Abstract: Threat detection instrumentation is simplified by providing and updating labels for computing objects in a context-sensitive manner. This may include simple labeling schemes to distinguish between objects, e.g., trusted/untrusted processes or corporate/private data. This may also include more granular labeling schemes such as a three-tiered scheme that identifies a category (e.g., financial, e-mail, game), static threat detection attributes (e.g., signatures, hashes, API calls), and explicit identification (e.g., what a file or process calls itself). By tracking such data for various computing objects and correlating these labels to malware occurrences, rules can be written for distribution to endpoints to facilitate threat detection based on, e.g., interactions of labeled objects, changes to object labels, and so forth.

Abstract: Methods and device for personalizing a secure element (e.g., a eUICC) may include or implement operations for receiving a personalization request issued by an operator to download a personalized profile in compliance with a model into the secure element, and the request may include personalization data, an identifier of the secure element and the identifier of the model.

Abstract: Systems and methods for tokenization to support pseudonymization are provided herein. An example method includes receiving an input set, seeding a random number generator with one or more secret data, transposing the input set using a first random number/transposition parameter generated by the random number generator to create a transposed input set, transposing a token set using a second random number/transposition parameter generated by the random number generator to create a transposed token set, and generating a token by substituting transposed input set values with transposed token set values.

Abstract: There is provided an information processing apparatus, the information processing apparatus including: a control unit configured to cause a second information processing apparatus to output authentication key information for allowing a first information processing apparatus to make a wireless connection with the second information processing apparatus in order to conduct data transmission from the first information processing apparatus to the second information processing apparatus using wireless communication, and determine to allow the first information processing apparatus to make the wireless connection on the basis of authentication key information input into the first information processing apparatus and the output authentication key information.

Abstract: The invention relates to a method for managing an access from a remote device to data and/or at least one resource accessible from a local device. The local device includes a browser. The remote device hosts a server, as a remote server. During a remote server connecting step, the browser sends to the remote server a request for loading data. According to the invention, the remote server sends, through the browser, to a local server a request for connecting a local server, as response to the request for loading data, and the local server sends data to the remote server, the local server being connected from the remote server to a data storage devices and/or at least one resource accessible from the local device. The invention relates also to a corresponding system having a token and a terminal coupled with the token.

Abstract: A computing device is described that comprises one or more hardware processors and a memory communicatively coupled to the one or more hardware processors. The memory comprises software that, when executed by the processors, operates as (i) a virtual machine and (ii) a hypervisor. The virtual machine includes a guest kernel that facilitates communications between a guest application being processed within the virtual machine and one or more virtual resources. The hypervisor configures a portion of the guest kernel to intercept a system call from the guest application and redirect information associated with the system call to the hypervisor. The hypervisor enables logic within the guest kernel to analyze information associated with the system call to determine whether the system call is associated with a malicious attack in response to the system call being initiated during a memory page execution cycle.

Abstract: There is provided a method of protecting the execution of a software application, the method performed by a plurality of processes comprising a process for executing the software application and a plurality of protection processes, wherein each protection process in the plurality of protection processes is configured to: monitor a process state of at least one other process in the plurality of processes to determine whether said process state corresponds to a predetermined process state; and perform a predetermined action in response to a determination that said process state corresponds to the predetermined process state; wherein the plurality of protection processes are configured such that a process state of the process for executing the software application is monitored by at least one protection process and a process state of each protection process is monitored by at least one other protection process in the plurality of protection processes.

Abstract: Methods and systems for vendor independent and secure cloud storage distribution and aggregation are provided. According to one embodiment, an application programming interface (API) is provided by a cloud storage gateway device logically interposed between third-party cloud storage platforms and users of an enterprise. The API facilitates storing of files, issuing of search requests against the files and retrieval of content of the files. A file storage policy is assigned to each user, which defines access rights, storage diversity requirements and a type of encryption to be applied to files. Responsive to receiving a request to store a file, (i) searchable encrypted data is created relating to content and/or metadata of the file based on the assigned file storage policy; and (ii) the searchable encrypted data is distributed among the third-party cloud storage platforms based on the storage diversity requirements defined by the assigned file storage policy.

Abstract: The longstanding problem of providing efficient and rapid online user services while maintaining user privacy is addressed. Disclosed is a system and method for providing unverified users an ability to act upon private records known to them while protecting user privacy by not reflecting private information back to the unverified user. As an unverified user inputs information related to their identity into an interface, the system searches an indexed database which may include both registered users and/or unregistered customers indexed from a single data source or from disparate data sources.

Abstract: Methods of facilitating communication between clients and servers are contemplated. Embodiments of the inventive subject matter make it possible for a client to establish a packet-based connection with a server by first authenticating with a web backend. This can enable, for example, a client to establish a packet-based connection with a server though a web browser.

Abstract: Based on a hidden service address table stored in a memory, a virtual circuit related to a hidden service is mapped to a corresponding port-level channel based on the hidden service's address. Data associated with the hidden service is routed between the virtual circuit and the port-level channel. This enables binding of high level anonymity protocols to low level communication services of a network fabric and ensures that other nodes in the network fabric can leverage fabric-hosted hidden services without requiring updates to an existing anonymity protocol.

Abstract: The invention relates to a method for providing an anonymized value for a data element stored with an original value in a database of a database system, wherein the method comprises the following steps: (i) producing a supplementary data element for the data element stored in the database; (ii) determining the anonymized value of the data element from the original value on the basis of a mapping rule for ascertaining anonymized values that is stored in the database system, and storing the anonymized value in the supplementary data element; and (iii) linking the supplementary data element to the data element such that, based on the reception of an access command relating to the data element from a user connected to the database system, the supplementary data element is read and the anonymized value contained therein is transmitted to the user.

Abstract: A method and apparatus of a device for security management by sandboxing third-party components is described. The device can determine whether a third-party component supports network access. If the third-party component supports network access, the device can request a user input regarding whether to restrict the network access of the component. The device can receive a user input to restrict network access of the third-party component. Upon receiving the user input to restrict network access, the device can construct a sandbox for the third-party component to restrict network access of the component and prevent the component from performing data exfiltration. Other embodiments are also described and claimed.

Abstract: Devices, systems and methods develop static and/or kinetic and/or pressure forces to fixate or brace tissue in targeted pharyngeal structures and individual anatomic components within the pharyngeal conduit.

Abstract: An arm supporting pillow in sling apparatus, comprising in combination a flexible sling, with a first strap having connection to the sling to be supported by a user, an insert pillow received in the sling, to be retrievable from the sling, the sling and pillow dimensioned to receive a user's forearm alongside the pillow, in the sling.

Abstract: A dressing for promoting healing and pain relief of the body of a living organism having a pathologic condition has at least one layer of conductive material having a resistance no greater than 1000 ?/cm2. When placed proximate a portion of the body of the living organism suffering from the pathologic condition, the dressing alters the electrodynamic processes occurring in conjunction with said pathologic condition to promote healing and pain relief in the living organism. When used as a wound dressing, the conductive material is placed in contact with tissue around the periphery of the wound and with the wound, lowering the electrical potential and resistance of the wound and increasing the wound current. In an exemplary embodiment, the conductive material is a multi-ply nylon fabric plated with silver by an autocatalytic electroless plating process and with the plies in electrical continuity. The dressing provides an antimicrobial and analgesic effect.

Abstract: A finger/toe tip protective apparatus including a semispherically shaped flexible member of perforated material with inner and outer surfaces, and a circumferential edge. The flexible member has at least one elongated tab extending tangentially and radially about the circumferential edge of the member and which. when wrapped about the digit is partially secured to both the circumferential edge of the member and the skin of the digit to which the apparatus is to be secured whereby allowing the protective apparatus to be releasably secured in position on the finger/toe tip of a person.

Abstract: A shoulder stabilizing restraint which includes a pillow and a forearm wrap. The pillow has an arcuately-configured posterior face for engaging an anterior quadrant of a torso on a first side of a user. The pillow also has a flat forearm engagement face for engaging a forearm on the first side of the user. The forearm engagement face is preferably converges with the posterior face at a posterior/lateral convergence which is positionable proximal to a lateral border of the torso on the first side of the user. The forearm wrap is fastenable to the pillow to retain the forearm in engagement with the forearm engagement face and the shoulder joint at a positive external rotation angle.

Abstract: A hand press type rapid positioning first-aid device with cardiopulmonary resuscitation comprises a press device, an air storage device, a control device, a binding device and a sucking disc. The binding device allows the first-aid device being secured to the chest of the patient rapidly and conveniently. An operation process of continuously pressing the pressed part of the patient five times and blowing air one time after the mouth and nose breather masking the mouth and nose of the patient makes the first-aid cardiopulmonary resuscitation more successful and easily to enhance the function of first-aid. The disposal part, which contacts with the patient, in the mouth and nose breather can prevent from possible bacteria infection between patients.

Abstract: A method and related system to determine nasal resistance to airflow. Some of the exemplary embodiments may be a method comprising measuring an attribute of airflow through a first naris of a patient without blocking a second naris of the patient, measuring an attribute of airflow through the second naris of the patient without blocking the first naris, and determining a value indicative of nasal resistance to airflow based on the attributes measured.