtaining information that specifies a result from a biometric matching operation with the biometric characteristic of the user and biometric characteristics of persons in the specified group of persons, the result indicating whether or not the user is authenticated to the electronic device. By narrowing down the size of the searching space-needed during a matching operation by utilizing information regarding a group of persons in a social network, the false acceptance rate is reduced and biometric authentication of a user to an electronic device is thereby facilitated, e.g.