Abstract: A system for assisted expanded search can have a server, receiving from a user, a user search request to access semi-private data, and a controlled access non-transient memory storing at least the semi-private data. An expanded search engine can implement at least one algorithm to analyze semi-private metadata and semi-private correlated metadata related to the semi-private data to determine a primary response and an expanded response to the user search request. The system can also include a display providing the user with the primary response and the expanded response.

Abstract: A system for hosting a virtual environment-to-virtual environment interaction session receives a request to grant access to a particular location in a host virtual environment. The request includes avatar information associated with a first avatar in a first virtual environment. The system generates a software token that uniquely identifies the particular location in the host virtual environment. The system communicates the software token to a computing device associated with a first virtual environment. The system detects that the first avatar presents the software token to gain access to the particular location in the host virtual environment. The system determines that the software token is valid. The system hosts an interaction session between the first avatar and a second avatar associated with the host virtual environment in the particular location of the host virtual environment.

Abstract: Disclosed herein are systems and method for monitoring software items using a generated contract, the method including: transmitting a quote for viewing on a computing device associated with a first person, wherein the quote includes a list of software items included in a transaction; in response to receiving an approval of the quote by the first person, generating a contract governing the transaction by: extracting the list of software items from the quote; retrieving software item information for each of the list of software items; determining, based on the software item information and for inclusion in the contract, usage conditions that the first person has to comply with to access software items in the list of software items; and monitoring compliance with the usage conditions using the contract; and in response to detecting non-compliance, blocking access to a corresponding software item in the list of software items.

Abstract: A method for the access management of a wind turbine controller of a wind turbine with an operating software. The method comprises receiving a user identification with one of several user interfaces and assigning the user identification or a portion of the user identification to an access group. One or several authorization groups of an overall number of authorization groups is allocated to the access group, and one or several output value storage locations and/or input value storage locations are allocated to each authorization group. The method further encompasses allowing an access from the user interface to all output value storage locations and/or input value storage locations that are allocated to the assigned access group via the authorization groups. The disclosure further relates to a computer product, a wind turbine controller, and a wind turbine with a wind turbine controller.

Abstract: A biometric identification system may store biometric data for later assessment. Data storage parameters, such as cryptographic keys used to encrypt and decrypt the biometric data, may be determined based on the biometric data. In one implementation, the biometric data comprises embedding data in an embedding space. During enrollment and storage, the embedding data is assessed to determine nearest anchor data in the embedding space. Cryptographic parameters, such as an encryption key, are determined based on “k” anchor data that are within a threshold distance of the embedding data in the embedding space. During query, query embedding data is similarly processed to determine cryptographic parameters, such as a decryption key. The decryption key may then be used to attempt decryption of the encrypted at-rest biometric data. If successful, the decrypted biometric data may then be compared to the query embedding to assert an identity.

Abstract: Mechanisms are provided for dispatching requests to service instances based on data storage boundaries. A request specifying an identity is received and dispatched to a service instance of a data storage boundary, where each data storage boundary is defined by a regulation or policy restricting data storage of specific types of data to computing devices within a specified boundary. A feedback response, specifying a target location, is received from the service instance in response to determining that the service instance cannot access the data because the data is associated with a different data storage boundary. A dynamic dispatch rule specifying the identity and the target location is generated and a subsequent request specifying the identity is processed by executing this dynamic dispatch rule to dispatch the subsequent request directly to a service instance associated with the target location.

Abstract: Systems, methods, and apparatuses for providing a central location to manage permissions provided to third-parties and devices to access and use user data and to manage accounts at multiple entities. A central portal may allow a user to manage all access to account data and personal information as well as usability and functionality of accounts. The user need not log into multiple third-party systems or customer devices to manage previously provided access to the information, provision new access to the information, and to manage financial or other accounts. A user is able to have user data and third-party accounts of the user deleted from devices, applications, and third-party systems via a central portal. The user is able to impose restrictions on how user data is used by devices, applications, and third-party systems, and control such features as recurring payments and use of rewards, via a central portal.

Abstract: A system for validating a response based on context information receives a first message that indicates that a data object is removed from a memory resource via a third party device without authorization by a user. The system communicates a second response that indicates whether a third party confirms the removal of the data object without the authorization by the user to the third party device. The system receives a response from the third party device. The system extracts context information from the response. The system determines whether the response is valid based on the context information. In response to determining that the response is valid, the system recommends one or more actions to be performed with respect to the memory resource.

Abstract: Aspects of the disclosure relate to enhancing hybrid traditional neural networks with liquid neural networks for cyber security and offense protection. A computing platform may receive a request to access enterprise organization data. The computing platform may compare the current request to previous requests to determine whether a similar request was previously processed. If a similar request was not previously processed, the computing platform may flag the request as a threat and may analyze the request. The computing platform may extract data from the request and may use the extracted data to generate rules, threat detection algorithms, and training models. The computing platform may use the rules, threat detection algorithms, and training models to train a deep learning neural network to identify and handle threats to an enterprise organization.

Abstract: Some implementations of the disclosure describe a method, comprising: obtaining, at a computing device, a document image file; generating, at the computing device, using a first trained model, a first prediction including a first location of a sensitive information pattern within the document image file that contains a sensitive element and an identification of the sensitive element; generating, at the computing device, using a second trained model, a second prediction including a second location of a first sensitive sequence of characters within the document image file; determining, at the computing device, that the second location is within the first location; and after determining that the second location is within the first location, generating, at the computing device, an output including the second location or a redaction of the first sensitive sequence of characters within the document image file.

Abstract: A file system protection technology, which can be applied to an auxiliary storage device, and an apparatus and method for protecting a file system in a manner of blocking or warning, in advance, about an access to a file system or a change of the file system and identifying permission of a user as necessary re disclosed. A control device (60) is connected to a host interface (30), a data storage device (40), and a user input device (50) to control an operation mode of the auxiliary storage device or manage and protect a file system object to be protected, according to a user command.

Abstract: A system for system for dynamic card identifier based transactions is disclosed. The system may receive a transaction authentication request. The system may generate a first dynamic card identifier (DCID) in response to the transaction authentication request. The system may authenticate a transaction based on the first DCID. The system may execute the transaction in response to the authenticating. In various embodiments, the system may generate a second DCID in response to executing the transaction.

Abstract: Methods and systems for access control to online resources based on non-fungible token gating. A request from a user device may trigger an access control rule having a token-based condition. The system verifies satisfaction of the token-based condition based on a wallet address provided by the user device and blockchain data obtained from a first blockchain network confirming that a non-fungible token meeting the token-based condition is associated with the wallet address. It then obtains data associated with a second blockchain network based on the non-fungible token and, in response, determines, based on the data associated with the second blockchain network, that the non-fungible token is not exhausted due to previous use of the non-fungible token. The system then processes the request from the user device and causes minting of a token on the second blockchain recording usage of the non-fungible token in an access control operation.

Abstract: Techniques are taught for detecting threats to data by monitoring encryption key activity. The disclosed techniques include methods and systems for collecting and analyzing encryption key activity, relating this activity to object data and comparing it against a defined policy. They also include reporting policy violations in the form of notifications and alerts. Distributed implementations of the present techniques deploy various modules and services at remote/local as well as global/central sites. When network connectivity between a remote site and a central site is unreliable, a local policy engine and a local activity analyzer service monitor key activity at the remote site and detect policy violations. When network connectivity is restored, they synchronize with their global counterparts.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for secure communications in a digital engineering ecosystem. In some implementations, a digital platform receives a request from a user device to interact with a digital model. The digital platform determines whether a user operating the user device is authorized. In response to determining the user is authorized to access the digital platform, the digital platform generates a token that provides the user with access to the digital platform. The digital platform determines whether the request includes malicious activity. In response to determining that the request is absent of the malicious activity, the digital platform executes a digital thread that executes one or more operations using digital tools and the digital model. The digital platform provides data indicative of the one or more operations executing the digital thread to the user device.

Abstract: Methods, systems, and computer program products for data processing utilizing an asynchronous communication repository. Instructions are received at a first event publisher to publish a first dataset. The instructions include a directive to retrieve a second dataset published by a second event publisher, a directive to determine a first metadata structure including attributes describing the first dataset, and a directive to send the first metadata structure to an asynchronous communication repository for storage. A second metadata structure describing the second dataset is received at the first event publisher from the asynchronous communication repository using an asynchronous communication protocol. The second dataset is retrieved at the first event publisher from the second event publisher. The first dataset is generated based on the second dataset. The first metadata structure is determined based on the first dataset.

Abstract: A decentralized node may generate a network of decentralized nodes individually configured to store, receive, and transmit data based on rules associated with the decentralized nodes. A decentralized node may associate a decentralized identity of an entity with a select decentralized node of the decentralized nodes. A decentralized node may present a user interface including one or more access controls at a edge device, the access controls configuring rules to be applied to third-party access and modification of decentralized identity data associated within the decentralized identity of the entity and stored at the selected decentralized node. A decentralized node may identify the decentralized identity data accessible to the select decentralized node based on the rules. A decentralized node may store the decentralized identity data within the decentralized identity associated with the entity at the select decentralized node.

Abstract: A method is disclosed. In the method, a data generation process can continuously generate data in real time. The data generation process can store the data into discrete data blocks. An analyzer process can run analytical queries on the data from the data blocks. After the analytics is complete for different data blocks, data can be removed from the respective data blocks. The empty data blocks can be returned back to the generation process for reuse. The data blocks can be shared resources between the generation and the analyzer processes. The data can be stored in a directly queryable format. Though at any given time a given analytical query can run on a single data block, the analyzer process can preserve certain important records from that data block to be used while analyzing subsequent data blocks at a later time.

Abstract: A computer-implemented method, system and computer program product for improving accuracy and efficiency of auditing databases. A table, list or index of a database is analyzed to identify metadata, which includes time series data, user data, an Internet Protocol address and operation data. The identified metadata is associated with the corresponding record or row of the table, list or index from which the metadata was extracted. A determination is then made as to whether to record a raw data image associated with the record or row of the analyzed table, list or index based on the corresponding data operation. The identified metadata as well as the recorded data images, if any, are stored in a structured audit log. Auditing information is then obtained from a structured audit log based on matching the record or row identifier (RID) associated with the query with the RID associated with the structured audit log.

Abstract: The present invention relates to a highly flexible, scalable multi-blockchain, hierarchical data-sharing and data-storing system, at least comprising a third-party blockchain system, a data-sharing blockchain system, and an application-layer client, wherein the data-sharing blockchain system performs data aggregation and hierarchical storage on shared data uploaded by the third-party blockchain system through accessing the data-sharing blockchain system, so as to allow the application-layer client to require the shared data from the data-sharing blockchain system. The disclosure herein creates a single reliable data-sharing blockchain apparatus based on blockchain systems, so as to facilitate aggregation of data coming from different blockchain systems, reduce node complexity and block data redundancy when data are acquired from multiple parties, and define different sharing rules for different data contents, thereby being adaptive to scenarios where data are shared among parties.

Abstract: In some examples, a method comprises determining, at an electronic device having a first component of a first component type, a unique identifier associated with the first component. In some examples, in accordance with a determination that the unique identifier does not match the expected identifier of the component of the first component type in the electronic device, determining that the first component associated with the unique identifier satisfies one or more eligibility criteria. In some examples, in accordance with the determination that the first component associated with the unique identifier satisfies the one or more eligibility criteria, authenticating an association of the first component with the electronic device, including updating an installation counter associated with the first component, and updating the expected identifier for the component of the first type based on the unique identifier of the first component.

Abstract: Securing a file against user actions in a computer network includes processing a request for a file-directed action that identifies a user, a file, and a mode of file access. Generating a mediated covenant of association that defines constraints of the user action and is produced by node-by-node informatic convolution of a hierarchy of informational nodes present in profiles of the user, the file and the mode. Enforcing securing of the user actions with a computer security event-specific model based on an instance of trust derived from the covenant of association.

Abstract: An autonomous distributed wise area network (AD-WAN) includes several nodes, where each node connects a local area network to an open wide area network, and provides tunnels over the open wide area network to other nodes in the AD-WAN so that computing resources behind each node can communicate as if they were located on a common intranet. Each node has a blockchain wallet and receives updates to a private permissioned blockchain ledger for that AD-WAN. The updates are provided by a control node. Set up, and subsequent change to the AD-WAN are commenced via a customer portal which provides order information to the control node, where the control node processes the order information and generates a blockchain update that informs the affected nodes in the AD-WAN as to what changes are to be made. As a result, the blockchain provides both control plane and order management operation of the AD-WAN.

Abstract: A container corresponding to executable code may be received. In response to receiving the container, a container manager resident in a memory of a computation environment may be executed to verify the container. The container manager may be verified by a boot loader of the computation environment. Permissions of the container to access the resources of a computation environment may be determined after the verification of the container by the container manager. Access to one or more resources of the computation environment may be provided by transferring control to the one or more resources from the container manager to the container based on the permissions of the container for the resources of the computation environment.

Abstract: Systems and methods for content customization are provided. One aspect of the systems and methods includes receiving dynamic characteristics for a plurality of users, wherein the dynamic characteristics include interactions between the plurality of users and a digital content channel; clustering the plurality of users in a plurality of segments based on the dynamic characteristics using a machine learning model; assigning a user to a segment of the plurality of segments based on static characteristics of the user; and providing customized digital content for the user based on the segment.

Abstract: Search management systems and methods that cryptographically-secure search indices, search queries, and associated document records while in-use by cloud-based search software without requiring modification to the cloud-based search core software. The search proxy resides between a cloud-based vendor application and the cloud-based search software. The search proxy uses key-based deterministic cryptographic tokenization to irreversibly cryptographically-secure plaintext words from document records for indexing and plaintext keywords from search queries for search and retrieval. The search proxy separately uses key-based encryption on the document record's pre-tokenized plaintext words, adding the encrypted data as a separate field to the document record. This encrypted field is stored as part of the document by the search service.

Abstract: Unclonable function circuitry includes a plurality of pairs of phase-change memory cells in a virgin state, and sensing circuitry coupled to the plurality of pairs of phase-change memory cells in the virgin state. The sensing circuitry identifies a subset of the plurality of pairs of phase-change memory cells in the virgin state based on a reliability mask. Signs of differences of effective resistance values of the identified subset of the plurality of pairs of phase-change memory cells in the virgin state are sensed by the sensing circuitry. The sensing circuitry generates a string of bits based on the sensed signs of differences in the effective resistance values of the identified subset of the plurality of pairs of phase-change memory cells in the virgin state. Processing circuitry coupled to the unclonable function circuitry, in operation, executes one or more operations using the generated string of bits.

Abstract: Described herein are approaches for generating a new queue based on an existing queue. This may include receiving a request to transfer the existing queue from a first device to a second device. A set of move criteria may be evaluated using a playback context, a user profile, a configuration associated with the second device, and/or a level of access constraints. Depending on the results of the evaluation, the existing queue may be completely reformulated to define the new queue. The second device may then be instructed to play the new queue.

Abstract: Systems and methods are described herein for assessing the device posture of user devices requesting access to a managed resource and for determining a confidence level in the device's posture. In an example, a user device can request a managed resource. A server can receive the request and retrieve an associated access policy. The access policy can include policy attributes to use for assessing the user device's device posture. The server can calculate a device attribute score for each policy attribute. The server can also calculate a confidence score for each device attribute score that measures the confidence level in the device attribute score. Using the two scores, the server can calculate a device posture score. Access to the resource can be granted or denied based on whether the device posture score exceeds a threshold score designated in the access policy.

Abstract: A method for performing an address translation context switch includes initializing a computer processor to a first context by storing information identifying the first context in a control register of the computer processor. The first context specifies a mapping of virtual addresses of instructions to physical memory addresses in a first memory area. Information identifying a second context is stored in a memory address translation independent storage, where the second context specifies mapping of virtual addresses of instructions to physical memory addresses in a second memory area. The information identifying the second context is written to the control register of the computer processor.

Abstract: A method is described for the release of use of functions of at least one local data receiving unit (1) for a user by means of a central data processing unit (7) and the at least one selected local data receiving unit (1). The local data receiving unit (1) is configured to receive an encrypted release dataset from a user and to release use if at least one security feature contained in the release dataset in each case matches a corresponding release criterion stored in the local data receiving unit (1).

Abstract: Generally discussed herein are devices, systems, and methods for scan surface reduction in sensitive information scanning. A method can include receiving a document, determining, by an evidence checker, a keyword that indicates sensitive information of a sensitive information type, is present in the document, responsive to determining the keyword is present, determining, by a sensitive information scanner and based on a regular expression associated with the sensitive information type, that sensitive information is present in the document, and performing a sensitive information mitigation operation to mitigate the sensitive information.

Abstract: The present disclosure involves systems, software, and computer implemented methods for integrated data privacy services. An example method includes determining, by a data privacy integration service, a condition that indicates that all applications in a multiple-application landscape are to attempt a blocking operation on at least one object as part of a data privacy integration protocol. Blocking responder group configurations are identified that group applications in the multiple-application landscape into multiple blocking responder groups for performing blocking operations in response to requests from the data privacy integration service. A blocking command to perform a blocking operation on the at least one object is sent to applications in a first blocking responder group. Blocking statuses are received from each of the applications in the first blocking responder group and a determination is made as to whether all received blocking statuses indicate successful completion of the blocking command.

Abstract: In general, embodiments relate to a method for managing a network device, including receiving an incoming frame originating from a host, where the incoming frame includes IP address of the host and a payload specifying information associated with an external server. The further includes determining, using the IP address of the host and an IP address to segment identifier (ID) mapping, that the host is associated with a first segment, in response to the determining, forwarding the incoming frame towards a redirection server executing on the network device, where the first segment is associated with a first policy and where the first policy specifies that the incoming frame is to be forwarded to the redirection server.

Abstract: Various techniques described herein relate to analyzing and redacting information from customer interaction records such as call transcripts, to support transmission of the interaction records from a secured environment to various external analytics systems. Transcript texts may be received and processed by a redaction system, during which the transcript texts may be analyzed to generate conversations and convert numerical texts into numbers. One or more regular expressions defining search and replace patterns may be selected and used to redact confidential or sensitive information from the transcripts. In various implementations, the regular expressions used to redact transcripts may be determined or generated based on transcript categorization, the security characteristics of the transmission networks and/or external systems to which the redacted transcripts are to be transmitted, and/or other attributes of the transcript or the associated systems.

Abstract: Provided is a method, performed by an electronic device, of performing secure ranging with a target device. The method of performing secure ranging may include receiving a connection message for communication with the target device using a first communication method through a first communicator, transmitting, by a first applet in a secure element of the electronic device, a ranging session key for the target device to a second applet in the secure element, the ranging session key being stored in the first applet, receiving a ranging session request from the target device, based on the ranging session request, obtaining, by a second communicator, the ranging session key for the target device from the second applet, and by using the ranging session key, performing secure ranging using a second communication method with the target device through the second communicator.

Abstract: The disclosure relates to techniques for operating an imaging facility for preparing an imaging process. For each imaging process, at least one image dataset is reconstructed in a reconstruction step from raw data recorded in accordance with at least one recording protocol using a reconstruction facility with reconstruction software. For advance calculation of a duration for the reconstruction step, an input dataset comprising at least one protocol parameter of the recording protocol influencing the duration of the reconstruction step and at least one hardware parameter describing the hardware of the reconstruction facility and/or at least one software parameter describing the reconstruction software is compiled, and the duration is ascertained from the input dataset by way of a trained advance calculation function, which is trained by machine learning.

Abstract: The invention provides a consent management system for managing a user's consent for a plurality of services. The system includes a consent management unit adapted to register a plurality of services to a user and obtain user consent information associated with the user. The consent management unit is further adapted to control consent operation of the plurality of services registered to the user, based on user consent information associated with the user.

Abstract: A computerized-method for sensitive data redaction from screenshots, is provided herein. The computerized-method includes retrieving records of a sequence of screenshots from a database. Then, grouping the sequence-of-screenshots by one feature of one or more features to yield one or more groups. Each group includes screenshots having one common feature. Then, calculating a score for each pixel across all similar screenshots in each group. For each group of screenshots, blackening pixels in all screenshots having a score above a preconfigured threshold to yield data redacted screenshots. The score of each pixel above the preconfigured threshold indicates a high variance between screenshots in the group and a presence of sensitive data therein and then storing the data-redacted screenshots in a screenshots-database.

Abstract: Disclosed are methods and systems for orchestrating application use while preventing unauthorized data sharing. For instance, an orchestration management system may provide orchestration logic to a computing platform system hosting a virtual environment configured to run an application on behalf of a data owner computing device. Once the orchestration logic is loaded thereon, a public key to and a location of the virtual environment may be provided to an application owner's computing device. The orchestration logic may enable the application owner's computing device to access the virtual environment at the location to load the application into the virtual environment utilizing a first key combination including the public key and a matching private key. At least the private key may then be disabled by the orchestration logic to prevent subsequent access to the virtual environment by the application owner to guarantee no unauthorized data sharing.

Abstract: An image forming apparatus connected to a first post-processing machine that executes first post-processing on at least one of a plurality of sheets includes: an image forming device that forms an image on each of the sheet; and a controller that instructs, in response to an output of a target sheet that satisfies a specific condition from the image forming section, the first post-processing machine to execute the first post-processing on the target sheet and a stacked sheet among the sheets.

Abstract: A method, apparatus and computer readable storage to implement an automated system for video surveillance in a casino or other controlled environment. Players in the casino can be automatically scanned and analyzed for whether they are under the legal gambling age or not. When an underage gambler is detected, a casino security employee (or other casino personnel) is notified so they can take the appropriate action. Similarly, players who are excluded from the casino can also be automatically detected and would be ejected when detected.

Abstract: A transmission system includes a first touch device and a second touch device. The second touch device includes a transmission region and the transmission region forms an invisible barcode. The first touch device and the second touch device work together to operate in a touch mode or in an application mode. When the first touch device and the second touch device work together to operate in the application mode, the transmission region uses the invisible barcode to transmit a transmission signal to the first touch device to unlock the first touch device.

Abstract: Example methods are provided to identify unused memory regions in pages that are allocated for storing executable code. One or more of the unused memory regions are usable as a secure location to store confidential information shared between a hypervisor on the host and a guest (such as a guest virtual computing instance) that runs on the host. The one or more unused memory regions may also be used to store executable code (such as valid executable code of antivirus software or other security program) that has been prevented/delayed in its execution by malicious code that has occupied the pages, thereby providing the executable code with sufficient memory resources to enable the executable code to at least partially complete execution.

Abstract: Systems, program storage devices, and methods for improving data privacy/trust/anonymity/pseudonymity and data value, wherein data related to a Data Subject can be used and stored, while minimizing re-identification risk by unauthorized parties and enabling data related to the Data Subject to be disclosed to an authorized party by granting access only to the data relevant to that authorized party's purpose, time, place, and/or other criterion via the obfuscation of specific data values. The techniques described herein maintain this level of privacy/trust/anonymity/pseudonymity, while empowering Data Subjects, e.g., consumers or customers of such authorized parties, by enabling protection of data at the desired level of engagement with various business entities. The techniques described herein also allow Data Controllers to perform General Data Protection Regulation (GDPR) and Schrems II-compliant (and surveillance-proof) data processing, via the functional separation of heterogeneous data (e.g.

Abstract: Aspects of the disclosure relate to preventing unauthorized screen capture activity. A computing platform may detect, via an infrared sensor associated with a computing device, an infrared signal from a second device attempting an unauthorized image capture of contents being displayed by a display device of the computing device. Subsequently, the computing platform may determine, via the computing platform, the contents being displayed by the display device. Then, the computing platform may retrieve a record of the contents being displayed by the display device. Then, the computing platform may determine a risk level associated with the infrared signal. Subsequently, the computing platform may perform, via the computing platform and based on the risk level, a remediation task to prevent the unauthorized image capture.

Abstract: Systems and methods for providing controlled access to a system by a user device include receiving, from a user device, a request including a current context. The method includes receiving a request for access to a computing resource, the request including a current context, the current context defining a user space and a resource space. The user device evaluates the current context against a security policy. The user device determines that the user device is permitted to access the computing resource based on the request in response to the evaluating the current context against the security policy. In response to determining that the user device is permitted to access the computing resource, accessing the computing resource as requested.

Abstract: A cloud-based system and method for encrypting media content is disclosed. The system comprises a key server microservice, for receiving control word requests and for generating encoded control words and a software encryption microservice, communicatively coupled to the key server microservices, the encryption microservice for receiving the media content, for generating the control word requests, for receiving the encoded control words, and for white-box encrypting the media content according to the generated encoded control words.

Abstract: Systems and methods described herein facilitate the management of personalized life information using a distributed ledger. For example, a distributed ledger system, such as one or more blockchains, may manage personalized life information of one or more individuals to, for example, determine an occurrence of a life event for a first individual based at least in part on personalized life information for the first individual, to access various types of personalized life information for the first individual in response to the determination of the occurrence of the life event for the first individual, and to provide a subset of the personalized life information data for the first individual to a user device associated with a second individual.

Abstract: An operating method for a media stream transmission key includes: detecting, by a media gateway, lifetime status information of a media stream transmission key; and when the media gateway determines that a lifetime of the media stream transmission key expires, executing, by the media gateway, a media stream transmission key lifetime expiry behavior according to an instruction of a media gateway controller. The embodiments of the present invention fill a technical gap that an operation is performed on a lifetime status of a media stream transmission key in an architecture where an MG and an MGC are separated.