Abstract: A safety management system to prevent unauthorized use, accident, resale, theft, and so forth of a flying object. The safety management system includes changing, at a motor controller, a power feeding amount to each drive unit based on an instruction from a main control unit, an authentication information storage unit which records registered identification information for performing operator authentication, an authentication accepting unit which accepts an input of input identification information, an operator authentication unit which performs operator authentication of an operator of the flying object based on the input identification information and the registered identification information, and a safety managing unit connected between a power source of the flying object and the motor controller of the flying object. The safety managing unit includes a switch which controls electrical connection between the motor controller and the power source based on the result of the operator authentication.

Abstract: A method for unlocking a display panel and a display assembly are provided. The method includes: acquiring a plurality of preset pictures, wherein different preset pictures among the plurality of preset pictures correspond to different preset inputs; performing at least one unlocking process, wherein each of the at least one unlocking process includes: causing the display panel to display at least one preset picture of the plurality of preset pictures and receive a verification input from a user, when the display panel is in a locked state; determining whether the verification input is identical with the preset input corresponding to a displayed preset picture; and switching the display panel to an unlocked state, if the verification input is identical with the preset input corresponding to the displayed preset picture.

Abstract: A method for providing restricted access to hardware component interfaces of a network device by one or more software components of the network device, wherein an access to a hardware component interface requested by a software component is permitted by a mandatory access control, MAC, mechanism implemented as part of the network device's operating system on the basis of a MAC security policy including access rights defined as access relations between software component security labels assigned to software component types and hardware component interface security labels assigned to hardware component interface types.

Abstract: In an example method, one or more processors determine that a first data storage device has been communicatively coupled to a first computer system, determine that the first computer system is associated with a first geographical location, determine that the first data storage device is associated with a first user, determine that the first user is associated with one or more additional data storage devices, and determine usage data regarding the one or more additional data storage devices. Further, the one or more processors control a transmission of data between the first data storage device and first computer system based on the first geographical location and the usage data.

Abstract: Methods, computer readable media, and systems service a queue, comprising a plurality of jobs, by identifying nodes satisfying a hardware requirement for at least a subset of jobs in the queue. Each job indicates when it was submitted to the queue and one or more node resource requirements. A current availability score for each node class in a plurality of node classes is determined and nodes of a first node class in the plurality of node classes are reserved when a demand score for the class satisfies the current availability score for the first node class by a first threshold amount. Reserved nodes are permitted to draw jobs from the queue in accordance with satisfaction by such nodes of the node resource requirements of the jobs but are terminated, without completing the jobs, when the current availability score for their node class exceeds a second threshold amount.

Abstract: Methods and systems for providing secure digital access to services are described. Embodiments include user behavior tracking, learning, and updating one or more contextual access algorithms and thereafter can act as multi-factor authentications. The method may include receiving data for a group of users and initializing a machine learning algorithm with the group data. The method may also collect individual user data and context data periodically, including characteristic behavior data, and update the machine learning algorithm with the individual user data. The method may further calculate a threshold for tolerance based on the updated algorithm, and verify user requests for access to the service. A multi-factor authentication may be presented to the user when the verifications are not acceptable, such as by being below a threshold. A permissions data structure can be generated and used to control access to the service.

Abstract: A method may include retrieving, by one or more processors of an industrial automation component, one or more parameters from a configuration file stored in a memory of the industrial automation component and one or more additional parameters from a vendor certificate stored in the memory. The vendor certificate is cryptographically signed by an entity. The method may also include determining, by the processors, whether the parameters from the configuration file match the additional parameters from the vendor certificate, and in response to determining that the parameters from the configuration file do not match the additional parameters from the vendor certificate, transmitting, by the processors, an indication that the industrial automation component is an unauthorized component to a display device for display, disabling the industrial automation component, or both.

Abstract: A plurality of hierarchy information management devices include a first hierarchy information management unit managing first hierarchy information in which information on instruments is represented in a hierarchy structure, and each hierarchy information management device manages the first hierarchy information of a different one of the instruments.

Abstract: A random number generation system may generate one or more random numbers based on the repeated programming of a memory, such as a flash memory. As an example, a control system may repeatedly store a sequence to a block of flash memory to force a plurality of cells into a random state such that, at any given instant, the values in the cells may be random. The control system may identify which of the cells contain random values and then generate based on the identified values a number that is truly random.

Abstract: Systems for providing an integrated user interface and/or authenticating a user or a device are disclosed. A system for providing an integrated user interface includes a central control server having a user interface engine and a backend application programming interface engine, a user device communicatively coupled to the central control server that is configured to provide a user interface, and a plurality of backend servers communicatively coupled to the central control server. The backend application programming interface engine generates and supplies application programming interfaces to the backend servers, the application programming interfaces including programming instructions thereon that direct a corresponding one of the plurality of backend servers to provide data to the central control server.

Abstract: A method includes identifying a first user device potentially associated with a biohazard and identifying a geographic area associated with the biohazard based on previous location information of the first user device. The method further includes identifying a another user device potentially associated with the biohazard based on the geographic area associated with the biohazard and previous location information of the other user device. The method further includes issuing a safety notification to the other user device, where the safety notification includes one or more of the geographic area associated with the biohazard, a safety status request, a safety status level of the first user device, a subset of the previous location information of the first user device, and a subset of the previous location information of the other user device.

Abstract: Aspects of the technology described herein provide for controlled access to a secure computing resource. A first device may receive a child token from a second device having a parent token. The child token may grant the first device access to a subset of data accessible to the second device. Based on a degree of physical proximity between the first device and a third device associated with a user satisfying a threshold proximity, an indication of a user identifier for the user may be received from the third device. A request for access to a secure computing resource associated with the user may be sent to the second device. The request may include the indication of the user identifier and an indication of the secure computing resource. Access to the secure computing resource may be granted based on the child token and the indication of the identifier.

Abstract: A method for shared aeronautical object management includes receiving, from an owner flight application at a server, a share command for an aeronautical object, and flagging the aeronautical object as a shared object. The method further includes transmitting, to a first recipient flight application, the first shared object, receiving an update to the shared object, and transmitting, responsive to receiving the update, the update to the first recipient flight application based on the first recipient flight application being connected to the server when the first update is received. The method further includes receiving a shared object changed version command from the second recipient flight application, and transmitting, responsive to receiving the shared object changed version command, the update to the second recipient flight application.

Abstract: A method, computer program product and a user equipment (UE) are provided for assisting a user equipment (UE) in selecting a network function. A first message is received from the UE. The first message includes UE request capabilities. A second message is sent to the UE. The second message includes an indication that promotes the UE attempting to connect to a particular Public Land Mobile Network (PLMN) using a network function belonging to the particular PLMN.

Abstract: Multi-tenant cloud-based firewall systems and methods are described. The firewall systems and methods can operate overlaid with existing branch office firewalls or routers as well as eliminate the need for physical firewalls. The firewall systems and methods can protect users at user level control, regardless of location, device, etc., over all ports and protocols (not only ports 80/443) while providing administrators a single unified policy for Internet access and integrated reporting and visibility. The firewall systems and methods can eliminate dedicated hardware at user locations, providing a software-based cloud solution.

Abstract: Techniques for generated regular expressions are disclosed. In some embodiments, a regular expression generator may receive input data comprising one or more character sequences. The regular expression generator may convert character sequences into a sets of regular expression codes and/or span data structures. The regular expression generator may identify a longest common subsequence shared by the sets of regular expression codes and/or spans, and may generate a regular expression based upon the longest common subsequence. Alignment of span data structures may be performed when generating the regular expression.

Abstract: Observing and/or monitoring a computer network that includes a plurality of nodes may involve detecting one or more data flows, or communications, between two or more nodes of the computer network. The data flow(s) may be associated with a user of the computer network. The user may be an individual person, an entity, and/or a software application. A characteristic of the data flow and the user may be determined and these characteristics may be used to determine a level of security risk caused by the data flow in the network. Then, when the level of security risk is above a risk threshold, an alert may be communicated to an operator of the computer network. The alert may be, for example, a message (e.g., email, SMS text message, etc.) and/or display of an icon, or an aspect (e.g., size, color, and/or location) of an icon provided on a graphical user interface (GUI).

Abstract: A computing device supports the use of multiple different authenticators for a user to unlock his or her computing device and access his or her user account. An authenticator refers to something that the user knows or has that can be compared to known authentication data in order to authenticate the user. In one or more embodiments, the behavior of the computing device varies for different authenticators by displaying user-selectable content in different visibility modes based on which authenticator is used to authenticate the user. In one content visibility mode content is fully visible on the computing device display screen, whereas in another content visibility mode content visibility on the computing device display screen is reduced. Additionally or alternatively, the behavior of the computing device varies for different authenticators by using different authenticators for different contexts of the computing device.

Abstract: A terminal configuration server is configured to save a manufacturer identifier in a terminal database, in association with a merchant identifier. The manufacturer identifier identifies a terminal. The terminal configuration server is configured to transmit the merchant identifier to a communications device via a communications network, and to receive from the communications device via the communications network, a terminal identifier request that includes the manufacturer identifier and the merchant identifier. The terminal configuration server is configured to verify that the manufacturer identifier, included in the terminal identifier request, is associated with the merchant identifier in the terminal database, and to download a payload to the terminal via the communications device after verifying the manufacturer identifier.

Abstract: A control method executed by a computer, the method includes receiving a program to identifiably display an authentication screen of a service transmitted from an authenticator in response to a reception of a first authentication request from a browser included in a terminal device to the authenticator, the browser displaying the authentication screen at the terminal device, and transmitting the received program to the terminal device.

Abstract: Systems and methods include intercepting traffic on a mobile device based on a set of rules; determining whether a connection associated with the traffic is allowed based on a local map associated with an application; responsive to the connection being allowed or blocked based on the local map, one of forwarding the traffic associated with the connection when allowed and generating a block of the connection at the mobile device when blocked; and, responsive to the connection not having an entry in the local map, forwarding a request for the connection to a cloud-based system for processing therein. The cloud-based system is configured to allow or block the connection based on the connection not having an entry in the local map.

Abstract: Several methods may be used to exploit the natural physical variations of sensors, to generate cryptographic physically unclonable functions (PUF) that may strengthen the cybersecurity of microelectronic systems. One method comprises extracting a stream of bits from the calibration table of each sensor to generate reference patterns, called PUF challenges, which can be stored in secure servers. The authentication of the sensor is positive when the data streams that are generated on demand, called PUF responses, match the challenges. To prevent a malicious party from generating responses, instructions may be added as part of the PUF challenges to define which parts of the calibration tables are to be used for response generation. Another method is based on differential sensors, one of them having the calibration module disconnected. The response to a physical or chemical signal of such a sensor may then be used to authenticate a specific pair of sensors.

Abstract: A method for performing service authorization for private networks based on an enhanced PLMN identifier. The method includes receiving an attach request from a user equipment device (UE) via a private network, where the attach request includes an international mobile subscriber identity value (IMSI). The method further includes determining, based on the IMSI, an organization identifier and a token associated with the private network, where the token is included in an enhanced PLMN for granting the UE access to resources in the private network. The method further includes sending the token to the UE and a network proxy within the private network.

Abstract: Techniques for using a trip flag to detect desynchronization of trip counter values in a vehicle system. Techniques include a first electronic control unit (ECU) receiving a synchronization message including a trip counter and receiving a message from a second ECU including a trip flag. The trip flag includes a single bit of data generated by the second ECU. The first ECU compares the trip flag to a last bit of the trip counter stored at the first electronic control unit and processes the message in response to the trip flag matching the trip counter. The first ECU compares the trip counter to a previous trip counter based on the trip flag differing from the trip counter. The first ECU processes the message using the previous trip counter or increments the trip counter to process the message based on the comparison with the previous trip counter.

Abstract: A company may authorize a 3rd party to send emails on behalf of the company's domain. The emails are sent by the 3rd party, but the “From” portion of the email header is populated with the company's email address/domain. Methods are disclosed that, in some embodiments, enable email authentication (e.g. SPF record checks and/or DKIM verification) for emails sent by the 3rd party on behalf of a company's domain. In some embodiments, a trusted entity is enlisted to communicate with the 3rd party and the company. The trusted entity has the proper permissions to request changes in the DNS records of the company. The trusted entity receives the request from the 3rd party to add email authentication information to the DNS record. The trusted entity confirms that the 3rd party is authorized by the company and then adds the information to the DNS record.

Abstract: An illustrative method includes a data protection system determining an encryption indicator for a first recovery dataset associated with a storage system, the encryption indicator representative of a likelihood that a threshold amount of data associated with the first recovery dataset is encrypted; and performing, based on the encryption indicator for the first recovery dataset, an action with respect to a second recovery dataset associated with the storage system.

Abstract: Disclosed are examples for providing functions to receive a media file to be stored in a media repository. In the examples, a location in the media repository may be assigned to the media file. A media file address in a blockchain platform may be assigned to the media file. Metadata including the assigned location in the media repository and the assigned media file address in the blockchain platform may be added to the media file. A media file hash value may be generated by applying a hash function to the media file including the metadata. The media file hash value may be included in a message and uploaded to the assigned media file address in the blockchain platform as a transaction in the blockchain. An indication that the media file is uploaded to the media repository may be delivered to a subscriber device from which the media file was received.

Abstract: A secure device operating with a secure tamper-resistant platform including a tamper-resistant hardware platform and a virtual primary platform operating with a low level operating system performing an abstraction of resources of the hardware platform, and a secondary platform with a high level operating system providing a further abstraction of resources to applications in which respective internal hosts are embedded, the secure device including an internal host domain including the internal hosts, the secure device including a plurality of physical and/or logical input/output interfaces through which external hosts can access the internal hosts, the virtual primary platform being configured to set interactions between the external hosts and the internal hosts, wherein the internal host domain includes a further set of virtual hosts each configured to operate as a proxy between an input/output interface and an application, each input/output interface being configured to address only one among the virtual hos

Abstract: A method for issuing authentication information is provided. The method includes steps of: (a) a managing server, if identification information of a specific user is acquired from a user device in response to a request for issuing the authentication information and the identification information is determined to be registered, creating a transaction whose output includes: (i) the specific user's public key and (ii) a hash value of the identification information or its processed value to thereby record or support other device to record it on a blockchain; and (b) the managing server acquiring a transaction ID representing location information of the transaction recorded on the blockchain.

Abstract: Systems, apparatuses, and methods are described for a privacy blocking device configured to prevent receipt, by a listening device, of video and/or audio data until a trigger occurs. A blocker may be configured to prevent receipt of video and/or audio data by one or more microphones and/or one or more cameras of a listening device. The blocker may use the one or more microphones, the one or more cameras, and/or one or more second microphones and/or one or more second cameras to monitor for a trigger. The blocker may process the data. Upon detecting the trigger, the blocker may transmit data to the listening device. For example, the blocker may transmit all or a part of a spoken phrase to the listening device.

Abstract: The present disclosure describes systems and method for performing a vulnerabilities assessment of an organization. A campaign controller executes one or more simulated phishing campaigns directed to a plurality of users of an organization, using a plurality of models determined by the campaign controller based at least on identification of the organization. The campaign controller stores to a database the results of execution of the one or more simulated phishing campaigns and based on the results, the campaign controller determines one or more vulnerabilities to phishing for the organization. In one embodiment, the campaign controller determines a percentage of the plurality of users of the organization that are phish-prone. In some embodiments, the users of the organization that are phish-prone interacted with a link of a simulated phishing communication.

Abstract: Embodiments of the disclosure provide a mechanism for performing a biometric algorithm on ear biometric data acquired from a user. The mechanism may be used for biometric authentication, or in-ear detect, for example. In one embodiment, a method is provided in which a quality metric of an input signal to a transducer and/or a signal on a return path from the transducer is monitored. One or more steps of a biometric process, comprising monitoring of a parameter related to an admittance of the transducer, comparison of the parameter to a stored profile for an authorised user, generation of a score based on the comparison, comparison of the score to one or more threshold values, and initiation of one or more actions, may be performed responsive to the quality metric meeting one or more criteria.

Abstract: A storage device including: a bridge board to receive a first command; an authenticator to receive user information; and a memory device to receive the first command from the bridge board, the memory device includes a memory controller which determines a status of the memory device, provides status information including the determined status of the memory device to the bridge board, determines the status of the memory device as an unlocked status or a locked status, the bridge board includes a transceiver which communicates with the host through an interface, a register which stores interface information, and a bridge board controller which generates a first response to the first command in a format corresponding to the interface using the interface information, and provides the first response to a host, the first response includes a status bit which inhibits or allows a write operation with respect to the memory device.

Abstract: An adjunct processor dynamically determines, on a per-command basis, whether commands obtained by the adjunct processor are to be processed by the adjunct processor. The adjunct processor obtains a command request of a requester. The command request includes at least one filtering indicator indicating at least one valid command type for processing by the adjunct processor for the requester. The adjunct processor determines using the at least one filtering indicator whether a command of the command request is valid for processing by the adjunct processor for the requester. Based on determining that the command is valid for processing by the adjunct processor, the command is processed by the adjunct processor.

Abstract: Various example embodiments of a reliable firewall are presented herein. Various example embodiments of a reliable firewall may be configured to provide a single, stateful firewall spanning multiple routers. Various example embodiments of a reliable firewall spanning multiple routers may be configured to provide a reliable firewall configured to protect high-availability network services, network services using multipath routing, or the like, as well as various combinations thereof. Various example embodiments of a reliable firewall spanning multiple routers may be configured to provide a reliable firewall by supporting synchronization of firewall synchronization information (e.g., firewall policy information, firewall session state information, or the like, as well as various combinations thereof) across the multiple routers.

Abstract: A method and a device for canceling an uplink transmission are provided. The method includes: when receiving an uplink transmission cancelation indication, determining a first starting time, where the first starting time is a starting time of a reference time region; and determining, based on the first starting time, a target time region for canceling the uplink transmission.

Abstract: A retail environment having retail terminals with data entry point devices selectively encrypts input received by the data entry point devices and passes the encrypted data to a security module. The selective encryption is based on whether or not sensitive or confidential information, such as a personal identification number (PIN) associated with a debit card, is being input. To prevent hacking of the software of the retail terminal, content destined for display on the retail terminal is authenticated prior to display. In this manner, the retail terminal may be assured that confidential information is input only when desired, and thus may be encrypted only as needed.

Abstract: In an approach for an access control system, a processor verifies an identity of a user in specified time intervals based on a first device associated with the user. A processor sends a validation token to a cloud-based system and updates a record associated with the user in the cloud-based system. A processor, in response to an attempt to access a secure area, transmits the validation token to a second device. A processor verifies the validation token by the second device with the cloud-based system.

Abstract: A payment system for a transaction between a user and a merchant includes establishing user account and merchant accounts with an mCreds processing agent, loading consumer credit into a consumer account of a user computing device associated with a permanent identifier, identifying a desired transaction by the user on a computer server; accessing a merchant account, authenticating the user by comparing a provided user credential provided by the user with the user credential present in the database, authenticating the user computing device by comparing a provided user device identifier with the permanent user device identifier present in the database, and processing a debit to the user mCreds account and a credit to the merchant mobile credit account.

Abstract: A method for secure proxying using trusted execution environment (TEE) technology includes performing, using a TEE running on a proxy, an attestation with a TEE running on a client. The TEE running on the proxy receives from the TEE running on the client a request to fetch data from a remote server. The TEE running on the proxy fetches the data specified in the request from the remote server. The TEE running on the proxy forwards to the TEE running on the client the data fetched from the remote server.

Abstract: A service system includes a server that provides a service as a cloud service, and a device that receives the service, wherein a terminal device that is operated by a contract administrator sends identification information of the contract administrator and information related to a contract of the service, to the server, and wherein the server includes a user information storage unit that specifies a role associated with the identification information of the contract administrator, a communication unit that receives the identification information of the contract administrator and the information related to the contract, and an information registration unit that registers the identification information of the contract administrator, contract identification information generated based on the contract, and an operation privilege related to the contract based on the role specified in the user information storage unit, in association with each other, in a contract operation privilege information storage.

Abstract: Embodiments concern a dynamic authorization framework. Security Classification Process (SCP) is the process of classifying raw data, information extracted from raw data, content or code from security-value perspective. Security Achievability Determination Process (SADP) is a process based on a SV/SC that has been assigned, the RHE may determine the Security Requirements and how the security requirements may be achieved. During the Security Achievability Listing Process (SALP), the RHE uploads onto the Resource Listing Entity (RLE) the URI of the resource, the SAM associated with the resource and optionally a digital certificate associated with the resource. During the SAM Assessment Process (SAMAP) process, a Client evaluates the security mechanisms that must be carried out in order to meet the SAM that was provided as part of the Discovery Process (DP). Based on the SAM obtained from the RLE, the Client may initiate a Security Achievability Enabling Process (SAEP).

Abstract: This disclosure describes techniques for determining whether a transaction may be finalized with a user that exits a facility. To do so, the inventory management system may first determine whether the inventory management is to resolve any events prior to finalizing the transaction. In some instances, the inventory management system may refrain from finalizing a transaction with a user that exits the facility if the user is associated with a low-confidence result/event, if the user remains a candidate user for an unresolved event, or if a global-blocking event is in place at the time of the user's exit. In some instances, meanwhile, the transaction with a user may be finalized upon the user's exit of the facility if the user is associated with high-confidence events/results, is not associated with any low-confidence events/results, is not a candidate user for an unresolved event, and if no global-blocking event is in place at the time of exit.

Abstract: A speech interface device is configured to receive response data from a remote speech processing system for responding to user speech. This response data may be enhanced with information such as a remote ASR result(s) and a remote NLU result(s). The response data from the remote speech processing system may include one or more cacheable status indicators associated with the NLU result(s) and/or remote directive data, which indicate whether the remote NLU result(s) and/or the remote directive data are individually cacheable. A caching component of the speech interface device allows for caching at least some of this cacheable remote speech processing information, and using the cached information locally on the speech interface device when responding to user speech in the future. This allows for responding to user speech, even when the speech interface device is unable to communicate with a remote speech processing system over a wide area network.

Abstract: A method for protecting information from databases includes a web application firewall and a database activity monitor. According to one aspect, a web gateway receives a request from a client device and provides the request to an application server to query a database. The web gateway receives sensitive data information describing requested data output by the database. The sensitive data information may include, for example, hints for detecting a type or structure of sensitive data output by the database. Additionally, the web gateway receives response data from the application server. The web gateway identifies sensitive data within the response data based on the sensitive data information. The web gateway protects the sensitive data to be provided to the client device using one or more data protection operations, which may include alerts, blocking policies, masking, or anomaly detection using machine learning algorithms.

Abstract: Disclosed herein are exemplary systems and methods for garbage collection and/or deletion in a document database. The methods may include, for each change in a first change set, determining whether a first characteristic of the change is superseded by a second characteristic of a corresponding change in a second change set. The change of the first change set and the change of the second change set can pertain to a document attribute. The method may include determining whether the first change set is redundant with the second change set if each change of the first change set is superseded by a corresponding change of the second change set, and eliminating the first change set from the document database when the first change set is redundant with second change set.

Abstract: Systems and methods associated with sharing encrypted account details with a trusted party are disclosed. In one embodiment, an exemplary method may comprise hosting an online service accessed by a plurality of user accounts each configured for concurrent access sessions, establishing a first authenticated access session for a first user account between the online service and a first device associated with a first user, receiving a login request associated with the first user account to establish a second authenticated access session between the online service and a second device associated with a second user, transmitting, to the first device, a notification of the login request including a GUI element and a request to authenticate the login request, and establishing the second authenticated access session between the online service and the second device of the second user based on authentication of the second user via the GUI element.

Abstract: A logic circuitry package for a replaceable print apparatus component comprises an interface to communicate with a print apparatus logic circuit, and at least one logic circuit. The logic circuit may be configured to identify, from a command stream received from the print apparatus, parameters including a class parameter, and/or identify, from the command stream, a read request, and output, via the interface, a count value in response to a read request, the count value based on identified received parameters.

Abstract: An authorization level is set at enrollment. The authorization level can be determined based on user identity and a class of authentication. The class of authentication can be associated with strength of authentication related to a channel employed to enroll a user for access to products or services. Authorization level can also be determined based on initiation information regarding the user, a device of the user, or both. Access to the products or services can be selectively controlled based on the authorization level.

Abstract: Systems and methods for detecting the presence of a body in a network without fiducial elements, using signal absorption, and signal forward and reflected backscatter of radio frequency (RF) waves caused by the presence of a biological mass in a communications network.