Abstract: Disclosed are a gas detection intelligence training system and an operating method thereof. The gas detection intelligence training system includes a mixing gas measuring device that collects an environmental gas from a surrounding environment, generates a mixing gas based on the collected environmental gas and a target gas, senses the mixing gas by using a first sensor array and a second sensor array under a first sensing condition and a second sensing condition, respectively, and generates measurement data based on the sensed results of the first sensor array and the second sensor array, and a detection intelligence training device including a processor that generates an ensemble prediction model based on the measurement data.

Abstract: Examples for detecting a compromised device are described. A set of threat detection rules can instruct an application on the client device how to detect whether the client device is compromised. The rules can be updated dynamically and without updating the application that is performing the compromise detection. The rules can be encoded in an interpreted scripting language and executed by a runtime environment that is embedded within the application.

Abstract: Authenticating a host computer and NVDIMM pair using lookup tables for a challenge/response exchange between the pair of devices. The NVDIMM is challenged by the host computer for which a response associated with the physically unclonable function of a NVDIMM component is provided. The NVDIMM challenges the host computer for which a response associated with the physically unclonable function of a host computer component is provided. Additional security stores a modified response associated with run-time physically unclonable functions associated with the host computer and NVDIMM pair for use in future challenge/response exchanges.

Abstract: Embodiments provide a system and method for extracting configuration-related information for reasoning about the security and functionality of a composed system. During operation, the system determines, by a computing device, information sources associated with hardware and software components of a system, wherein the information sources include at least specification sheets, standard operating procedures, user manuals, and vulnerability databases. The system selects a set of categories of vulnerabilities in a vulnerability database, and ingests the information sources to obtain data in a normalized format. The system extracts, from the ingested information sources, configuration information, vulnerability information, dependency information, and functionality requirements to create a model for the system.

Abstract: A method includes receiving registration information regarding a telematics unit and a respective control system for a plurality of equipment pieces; receiving a seed from a control system of a first equipment piece via a telematics unit of the first equipment piece based on receiving a telematics session request by the control system of the first equipment piece; authenticating the telematics unit and the control system of the first equipment piece based on information included with the seed and the registration information; generating a first encrypted key and a second encrypted key based on the authentication; providing the first key to the telematics unit for the first equipment piece; and providing the second encrypted key to the control system of the first equipment piece via the telematics unit of the first equipment piece to establish a data communication channel.

Abstract: Methods and apparatus to protect sensitive information on media processing devices are disclosed. An example media processing device includes a processing engine configured to process a media processing instruction received at the media processing device, wherein the media processing instruction includes a command and data to cause a component of the media processing device to perform a function; and a data protector configured to determine whether the command is a data protection command; and when the command is the data protection command, modify the function to provide protection to the data.

Abstract: A system performs mobile biometric identification system enrollment using a known biometric. The system receives a digital representation of a first biometric for a person. Prior to using the digital representation of the first biometric to identify the person, the system compares a received digital representation of a second biometric for the person to known biometric data for the person. When the digital representation of the first biometric has been thus verified, the system is operative to identify the person using the digital representation of the first biometric.

Abstract: Systems and methods for detecting the presence of a body in a network without fiducial elements, using signal absorption, and signal forward and reflected backscatter of RF waves caused by the presence of a biological mass in a communications network.

Abstract: In an example embodiment, A PICNEEC is provided. It includes one or more Virtual Customized Rules Enforcer (VCRE) instances, each VCRE instance corresponding to a group of mobile devices and defining a set of policies personalized for the group of mobile devices. Each VCRE is configured to, upon receiving a data packet communicated between a packet-based network and a mobile device in the corresponding group via a radio network, execute one or more policy rules stored in the VCRE instance to the data packet prior to forwarding the data packet. Each VCRE instance is controlled independently of one another via direct accessing of the VCRE instance by a different customer of the mobile network provider.

Abstract: A facility management system comprises a server, a biometric identification unit, and a processing circuit. The server is configured to store a list of registered users, and biometric information and access rights pertaining to each registered users. The biometric identification unit is associated with the building equipment. The biometric identification unit is enabled to facilitate a user desiring access to the associated building equipment to scan at least one biometric parameter, and subsequent to scanning of the biometric parameter the biometric identification unit is configured to generate a scanned biometric information.

Abstract: Provided is a mobile phone authentication method using implicit authentication, the method including the steps of: by a server, receiving behavior data and environment information data from a user terminal when a user checks an authentication number for authentication of a mobile phone user; by the server, detecting a start point of a behavior of the user for checking the authentication number by performing peak detection in the received behavior data, and storing behavior data from the detected start point; and by the server, extracting feature data from the received environment information data and learning the extracted feature data to build a learning model.

Abstract: A system for providing default content enhanced with supplemental content includes processing hardware and a memory storing a software code. The processing hardware executes the software code to receive a content stream including multiple video frames, a first video frame of the multiple video frames including first default content, first supplemental content, and first encoded metadata, and to decode the first encoded metadata of the first video frame to produce first decoded metadata. The processing hardware further executes the software code to select, using the first decoded metadata, at least a first portion of the first supplemental content for use in enhancing the first default content, transfer, using the first decoded metadata, the selected first portion of the first supplemental content to one or more predetermined locations in the first default content to produce an enhanced first video content, and output the enhanced first video content to a display device.

Abstract: Disclosed embodiments may include a method that includes receiving first identifying information associated with a first user from a computing device; determining a score based on the first identifying information; determining whether the score is less than a threshold; pseudo-randomly generate and transmit a one-time use number to the computing device when the score is less than the threshold. When the score is greater than or equal to the threshold, the method may include transmitting, to the computing device, second instructions prompting the first user to provide second identifying information. Responsive to receiving the second identifying information of the first user, the method may include determining that the second identifying information matches stored second identifying information. Responsive to the second identifying information matching stored second identifying information, the method may include pseudo-randomly generate and transmit the one-time use number to the computing device.

Abstract: A security system generates a digital signature for a small cell of a wireless network and assigns the digital signature to the small cell for connecting to the wireless network. The digital signature can be generated based on a connectivity schedule for the small cell. When the security system obtains a connection request from the small cell to connect to the wireless network, the security system compares an instance of the digital signature included in the connection request with an expected digital signature and compares the point in time when the connection request was communicated with an expected time indicated in the connectivity schedule. The security system detects an anomaly when the instance of the digital signature deviates from the expected digital signature or the point in time deviates from the expected time, and causes performance of an action based on a type or degree of the anomaly.

Abstract: The system provides a voice command recommendation to a user to avoid a non-voice command. The system determines a command that is expected to be received, and generates a voice command recommendation that corresponds to the predicted command. The predicted command can be based on the user's behavior, a plurality of users' behavior, environmental circumstances such as a phone call ring, or a combination thereof. The system may access one or more databases to determine the predicted command. The voice command recommendation may include a displayed notification that describes the recommended voice command, and exemplary voice inputs that are recognized. The system also activates an audio interface, such as a microphone, that is configured to receive a voice input. If the system receives a recognizable voice input at the audio interface that corresponds to the recommendation, the system performs the predicted command in response to receiving the voice input.

Abstract: A computer-implemented method is for providing a digital certificate to a device. In an embodiment, the method is based on receiving, from the device, authentication data via a secure communication channel. Furthermore, the method is based on receiving, from the device, or determining, by the server, a first certificate identifier. In particular, the first certificate identifier is a hash value. Further aspects of the method are verifying the authentication data and receiving, from the device, a first public key created by the device. In an embodiment, the method is furthermore based on sending a first certificate signing request related to a first domain name based on the first public key to a certificate authority. Herein, the first domain name comprises the certificate identifier, and a domain related to the first domain name is controlled by the server. In particular, the first domain name is a wildcard domain.

Abstract: A system and method for providing an authentication state of a function execution device to a communication terminal is described. In some examples, the authentication state indicates whether authentication information is needed from the communication terminal before the communication terminal can request performance of one or more functions performable by the function execution device. In other examples, the communication terminal may provide to the communication terminal the authentication information irrespective of whether the function execution terminal has previously provided its authentication state to the communication terminal.

Abstract: A method for unlocking a display panel and a display assembly are provided. The method includes: acquiring a plurality of preset pictures, wherein different preset pictures among the plurality of preset pictures correspond to different preset inputs; performing at least one unlocking process, wherein each of the at least one unlocking process includes: causing the display panel to display at least one preset picture of the plurality of preset pictures and receive a verification input from a user, when the display panel is in a locked state; determining whether the verification input is identical with the preset input corresponding to a displayed preset picture; and switching the display panel to an unlocked state, if the verification input is identical with the preset input corresponding to the displayed preset picture.

Abstract: A method for providing restricted access to hardware component interfaces of a network device by one or more software components of the network device, wherein an access to a hardware component interface requested by a software component is permitted by a mandatory access control, MAC, mechanism implemented as part of the network device's operating system on the basis of a MAC security policy including access rights defined as access relations between software component security labels assigned to software component types and hardware component interface security labels assigned to hardware component interface types.

Abstract: A safety management system to prevent unauthorized use, accident, resale, theft, and so forth of a flying object. The safety management system includes changing, at a motor controller, a power feeding amount to each drive unit based on an instruction from a main control unit, an authentication information storage unit which records registered identification information for performing operator authentication, an authentication accepting unit which accepts an input of input identification information, an operator authentication unit which performs operator authentication of an operator of the flying object based on the input identification information and the registered identification information, and a safety managing unit connected between a power source of the flying object and the motor controller of the flying object. The safety managing unit includes a switch which controls electrical connection between the motor controller and the power source based on the result of the operator authentication.

Abstract: In an example method, one or more processors determine that a first data storage device has been communicatively coupled to a first computer system, determine that the first computer system is associated with a first geographical location, determine that the first data storage device is associated with a first user, determine that the first user is associated with one or more additional data storage devices, and determine usage data regarding the one or more additional data storage devices. Further, the one or more processors control a transmission of data between the first data storage device and first computer system based on the first geographical location and the usage data.

Abstract: Methods, computer readable media, and systems service a queue, comprising a plurality of jobs, by identifying nodes satisfying a hardware requirement for at least a subset of jobs in the queue. Each job indicates when it was submitted to the queue and one or more node resource requirements. A current availability score for each node class in a plurality of node classes is determined and nodes of a first node class in the plurality of node classes are reserved when a demand score for the class satisfies the current availability score for the first node class by a first threshold amount. Reserved nodes are permitted to draw jobs from the queue in accordance with satisfaction by such nodes of the node resource requirements of the jobs but are terminated, without completing the jobs, when the current availability score for their node class exceeds a second threshold amount.

Abstract: Methods and systems for providing secure digital access to services are described. Embodiments include user behavior tracking, learning, and updating one or more contextual access algorithms and thereafter can act as multi-factor authentications. The method may include receiving data for a group of users and initializing a machine learning algorithm with the group data. The method may also collect individual user data and context data periodically, including characteristic behavior data, and update the machine learning algorithm with the individual user data. The method may further calculate a threshold for tolerance based on the updated algorithm, and verify user requests for access to the service. A multi-factor authentication may be presented to the user when the verifications are not acceptable, such as by being below a threshold. A permissions data structure can be generated and used to control access to the service.

Abstract: A method may include retrieving, by one or more processors of an industrial automation component, one or more parameters from a configuration file stored in a memory of the industrial automation component and one or more additional parameters from a vendor certificate stored in the memory. The vendor certificate is cryptographically signed by an entity. The method may also include determining, by the processors, whether the parameters from the configuration file match the additional parameters from the vendor certificate, and in response to determining that the parameters from the configuration file do not match the additional parameters from the vendor certificate, transmitting, by the processors, an indication that the industrial automation component is an unauthorized component to a display device for display, disabling the industrial automation component, or both.

Abstract: A plurality of hierarchy information management devices include a first hierarchy information management unit managing first hierarchy information in which information on instruments is represented in a hierarchy structure, and each hierarchy information management device manages the first hierarchy information of a different one of the instruments.

Abstract: A random number generation system may generate one or more random numbers based on the repeated programming of a memory, such as a flash memory. As an example, a control system may repeatedly store a sequence to a block of flash memory to force a plurality of cells into a random state such that, at any given instant, the values in the cells may be random. The control system may identify which of the cells contain random values and then generate based on the identified values a number that is truly random.

Abstract: Systems for providing an integrated user interface and/or authenticating a user or a device are disclosed. A system for providing an integrated user interface includes a central control server having a user interface engine and a backend application programming interface engine, a user device communicatively coupled to the central control server that is configured to provide a user interface, and a plurality of backend servers communicatively coupled to the central control server. The backend application programming interface engine generates and supplies application programming interfaces to the backend servers, the application programming interfaces including programming instructions thereon that direct a corresponding one of the plurality of backend servers to provide data to the central control server.

Abstract: A method includes identifying a first user device potentially associated with a biohazard and identifying a geographic area associated with the biohazard based on previous location information of the first user device. The method further includes identifying a another user device potentially associated with the biohazard based on the geographic area associated with the biohazard and previous location information of the other user device. The method further includes issuing a safety notification to the other user device, where the safety notification includes one or more of the geographic area associated with the biohazard, a safety status request, a safety status level of the first user device, a subset of the previous location information of the first user device, and a subset of the previous location information of the other user device.

Abstract: Aspects of the technology described herein provide for controlled access to a secure computing resource. A first device may receive a child token from a second device having a parent token. The child token may grant the first device access to a subset of data accessible to the second device. Based on a degree of physical proximity between the first device and a third device associated with a user satisfying a threshold proximity, an indication of a user identifier for the user may be received from the third device. A request for access to a secure computing resource associated with the user may be sent to the second device. The request may include the indication of the user identifier and an indication of the secure computing resource. Access to the secure computing resource may be granted based on the child token and the indication of the identifier.

Abstract: A method for shared aeronautical object management includes receiving, from an owner flight application at a server, a share command for an aeronautical object, and flagging the aeronautical object as a shared object. The method further includes transmitting, to a first recipient flight application, the first shared object, receiving an update to the shared object, and transmitting, responsive to receiving the update, the update to the first recipient flight application based on the first recipient flight application being connected to the server when the first update is received. The method further includes receiving a shared object changed version command from the second recipient flight application, and transmitting, responsive to receiving the shared object changed version command, the update to the second recipient flight application.

Abstract: A method, computer program product and a user equipment (UE) are provided for assisting a user equipment (UE) in selecting a network function. A first message is received from the UE. The first message includes UE request capabilities. A second message is sent to the UE. The second message includes an indication that promotes the UE attempting to connect to a particular Public Land Mobile Network (PLMN) using a network function belonging to the particular PLMN.

Abstract: Multi-tenant cloud-based firewall systems and methods are described. The firewall systems and methods can operate overlaid with existing branch office firewalls or routers as well as eliminate the need for physical firewalls. The firewall systems and methods can protect users at user level control, regardless of location, device, etc., over all ports and protocols (not only ports 80/443) while providing administrators a single unified policy for Internet access and integrated reporting and visibility. The firewall systems and methods can eliminate dedicated hardware at user locations, providing a software-based cloud solution.

Abstract: Techniques for generated regular expressions are disclosed. In some embodiments, a regular expression generator may receive input data comprising one or more character sequences. The regular expression generator may convert character sequences into a sets of regular expression codes and/or span data structures. The regular expression generator may identify a longest common subsequence shared by the sets of regular expression codes and/or spans, and may generate a regular expression based upon the longest common subsequence. Alignment of span data structures may be performed when generating the regular expression.

Abstract: Observing and/or monitoring a computer network that includes a plurality of nodes may involve detecting one or more data flows, or communications, between two or more nodes of the computer network. The data flow(s) may be associated with a user of the computer network. The user may be an individual person, an entity, and/or a software application. A characteristic of the data flow and the user may be determined and these characteristics may be used to determine a level of security risk caused by the data flow in the network. Then, when the level of security risk is above a risk threshold, an alert may be communicated to an operator of the computer network. The alert may be, for example, a message (e.g., email, SMS text message, etc.) and/or display of an icon, or an aspect (e.g., size, color, and/or location) of an icon provided on a graphical user interface (GUI).

Abstract: A control method executed by a computer, the method includes receiving a program to identifiably display an authentication screen of a service transmitted from an authenticator in response to a reception of a first authentication request from a browser included in a terminal device to the authenticator, the browser displaying the authentication screen at the terminal device, and transmitting the received program to the terminal device.

Abstract: A terminal configuration server is configured to save a manufacturer identifier in a terminal database, in association with a merchant identifier. The manufacturer identifier identifies a terminal. The terminal configuration server is configured to transmit the merchant identifier to a communications device via a communications network, and to receive from the communications device via the communications network, a terminal identifier request that includes the manufacturer identifier and the merchant identifier. The terminal configuration server is configured to verify that the manufacturer identifier, included in the terminal identifier request, is associated with the merchant identifier in the terminal database, and to download a payload to the terminal via the communications device after verifying the manufacturer identifier.

Abstract: A computing device supports the use of multiple different authenticators for a user to unlock his or her computing device and access his or her user account. An authenticator refers to something that the user knows or has that can be compared to known authentication data in order to authenticate the user. In one or more embodiments, the behavior of the computing device varies for different authenticators by displaying user-selectable content in different visibility modes based on which authenticator is used to authenticate the user. In one content visibility mode content is fully visible on the computing device display screen, whereas in another content visibility mode content visibility on the computing device display screen is reduced. Additionally or alternatively, the behavior of the computing device varies for different authenticators by using different authenticators for different contexts of the computing device.

Abstract: Several methods may be used to exploit the natural physical variations of sensors, to generate cryptographic physically unclonable functions (PUF) that may strengthen the cybersecurity of microelectronic systems. One method comprises extracting a stream of bits from the calibration table of each sensor to generate reference patterns, called PUF challenges, which can be stored in secure servers. The authentication of the sensor is positive when the data streams that are generated on demand, called PUF responses, match the challenges. To prevent a malicious party from generating responses, instructions may be added as part of the PUF challenges to define which parts of the calibration tables are to be used for response generation. Another method is based on differential sensors, one of them having the calibration module disconnected. The response to a physical or chemical signal of such a sensor may then be used to authenticate a specific pair of sensors.

Abstract: Systems and methods include intercepting traffic on a mobile device based on a set of rules; determining whether a connection associated with the traffic is allowed based on a local map associated with an application; responsive to the connection being allowed or blocked based on the local map, one of forwarding the traffic associated with the connection when allowed and generating a block of the connection at the mobile device when blocked; and, responsive to the connection not having an entry in the local map, forwarding a request for the connection to a cloud-based system for processing therein. The cloud-based system is configured to allow or block the connection based on the connection not having an entry in the local map.

Abstract: Techniques for using a trip flag to detect desynchronization of trip counter values in a vehicle system. Techniques include a first electronic control unit (ECU) receiving a synchronization message including a trip counter and receiving a message from a second ECU including a trip flag. The trip flag includes a single bit of data generated by the second ECU. The first ECU compares the trip flag to a last bit of the trip counter stored at the first electronic control unit and processes the message in response to the trip flag matching the trip counter. The first ECU compares the trip counter to a previous trip counter based on the trip flag differing from the trip counter. The first ECU processes the message using the previous trip counter or increments the trip counter to process the message based on the comparison with the previous trip counter.

Abstract: A method for performing service authorization for private networks based on an enhanced PLMN identifier. The method includes receiving an attach request from a user equipment device (UE) via a private network, where the attach request includes an international mobile subscriber identity value (IMSI). The method further includes determining, based on the IMSI, an organization identifier and a token associated with the private network, where the token is included in an enhanced PLMN for granting the UE access to resources in the private network. The method further includes sending the token to the UE and a network proxy within the private network.

Abstract: An illustrative method includes a data protection system determining an encryption indicator for a first recovery dataset associated with a storage system, the encryption indicator representative of a likelihood that a threshold amount of data associated with the first recovery dataset is encrypted; and performing, based on the encryption indicator for the first recovery dataset, an action with respect to a second recovery dataset associated with the storage system.

Abstract: A company may authorize a 3rd party to send emails on behalf of the company's domain. The emails are sent by the 3rd party, but the “From” portion of the email header is populated with the company's email address/domain. Methods are disclosed that, in some embodiments, enable email authentication (e.g. SPF record checks and/or DKIM verification) for emails sent by the 3rd party on behalf of a company's domain. In some embodiments, a trusted entity is enlisted to communicate with the 3rd party and the company. The trusted entity has the proper permissions to request changes in the DNS records of the company. The trusted entity receives the request from the 3rd party to add email authentication information to the DNS record. The trusted entity confirms that the 3rd party is authorized by the company and then adds the information to the DNS record.

Abstract: Disclosed are examples for providing functions to receive a media file to be stored in a media repository. In the examples, a location in the media repository may be assigned to the media file. A media file address in a blockchain platform may be assigned to the media file. Metadata including the assigned location in the media repository and the assigned media file address in the blockchain platform may be added to the media file. A media file hash value may be generated by applying a hash function to the media file including the metadata. The media file hash value may be included in a message and uploaded to the assigned media file address in the blockchain platform as a transaction in the blockchain. An indication that the media file is uploaded to the media repository may be delivered to a subscriber device from which the media file was received.

Abstract: A secure device operating with a secure tamper-resistant platform including a tamper-resistant hardware platform and a virtual primary platform operating with a low level operating system performing an abstraction of resources of the hardware platform, and a secondary platform with a high level operating system providing a further abstraction of resources to applications in which respective internal hosts are embedded, the secure device including an internal host domain including the internal hosts, the secure device including a plurality of physical and/or logical input/output interfaces through which external hosts can access the internal hosts, the virtual primary platform being configured to set interactions between the external hosts and the internal hosts, wherein the internal host domain includes a further set of virtual hosts each configured to operate as a proxy between an input/output interface and an application, each input/output interface being configured to address only one among the virtual hos

Abstract: A method for issuing authentication information is provided. The method includes steps of: (a) a managing server, if identification information of a specific user is acquired from a user device in response to a request for issuing the authentication information and the identification information is determined to be registered, creating a transaction whose output includes: (i) the specific user's public key and (ii) a hash value of the identification information or its processed value to thereby record or support other device to record it on a blockchain; and (b) the managing server acquiring a transaction ID representing location information of the transaction recorded on the blockchain.

Abstract: Systems, apparatuses, and methods are described for a privacy blocking device configured to prevent receipt, by a listening device, of video and/or audio data until a trigger occurs. A blocker may be configured to prevent receipt of video and/or audio data by one or more microphones and/or one or more cameras of a listening device. The blocker may use the one or more microphones, the one or more cameras, and/or one or more second microphones and/or one or more second cameras to monitor for a trigger. The blocker may process the data. Upon detecting the trigger, the blocker may transmit data to the listening device. For example, the blocker may transmit all or a part of a spoken phrase to the listening device.

Abstract: The present disclosure describes systems and method for performing a vulnerabilities assessment of an organization. A campaign controller executes one or more simulated phishing campaigns directed to a plurality of users of an organization, using a plurality of models determined by the campaign controller based at least on identification of the organization. The campaign controller stores to a database the results of execution of the one or more simulated phishing campaigns and based on the results, the campaign controller determines one or more vulnerabilities to phishing for the organization. In one embodiment, the campaign controller determines a percentage of the plurality of users of the organization that are phish-prone. In some embodiments, the users of the organization that are phish-prone interacted with a link of a simulated phishing communication.

Abstract: An adjunct processor dynamically determines, on a per-command basis, whether commands obtained by the adjunct processor are to be processed by the adjunct processor. The adjunct processor obtains a command request of a requester. The command request includes at least one filtering indicator indicating at least one valid command type for processing by the adjunct processor for the requester. The adjunct processor determines using the at least one filtering indicator whether a command of the command request is valid for processing by the adjunct processor for the requester. Based on determining that the command is valid for processing by the adjunct processor, the command is processed by the adjunct processor.

Abstract: Embodiments of the disclosure provide a mechanism for performing a biometric algorithm on ear biometric data acquired from a user. The mechanism may be used for biometric authentication, or in-ear detect, for example. In one embodiment, a method is provided in which a quality metric of an input signal to a transducer and/or a signal on a return path from the transducer is monitored. One or more steps of a biometric process, comprising monitoring of a parameter related to an admittance of the transducer, comparison of the parameter to a stored profile for an authorised user, generation of a score based on the comparison, comparison of the score to one or more threshold values, and initiation of one or more actions, may be performed responsive to the quality metric meeting one or more criteria.