Abstract: Methods, systems, and machine-readable storage mediums for clock synchronizing among detectors in a clock synchronizing configuration are provided. An example clock synchronizing method includes: providing a clock of a preset frequency in each of N modules to be synchronized, coupling every two adjacent modules of the modules by a transmission line of the same length, N being an odd number, selecting two different modules from the modules as two reference modules respectively, controlling each of the reference modules to transmit a synchronizing signal to the other modules, determining a clock error between every two modules having the same transmission distance from the reference module according to a moment of the synchronizing signal reaching each of the other modules, selecting a calibrating module from the modules, and implementing clock synchronization between each of the modules and the calibrating module according to the respective clock errors associated with the two reference modules.

Abstract: An apparatus and a method for encrypting and decrypting data in a device are provided. The apparatus includes a processor and a memory. The processor is configured to transmit a data command from an application to an encryption driver that executes in a kernel space, determine if the application is authenticated to perform the data command based on an access policy, transmit, when the application is authenticated, a first key to a cryptographic library that executes in an application space, and perform the data command based on the first key after receiving a response via the cryptographic library. The first key is stored in an encryption driver in the kernel space and is not available to applications in the application space.

Abstract: A Position Emission Tomography (PET) system is provided in the present disclosure. According to an example, the PET system includes a detector and a host computer, where the detector includes: a plurality of detector rings; each of the detector rings including n number of collecting modules arranged in a circumferential direction of the detector ring, where n is an integer greater than 1; a first collecting module of the n number of collecting modules coupled with the host computer; an n-th collecting module of the n number of collecting module coupled with a (n?1)-th collecting module; and an i-th collecting module coupled with an (i?1)-th collecting module, where i is an integer greater than 1 and less than n.

Abstract: A connected device includes an application processor, a secure element, and a control module. The application processor is configured to receive a control command from an electronic device. The secure element is connected between the application processor and a control module and is configured to authenticate the control command. The control module is configured to receive the control command when the control command is authenticated by the secure element, execute the control command to activate at least one function of the connected device, and transmit a response to the electronic device.

Abstract: Methods, devices and computer-readable mediums for clock synchronization are provided. The methods include receiving a synchronizing clock in a unit clock cycle of a measuring clock, calibrating position information of a rising edge of the synchronizing clock in the unit clock cycle, determining a phase difference between the measuring clock and the synchronizing clock in the unit clock cycle based on the calibrated position information, and compensating a photon time in the unit clock cycle with the determined phase difference as a time compensation value.

Abstract: An apparatus and method for protecting kernel data integrity in an electronic device are provided. The method includes mapping a specified type of data to a read-only memory area, detecting a write attempt to the specified type of data, determining whether a process attempting to write to the specified type of data is permitted according to a specified condition, and allowing the write attempt if the process attempting to write to the specified type of data satisfies the specified condition.

Abstract: An apparatus and a method for identifying security of an electronic device are provided. The method includes identifying a security state of a system binary loaded to a memory of the electronic device based on booting of the electronic device in a second operating system of the electronic device, and sending security state information to a first operating system in the second operating system based on a request from the first operating system of the electronic device.

Abstract: An apparatus and method of a hardware isolated secure element protecting a plurality of mission critical subsystems are provided. The method includes performing an actuation operation received across an unsecure path that modifies the state of a mission critical subsystem, performing a diagnostic operation received across the unsecure path that requests state information of the mission critical subsystem, storing information used to determine which of the diagnostic operation and the actuation operation received across the unsecure path are performed, and flashing an execution image of an electronic control unit when the execution image of the electronic control unit is received across the unsecure path.

Abstract: An apparatus and method for operating a relational database (DB) are provided. The method includes determining a sensitivity classification for a column of a table in the DB, performing encryption, using a data encryption key (DEK), of sensitive data when writing the sensitive data to the column determined to be sensitive, performing decryption, using the DEK, of the encrypted sensitive data when reading the sensitive data from the column determined to be sensitive, and performing writing to the column and reading from the column of unencrypted non-sensitive data when the column is determined to be non-sensitive.

Abstract: A method is provided for wireless data transfer. The method includes determining, at a mobile device, communication capability of another device for receiving data. The method also includes selecting an optimal communication protocol for communicating the data based on the determined communication capability. The method also includes communicating the data with the other device using the selected optimal communication protocol.

Abstract: An apparatus and method of an attachment device for interfacing with an on-board diagnostic system of a vehicle is provided. The device includes an application processor configured to receive input from a terminal, control processing of the input by the on-board diagnostic system, transmit a result of the processing of the input by the on-board diagnostic system to the terminal, and a secure element interposed in the communication path between the application processor and the on-board diagnostic system, the secure element configured to filter the input of an on-board diagnostic operation that is untrusted.

Abstract: Disclosed herein are techniques for verifying the integrity of an electronic device. A normal world virtual processor and a secure world virtual processor are instantiated. An integrity verification agent is executed by the secure world virtual processor. A kernel operation attempted by the normal world virtual processor is intercepted by the secure world virtual processor.

Abstract: Methods, systems, and computer readable media for active monitoring, memory protection, and integrity verification of a target device are disclosed. For example, a normal world virtual processor and a secure world virtual processor are instantiated on a target device. A target operating system is executed on the normal world virtual processor. An integrity verification agent is executed on the secure world virtual processor. One or more predetermined operations attempted on the normal world virtual processor are trapped to the secure world virtual processor. The integrity verification agent is used to determine the effect of the execution of the trapped operations on the target device.

Abstract: A user device comprising: i) transmit path circuitry and receive path circuitry configured to communicate with a payment server; and ii) processing circuitry configured to control the transmit path circuitry and receive path circuitry. The processing circuitry is further configured to: a) receive a user input related to a payment process; b) calculate a risk score indicative of a likelihood of fraudulent activity associated with the payment process, wherein the risk score calculation is based on confidential information associated with the user that is stored on the user device; and c) transmit to the payment server a payment action and the risk score associated with the payment action without disclosing the confidential information. The confidential information comprises personally identifiable information and/or private information of the user. The processing circuitry calculates the risk score using a risk base model received from a model server.

Abstract: An apparatus and a method for encrypting and decrypting data in a device are provided. The apparatus includes a processor and a memory. The processor is configured to transmit a data command from an application to an encryption driver that executes in a kernel space, determine if the application is authenticated to perform the data command based on an access policy, transmit, when the application is authenticated, a first key to a cryptographic library that executes in an application space, and perform the data command based on the first key after receiving a response via the cryptographic library. The first key is stored in an encryption driver in the kernel space and is not available to applications in the application space.

Abstract: A method and apparatus for data security incorporating device state. The method includes encrypting sensitive data written to an electronic device while the electronic device is in a locked state using a public key of an asymmetric master key pair. The method also includes, in response to detecting that the electronic device enters an unlocked state, converting asymmetric encryption of the sensitive data into symmetric encryption of the sensitive data using a symmetric master key. Encrypting of the sensitive data may include encrypting the sensitive data using a data encryption key (DEK) and encrypting the DEK using the public key. Converting of the asymmetric encryption of the sensitive data into the symmetric encryption may include decrypting the encrypted DEK using a private key of the asymmetric master key pair and re-encrypting the DEK using the symmetric master key without decrypting and re-encrypting the sensitive data.

Abstract: A method and electronic device for executing secure download and security function is provided. The method includes storing a unique identifier (ID) of the electronic device, receiving a binary update request, determining whether the stored unique ID matches a unique ID signed to the binary, and downloading the binary depending on whether the unique IDs match.

Abstract: A method for verifying data integrity of a block device is provided. The method includes providing a secure world execution environment configured to monitor changes to data blocks of a block device, within the secure world execution environment, generating a hash for changed data blocks of the block device, and within the secure world execution environment, verifying and generating a cryptographic signature.

Abstract: An apparatus and method for generating an application container are provided. The method includes selecting a target application from among a plurality of applications included in an electronic device, acquiring a policy file corresponding to the target application, determining whether the policy file includes a category of the target application, and executing the application container which includes the target application.

Abstract: An apparatus and method for protecting kernel data integrity in an electronic device are provided. The method includes mapping a specified type of data to a read-only memory area, detecting a write attempt to the specified type of data, determining whether a process attempting to write to the specified type of data is permitted according to a specified condition, and allowing the write attempt if the process attempting to write to the specified type of data satisfies the specified condition.