Computer security techniques are described. One example provides a security module. The security module executes on a computing system and determines whether to allow a user or a program (e.g., native executable, script, etc.) associated with the user to access a resource, such as by reading, writing, or executing a file. This decision is based at least in part on whether an access control list that is associated with the resource specifies that a source (e.g., IP address, hardware address) that is associated with the user is allowed to access the resource. This decision can also or instead be based on whether the computing system is executing in maintenance mode, such as in single-user diagnostic mode.

Computer security techniques are described. One example provides a security module. The security module executes on a computing system and determines whether to allow a user or a program (e.g., native executable, script, etc.) associated with the user to access a resource, such as by reading, writing, or executing a file. This decision is based at least in part on whether an access control list that is associated with the resource specifies that a source (e.g., IP address, hardware address) that is associated with the user is allowed to access the resource. This decision can also or instead be based on whether the computing system is executing in maintenance mode, such as in single-user diagnostic mode.

A transportation refrigeration system and a CAN ID allocation method for a transportation refrigeration system. The transportation refrigeration system includes: a refrigeration circuit including a compressor, a condenser, and a plurality of evaporators connected in parallel, all of which are connected to form a loop; a plurality of chambers, each of the evaporators being located in one of the chambers to adjust the chamber; a plurality of sensors of the same type, each of the sensors being installed in one of the chambers respectively; and a control unit, after being installed in place and energized, the plurality of sensors send their own identification codes to the control unit, and the control unit allocates a CAN ID to each of the sensors after receiving the identification codes of the sensors, so that the identification code of each sensor is bound to the corresponding CAN ID respectively.

A method for implementing controller area network (CAN) communications between a plurality of CAN nodes using a single radio frequency (RF) coax cable is provided. In an aspect, a hardware interface (e.g., an electronic circuit) may be coupled to each of the plurality of CAN nodes. The hardware interface may receive a CAN signal from a first CAN node. The hardware interface may convert the CAN signal to a single RF signal and transmit the RF signal to a second CAN node over the single RF coax cable. Moreover, the hardware interface may transmit a CAN feedback signal received over the RF coax cable to the first CAN node. In an aspect, the hardware interface may include an amplitude modulation (AM) modulator, an AM detector, and a bandpass filter.

A method for the automatic adjustment of a maximum token holding time of a first bus participant in a BACnet MS/TP bus system. The method includes analyzing the data traffic in the bus system during a first time interval and adjusting a maximum token holding time of the first bus participant based on the analysis of the data traffic during the first time interval, whereby the analysis of the data traffic during the first time interval includes determining a data transmission pattern of a second bus participant, whereby the data transmission pattern of the second bus participant is defined by a measured data volume of the second bus participant and its distribution over time.

A method for the automatic adjustment of a maximum token holding time of a first bus participant in a BACnet MS/TP bus system. The method includes analyzing the data traffic in the bus system during a first time interval and adjusting a maximum token holding time of the first bus participant based on the analysis of the data traffic during the first time interval, whereby the analysis of the data traffic during the first time interval includes determining a data transmission pattern of a second bus participant, whereby the data transmission pattern of the second bus participant is defined by a measured data volume of the second bus participant and its distribution over time.

According to an example, key splitting may include utilizing a masked version of a master key that is masked by using a mask.

In a first aspect the invention provides a system that comprising a plurality of electronic modules, each one of the electronic modules configured for enabling automation of an electrical appliance to be connected to the electronic module. Each electronic module comprises at least a communication sub-part configured to enable communication over a power-line network with other modules, at least an acting means configured to act on an electrical voltage to be applied to the electrical appliance, at least a measurement means configured to measure a power consumption to be consumed by the electrical appliance, and an embedded intelligence means configured to process signals providing from or going to the at least one communication sub-part, the at least one acting means and the at least one measurement means. Each one of the plurality of electronic modules is enabled for communication with the others of the plurality of electronic modules over the power-line network by means of its at least one communication sub-part. In each one of the plurality of electronic modules the embedded intelligence means further comprises outgoing message sending means configured to send an outgoing message over the power-line network to at least one of the others of the plurality of electronic modules, ingoing message receiving means configured to receive an ingoing message over the power-line network from at least one of the others of the plurality of electronic modules, identifying means configured to identify an ingoing message relevant to the electronic module, presentation means configured to prepare a presentation message to be sent as outgoing message, the presentation message containing presentation information related to an identity of the electronic module, hierarchical ordering means configured to generate an ordered list of the plurality of modules that comprises the electronic module and the others of the plurality of electronic modules, depending on presentation information from the electronic module and presentation information received from the others of the plurality of electronic modules, and electing means for electing from the ordered list a president electronic module. The presentation means, the hierarchical ordering means and the electing means are configured such that the electing means in each of the plurality of electronic modules find the same president electronic module. The embedded intelligence means are further configured to handle information included an ingoing message sent from the president electronic module according to a determined priority protocol.

In a first aspect the invention provides a system that comprising a plurality of electronic modules, each one of the electronic modules configured for enabling automation of an electrical appliance to be connected to the electronic module. Each electronic module comprises at least a communication sub-part configured to enable communication over a power-line network with other modules, at least an acting means configured to act on an electrical voltage to be applied to the electrical appliance, at least a measurement means configured to measure a power consumption to be consumed by the electrical appliance, and an embedded intelligence means configured to process signals providing from or going to the at least one communication sub-part, the at least one acting means and the at least one measurement means. Each one of the plurality of electronic modules is enabled for communication with the others of the plurality of electronic modules over the power-line network by means of its at least one communication sub-part. In each one of the plurality of electronic modules the embedded intelligence means further comprises outgoing message sending means configured to send an outgoing message over the power-line network to at least one of the others of the plurality of electronic modules, ingoing message receiving means configured to receive an ingoing message over the power-line network from at least one of the others of the plurality of electronic modules, identifying means configured to identify an ingoing message relevant to the electronic module, presentation means configured to prepare a presentation message to be sent as outgoing message, the presentation message containing presentation information related to an identity of the electronic module, hierarchical ordering means configured to generate an ordered list of the plurality of modules that comprises the electronic module and the others of the plurality of electronic modules, depending on presentation information from the electronic module and presentation information received from the others of the plurality of electronic modules, and electing means for electing from the ordered list a president electronic module. The presentation means, the hierarchical ordering means and the electing means are configured such that the electing means in each of the plurality of electronic modules find the same president electronic module. The embedded intelligence means are further configured to handle information included an ingoing message sent from the president electronic module according to a determined priority protocol.

Methods and systems for transmitting data packets from a host to a destination via a virtual private network (VPN) connection at a VPN gateway. VPN gateway receives encapsulated packets via the VPN connection. The encapsulated packets encapsulate the data packets originated from the host. VPN gateway decapsulates the encapsulated packets to retrieve the data packets. VPN gateway determines whether the data packets originated from an IoT device based on IP address of the host. When the host is the IoT device, VPN gateway performs deep packet inspection (DPI) on the data packets. VPN gateway determines whether the data packets are allowed to be transmitted to the destination. When the data packets are allowed to be transmitted to the destination, VPN gateway transmits the data packets to the destination.