Abstract: A device may acquire information associated with an age, a gender, a weight, a height, and one or more lifestyle factors of a user. The device may also receive a nutrition inquiry of the user. The device may also compute a recommended daily amount of one or more nutrients for consumption by the user based on the received nutrition inquiry and at least a portion of the acquired information. The device may also determine information indicating a health benefit of the one or more nutrients and information indicating a health detriment associated with a deficiency or excess of the one or more nutrients and display the determined information. The device may also generate a ranked list of a plurality of foods that contain the one or more nutrients, wherein the list may be ranked according to a recommended percent daily value for the one or more nutrients.

Abstract: Integrated modular health platforms and methods of their use are provided. The integrated modular health platform may include one or more sensors (120) configured to monitor a patient usage of a medical device (110); a communication unit (130) communicatively coupled to the one or more sensors (120); and a processing unit (200) configured to receive a first communication from the communication unit (120), the communication being indicative of the patient usage of the medical device (110), to compare the patient usage of the medical device (110) with an expected usage of the medical device (110); and to generate a second communication indicative of a difference between the patient usage and the prescribed usage.

Abstract: In one embodiment, the present invention provides a method of designing a clinical trial enrollment plan, comprising the use of non-linear regression analysis to model the relationship between the number of investigator sites and the site enrollment rates, or the relationship between the number of investigator sites and the trial enrollment rates.

Abstract: The present invention provides a method for conducting a drug discovery research by identifying a lead candidate based solely on drugs that have been approved for a clinical use by an agency who has the authority to approve a drug for clinical use in mammal. The method uses a cheminformatics database. The present invention also provides a method and system for analyzing chemical drugs that have been approved for clinical use.

Abstract: This system provides wired and/or wireless access throughout a multimedia network built on a distributed architecture which can be transparent to the user. This multimedia network includes content which is imported or generated within the network. The system allows for the content provider to determine the license status of content and update the license status of content which was previously provided by that provider. The external content can be accessed in real time or downloaded and stored within the system for later access at the convenience of the user. The usage of some content is controlled by the use of encryption and other protection methods. The system allows for storage of live video by storing the digitized video and allowing the user to control how, when and where the content is viewed. The system makes available multiple multimedia services to all users in the network or connected via the internet.

Abstract: The present disclosure provides for systems and methods for delivering and unlocking restricted media content on physical media. The disclosed methods and systems provide restricted media assets on a physical media. The restricted media assets may be ad-sponsored media content. Restrictions on the restricted media assets may be removed by providing an unlock code, either on an online or offline media player. In the ad-sponsored media context, an unlocked version might comprise an ad-free version.

Abstract: A method for performing a delayed license validation may include receiving a request to execute a software application. In response to receiving the request to execute the software application, the execution of the software application may be permitted. Subsequent to permitting the execution of the software application, compliance with a license associated with the software application may be determined.

Abstract: An apparatus and corresponding method for preventing cloning of code. The apparatus includes a memory, an authentication module, and a device. The memory is configured to store the code, which includes unencrypted code and a fragment of encrypted code. The authentication module is configured to receive and decrypt the fragment of encrypted code from the memory into a fragment of decrypted code, and to store the fragment of decrypted code in an authentication module buffer. The device configured to execute the unencrypted code from the memory and to execute the fragment of decrypted code from the authentication module buffer, wherein the fragment of encrypted code is personalized to the device.

Abstract: A method, computing device and computer program product for providing access control of applications on the computing device. The computing device receives a selection of a set of one or more screens from the owner of the mobile device. The computing device further receives a selection of application(s) to be placed in the selected set of screens. The computing device additionally receives a screen passcode to be assigned to the selected set of screens. The computing device then assigns the received screen passcode to the selected set of screens which enables access to the application(s) on the selected set of screens. In this manner, the owner of the computing device can limit other users' access to certain applications on the computing device by segregating the applications on different sets of screens, where each set of screens is assigned a screen passcode which grants access to that set of screens.

Abstract: One or more embodiments of the invention provide access to a work environment in a mobile device from a lock screen presented by a personal environment of the mobile device, wherein the work environment is running in a virtual machine supported by a hypervisor running within the personal environment and wherein the personal environment is a host operating system (OS) of the mobile device. The host OS receives an authentication credential from a user in response to a presentation of the lock screen on a user interface (UI) of the mobile device and then determines whether the authentication credential is valid for the personal environment or the work environment. If the authentication credential is valid for the personal environment, access is enabled only to the personal environment. If the authentication credential is valid for the work environment, access is enabled to both the personal environment and the work environment.

Abstract: A user authentication method and a terminal. The method includes determining first-type authentication information and second-type authentication information that are of a terminal, wherein the first-type authentication information includes specific attribute information that is in specific attribute information of an interaction object corresponding to a specific interaction behavior of the terminal and whose occurrence frequency within a preset time falls in a preset range, and wherein the second-type authentication information is used to interfere with selection, by the user of the terminal, of the first-type authentication information; presenting an authentication challenge set to the user of the terminal; receiving an identification result; and determining an authentication result. According to the user authentication method, authentication information is dynamically generated using information about an interaction object to perform authentication on a user.

Abstract: A mobile communications device includes a plurality of first input devices capable of passively collecting input data, a second input device(s) capable of collecting response data based upon a challenge, and a processor capable of determining a level of assurance (LOA) that possession of the mobile communications device has not changed based upon a statistical behavioral model and the passively received input data, and comparing the LOA with a security threshold. When the LOA is above the security threshold, the processor may be capable of performing a given mobile device operation without requiring response data from the second input device(s). When the LOA falls below the security threshold, the processor may be capable of generating the challenge, performing the given mobile device operation responsive to valid response data, and adding recent input data to the statistical behavioral model responsive to receipt of the valid response data.

Abstract: For secure handwriting input for password fields, an apparatus for using a tone indicator to identify language in text recognition is disclosed. The apparatus may include a processor, a handwriting input unit operatively coupled to the processor, a display operatively coupled to the processor, a handwriting element module that identifies a handwriting element from handwriting input, an input replication module that controls the display to present the handwriting element, and a privacy module that controls the display to obscure the handwriting element in response to a predetermined trigger event. Obscuring the handwriting element may include removing the handwriting element, rendering transparent the handwriting element, replacing the handwriting element and an area surrounding the handwriting element with a colored area, and/or replacing the handwriting element with an anonymizing symbol. A method and computer program product also perform the functions of the apparatus.

Abstract: A method, performed by a device, of providing security content includes receiving a touch and drag input indicating that a user drags a visual representation of a first application displayed on a touch screen of the device to a fingerprint recognition area while the user touches the visual representation of the first application with a finger; performing authentication on a fingerprint of the finger detected on the touch screen using a fingerprint sensor included in the fingerprint recognition area; and when the performing authentication on the fingerprint is successful, displaying the security content associated with the first application on an execution window of the first application.

Abstract: A method of authenticating users to reduce transaction risks includes indicating a desire to conduct a transaction and determining whether the transaction requires access to protected resources. Moreover, the method determines whether inputted information is known, determines a state of a communications device when the inputted information is known, and transmits a biometric authentication request from a server to an authentication system when the state of the communications device is enrolled.

Abstract: A method for authenticating users is provided that includes indicating, by a user, a desire to conduct a transaction. Moreover, the method includes monitoring, using a terminal device, for devices proximate the terminal device, and determining whether each device included in an authentication data requirement is included in proximate devices detected while monitoring for devices proximate the terminal device. Furthermore, the method includes successfully authenticating the user when each device included in the authentication data requirement is included in the detected proximate devices.

Abstract: An exemplary method includes a user identification system associated with a computing device transmitting a radio frequency (“RF”) signal from a transmitting antenna, receiving a plurality of reflected RF signals that are each a reflection of the transmitted RF signal from an external surface of a user, each of the plurality of reflected RF signals received at a separate one of a plurality of sensing antennas, determining an RF signature based on the plurality of reflected RF signals, and determining whether the RF signature matches a reference RF signature. Corresponding methods and systems are also described.

Abstract: A method of providing a user with an option to access a protected system by satisfying a reduced security measure is disclosed. An attempt by the user to access the protected system is detected. It is detected that a first security token system is within a first proximity to the protected system. Based on the detecting of the attempt by the user to access the protected system and the detecting that the first security token system is within the first proximity, the user is provided with the option to access the protected system by satisfying the reduced security measure.

Abstract: An operation device includes a screen display section that displays a login screen on a touch panel, a key position changing section, a key information reception section, and a key information determination section. The key position changing section changes positions of a plurality of keys that are displayed on the login screen such that the keys are displayed for a current login process at positions that are different from previous positions at which the keys were displayed for a previous login process. The key information reception section generates input information representing a key pressed on the login screen. The key information determination section allows login of a user when a combination of pieces of input information corresponding to a plurality of key presses performed by the user matches registration information and does not allow login of the user when the combination does not match registration information.

Abstract: Methods and apparatuses for unlocking a device with enhanced security level are provided. The method includes: receiving a first input indicating a reference point, receiving an input pattern including a plurality of inputs in a plurality of directions, wherein each of the plurality of inputs is initiated from the reference point, determining whether the plurality of inputs included in the input pattern are substantially identical to a plurality of inputs included in predetermined unlocking data; and unlocking the device based on the determination.

Abstract: The invention prevents robots from browsing a Web site beyond a welcome page. When an initial request from an undefined originator is received, the Web site responds to it with a welcome page including a challenge. Then, on receiving a further request from the undefined originator, the Web site can check whether the challenge is fulfilled or not. If fulfilled, the undefined originator is assumed to be a human being and authorized to go on. If the challenge is not fulfilled, the undefined originator is assumed to be a robot, in which case site access is further denied. The invention prevents Web site contents from being investigated by robots while not requiring users to have to log on.

Abstract: Devices, methods, systems, and computer-readable media for open architecture security are described herein. One or more embodiments include a method for open architecture security, comprising: identifying a source of a received computing component, assigning a value to the received computing component based on the source, and designating the received computing component into a security level based on the assigned value.

Abstract: Detecting synthetic keystrokes by maintaining a record of one or more keystrokes of physical keyboard input detected by an operating system of a computer, detecting a keystroke received at a computer application process that is executed by the computer, determining that the keystroke received at the computer application process is absent from the record of keystrokes of physical keyboard input, and identifying the keystroke received by the computer application process as being a synthetic keystroke.

Abstract: Methods, systems, and devices are described for displaying information on a visual display of a data storage device. The device may be an internal data storage device and may display information associated with various operation parameters and a security confidence metric or states of the data storage device. The data storage device may display, on the visual display, an indication of a security confidence metric of the data storage device indicative of whether the data storage device has been compromised. The data storage device may be compromised by having one or more sub-components replaced, altered, or misused. The visual display may be electronic paper, mechanical, or chemical such that the information is displayed without power being applied to the data storage device. The visual display may be removable from the data storage medium.

Abstract: Preventing return-oriented programming exploits by identifying a set of contiguous computer software instructions extending from a first location within a computer memory to a second location within the computer memory, where the set of computer software instructions includes a return-oriented programming gadget, copying the set of computer software instructions to extend from a third location within the computer memory to a fourth location within the computer memory, placing a branching instruction at the first memory location, where the branching instruction branches to the third location, appending a return branching instruction to the copy of the set of computer software instructions, where the return branching instruction branches to a fifth location within the computer memory that immediately follows the second location, and overwriting at least a portion of the return-oriented programming gadget between the first location and the second location.

Abstract: In a payment terminal device, a plurality of APIs are called with the execution of a payment application, and have individual functions. Monitor statistics monitor a call procedure of APIs which are used with the execution of the payment application. A statistics accumulator accumulates a history of the call procedure of the APIs. A determiner determines the validity of the call procedure of the APIs monitored by the monitor statistics based on the call history of the APIs accumulated in the statistics accumulator.

Abstract: There is provided a system and a computer-implemented method of detecting malware in real time in a live environment. The method comprises: monitoring one or more operations of at least one program concurrently running in the live environment, building at least one stateful model in accordance with the one or more operations, analyzing the at least one stateful model to identify one or more behaviors, and determining the presence of malware based on the identified one or more behaviors.

Abstract: A process transforms compiled software into a semantic form. The process transforms the code into a semantic form. The process analyzes behavior functionality by processing precise programming behavior abstractions stored in a memory and classifies the code as malware based on the code behavior. Another method identifies the starting point of execution of a compiled program. The method calculates a complexity measure by calculating the number of potential execution paths of local functions; identifies the number of arguments passed to local functions; and identifies the starting point of execution of the compiled program. Another method provides interactive, dynamic visualization of a group of related functions wherein a user can explore the rendered graph and select a specific function and display functions that are color coded by their ancestral relation and their function call distance to the selected function.

Abstract: Technologies are generally described for systems, devices and methods effective to generate an alert in a computing system. In some examples, a read request may be identified to read from a memory location in a memory. The memory location may include first data accessible by a virtual machine and an instance manager module. The first data may be allowed to be read from the memory location. A write request may be identified to write second data to the memory location. A flag may be identified in response to the identification of the write request. The flag may be associated with the memory location. An alert may be generated, based on the identification of the flag and the identification of the write request.

Abstract: Dynamic verification of a computer software application execution path by detecting execution of a target instruction of a computer software application, wherein the computer software application is configured to generate a token at an instruction near a waypoint instruction of the computer software application, and wherein the waypoint instruction lies along an execution path that leads to the target instruction. Determining, responsive to detecting execution of the target instruction, whether a token exists. Performing a computer-security-related remediation action responsive to determining that the token does not exist.

Abstract: There are described methods and apparatus for generating an identifier of a computer device, which may also be an identifier of a software application installed on the computer device such as a web browser. Parameters of the computer device are collected, extended with dummy values, and reordered, to form a permuted extended set of parameters, which in turn is used to generate the identifier.

Abstract: Embodiments of an invention for logging in secure enclaves are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive an instruction having an associated enclave page cache address. The execution unit is to execute the instruction without causing a virtual machine exit, wherein execution of the instruction includes logging the instruction and the associated enclave page cache address.

Abstract: To provide an information processing apparatus and a display control program that each determine a risk level of data owned by the apparatus based on information obtained from plural sensors included in the apparatus, an information processing apparatus 1 includes a situation determining unit 102 that determines a situation of the information processing apparatus 1 based on information obtained from an acceleration sensor 12 and a voice sensor 13; a risk level determining unit 103 that determines a risk level based on a change with time of the situation; a display range limiting unit 104 that limits a display range of document information 111 in accordance with the risk level determined by the risk level determining unit 103; and a displaying unit 105 that displays the document information 111 for the display range limited by the display range limiting unit 104.

Abstract: Described herein is a computing platform incorporating a trusted entity, which is controllable to perform cryptographic operations using selected ones of a plurality of cryptographic algorithms and associated parameters, the entity being programmed to record mode of operation information, which is characterised by the algorithms and associated parameters that are selected to perform an operation.

Abstract: Computer systems and applications are provided for encrypting data that preserves the ability to process the encrypted data. The method includes receiving data in unencrypted form. The method further includes encrypting the data in accordance with an encryption dictionary generated by arranging the plurality of plaintext symbols in lexicographical order; defining a first subset comprising a first plurality of the lexicographically arranged symbols; defining a second subset comprising a second plurality of the lexicographically arranged symbols; defining a first set with a first plurality of unique random tokens within a first token space for use with the first plurality of symbols; and defining a second set with a second plurality of unique random tokens within a second token space for use with the second plurality of symbols such that the second plurality of unique random tokens is non-linear with respect to the first plurality of unique random tokens.

Abstract: An intelligent connection mechanism performs automatic connection for two or more physical elements requesting a connection to each other or one or more physical element requesting a connection to a base unit or a base unit connecting automatically attaching or detaching a module to itself. A customizable modular device is introduced exemplifying some embodiments of the intelligent connection mechanism techniques.

Abstract: Disclosed are various embodiments for a trust establishment application. Machine instances executed in the same computing environment generate side channel patterns embodying data identifying themselves as trusted machine instances. The side channel patterns are detected to determine which machine instances are trusted. An operational mode of a machine instance is configured as a function of whether a quorum of trusted machine instances are executed in the computing environment.

Abstract: A method, computing device and computer program product for providing access control of applications on the computing device. The computing device receives a selection of a set of one or more screens from the owner of the mobile device. The computing device further receives a selection of application(s) to be placed in the selected set of screens. The computing device additionally receives a screen passcode to be assigned to the selected set of screens. The computing device then assigns the received screen passcode to the selected set of screens which enables access to the application(s) on the selected set of screens. In this manner, the owner of the computing device can limit other users' access to certain applications on the computing device by segregating the applications on different sets of screens, where each set of screens is assigned a screen passcode which grants access to that set of screens.

Abstract: Methods, systems, and computer readable media for extending security of an application-based computer operating system are disclosed. One system includes a memory. The system also includes an application-based operating system security module bridge implemented using the memory. The application-based operating system security module bridge is for receiving, from a reference monitor, a registration for at least one security authorization hook, for receiving a callback when a protected event occurs, for communicating with the reference monitor that registered the at least one security authorization hook corresponding to the callback, and for receiving, from the reference monitor, an access control decision associated with the protected event.

Abstract: A device management system includes a meeting support system that is configured to generate and transmit a plurality of electronic meeting invitations to a plurality of mobile wireless devices that correspond to a plurality of meeting participants and receive responses indicating whether the plurality of participants will attend the electronic meeting. The device management system receives identification data that identifies one or more documents or information that will be made available to the plurality of participants. The meeting support system determines whether the plurality of participants is authorized to access the one or more electronic documents or information. If any of the participants are not authorized to access any of the electronic documents or information, the meeting support system notifies the meeting organizer. The device management system may also include a meeting session management system that is configured to share information among the plurality of mobile wireless devices.

Abstract: Systems and methods for detecting potential steganography use to hide content in computer files transmitted via electronic communications are provided. An electronic communication associated with a computer file may be identified. The communication and the computer file may be analyzed to determine whether the computer file potentially includes hidden content. To determine whether the computer file potentially includes hidden content, a set of steganographic criteria may be analyzed. If at least a portion of the steganographic criteria are satisfied, then it may be determined that the computer file potentially includes hidden content. If at least a portion of the steganographic criteria are not satisfied, then it may be determined that the computer file does not potentially include hidden content. If the computer file is determined to potentially include hidden content, an individual may be notified of the communication associated with the computer file.

Abstract: Exemplary methods for providing secure multi-tenancy in a Purpose Built Backup Appliance include creating a set of tenant-units (TUs), associating file system management objects (FSMOs) and users with the TUs. The methods further include maintaining a protocol config-metadata store based on the association of the FSMOs and users with the TUs. In one embodiment, in response to a first request from a first user to access a first FSMO of a first TU, the methods include determining whether the first user is authorized to access the first FSMO based on information of the protocol config-metadata store, and in response to the protocol config-metadata store indicating the first user is authorized to access the first FSMO, allowing the first user to access the first FSMO.

Abstract: In a computer system operable at more than one privilege level, an application is securely customized to use secret data without disclosing the secret data to a managing operating system. In operation, an integrity module executes at a higher privilege level than both the managing operating system and the application. After the managing operating system loads the application executable code, the integrity module injects the secret data directly into the instruction stream of the application executable code and then sets the memory location of the secret data as executable-only. As the application executes at the assigned privilege level, the instruction in the application directly accesses the secret data without performing any indirect memory access, thereby protecting the secret data from malicious attempts to read the secret data at a privilege level lower than the integrity module.

Abstract: A device and software utilizing Global Positioning Satellite (GPS) technologies for monitoring and recovering portable computing devices and, a method and system for acquiring such devices, protecting data on such devices, and for compensating owners of devices. A GPS mechanism of the invention provides real time tracking of missing devices that may be coordinated with security agencies to intercept and recover missing computing devices. When a stolen device is unrecoverable, the invention may receive a signal to initiate data recovery where a wireless network is available to recover data for the owner. Alternatively, the GPS mechanism instructs the device to encrypt or destroy stored data files to prevent commercial espionage or privacy violations. The invention discloses a software system and method for computing a purchase price of the GPS mechanism, computing compensation for loss of the device and lost data.

Abstract: As information becomes more accessible to the public, the ability to predict and estimate sensitive data from the data already available to the general public becomes easier. The existing privacy-preserving data mining approaches only consider the information the user is querying and do not consider the information the user already has, and how the user can use that information in combination with the query information to create sensitive data that the user should not have access to. Some embodiments of the present invention provide a query analysis (QA) program that solves the aforementioned problem by taking into account data that a user may already have, whether it is private data or data that is available to the public, and then using that data, along with the data that would be returned in the query, to determine if sensitive data could be recreated.

Abstract: Generally, embodiments of the invention are directed to methods, computer readable medium, servers, and systems for deidentified access of data. The deidentified access is permitted with the use of an identifier that uniquely indicates an outcome, the coding of the identifier obscures unaided human interpretation of the outcome, and the identifier uniquely identifies data for remediating performance associated with future outcomes.

Abstract: Security devices for protecting ICs from backside security attacks. A security device includes an N? well formed in a substrate, a P+ center disposed in the central region of the N? well, and a P+ ring surrounding the N? well. To prevent latchup, a pair of inner and outer N+ rings is formed in the N? well. When a current source is applied to the P+ center, the current flows through a portion of the substrate and is picked up by the P+ ring. When an attacker mills the substrate or makes a trench in the substrate, the resistance of the substrate changes. By monitoring the voltage difference between the P+ center and P+ ring, the attempt to attack the die can be detected.

Abstract: A relatively small amount of programmable logic may be included in a mostly ASIC device such that the programmable logic can be used as a substitute for a fault-infected ASIC block. This substitution may occur permanently or temporarily. When an ASIC block is temporarily substituted, faulty outputs of the ASIC block are disabled just at the time they would otherwise propagate an error. The operations of the temporarily deactivated ASIC block(s) may be substituted for by appropriately programmed programmable logic. Thus, a fault-infected ASIC block that operates improperly 1% of the time can continue to be gainfully used for the 99% of the time when its operations are fault free. This substitution can be activated in various stages of the ASIC block's life including after: initial design; pilot production; and mass production. This provides for cost saving and faster time-to-market, repair, and maintenance even years after installation and use.

Abstract: A non-secure display area and a secure display area are set on a screen of a display section of a touch panel TP. A non-secure input area and a secure input area are set on a detection surface of a touch input detector of the touch panel TP. In settlement processing, in a display area where the non-secure display area and the secure display area are overlapped, amount information is displayed. A message for urging authentication information input and a PIN pad are displayed in the secure display area. An operator can safely input PIN information to secure the input area through the PIN pad displayed in the secure display area. Even when the secure portion and the non-secure portion are present together, the settlement terminal device can secure the security of input authentication information or the like to suppress the operator's mistake or incorrect operation.

Abstract: An apparatus serving as a portable, lockable secure shell that prevents unauthorized physical and electrical signal access to a device enclosed within the shell. The apparatus comprises a case, a lid, a locking mechanism, cooling means, and charging means. When closed, the apparatus provides Faraday cage protection to an enclosed device to block external electronic, electromagnetic, and radio frequency signals from reaching the enclosed device, which preserves data stored in the device in its original form. In addition, the apparatus prevents clandestine access to an electronic device, which creates an obstacle to unauthorized access of information stored on the device.