Abstract: According to one embodiment, a method of displaying model includes: sampling a pattern to acquire an attention point; calculating a spatial or planar distribution that indicates any one of a design density, a lithography target density, a mask transmittance, or an optical image intensity at N points (N being an integer equal to or greater than 1) on the pattern including the attention point; calculating a threshold for the pattern; estimating, based on the distribution and the threshold, N elements respectively corresponding to the N points as a model; and displaying the estimated model.

Abstract: An apparatus for generating 3D shape data of a showerhead includes: a data processor that generates data sets comprising information indicating values of a first distance between an upper surface of a wafer and a showerhead, information indicating positions on the wafer and information about a fluid flow physical quantity value and determines a function representing a relationship among the various information; an input unit that receives condition data comprising a target fluid flow physical quantity value for each of the positions; and a database that stores information about the function. The data processor obtains information about a second distance, which has the target fluid flow physical quantity value, between the upper surface of the wafer and the showerhead at each of the positions, extracts spatial coordinate information of a lower surface of the showerhead, and generates 3D shape data of the showerhead using the spatial coordinate information.

Abstract: Methods for simulating hydrocarbon (HC) migration and accumulation in a subsurface formation are provided. The methods include determining a plurality of HC mass associated with a plurality of grid cells representing the subsurface formation. The methods also include determining a plurality of HC mass outflow magnitudes for one or more grid cells in the plurality of grid cells, the HC mass outflow magnitude for each of the one or more grid cells having an upper bound value based on the HC mass in that grid cell. The methods update the HC mass of the plurality of grid cells based on the plurality of HC mass outflow magnitudes. The methods also determine that a set of grid cells in the plurality of grid cells contain an excess mass of HC, and perform an accumulation process to model filling of a trap associated with the set of grid cells.

Abstract: Disclosed is a method of fast identifying the distribution rule of wind speed, for identifying an optimal distribution rule of known wind speeds, wherein transforming all types of distribution rules to be selected by Rosenblatt transformation to a uniform type based on the selected distribution type of the probability paper, and drawing the reference curve on the probability paper; selecting a plurality of distribution rules, selecting the known wind speed data as the sample data and comparing the point set of the sample data to the reference curve; judging the optimal distribution rule among the selected distribution rules according to the comparison result. The present invention is appropriate for identifying the distribution of wind speed of different range; the method is not specific to any probability paper that has wide applicability.

Abstract: A method, apparatus, and system provide the ability to simulate dynamic motion for a computerized model (of finite mesh elements). An element diagonal lumped mass matrix of the mesh, an estimate of a highest element eigenvector and eigenvalue of the mesh, and a kinematic state of the model are computed. Various steps are iterated until a total time duration is exceeded. A time, kinematic state, and stress state are advanced. Incremental strain and stress tensors, and hypo-elastic material constants are computed.

Abstract: An improved computer implemented method for modeling transport processes in fluids is disclosed. Instead of modeling based on using an infinitesimal fluid element of a continuous medium, the method approximates fluid flow in a fluid system as a model gas flow in a model gas system being identical to the fluid system. The method is adapted to model gas flow including dilute gas flow for high Knudsen numbers (Kn). The method delivers a new basis for prediction of dynamic evolution of the model gas system by considering a pre-established or known dynamic history of the system during a pre-initial period. A new generation of Computational Fluid Dynamics software products, which are based on the disclosed analytical tools and methods, are anticipated having capability to modeling gases from the continuum flow regime (Kn<0.01) to the free molecular flow regime (Kn>10), considerably higher accuracy of prediction, and lower computation cost.

Abstract: This application discloses a computing system implementing a functional safety validation tool to locate a vulnerable section of an electronic system described in a circuit design, select safety circuitry configured to monitor the vulnerable section of the electronic system, and modify the circuit design by inserting the safety circuitry and control circuitry into the circuit design. The control circuitry and the security circuitry can detect faults in the vulnerable section of the electronic system. The functional safety validation tool can generate a logical equivalency check script for the modified circuit design, which a logical equivalency checking tool can utilize to determine whether the modified circuit design is logically equivalent to the circuit design. The functional safety validation tool can generate a test bench for the modified circuit design, which at least one verification tool can utilize in a verification environment to simulate the modified circuit design.

Abstract: An EDA tool trains a machine-learning optimization tool using quantized optimization solution (training) data generated by conventional optimization tools. Each training data entry includes an input vector and an associated output vector that have quantized component values respectively determined by associated operating characteristics of initial (non-optimal) and corresponding replacement (optimized) circuit portions, where each initial circuit portion is identified and replaced by the corresponding replacement circuit portion during optimization of an associated target IC design. The stored training data entries are used by the machine-learning optimization tool to generate an efficient (e.g., piecewise-linear) prediction function.

Abstract: A method for generating masks for manufacturing of a semiconductor structure comprises the following steps. A design pattern for features to be formed on a substrate is divided into a first set of patterns and a second set of patterns. The first set of patterns comprises a first pattern corresponding to a first feature, the second set of patterns comprises two second patterns corresponding to two second features, and the first feature will be arranged between the two second features when the features are formed on a substrate. Two assist feature patterns are added into the first set of patterns. The two assist feature patterns are arranged in locations corresponding to the two second features, respectively. A first mask is generated based on the first set of patterns with the assist feature patterns. A second mask is generated based on the second set of patterns.

Abstract: In one embodiment, a computer-implemented method includes performing retiming using a first circuit design to determine one or more variations to the first circuit design, identifying one or more source registers that are involved in one or more unsuccessful retiming moves due to initial conditions conflicts, and recommending, via a graphical user interface, one or more corrective actions to the one or more source registers to avoid the initial conditions conflicts and improve performance of the one or more variations.

Abstract: The present invention belongs to the field of processing residual stress, and discloses a method for calculating processing parameters for residual stress control by parameter inversion. This method comprises: (a) extracting a characteristic index reflecting the residual stress distribution characteristic from a residual stress distribution curve; (b) respectively presetting initial values of processing parameters for residual stress control, calculating an initial value of the characteristic index, and drawing curves of the characteristic index over the respective processing parameters to obtain respective fitted curves; (c) respectively establishing a relation formula between respective characteristic index increment of the processing parameters and the fitting curve; and (d) assigning the values and performing inversion calculation to obtain the required processing parameters.

Abstract: A method for analyzing a bipartite graph data structure to condense reaction pathways of a metabolic network is described herein. A cell's metabolic network is structured as a bipartite graph, with molecule nodes representing the molecules within metabolism and edges connecting molecule nodes representing chemical reactions or processes. Molecule nodes within the bipartite graph are categorized according to the number of edges leading into and out of each node. If the structure of the bipartite graph indicates that the molecule node does not contribute to flux value solutions of a mathematical model of the metabolic network, then the node and its connected reaction pathway is blocked or removed from the bipartite graph. Thus the complexity of the bipartite graph may be reduced, and crucial nodes and pathways identified.

Abstract: The present invention relates to a method capable of, in order to diagnose fetal sex chromosome aneuploidy, differentiating Kleinfeiter's syndrome (XXY), triple X syndrome (XXX), and Turner's syndrome (monosomy X, XO) as well as male (XY) and female (XX) by using copy number variation (CNV). The differentiation method according to the present invention has significantly high sensitivity and accuracy since the reference line is evenly adjusted by performing normalization regardless of the kinds of platform and data. The present invention is useful in diagnosing the sex chromosome abnormality at an early stage through easy diagnosis of sex chromosomes X and Y, which are hard to diagnose, since an analysis is possible even with a small amount of fetal chromosomes, which corresponds to an advantage of noninvasive prenatal diagnosis, and copies are redundant.

Abstract: Certain aspects of the present disclosure provide techniques for managing data in a plurality of nodes of a distributed system. Embodiments include storing, by a node of the plurality of nodes, sensitive data in a block of a hash chain. Embodiments further include determining, by the node, that the sensitive data should not be distributed to other nodes of the plurality of nodes. Embodiments further include distributing, by the node, a limited version of the block to the other nodes. The limited version of the block may comprise a hash and a pointer to a previous block of the hash chain, and the limited version of the block may not contain the sensitive data.

Abstract: A verification computer system is provided that provides for content certification and verification using cryptography and a blockchain.

Abstract: An apparatus for managing a physical machine in which a virtual machine is set includes: a processor configured to execute first processing that includes managing performance information depending on performance of the physical machine, for each physical machine, the performance information being information used for calculating a license number indicating the number of licenses assigned to software to be operated on the virtual machine, execute second processing that includes outputting the performance information to a terminal, after the software has been installed on the virtual machine, and receiving license information including the license number assigned to the installed software, from the terminal, and execute third processing that includes managing software information indicating a correspondence between the license information received by the second processing, the software to which the license number included in the license information is assigned, and the virtual machine on which the software has

Abstract: The present invention involves with a method and system of state consistency protection for Intel software guard extension (SGX). In a method of state consistency protection for a central processing unit capable of creating enclaves, the central processing unit supports creation of at least one enclave, wherein the central processing unit communicates with a remote server providing services for the central processing unit through remote communication and the remote server has a remote attestation module, configuring the remote attestation module to facilitate the completion of every execution state storing operation and/or every execution state restoring operation, wherein the remote attestation refers to an attestation mechanism by which the central processing unit proves to the remote server that it has created the specific enclave in a local platform so that the remote server trusts the specific enclave. The present invention does not require special hardware and is favorable to cross-platform migration.

Abstract: Techniques for integrating context-aware software applications are disclosed. A system generates a mapping of a subset of one or more variables, managed by a parent software application, to a data structure. At runtime of the parent software application, based on the mapping, the system populates an instance of the data structure with one or more values corresponding to the subset of one or more variables. The system injects the instance of the data structure into a child software application. The system renders an interface of the child software application as a component of the parent software application. The child software application executes an operation using the one or more values from the instance of the data structure.

Abstract: An efficient obfuscation of program control flow, comprising obscuring a control execution flow through a plurality of code blocks of a computer program. It involves obtaining a secret key, initializing a state variable based on the secret key, generating a switching value by processing the state variable through an encoding function, and selecting a code block from among a set of code blocks using the switching value. It further involves executing the block code, which comprises updating the state variable based on a present value of the state variable, and repeating the steps of generating a switching value, selecting a code block, and executing the code block to control execution flow through the set of code blocks.

Abstract: A voiceprint certification method is provided. The method is applicable to an electronic device which records a plurality pieces of user information and a plurality of voiceprints of a plurality of verification words corresponding to each piece of user information. The method includes: receiving first user information among the plurality pieces of user information; selecting at least one first verification word from the verification words corresponding to the first user information and generating a random verification sentence including the at least one first verification word, to prompt a user to read the random verification sentence; and certifying the user by comparing a user input sentence with the random verification sentence and by determining whether a voiceprint corresponding to the first verification word in the user input sentence matches the voiceprint of the first verification word corresponding to the first user information recorded in the electronic device.

Abstract: According to certain embodiments, an electronic device comprises a housing comprising a front surface and a rear surface oriented in a direction opposite to the front surface, a touchscreen display exposed through at least a portion of the front surface, a fingerprint sensor arranged between the touchscreen display and the rear surface underlapping a region of the touchscreen display when viewed from above the front surface, at least one processor operatively connected to the touchscreen display and the fingerprint sensor, and a memory operatively connected to the at least one processor, wherein the memory stores instructions for causing the at least one processor, when executed, to perform operations comprising displaying a user interface comprising an object on the touchscreen display, receiving a gesture input for dragging the object toward the region, the gesture input inputted through the touchscreen display, identifying whether a finger providing the gesture input is a predetermined finger registered fo

Abstract: Techniques for managing secure login with authentication while viewing a unique code are described. In some examples, a requesting device displays a visual representation of data. An authenticating device detects the presence of the visual representation of data. The authenticating device prompts a user to provide authorization information at the authenticating device. The authenticating device receives a set of one or more inputs. The authenticating device transmits information authorizing access to content on the requesting device.

Abstract: In a prior art system, it was not possible to prevent wrongful re-sale or transfer to third parties via a terminal, and effort and time are required for authentication by face recognition, as is the case with paper tickets. A ticketing management system 1 having a server 2, a user terminal 3, and a code reader 4. The server 2 has a code issuer configured to issue a unique code 5 when there is a match between biodata that the user has previously registered and biodata that the user registers at an event venue. Additionally, the server 2 has a user authenticator that employs the code reader 4 to authenticate the user as the authentic ticket purchaser by reading the unique code displayed on the user terminal 3. To make it possible to reliably prevent wrongful activity such as a wrongful re-sale of a terminal or ticket counterfeiting and re-sale, and to enable a speedy admission process, while using highly accurate biometrics.

Abstract: A system for accessing a trusted execution environment includes instructions to transmit, from a first trusted execution environment, a request for a biometric match claim, receive, in response to the request for a biometric match claim, biometric data from a biometric capture device, perform a match of the biometric data against biometric templates stored in the first trusted execution environment, and unseal a second trusted execution environment based on the match data.

Abstract: Customizing an application on a mobile device includes storing at least a portion of customization data in a customization server that is independent of the mobile device, a user of the mobile device accessing the customization server independently of the mobile device, receiving authorization data from the customization server that enables the mobile device to securely receive customization data from the customization server, and the mobile device using the authorization data to cause the customization server to provide the customization data to the mobile device. The authorization data may be provided by postal message, email message, an SMS text message, and/or a visual code provided on a screen of a computer used to access the customization server. The user may use a computer to provide credential information to access the customization server. Customizing the application may allow the mobile device to access a user service on behalf of the user.

Abstract: Methods, systems, and devices for user device authentication are described. In some systems, an application server may host a secure application utilizing user device verification. A proxy server may perform a certificate challenge with a user device to determine whether the user device is authorized to access the application, and may transmit a login request and authentication information to the application server based on the result of the challenge. The application server may determine whether the certificate challenge was successful, and may verify whether the proxy server is a valid proxy for the application. If these validations are successful, the application server may transmit an authorization message (e.g., an encrypted ticket) to the user device for a login procedure. The user device may send a login request with the authorization message directly to the application server (e.g., without further tunneling through the proxy) to initiate a login procedure.

Abstract: Systems, methods, and apparatuses relating to performing an attachment of an input-output memory management unit (IOMMU) to a device, and a verification of the attachment. In one embodiment, a protocol and IOMMU extensions are used by a secure arbitration mode (SEAM) module and/or circuitry to determine if the IOMMU that is attached to the device requested to be mapped to a trusted domain.

Abstract: There is a verification application arranged to interact with other applications on an electronic device, the electronic device having a processor, a memory and an operating system controlling operation of the verification application and the other applications on the processor using arbitrary memory locations, where the other applications are enabled to call the verification application to securely determine authenticity of a user of the electronic device. The verification application is arranged to receive verification data for secure determination of authenticity of the user; and provide, upon a call from any of the other applications and a match between the verification data and a verification reference, a trust token to the calling application. A method, electronic device and computer program are also disclosed.

Abstract: A method for detecting ransomware. A set of control files in a set of locations in a file system is checked, by a computer system, in response to an event, wherein the set of control files has a set of extensions targeted by the ransomware. In response to detecting a change in any of the set of control files, a file copying process for the file system is disabled by the computer system.

Abstract: A method and a related system for a protection against unauthorized file encryption in a file system may be provided. The method may comprise providing an anti-ransomware file access unit, determining, by the anti-ransomware file access unit, an entropy value for a portion of a file to be written to the file system, and upon determining that the entropy value is equal or above a threshold value, performing a copy-on-write process to the file to be written, whereby the file is written to a copy-on-write storage area.

Abstract: An apparatus and a method for protecting kernel control-flow integrity using static binary instrumentation are provided. The method includes configuring a compiler to reserve a register in a processor, compiling source code into a binary based on the configured compiler, and modifying the binary to prevent exploits using the reserved register, wherein the reserved register stores a first encryption key for encrypting and decrypting return addresses. The reserved register stores an encryption key that is used to encrypt and decrypt return addresses to prevent control flow exploits.

Abstract: Embodiments protect against security vulnerabilities arising from 3rd party JavaScript code. A browser receives from a server, a document including a first JavaScript. The browser in turn references a list stored in a database to recognize the first JavaScript as originating from other than the server. This recognition process may involve obtaining a stacktrace. The browser then references a second JavaScript in order to instrument a document object model (DOM) feature (e.g., global API, DOM element-attached API, DOM node property) to sanitize the first JavaScript. For instrumenting a global API, this may comprise overwriting a global reference in the first JavaScript with a replacement reference to a sanitization function. For instrumenting the DOM element-attached API or the DOM node property, the instrumenting may comprise altering a prototype of the DOM node element. The browser causes the DOM feature to sanitize the first JavaScript, and passes a sanitized JavaScript for execution.

Abstract: A technique for detecting malware involved loading known malware information, finding a string in the known malware information, saving the string in a first database, identifying a first contiguous string block from the known malware information, assigning a confidence indicator to the first contiguous string block, attempting to find the first contiguous string block in a second database containing one or more contiguous string blocks extracted from known malware, and labelling the first contiguous string block, responsive to a determination the first contiguous string block meets a predetermined threshold of similarity with a second contiguous string block contained in the second database.

Abstract: Systems and methods are provided in example embodiments for mitigating malicious calls. The system can be configured to determine a series of checksums for a file, compare the series of checksums to a checksum tree, where the checksum tree includes a plurality of nodes that each include a fuzzy checksum of known malware, and assign one or more classifications to the file, where each of the one or more classifications is based on each node of the checksum tree that matches a checksum in the series of checksums and includes whether the file includes malware or benign checksums.

Abstract: Techniques and systems are described for detecting malware's bulk transformation of a user's data before the malware is able to complete the data transformation. Included are methods and systems for enabling malware detection by monitoring the file operations of a computer application or process for particular kinds of suspicious data transformation indicators. Indicators include primary indicators, such as file-type signature changes, notable changes in file data entropy, and out-of-range similarity measurements between the read and write versions of file data, as well as secondary indicators, such as a large number of file deletions and a large reduction in the number of file-types written versus read by a process over time. When indicators are triggered by a process, an adjustment to the process' malware score is made; in the event that the process' malware score reaches a malware detection threshold, the process is marked as malware and appropriate actions are taken.

Abstract: Implementations described herein disclose a malware sequence detection system for detecting presence of malware in a plurality of events. An implementation of the malware sequence detection includes receiving a sequence of a plurality of events, and detecting presence of a sequence of malware commands within the sequence of a plurality of events by dividing the sequence of plurality of events into a plurality of subsequences, performing sequential subsequence learning on one or more of the plurality of subsequences, and generating a probability of one or more of the plurality of subsequences being a malware based on the output of the sequential subsequence.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed for anomalous memory access pattern detection for translational lookaside buffers. An example apparatus includes a communication interface to retrieve a first eviction data set from a translational lookaside buffer associated with a central processing unit; a machine learning engine to: generate an anomaly detection model based upon at least one of a second eviction data set not including an anomaly and a third eviction data set including the anomaly; and determine whether the anomaly is present in the first eviction data set based on the anomaly detection model; and an alert generator to at least one of modify a bit value or terminate memory access operations when the anomaly is determined to be present.

Abstract: A configuration manager is associated with a Networked Control System (NCS) comprising a plurality of sensors and actuators. The configuration manager automatically discovers the hardware and/or software configurations of the sensors and actuators, and analyzes that information in order to detect whether any of the sensors and actuators have been tampered with. Provided the configuration manager detects such tampering, the configuration manager indicates the tampering to a control manager of the NCS, which then functions to minimize potential damage to the NCS.

Abstract: A computing device is provided including a motherboard including a control module, a first trusted platform module (TPM), and a second TPM. The control module directs security operations to the first TPM, wherein the control module is operable to detect whether or not the first TPM is damaged, and wherein the control module, in response to detecting that the first TPM is damaged, is operable to direct subsequent security operations to be performed by the second TPM. A computer program product is also provided including non-transitory computer readable storage media embodying program instructions executable by a processor to direct security operations to a first TPM coupled to a motherboard of the computing device, detect whether or not the first TPM is damaged, and, responsive to detecting that the first TPM is damaged, direct subsequent security operations to a second TPM coupled to the motherboard of the computing device.

Abstract: Systems and methods are disclosed for implementing an educational mode on a portable computing device, such as a tablet computer, that is a single-user system, used serially by multiple users. Each user can have a separate user storage that may be encrypted. The computing device boots as a system user to a login screen. A first student user enters user credentials into the login screen. The computing device can reboot the user-space processes, while leaving the kernel running, rebooting the computing device as the first student user. When the first student user logs out, data to be synchronized to, e.g., the cloud, can be synchronized for the first student user while a second student user is logged into the device.

Abstract: Technologies for filtering transactions includes a compute device, which further includes an accelerator device and an I/O subsystem having an accelerator port. The I/O subsystem is configured to determine whether to enable a global attestation during a boot process of the compute device, receive a transaction from the accelerator device connected to the accelerator port via a coherent accelerator link, and filter the transaction based on a determination of whether to enable the global attestation.

Abstract: Methods, systems and apparatuses may provide for technology that includes a system on chip (SoC) having a root of trust and an embedded controller to conduct functional safety operations and non-functional safety operations with respect to the SoC. The technology may also include an enhanced serial peripheral interface (eSPI) coupled to the SoC and the embedded controller, wherein the eSPI is to tunnel communications associated with the functional safety operations between the embedded controller and the root of trust.

Abstract: Systems and methods directed to computing a maturity measurement for a computer system. Examples can include generating and outputting to an I/O device, a user interface including a plurality of user input fields for receiving the likelihood and/or impact of a plurality of pre-defined potential events related to a plurality of pre-defined potential vulnerabilities related to a computer system. Examples can also include receiving, via the user interface, a risk profile including the likelihood and/or impact for each event of a selected group of events of the plurality of pre-defined potential events. Examples can also include computing a maturity measurement for the computer system using the risk profile and a database. The database can include information for a set of practices and relationships between practices the set of practices and events of the plurality of pre-defined potential events.

Abstract: Systems and techniques are provided for trust agents. Trust agents may be enabled. A state determination may be received from each of the enabled trust agents. The state determination may indicate either a trusted state or an untrusted state. The received state determinations may be combined to determine a security state. A security measure may be enabled or disabled based on the determined security state.

Abstract: A method for operating a secure storage device with a non-volatile memory on a computer system which executes multiple operating system instances. The non-volatile memory comprises one or more domains which are used by the operating system instances. A separate trusted key entry system is used to configure secret data of an operating system instance stored in the non-volatile memory. The method comprises setting a domain to either secure or non-secure mode; generating a unique identifier of the operating system instance; generating a secure hash for the operating system instance; and storing the secure hash in the domain.

Abstract: A method for exporting sensitive information an integrated circuit, the method comprising: fabricating an integrated circuit, the integrated circuit having a register-transfer level “RTL” key fabricated in the integrated circuit, wherein the RTL key is a pre-determined cryptographic key; signing the sensitive information using the RTL key using a signature; and exporting the signed sensitive information and the signature for validation.

Abstract: Technologies for secure certificate management include a computing device that receives a keystore command related to an encryption key, converts the keystore command into an encrypted database command, unlocks an encrypted database stored by the computing device with an obfuscated passphrase, and executes the encrypted database command. The encrypted database includes a key table to store binary copies of encryption keys and a metadata table to store metadata related to the encryption keys. The computing device returns a response to the keystore command in response to executing the encrypted database command. The keystore command may be received and the response may be returned via a command-line interface or a machine-to-machine interface. The computing device may load multiple encoded passphrase segments from corresponding predetermined file system locations, decode the encoded passphrase segments, and compound the decoded passphrase segments to generate the passphrase.

Abstract: Technologies for securely providing one or more remote accelerators hosted on edge resources to a client compute device includes a device that further includes an accelerator and one or more processors. The one or more processors are to determine whether to enable acceleration of an encrypted workload, receive, via an edge network, encrypted data from a client compute device, and transfer the encrypted data to the accelerator without exposing content of the encrypted data to the one or more processors. The accelerator is to receive, in response to a determination to enable the acceleration of the encrypted workload, an accelerator key from a secure server via a secured channel, and process, in response to a transfer of the encrypted data from the one or more processors, the encrypted data using the accelerator key.

Abstract: A method is disclosed, as well as a related system and computer program product, for use with a plurality of networked computing devices comprising a plurality of physical ports. The method comprises determining that a non-volatile memory (NVM) device is removably connected with a first port owned by a first virtual machine associated with a first owning entity, and determining whether the NVM device was previously connected with a second port owned by a second virtual machine associated with a second owning entity. The method further comprises determining whether the NVM device has a predefined association with a first instruction file that specifies one or more restrictions for accessing data stored in the NVM device. The method further comprises providing, to the first virtual machine, access to the data stored in the NVM device in accordance with the one or more restrictions.

Abstract: Methods and systems for providing access to a vehicle by a peripheral device are disclosed. An example method includes receiving a peripheral device access request from a primary device for a vehicle application. The primary device may be configured to access a plurality of features of the vehicle application. The method may further include generating a token for the peripheral device in response to the peripheral device access request, with the token including at least an identifier and an access level indicator for the peripheral device. The access level indicator may include only a subset of the plurality of features of the vehicle application.