Abstract: Systems and methods that substantially or fully remove a commanding server from a data path (e.g., as part of a data migration, disaster recovery, and/or the like) to improve data movement performance and make additional bandwidth available for other system processes and the like. Broadly, a network interface card (e.g., host bus adapter (HBA)) of a tape drive may be configured in both a target mode to allow the tape drive to be a recipient of control commands from a server to request and/or otherwise obtain data from one or more source tape drives, and in an initiator mode to allow the tape drive to send commands to the one or more tape drives specified in the commands received from the server to request/read data from and/or write data to such one or more tape drives.

Abstract: A data processing system includes technology for detecting and tolerating faults. The data processing system comprises an electronic control unit (ECU) with a processing core and a fault-tolerant elliptic curve digital signature algorithm (ECDSA) engine. The fault-tolerant ECDSA engine comprises multiple verification state machines (VSMs). The data processing system also comprises nonvolatile storage in communication with the processing core and ECU software in the nonvolatile storage. The ECU software, when executed, enables the data processing system to operate as a node in a distributed data processing system, including receiving digitally signed messages from other nodes in the distributed data processing system. The ECU further comprises a known-answer built-in self-test unit (KA-BISTU). Also, the ECU software comprises fault-tolerant ECDSA engine (FTEE) management software which, when executed by the processing core, utilizes the KA-BISTU to periodically test the fault-tolerant ECDSA engine for faults.

Abstract: A system or method for encryption of data includes a light source, a random optical element and a light detection element. The light source is arranged to transmit an input data signal to the random optical element. The light source is incident on the random optical element such that the input data signal is randomly scattered by the random optical element to generate an image at on the detector disposed at an output of the random optical element. The image received by the detector is applied to a compressive sensing algorithm to generate a transfer function. The transfer function defines a relationship between the input data signal and the image to enable estimation and reconstruction of the input data signal.

Abstract: A computing system includes a logic subsystem and memory storing instructions executable by the logic subsystem. The instructions are executable by the logic subsystem to store, in the memory, a plurality of software models that each describe aspects of a network connected device or a software service, the plurality of software models comprising a first version of a selected software model. The logic subsystem is configured to receive a second version of the selected software model and validate the second version of the selected software model via validation logic by applying one or more versioning rules to the second version of the selected software model. Based on the application of the one or more versioning rules, the logic subsystem is configured to execute a versioning action on the selected software model.

Abstract: A method for programming a hearing assistive device includes requesting write access from a programming device to the hearing assistive device, sending, in response to the request, a first message from the hearing assistive device to a programming-rights-management server, generating, in the programming-rights-management server, a programming rights permission list, sending a second message containing the programming rights permission list from the programming-rights-management server to the hearing assistive device, transferring programming data in a programming session from the programming device to the hearing assistive device, writing the received programming data as control data sets permitted according the programming rights permission list received from the programming-rights-management server, and terminating the programming session once data writing has been completed.

Abstract: An information processing apparatus comprising a first controller, a second controller provided between the first controller and a storage device, and a main controller that sets a power saving state of the first controller, the second controller and the storage device. The first controller transitions to the power saving state in response to a transition request from the main controller, the second controller transitions to the power saving state in response to the power saving state to which the first controller has transitioned, and the first controller starts restoration processing from the power saving state in response to an interrupt from the main controller and determines, based on whether the second controller is performing power control on the storage device, whether to execute preprocessing which is accompanied by access to the storage device.

Abstract: The present invention relates to a network guard unit for an industrial embedded system and a guard method. The specific method is to form the network guard unit (NGU) through security technologies, such as integrated access control, identity authentication and communication data encryption, to provide active guard for a site control device. The NGU comprises an access control module, an identity authentication module, a data encryption module, a key negotiation module and a PCIE communication module, and supports the communication modes of dual network cards and PCIE bus. The present invention builds a secure and trusted operating environment for industrial control systems in combination with an active guard technical means in the field of information security on the basis of ensuring the correctness and the feasibility of security of various terminal devices in the industrial control systems.

Abstract: The techniques herein are directed generally to a “zero-knowledge” data management network. Users are able to share verifiable proof of data and/or identity information, and businesses are able to request, consume, and act on the data—all without a data storage server or those businesses ever seeing or having access to the raw sensitive information (where server-stored data is viewable only by the intended recipients, which may even be selected after storage). In one embodiment, source data is encrypted with a source encryption key (e.g., source public key), with a rekeying key being an encrypting combination of a source decryption key (e.g., source private key) and a recipient's public key. Without being able to decrypt the data, the storage server can use the rekeying key to re-encrypt the source data with the recipient's public key, to then be decrypted only by the corresponding recipient using its private key, accordingly.

Abstract: A mainframe network may store a plurality of records. The mainframe network may generate a file comprising the data elements in the records. The mainframe network may transmit the file to a distributed network. The distributed network may encrypt the data elements. The distributed network may transmit a file comprising the encrypted data elements to the mainframe network. The mainframe network may store the encrypted data elements.

Abstract: Examples discussed herein disclose, among other things, a method. The method includes, among other things, obtaining a plaintext, obtaining a key from a plurality of keys, and determining whether the plaintext is longer than a predefined threshold length. If the plaintext is longer than the predefined threshold length, the method may encrypt the plaintext with the key to generate a first ciphertext having a length of the plaintext, where the character at a predefined position within the first ciphertext belongs to a first subset of characters. And if the plaintext is not longer than the predefined threshold length, the method may encrypt the plaintext with the key to generate a second ciphertext, which is longer than the plaintext, where the character at the same predefined position in the second ciphertext belongs to a second subset of characters.

Abstract: The security of a database is substantially increased by partitioning raw data, irreversibly encrypting the partitioned raw data, reversibly encrypting the raw data, and then storing pairs of irreversibly encrypted data and reversibly encrypted data. In response to a search query, the query is partitioned and irreversibly encrypted, and the irreversibly encrypted query is used to search the stored irreversibly encrypted data. When a match is found, the reversibly encrypted data paired with the stored irreversibly encrypted data that matches the irreversibly encrypted query is output in response to the search query.

Abstract: An example technique includes initializing, by an obfuscation computing system, communications with nodes in a distributed computing platform. The nodes include compute nodes that provide resources in the distributed computing platform and a controller node that performs resource management of the resources. The obfuscation computing system serves as an intermediary between the controller node and the compute nodes. The technique further includes outputting an interactive user interface (UI) providing a selection between a first privilege level and a second privilege level, and performing one of: based on the selection being for the first privilege level, a first obfuscation mechanism for the distributed computing platform to obfuscate digital traffic between a user computing system and the nodes, or based on the selection being for the second privilege level, a second obfuscation mechanism for the distributed computing platform to obfuscate digital traffic between the user computing system and the nodes.

Abstract: Disclosed embodiments relate to a unified Advanced Encryption Standard (AES), SMS4, and Camellia (CML) accelerator. In one example, a processor includes fetch circuitry to fetch a cipher instruction specifying an opcode, a datum, and a key, the opcode to specify one of three cryptographic modes and an operation, decode circuitry to decode the fetched cipher instruction, and execution circuitry to respond to the decoded cipher instruction by performing the operation using a selected one of three block ciphers corresponding to the specified cryptographic mode and a unified cipher datapath shared by the three block ciphers, the unified cipher datapath comprising a plurality of hybrid substitution boxes (Sboxes) to perform Galois Field (GF) multiplications and inverse computations, wherein the unified cipher datapath is to implement an eighth-order polynomial isomorphically equivalent to each polynomial used by the three block ciphers by calculating and then combining two fourth-order polynomials.

Abstract: A computing device includes an interface configured to interface and communicate with a dispersed storage network (DSN), a memory that stores operational instructions, and a processing module operably coupled to the interface and memory such that the processing module, when operable within the computing device based on the operational instructions, is configured to perform various operations. For example, the computing device generates a prioritized request that includes at least one of a task for execution or a priority level based on information stored within a storage unit (SU) of a plurality of storage units (SUs) implemented within the DSN. Note that the information corresponds to a data object that is related to a set of encoded data slices (EDSs) that are distributedly stored within the DSN. The computing device then transmits the prioritized request to the SU and receives, from the SU, a response to the prioritized request.

Abstract: A cross-domain information transfer system includes a key distribution center that generates private encryption keys and a signature key pair as a secret signing and secret verifying key for an attribute associated with a given domain. A sender device generates ciphertext from plaintext based upon the private encryption key, appends an attribute for a given domain to the ciphertext, generates ciphertext with a concealed attribute based upon the secret signing key and broadcasts the ciphertext with the concealed attribute. Domain gateway devices each receive a respective secret verifying key for an associated attribute, receive the ciphertext with the concealed attribute from the untrusted network, and use the secret verifying key to determine if the concealed attribute matches the attribute associated with the domain gateway device, and, when so, pass the ciphertext to at least one receiver device coupled with the domain gateway device.

Abstract: A cartridge includes a tape-shaped magnetic recording medium and a cartridge memory. The cartridge memory includes a communication unit that communicates with a recording/reproducing device in a state where the cartridge is loaded on the recording/reproducing device; a storage unit; and a control unit that stores information received from the recording/reproducing device through the communication unit in the storage unit, reads the information from the storage unit according to a request from the recording/reproducing device, and transmits the information to the recording/reproducing device through the communication unit. The information includes manufacturing information of the cartridge and adjustment information for adjusting a tension applied to the magnetic recording medium in a longitudinal direction thereof, and the tape-shaped magnetic recording medium has a plurality of servo bands.

Abstract: A decentralized and distributed secure home subscriber server is provided. First data can be sent representing a first nonce string to a mobile device; and in response to receiving second data representing the first nonce string and a second nonce string, a communication channel can be established with the mobile device as a function of the first nonce string.

Abstract: A non-transitory computer-readable medium includes an encrypted dataset, a first access control measure, and instructions. The encrypted dataset includes a first encrypted block of data, encrypted using a first encryption algorithm, and a second encrypted block of data, encrypted using a second encryption algorithm stronger than the first. The first access control measure is associated with a first access control characteristic and is configured to selectively prevent access to the encrypted dataset. The instructions are configured, when executed by a processor of a device of a first user, to determine that a first characteristic of the first user matches the first access control characteristic. In response, the instructions are configured to decrypt the encrypted dataset to form a plain text dataset and provide the device of the first user access to the plain text dataset. Decrypting the encrypted dataset includes decrypting the first and second blocks of data.

Abstract: It is provided a lock device for controlling access to a physical space. The lock device comprises: an electronically controllable lock; and a handle comprising a fingerprint sensor for capturing a fingerprint of a finger presented to the fingerprint sensor and obtaining fingerprint data based on a captured fingerprint, wherein the handle is configured to communicate wirelessly with the electronically controllable lock to selectively control unlocking of the electronically controllable lock based on the fingerprint data. The handle is configured to identify a user from the captured fingerprint, wherein an identifier of the identified user is communicated wirelessly from the handle to the electronically controllable lock to enable the electronically controllable lock to evaluate whether to perform an unlocking action.

Abstract: An interaction and resource exchange system that provides authentication for a designated user to complete an interaction entered into by an initiating user. An initiating user is able to enter into interactions with third-parties and set one or more interaction limits and/or designated user requirements to allow a designated user to complete the interaction with the third-party should interaction limits and/or designated user requirements be met. The interaction limits and/or the designated user requirements allow for improved security related to these types of interactions and resource exchanges. In particular, the interaction and resource exchange may be implemented through a real-time resource exchange network that efficiently allows for the designated user to complete the interaction.

Abstract: The present disclosure provides an array substrate, comprising a substrate and a display element arranged above the substrate. The array substrate further comprises an antenna structure for transmitting and receiving electromagnetic waves. The antenna structure comprises a signal shielding layer and an antenna patch layer arranged on the substrate. The antenna patch layer and the signal shielding layer are spaced apart through a dielectric layer. The antenna patch layer is beneath the signal shielding layer such that the antenna structure transmits electromagnetic waves towards the bottom of the substrate and receives the electromagnetic waves from the bottom of the substrate. The present disclosure further provides a display panel and a man-machine interactive terminal.

Abstract: A method for securely processing data to prevent unauthorized access is provided. The method includes the steps of splitting data into components and with a sequence of a first hashing, a first encryption, a second hashing, a second encryption, and a third hashing, that optimizes the security of the data. The method further provides steps to securely retrieve, update and delete the data once the data has been securely stored.

Abstract: Example storage systems and methods provide data storage management using generation markers in a key data store. A key data store includes a set of key data entries that each include a key value and a property value associated with a storage operation. An active generation of the key data entries include an active generation marker and a base generation does not. A base storage parameter is calculated from a data scan and a current storage parameter is calculated from the base storage parameter and the property values of the active generation of key data entries. The calculated storage parameter may be reported to manage storage configuration and operations in the storage system.

Abstract: An approach is provided for encrypting data. Using an encryption function, values of keys in a first database table are encrypted. The encryption function is determined to be homomorphic to sorting operators. A decryption function that decrypts the encrypted keys is determined to be homomorphic to sorting operators. Responsive to the encryption and decryption functions being determined to be homomorphic, a merge join operation is selected. The merge join operation operates on the first database table and a second database table and includes the decryption function in a joining condition. Using the merge join operation, an execution of a query is optimized. The query accesses one or more data items in the first or second database table.

Abstract: A facility for providing document contents from a server is described. The facility receives from a separate client computing system a retrieval request to return a document identified by a document identifier contained by the retrieval request. The retrieval request has been originated by the client computing system in response to an open request for a file stored on the client computing system that contains the document identifier. The facility transmits to the client a response containing at least a portion of a document to which the document identifier contained by the retrieval request corresponds.

Abstract: A method and an inclusion dependency determination system (IDDS) for determining inclusion dependency between columns of tables in a target database to establish primary key (PK)-foreign key (FK) relationships among data in the columns with minimized disk input and output operations are provided. The IDDS determines dependency characteristic data (DCD) of each column and arranges the columns by applying one or more predefined rules to the columns based on a minimum value of the data of each column. The IDDS determines pairs of arranged columns that demonstrate a possibility of inclusion dependency based on the DCD and identifies a first column and a second column of each determined pair as a candidate PK and a candidate FK respectively. The IDDS determines inclusion dependency between the candidate PK and the candidate FK on comparing data of the candidate PK with the data of the candidate FK using dynamically determined search techniques.

Abstract: A method performed by an authentication server in a home network of a UE for obtaining a subscription permanent identifier, SUPI. The method comprises: receiving a SUCI which comprises an encrypted part in which at least a part of the SUPI is encrypted, and a clear-text part which comprises a home network identifier and an encryption scheme identifier that identifies an encryption scheme used by the UE to encrypt the SUPI in the SUCI; determining a de-concealing server to use to decrypt the encrypted part of the SUCI; sending the SUCI to the de-concealing server; and receiving the SUPI in response. Methods performed by a UE and a de-concealing server are also disclosed. Furthermore, UEs, de-concealing servers, authentication servers, computer program and a memory circuitry are also disclosed.

Abstract: Embodiments of the present invention disclose a network system. The system includes user equipment, a network authentication device, and a service authentication device. The service authentication device is configured to obtain reference information and generate a second shared key with reference to the reference information and a first shared key, where the first shared key is a shared key pre-configured between the user equipment and the service authentication device; the user equipment is configured to obtain the reference information and generate the second shared key with reference to the reference information and the first shared key; the service authentication device is configured to send the second shared key to the network authentication device; and the network authentication device is configured to receive the second shared key, where the second shared key is used by the user equipment and the network authentication device to generate a target shared key.

Abstract: Embodiments support establishing an embedded controller comprised within an Information Handling System (IHS) as a hardware root of trust. With the booting of the IHS paused and based on instructions encoded in a ROM (Read-Only Memory) of the embedded controller, the firmware of the embedded controller is read from a flash memory, such as a SPI Flash, and stored to a RAM (Random Access Memory) of the embedded controller. The firmware is then authenticated based on instructions encoded in the ROM. Based on instructions included in the authenticated firmware, the embedded controller reads SBIOS (Startup Basic Input Output System) instructions from the flash memory and stores them to RAM where they are authenticated based on instructions included in the authenticated embedded controller firmware. If the SBIOS instructions are authenticated, the embedded controller authorizes booting of the IHS to resume using the authenticated SBIOS instructions.

Abstract: A set of hardware security modules (HSMs) in a database system may implement a key management system with a database storing encryption keys or other secrets. The set of HSMs may identify a first key encryption key (KEK) and a second KEK stored in the set of HSMs. The set of HSMs may retrieve, from the database, a set of encryption keys encrypted by the first KEK and decrypt each encryption key of the set of encryption keys using the first KEK. The set of HSMs may re-encrypt each encryption key of the set of encryption keys with the second KEK and transmit, to the database, the set of encrypted encryption keys encrypted by the second KEK for storage. Then, the set of HSMs may delete the first KEK from the set of HSMs.

Abstract: Control systems and methods for securely loading software in a power control system. In some examples, the control system includes a computing device and a plurality of security modules. The computing device may obtain and divide an executable image into a plurality of images. The computing device may generate a control hash as a function of the plurality of images, and record the control hash. The computing device may store each of the plurality of images in a plurality of security modules. At boot up, the computing device may load, from each security module, the stored image, and store each image to a memory device. The computing device may generate a hash based on the stored images, and compare the generated hash to the recorded control hash. Based on the comparison, the computing device may allow execution of the executable image.

Abstract: One method disclosed includes booting a computer with a bootloader, where the bootloader is stored on an unencrypted portion of a data storage device of the computer. The method further includes unsealing a decryption password for an encrypted portion of the data storage device from a trusted platform module (TPM) using a first sealing policy, where the first sealing policy excludes dependence on a first platform configuration register (PCR), wherein the first PCR stores a measurement result associated with the bootloader. The method subsequently includes sealing the decryption password into the TPM using a second sealing policy, where the second sealing policy includes dependence on the first PCR.

Abstract: Embodiments described herein are related to bulk loading data into a B-tree. Embodiments include generating a first leaf node of a B-tree by allocating a first page for the first leaf node from a leaf page queue comprising a first plurality of sequential pages; and writing one or more tuples to the first page allocated for the first leaf node. Embodiments further include generating an parent node for the first leaf node and a second leaf node of the B-tree by allocating a third page for the parent node from an parent page queue comprising a second plurality of sequential pages, the parent node comprising a first indication of the first leaf node and a second indication of the second leaf node, the first indication and the second indication stored in the third page allocated for the parent.

Abstract: Example implementations relate to attestation. For example, in an implementation, a target device attestation request is transmitted to a target device, where the target device attestation request includes an identity-based encryption (IBE) ciphertext and a retrieval index. The ciphertext is a nonce encrypted using a trusted platform module (TPM) public key together with an IBE public key. The TPM public key is retrieved from a TPM of the target device, and the IBE public key is an expected value presumed to be stored at the TPM.

Abstract: A system includes a secure data interface system. The secure data interface system includes a one-way communications interface configured to communicatively couple to a monitoring and protection system to receive data transmitted by the monitoring and protection system, and a processor configured to derive at least one measurement based on the data. The secure data interface system further includes a two-way communications interface configured to communicate the measurement to an external system, wherein the monitoring and protection system is configured to monitor operations of a machinery.

Abstract: Systems, methods, and software technology for managing keys used to encrypt data at-rest and decrypt the data when serving requests for the data. In an implementation, a data service receives a request for data that has been encrypted at rest using a data key, wherein the data key has been encrypted using a policy key, and wherein the policy key has been encrypted using a root key. When the root key is unavailable, the data service requests a key service to decrypt the policy key using an alternative root key. When the data service receives the policy key in an unencrypted state from the key service, it decrypts the data key using the policy key and decrypts the data using the data key.

Abstract: An electronic apparatus that writes encrypted data includes a first memory; a second memory configured to update encryption information including address information indicating a write location on the first memory and a parameter for use in encryption when data is encrypted and written to the first memory, and store the updated encryption information; an encryption and decryption unit configured to encrypt the data, based on the encryption information; and a processor configured to control the encrypted data to be written to the first memory, thereby increasing a safety level.

Abstract: A method for storage system reliability using data recovery as a service, the method including: receiving, for storage data on a storage system, a specification for a particular recovery time objective (“RTO”) and recovery point objective (“RPO”) setting among a plurality of options for RTO/RPO settings; generating, in accordance with the particular RTO/RPO setting, a change stream of data in response to receiving data to be stored on the storage system; and transmitting, from the storage system to a cloud data recovery as a service endpoint, the change stream of data from which data on the storage system may be recovered up to a point in time corresponding to the particular RPO setting and within a time period corresponding to the particular RTO setting.

Abstract: A service provider provides virtual computing services using a fleet of one or more host computer systems. Each of the host computer systems may be equipped with a trusted platform module (“TPM”). The service provider, the host computer systems, and the virtual computing environments generate attestations that prove the integrity of the system. The attestations are signed with a one-time-use cryptographic key that is verifiable against the public keys of the service provider, a host computer system, and a virtual computing environment. The public key of the host computer system is integrated into a hash tree that links the public key of the host computer system to the public key of the service provider. The public key of the virtual computing environment is signed using a one-time-use graphic key issued to the host computer system that hosts the virtual computing environment.

Abstract: A method for displaying content to a user at a user device, the method comprising: initiating, at the user device, a web element request indicative of a web element; transmitting, at a web element server, the web element to the user device in response to the web element request; receiving, at a code provisioning server, a code portion request in response to the web element request; transmitting, at the code provisioning server, a code portion to the user device in response to the code portion request; executing, at the user device, the code portion in response to the web element request, wherein executing the code portion causes a processor at the user device to: collate user data at the user device; and generate an instruction to execute an action based on the collated user data.

Abstract: In a memory module, encryption information is received from an external source and stored exclusively within a non-persistent storage element such that the encryption information is expunged from the memory module upon power loss. Write data is received and encrypted using the encryption information stored within the non-persistent storage element to produce encrypted data which is stored, in turn, within a nonvolatile storage of the memory module.

Abstract: A method performed by a processor of an aspect includes accessing an encrypted copy of a protected container page stored in a regular memory. A determination is made whether the protected container page was live stored out, while able to remain useable in, protected container memory. The method also includes either performing a given security check, before determining to store the protected container page to a destination page in a first protected container memory, if it was determined that the protected container page was live stored out, or not performing the given security check, if it was determined that the protected container page was not live stored out. Other methods, as well as processors, computer systems, and machine-readable medium providing instructions are also disclosed.

Abstract: Disclosed are examples of systems, apparatus, methods and computer program products for providing a security model for component-based web applications. Documents for a web-based application are received, with the application containing custom components and Application Programming Interface (API) components. A Document Object Model (DOM) is processed corresponding to the web-based application, with the custom and API components modeled in hierarchical form. For each custom component, a key is assigned in accordance with the rules of capability security, accessible custom components are identified for which the custom component can provide the assigned key, a virtual DOM is generated for the custom component with the component and identified accessible custom components being modeled in hierarchical form, and the custom component is prohibited access to all inaccessible custom components.

Abstract: Methods and systems for performing security sanitization of Universal Serial Bus (USB) devices are provided. According to one embodiment, existence of a Universal Serial Bus (USB) device connected to a USB port of a network security device is detected by the network security device. Responsive thereto, read and write access to a memory of the USB device is facilitated, by mounting, by the network security device, the USB device within a file system of the network security device. Multiple security scans are caused to be performed by the network security device on the USB device, including: (i) an antivirus (AV) scan to identify existence of one or more known viruses using an AV engine of the network security device and (ii) a vulnerability scan for one or more known vulnerabilities or exploits using a detection engine of the network security device.

Abstract: A digital broadcast receiving apparatus capable of executing a function with a higher added value is provided. A broadcast receiving apparatus configured to receive contents includes: a receiving unit configured to receive the contents; an interface through which the contents received by the receiving unit are outputted; and a control unit configured to control an output state of the contents from the interface. The control unit is configured to determine an output state of the contents from the interface in accordance with a combination of control information indicating a copy control state of the contents, control information for specifying whether protection is required or not when the contents are to be outputted, information indicating resolution of video of the contents, and information indicating transmission characteristics of the video of the contents, which are received by the receiving unit together with the contents.

Abstract: In some examples, one or more computing devices may perform deduplication of data. For instance, a first device may receive, from a second device, a first data-portion identifier corresponding to a first deduplication data portion. The first device may include a first index portion of a deduplication index and the second device may include a second index portion of the deduplication index. Further, the first data-portion identifier may be received based on a first data-portion identifier portion being in a range of values assigned to the first index portion. The first device may locate, in the first index portion of the deduplication index, a second data-portion identifier that matches the first data-portion identifier. The first device may associate the first reference information for the first deduplication data portion with a second deduplication data portion referenced by reference information associated with the second data-portion identifier.

Abstract: A method and system for encrypting and decrypting data messages which are communicated between two devices. The method for encrypting/decrypting data messages uses hybrid symmetric/asymmetric encryption, where symmetric encryption is used for data records and asymmetric encryption is used to encode new symmetric keys. All data records and symmetric key data are sent in a single data stream. The method allows the data producer to create a new symmetric key at any desired time, and also allows the data consumer to recover symmetric keys needed for decryption, on the fly by using the cipher text data stream itself, as the data messages are consumed. Data consumption can be at a later time and independent of production, and symmetric keys need not be shared between producer and consumer in advance.

Abstract: A method for transmitting a tracking reference signal (TRS) in an unlicensed band and a device using the method are provided. The device performs listen before talk (LBT) in the unlicensed band and transmits the TRS in a TRS resource set according to a result of the LBT.

Abstract: A container corresponding to executable code may be received. The container may be executed in a secure computation environment by performing one or more operations specified by the executable code of the container. An instruction to terminate the executing of the container may be received from a high level operating system (HLOS) that is external to the secure computation environment. A determination may be made as to whether the container is associated with a preemption privilege and the executing of the container may be terminated after receiving the instruction from the HLOS based on the determination of whether the container is associated with the preemption privilege.

Abstract: Embodiments are described for a heuristic configuration selection process as part of or accessible by the backup management process. This processing component provides a method to automatically determine the configuration parameters needed to obtain optimal performance for a given backup/restore job. This process involves identifying key parameters that determine backup performance and suggest means to derive and incorporate those configurable parameters into the backup software automatically. Embodiments can be applied to stream based backups, or other types of backup software as well.