Abstract: A system for controlling notifications relating to illness information includes a processor and memory. The processor is configured to set first criteria for (1) vital information, (2) questionnaire response information, (3) vaccination information, and (4) illness test result information, the first criteria relating to a first illness, receive first data relating to an illness risk of a first user, the first data including (1) vital information, (2) questionnaire response information, (3) vaccination information, and (4) illness test result information, of the first user, and determine, based on the first criteria and the first data, whether the first user has an illness risk. In response to determining that the first user has an illness risk, the processor is configured to send to the first user an illness risk notification.

Abstract: An autonomous vehicle control system includes at least one processor. The at least one processor is configured to cause a first device to monitor a body temperature of a first person, determine, responsive to the monitoring, as a first determination result, whether the monitored body temperature exceeds a predetermined threshold, perform image processing on an image of the first person, determine, based on a result of the image processing, as a second determination result, whether the first person wears a face mask, and control a second device based on at least one of the first determination result or the second determination result.

Abstract: A set of users who may authenticate is predefined and is associated, each, with a reference secret share. A first subset of users who has, each, to authenticate is predefined. The device defines a second subset of the users who has, each, to authenticate while further satisfying, each, to be physically proximate to the device and an authentication condition(s). The second user subset is comprised within the first user subset comprised within the user set. The device verifies whether each user of the second user subset satisfies to be physically proximate to the device and the authentication condition(s), if yes, requests, to each user device, the secret share and receives, from each user device relating to at least the first user subset, the secret share. The device reconstructs a secret with each received secret share, verifies whether the reconstructed matches the reference and, if yes, authenticates the user set.

Abstract: An assembly allows detecting an intrusion into an appliance that includes a chamber(s). At least one wall relating to one and the same chamber is designed, so as to form a chamber opening allowing to access at least one appliance chip. The assembly includes at least one baffle that is, each, disposed at the chamber opening. The assembly includes at least one chip that comprises a baffle manager. The baffle manager is configured to cause the at least one baffle to move repeatedly between a first and a second position with respect to the chamber opening, during an appliance chip operation. The baffle manager is configured to detect whether a baffle movement is slowed or blocked during the appliance chip operation. If yes, the baffle manager is configured to send a predetermined signal(s) for alerting the appliance chip or a device(s) or take an action(s).

Abstract: The invention relates to a method for authenticating to a device, comprising receiving, by the device, from a chip, data; retrieving, by the device, based on the received data, a predetermined encrypted credential; sending, by the device, to the chip, a decryption request for decrypting the encrypted credential including or being accompanied with the encrypted credential to be decrypted; retrieving, by the chip, a secret key; decrypting, by the chip, the encrypted credential by using the secret key; sending, by the chip, to the device, as a decryption request response, the credential; verifying, by the device, whether the credential is or is not valid; and authenticating, by the device, only if the credential is valid, the chip.

Abstract: The invention is a method for handling data in a secure container comprising first and second private keys uniquely allocated to the secure container. The secure container is configured to use the first private key to handle said data in a first operating mode and to use the second private key to handle said data in a second operating mode. The secure container is configured to prevent the update of the first private key after its clearing. The method comprises the step of automatically clearing the first private key in response to a request for enabling a software module in the second operating mode and a step of automatically using the first operating mode by the secure container if the first private key has not been cleared and of automatically using the second operating mode by the secure container if the first private key has been cleared.

Abstract: A method for securely accessing a document containing a set of data comprises (a) detecting the existence of target data belonging to an enhanced version of the document and missing from the current version of the document, (b) generating a link value allocated to the target data by applying a preset function to a subset of said set of data, (c) retrieving metadata from a secure storage unit by using the link value and, using a message based on said metadata, proposing to the user to get the target data, (d) getting both agreement of the user and credentials of the user, (e) generating a request by using the link value and said credentials for retrieving the target data from the secure storage unit, (f) providing the user with the target data only if the secure storage unit successfully checked the compliance of the request with preset access rules.

Abstract: The invention is a method for securing a digital document. An initial version of the digital document contains a set of data. The method comprises: generating a link value by applying a preset function to a subset of the set of data, allocating the link value to a target data belonging to the set of data and storing an entry comprising the target data in a secure storage unit, the target data being reachable in the secure storage unit through the link value, the secure storage unit being configured to use access rules for authorizing or denying a request initiated by a user and aiming at accessing the target data comprised in said entry, generating an updated version of the digital document by removing the target data from the initial version of the digital document.

Abstract: A method for securing a digital document comprising first and second types of data, where a set of data of the second type is previously identified in an initial version of the document. For each data of the second type, an identifier is allocated to the data and an entry comprising the data is stored in a secure storage unit. The identifier comprises a display value and a link value. The data is reachable in the secure storage unit through the link value. The secure storage unit is configured to use access rules for authorizing or denying a request initiated by a user for accessing data of the second type contained in an entry of the secure storage unit. An updated version of the digital document is generated by replacing each data of the second type by its allocated identifier in the initial version of the digital document.

Abstract: The invention relates to a method, an entity and a system for managing access to data. The data is associated with metadata. At least one predetermined access policy for accessing metadata includes, for each client, at least one identifier relating to the client. An entity receives from at least one client device, a data access request that includes at least one identifier relating to the client. The entity determines, based on the associated access policy, whether the metadata access is authorized. If yes, the entity determines, based on the associated access policy, associated first data allowing to access the metadata. The entity accesses, based on the first data, the associated metadata. The entity accesses, based on the accessed metadata and the associated access policy, at least a part of the associated data, as a late dynamic binding of the metadata with the associated data (or a part of it).

Abstract: The invention relates to a method for managing data access. The method includes receiving at least one request for accessing data; capturing data relating to at least one current context signal during each data access request; comparing, as a current authorization step, the data relating to at least one captured current context signal to predetermined reference data relating to at least one corresponding context signal according to at least one corresponding predetermined authorization policy; determining, based upon the current authorization result and at least one predetermined dynamic data access policy, whether the data access is or is not authorized, as a data access decision; and issuing the data access decision. The invention also relates to corresponding first device, second device and system.

Abstract: A secure processing facility has a plurality of workstations, with associated computers to provide data to, and/or receive data from, the workstations. The computers are provided with a visual display unit, and display machine-readable data codes on the display. The computers are provided with a scanner to read the machine-readable data codes on the display of another of the computers. The computers have no other connection to receive or transmit machine readable data. A method of operating the facility includes processing a workpiece at a first workstation. A display of the computer of the first workstation displays a data code containing data related to the processing of the workpiece. The scanner of the computer associated with a second workstation scans the data code. The workpiece is transferred from the first workstation to the second workstation. The workpiece is processed at the second workstation.

Abstract: In an embodiment of a method of and system for detecting rollback of usage data, the usage data is recording in a database. A sequence value in the database is repeatedly advanced. A copy of the sequence value is repeatedly saved to protected storage. The copy of the sequence value in the protected storage is compared with the sequence value in the database, and it is determined whether the result of the comparison is consistent with normal operation of the database since the previous save to protected storage.

Abstract: A computer security system may include a removable security device adapted to connect to the input/output port of a computer. The security device may include: a random access memory (RAM) cell; and a processor. The security system may further include: at least one encrypted update packet stored remotely from the security device and adapted to modify the contents of the RAM cell; and a private key located on the security device and adapted to decrypt the update packet; and at least one of a device driver, a software application, and/or a library stored remotely from, and in communication with, the security device and adapted to cause the contents of the at least one cell to be switched out of the cell, stored remotely from the cell, and loaded back into the cell.

Abstract: A method and apparatus for preventing compromise of data stored in a memory by assuring the deletion of data and minimizing data remanence affects is disclosed. The method comprises the steps of monitoring the memory to detect tampering, and if tampering is detected, generating second signals having second data differing from the first data autonomously from the first processor; providing the generated second signals to the input of the memory; and storing the second data in the memory. Several embodiments are disclosed, including self-powered embodiments and those which use separate, dedicated processors to generate, apply, and verify the zeroization data.

Abstract: A method for preventing unauthorized use of a software program on a computing device includes updating a state of a software program on a computing device to an updated state. Transmitting an update signal from the software program to a hardware token coupled to the computing device and updating a state of the hardware token to an updated state in response to the received update signal. Performing a first cryptographic check using the updated state of the software program and the updated state of the hardware token with the hardware token. Transmitting the first cryptographic check from the hardware token to the software program and performing a second cryptographic check using the state of the hardware token and the state of the software program with the computing device.

Abstract: A method and apparatus for high assurance boot processing is disclosed. A trusted processor is used to authenticate a trusted boot program and in conjunction with a selector, to provide the authenticated boot program to a boot memory where it can be accessed by a main processor to execute the bootup sequence. The trusted processor also provides a command for the main processor to write a data sequence to a hard drive or similar device, and monitors the data written by the main processor to verify that the data has not been tampered with or otherwise compromised.

Abstract: A method and apparatus for secure authentication of a hardware token is disclosed. In one embodiment, a host computer fingerprint is used to generate a partial seed for a challenge-response authentication which is performed on the hardware token. In another embodiment, the host computer fingerprint is used as a personal identification number for the hardware token.

Abstract: High-performance data encryption/decryption server and method for transparently encrypting/decrypting data. System and method for encryption and/or decryption cryptographic services that have applicability small and large databases and especially to encryption and/or decryption of bulk data. Method for transparently applying a cryptographic operation to application-specific data. Encryption server for transparent encryption and decryption of application specific data. Method for transparently encrypting application specific data. Computer program stored on a computer readable media for modifying the operation of a computer process implementing a method for transparently encrypting application specific data. System and appliance for transparently encrypting application specific data. System for transparently applying a cryptographic operation to application-specific data.

Abstract: A novel approach is proposed for centralized administration of a multikey for a plurality of clients at a set of remote office/branch offices (ROBOs). A multikey having a set of properties, permissions, and policies is first associated with a secure item present at one or more of the ROBOs. A set of respective instances of the multikey are then generated for the ROBOs having the secure item, and the set of properties, permissions, and policies are associated with each of the respective instances of the multikey automatically. The instances of the multikey are then provided to the set of ROBOs for the encryption or decryption of the secure item present at the ROBOs.