Abstract: This disclosure describes methods for identifying an individual in an anonymous biometric authentication system, where an individual's biometric data is captured by a device, and the resulting probe is compared with the templates in a previously enrolled population. The system comprises a Biographic Identity Management System having a non-anonymous sector in communication with an anonymous sector through a network cloud. The anonymous sector or Anonymous Biometric Identity Management System contains an index of tokens associated, each associated uniquely with a biometric template, which may then be compared with a biometric probe to determine the identity of an individual.

Abstract: An image processing device includes a processor; and a memory which stores a plurality of instructions, which when executed by the processor, cause the processor to execute, acquiring a captured image; extracting a first feature amount and a second feature amount of a user included in the image, and a third feature amount indicative of a likelihood of a portion from which the second feature amount is extracted; generating an authentication table including a plurality of the first feature amounts, a plurality of the second feature amounts, and a plurality of the third feature amounts extracted from a plurality of the images; and selecting the third feature amount extracted at authentication of the user, and the first feature amount and the second feature amount included in the authentication table, based on the third feature amount included in the authentication table, and authenticating the user based on the first feature amount.

Abstract: A method for improving the security of secret authentication data during authentication transactions is provided that includes converting the secret authentication data of a user into scrambled secret authentication data by associating a different text-string with each item of information included in the secret authentication data. The method also includes capturing the scrambled secret authentication data with a communications device, and conducting an authentication transaction with the captured authentication data.

Abstract: A reader element is associated with an identity verification element. The reader element has a biometric input device and is configured, through enrollment of a biometric element is used to encrypt a character sequence associated with the identity verification element. In a verification phase subsequent to the enrollment, a user may be spared a step of providing the character sequence by, instead, providing the biometric element. Responsive to receiving the biometric element, the reader element may decrypt the character sequence and provide the character sequence to the identity verification element.

Abstract: In a method of providing software for use by a control unit of a vehicle, before its use by the control unit, the software is signed according to a public-key method against a falsification, using the secret or private key of a software signature site. The signed software is checked for integrity by using the public key complementary to the secret key of the software signature site.

Abstract: A tool facilitates a balancing of security with usability enabling secure user access to multiple secure sites and locations from several computing devices. Access to the multiple secure sites and locations occur by utilizing a roamable credential store (RCS), which is highly resistant to offline attack. The RCS facilitates a protected Unified Credential Vault (UCV) via a multi-stage encryption process such that user credentials are protected by making offline dictionary attacks prohibitively expensive to an attacker without causing usability to deteriorate commensurately.

Abstract: A system and method for protecting data from external threats includes a computer system having a plurality of input/output units, a key device that is removably mated with one of the input/output units, a processor, a local memory, a primary bulk storage device, a secondary bulk storage device, a first communication unit and a second communication unit. A method includes performing software and hardware verification of a first and second user password, and selectively engaging each of the bulk storage devices and communication units when the system is in one of a protected mode and an open mode.

Abstract: A secure communication kit is disclosed. The secure communication kit may include a plurality of tangible security tokens; each security token storing one or more cryptographic keys and a group identifier. A first cryptographic key stored on each security token may correspond to one of the cryptographic key(s) stored on every of the other security tokens. The group identifier stored on each security token may correspond to each group identifier stored on every of the other security tokens. A client device for securely communicating using the secure communication kit is also disclosed.

Abstract: Methods, systems, and articles of manufacture for implementing user access to remote resources residing on an external domain. Various implementations include authenticating and authorizing a user on a first system and receiving user request to access remote resources. The first system invokes processes or modules to initiate a new session to perform auto logon on behalf of the user on a second system by using stored user's credentials and subdomain delegation techniques without user intervention. The second system authenticates and authorizes this new session to allow user access to remote resources residing thereupon. The first system further prepares the user's system to take over the new session by setting cookie(s) and also by redirecting the URL so the user may continue to use the new session to access the desired remote resources residing on the second system.

Abstract: Embodiments of the invention are directed to systems, methods and computer program products for establishing a secure connection between a data repository and an intelligence application.

Abstract: A request is received for a brokered shipment from a particular entity to an anonymous user. A shipping identifier is obtained from a shipping entity, on behalf of the particular entity, for the shipment from the particular entity to the anonymous user. The shipping identifier is communicated to the particular entity and the shipping identifier is associated with a unique user identifier unique, within a system, to a pairing of the anonymous user with the particular entity. Address information of the anonymous user is unknown to the particular entity, and address information is obtained from the shipping entity for the anonymous user. In some aspects, address information of the particular user is received from a second entity and applied to the shipment identifier in connection with delivery of the shipment to the particular user.

Abstract: A particular set of attributes of a particular computing device is identified. A first plurality of whitelisted objects is identified in a global whitelist corresponding to the particular set of attributes. A particular whitelist is generated to include the identified set of whitelisted objects, the particular whitelist tailored to the particular computing device. In some aspects, device-tailored updates to the particular whitelist are also generated.

Abstract: Embodiments relate an address translation/specification (ATS) field. An aspect includes receiving a work queue entry from a work queue in a main memory by a hardware accelerator, the work queue entry corresponding to an operation of the hardware accelerator that is requested by user-space software, the work queue entry comprising a first ATS field that describes a structure of the work queue entry. Another aspect includes, based on determining that the first ATS field is consistent with the operation corresponding to the work queue entry and the structure of the work queue entry, executing the operation corresponding to the work queue entry by the hardware accelerator. Another aspect includes, based on determining that the first ATS field is not consistent with the operation corresponding to the work queue entry and the structure of the work queue entry, rejecting the work queue entry by the hardware accelerator.

Abstract: A computer processor receives a plurality of execution items corresponding to a computer process. The computer processor allocates a first memory portion corresponding to a first stack, wherein the first stack corresponds to a first class of execution items. The computer processor allocates a second memory portion corresponding to a second stack, wherein the second stack corresponds to a second class of execution items. The computer processor identifies a first execution item of the plurality of execution items and determining a class corresponding to the first execution item.

Abstract: Methods, devices, and systems for detecting return-oriented programming (ROP) exploits are disclosed. A system includes a processor, a main memory, and a cache memory. A cache monitor develops an instruction loading profile by monitoring accesses to cached instructions found in the cache memory and misses to instructions not currently in the cache memory. A remedial action unit terminates execution of one or more of the valid code sequences if the instruction loading profile is indicative of execution of an ROP exploit involving one or more valid code sequences. The instruction loading profile may be a hit/miss ratio derived from monitoring cache hits relative to cache misses. The ROP exploits may include code snippets that each include an executable instruction and a return instruction from valid code sequences.

Abstract: An operating system sandbox may include an operating system isolation module configured to restrict an operating system from transmitting machine-readable data and/or machine-readable instructions to an application, based on at least one predefined rule corresponding to abnormal operating system behavior.

Abstract: Described herein are methods, network devices and machine-readable media for preventing the malicious use of phishing simulation records. Phishing simulation records often times can reveal which individuals are most susceptible to phishing attacks. In the event that an attacker gains access to these records, the attacker can exploit such information to send phishing attacks to those individuals who are the most susceptible. To address such vulnerabilities, a phishing simulation record of an individual is only associated with an e-mail alias of the individual. Further, such e-mail alias may be deactivated after phishing simulations have been completed. Therefore, even if an attacker were able to identify individuals most susceptible to phishing attacks, the attacker will be unable to send any phishing attacks to those individuals since their e-mail aliases will have been deactivated.

Abstract: A system, method, and computer program product are provided for isolating a device associated with at least potential data leakage activity, based on user input. In operation, at least potential data leakage activity associated with a device is identified. Furthermore, at least one action is performed to isolate the device, based on user input received utilizing a user interface.

Abstract: An embedded device including a random access memory (RAM) and a processor is provided. The processor includes a processor core and an authentication module. The RAM stores data-to-be-authenticated. The data includes a program code to be executed by the processor core. The authentication module periodically accesses and authenticates the data-to-be-authenticated in the RAM. When the authentication module deems that the program code in the RAM loses its integrity, the authentication module interrupts the processor from further executing the program code.

Abstract: Procedures are described for enhancing target system execution integrity determined by power fingerprinting (PFP): by integrating PFP into the detection phase of comprehensive defense-in-depth security; by deploying a network of PFP enabled nodes executing untrusted devices with predefined inputs forcing a specific state sequence and specific software execution; by embedding module identification information into synchronization signaling; by combining signals from different board elements; by using malware signatures to enhance PFP performance; by automatic characterization and signature extraction; by providing secure signature updates; by protecting against side-channel attacks; performing real-time integrity assessment in embedded platform by monitoring their dynamic power consumption and comparing it against signatures from trusted code, including pre-characterizing power consumption of the platform by concentrating on trace sections carrying the most information about the internal execution status; by u

Abstract: Indicia may include security threats that, when scanned by a barcode reader, may cause unwanted actions to be performed by a host device communicatively coupled to the barcode reader. To prevent these security threats from affecting the host device, security software running on a processor in the barcode reader or the host device compares the scanned data with items in a threat-signature library. Scanned data that match, at least part of, the threat signature library are blocked from being transmitted to the host device.

Abstract: A method of protection of memory contents in a computer which includes the steps of loading a program into the computer and executing such program so that the memory contents of the computer are used to create and store on the same computer cryptographic hash tags uniquely identifying the contents for each of blocks of memory content of selected and consistent size and their location and applying this to all of the memory contents, analyzing the hash tags so as to identify those that have an identical memory content, recording such results of such analysis, then effecting a transfer to an independent memory a copy of the hash tags and the associated memory blocks as well as the other information regarding their location this being with the exception where the contents of a block are identical, and then transferring only one copy of such contents.

Abstract: A computerized system and method is described for classifying objects as malicious by processing the objects in a virtual environment and monitoring behaviors during processing by one or more monitors. The monitors may monitor and record selected sets of process operations and capture associated process parameters, which describe the context in which the process operations were performed. By recording the context of process operations, the system and method described herein improves the intelligence of classifications and consequently reduces the likelihood of incorrectly identifying objects as malware or vice versa.

Abstract: The invention relates to the field of anti-virus protection. The technical result of the invention lies in providing possibility for unblocking the computer with no data loss and computer resetting, for increasing the antivirus systems operation efficiency and consequently improving the computer systems security. A method for neutralizing malicious software blocking computer operation, the method being performed by means of a separate antivirus activation device developed for the antimalware procedure activation to be run by a PC user, the device comprising connectors for connection to a control bus, a controller and an activation unit. Computer unblocking and malware neutralizing procedure is activated after receiving an activation signal from the antivirus activation device.

Abstract: A method is provided in one example embodiment that includes storing a reference measurement of an object in a trusted storage and retrieving the reference measurement from the trusted storage before an operating system is loaded. In a pre-operating system environment, the reference measurement can be compared with a golden measurement and a policy action can be applied if a variance is detected between the reference measurement and the golden measurement. In more particular embodiments, the reference measurement is a measurement of firmware, and yet more particularly, the measurement is a hash of the firmware.

Abstract: A reputation server is coupled to multiple clients via a network. Each client has a security module that detect malware at the client. The security module computes a hygiene score based on detected malware and provides it to the reputation server. The security module monitors client encounters with entities such as files, programs, and websites. When a client encounters an entity, the security module obtains a reputation score for the entity from the reputation server. The security module evaluates the reputation score and optionally cancels an activity involving the entity. The reputation server computes reputation scores for the entities based on the clients' hygiene scores and operations performed in response to the evaluations. The reputation server prioritizes malware submissions from the client security modules based on the reputation scores.

Abstract: A system including a memory having regions including a first and second region, the first region being different from the second region, and a digital rights management engine to receive a plurality of ciphertext cipher blocks, decrypt the ciphertext cipher blocks yielding plaintext cipher blocks, output the plaintext cipher blocks to the first region of the memory over a period of time, provide a plurality of decoy cipher blocks in addition to the plaintext cipher blocks, the decoy cipher blocks having a pattern in which: a first one of the decoy cipher blocks consists of data, and a second one of the decoy cipher blocks consists of data which is the same as the data of the first one of the decoy cipher blocks, and output the decoy cipher blocks to the second region of the memory during the period of time. Related apparatus and methods are also included.

Abstract: A first person (which may be a natural person, organization, brand, or other entity) has one or more affinity planes. Each affinity plane represents a distinct closeness of relationship with the first person. The first person also has one or more sectors, each of which may be associated with a domain. Each of the other people may be associated with zero or more of the first person's affinity planes and zero or more of the first person's sectors. Each of the first person's resources may be associated with zero or more of the first person's affinity planes and zero or more of the first person's sectors. A request by one of the other people to access one of the first person's resources is granted based on the overlap between the affinity planes and sectors associated with the requestor and the affinity planes and sectors associated with the requested resource.

Abstract: A system for authorizing data to be provided to a mobile computing device is provided. The system includes the mobile computing device and a server computer that includes a processor and a memory coupled to the processor, the memory including processor-executable instructions for performing the steps of storing, in the memory, parameters for authorizing data to be provided to the mobile computing device and determining at least one contextual cue associated with at least one of a task to be performed, the mobile computing device, and a user of the mobile computing device, wherein the at least one contextual cue is associated with the parameters. The processor-executable instructions also perform the steps of authorizing data to be provided to the mobile computing device when the at least one contextual cue aligns with the parameters and providing the data to the mobile computing device.

Abstract: Source information for requests submitted to a system are classified to enable differential handling of requests over a session whose source information changes over the session. For source information (e.g., an IP address) classified as fixed, stronger authentication may be required to fulfill requests when the source information changes during the session. Similarly, for source information classified as dynamic, source information may be allowed to change without requiring the stronger authentication.

Abstract: A system, computer readable medium and a method for encrypting a file, the method may include retrieving the file from a storage service; segmenting the file into multiple file segments; calculating a file segment signature for each of the multiple file segments to provide multiple file segment signatures; encrypting each of the multiple file segments to provide multiple encrypted file segments by using encryption keys that are in response to the multiple file segment signatures; wherein the multiple encrypted file segments form an encrypted file; and sending the multiple encrypted file segments to the storage service.

Abstract: A server connectable to an apparatus providing contents and an image display apparatus includes an index information processing part configured to provide the image display apparatus with index information for causing a list of information items associated with the contents to be displayed by the image display apparatus, an image data processing part configured to provide the image display apparatus with image data for causing a content associated with an information item selected from the list to be displayed by the image display apparatus, and an apparatus authentication part configured to cause the index information processing part and the image data processing part to execute respective processes when the identification information of the image display apparatus that has requested to obtain the content associated with the selected information item by using access authority information regarding authority to access the content is managed in correlation with the access authority information.

Abstract: Various methods are provided for determining run-time characteristics of an application at the time of installation and/or modification. Based on the determined run time characteristics, various methods control the installation and/or modification of the application based on a user privacy profile. One example method may comprise receiving a request to modify an application. A method may further comprise determining whether a conflict is present between the application and a user privacy profile. A method may further comprise causing the determined conflict and at least one conflict resolution to be displayed in an instance in which a conflict is determined. A method additionally comprises causing a user privacy profile to be modified in an instance in which an indication of acceptance is received in response to the displayed at least one conflict resolution.

Abstract: A computer-implemented method for managing web browser histories may include (1) identifying a website visited via a web browser, (2) selecting one or more website categories for which websites are not to be referenced in the web browser history, (3) querying a website categorization database to verify whether the visited website belongs to a selected website category, (4) receiving, in response to querying the website categorization database, an indication that the website belongs to a selected website category, and (5) blocking, based on the website belonging to a selected category, the website from being referenced in the web browser history. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: An information input display device, having an input section for inputting information and a display section for displaying the information, which enables an access to protected information after being authenticated by an authentication processing executed after starting up of the information input display device, the information input display device including: an authentication processor which executes the authentication processing based on authentication information inputted by the input section; and an input display controller which, after the starting up of the information input display device and before being authenticated by the authentication processing, accepts inputting of prescribed information different from the authentication information through a screen displayed on the display section, and allows the display section to display the prescribed information on the screen.

Abstract: A system of automatically changing a viewing angle of a display device based on a determination of content confidentiality includes a display device, an auditing application, and a privacy filter control. The auditing application is configured to analyze content to be displayed on the display device for confidentiality indicators. The privacy filter control is configured to automatically change a current viewing angle of the display device from a first viewing angle to a second viewing angle that is less than the first viewing angle when the content includes at least one confidentiality indicator and the current viewing angle of the display device is the first viewing angle.

Abstract: A portable secured electronic unit includes at least two electronic components, one of which is embodied in the form of a primary electronic component and the second in the form of an interface electronic component, wherein the two electronic components are interconnected by communication elements and at least one electronic component includes security elements for securing the communication thereof the other electronic component.

Abstract: A communication control device configured to access an information processing apparatus in which data is stored. The device and method acquires an operational condition of an information processing apparatus, and notifies the information processing apparatus of a security command for causing the information processing apparatus to execute a security process on the data in an event that an operational condition is activated and, in an event that the operational condition is a standby mode, a hibernate mode, or a shutdown mode, notifies the information processing apparatus of an activation command for activating the information processing apparatus, and notifies of a security command for causing the information processing apparatus to execute a security process on the data.

Abstract: A system and method for enabling a dual interface smart card reader to be able to determine if data should be read from a smart card using wireless technology or touch technology, even when the data can be accessed through wireless technology.

Abstract: A card reading device with a plurality of protecting mesh wires includes a main board, an outer frame, a first mesh wire and a second mesh wire. The main board includes an electronic member region and a card inserting case. The outer frame is disposed on the main board and includes a first groove and a second groove. The first groove covers the electronic member region. The second groove covers the card inserting case. The first mesh wire is disposed in the first groove and includes a first wire end connected to the electronic member region. The second mesh wire is disposed in the second groove and includes a second wire and connected to the electronic member region. When the outer frame is damaged or destroyed, the first mesh wire or the second mesh wire is triggered to activate a circuit protecting procedure to shortcut or disconnect a signal circuit.

Abstract: A reader for data interchange with a mobile data memory, i.e., a ultra-high frequency (UHF) RFID transponder, wherein the reader includes reception electronics for converting a high frequency signal received via an antenna into a low frequency signal and includes a decoding device for converting the low frequency signal into data. The reader also includes an analog-digital converter for digitizing and a memory device, linked thereto, for storing the low frequency signal from at least one period of time from a communication event, and also includes an analysis device for evaluating a low frequency signal stored in this manner so that it is possible to independently analyze the processed low frequency signal whenever a mobile data memory is misread (spuriously sensed), wherein the analog-digital converter which is used in the readers can advantageously also be used for digitizing the low frequency signal stored for the analysis purposes.

Abstract: A reading device for contactless communication with a transponder unit includes a first antenna for generating a reading device field in the form of an alternating magnetic field. The reading device further contains one or more second antennas configured, and arranged in relation to the first antenna, such that during a contactless communication of the reading device with a transponder unit which generates communication signals by means of load modulation, a predetermined change of a detection signal is captured on the second antenna or antennas if the transponder unit is located in a predetermined zone around the reading device.

Abstract: A system and method for using an RFID read/write device to secure an RFID operable instrument or an RF communication is provided. The invention includes security databases in communication with a processor for storing and communicating security protocols to the RFID read/write device. The invention includes a method for restricting the unauthorized use of an RFID read/write device. The invention includes a subscription service for communicating user credentials to a certificate authority to obtain a counter security protocol. The invention also includes decrypting information stored on an RF operable device or transmitted via radio-frequency using counter security protocols.

Abstract: A multi-protocol RFID interrogating system employs a synchronization technique (step-lock) for a backscatter RFID system that allows simultaneous operation of closely spaced interrogators. The multi-protocol RFID interrogating system can communicate with backscatter transponders having different output protocols and with active transponders including: Title 21 compliant RFID backscatter transponders; IT2000 RFID backscatter transponders that provide an extended mode capability beyond Title 21; EGOTM RFID backscatter transponders, SEGOTM RFID backscatter transponders; ATA, ISO, ANSI AAR compliant RFID backscatter transponders; and IAG compliant active technology transponders. The system implements a step-lock operation, whereby adjacent interrogators are synchronized to ensure that all downlinks operate within the same time frame and all uplinks operate within the same time frame, to eliminate downlink on uplink interference.

Abstract: A conveyor system for processing items on which radio frequency identification tags are disposed has a conveyor that conveys items through a path of travel, and an antenna disposed proximate the path of travel. Circuitry in communication with the antenna may associate RFID tag data with a package on the conveyor based on a difference signal from elements in the antenna.

Abstract: The present invention provides a read sensor that can acquire data from the read object reliably, with a simple configuration, by making it possible to acquire data from the read object using both a magnetic field and an electric field. A read sensor 10 has conductive elements 30 that have a shape in which first elements 31 and second elements 32 are connected with each other along a first plane 20a, as if drawn unicursally in one stroke, so that the angle ?1 formed between a first element 31 and a second element 32 becomes a predetermined sharp angle, and a metal plate 40 that covers a second plane 20b of the dielectric plate 20, which is the back plane of the first plane 20a.

Abstract: A tracking system for items to be ionizing radiation sterilized is provided which utilizes an attached RF ID tag that is ionizing radiation proof or enclosed in an ionizing radiation proof holder. The RF ID tag is coded with a unique identification and certification data on the ionizing radiation sterilization. An RF ID tag reader is provided, which is usable by a user to obtain the identification and sterilization data from the RF ID tag on the item. The RF ID tag reader includes a user input for at least one trackable event and can write data based on the at least one trackable event back onto the RF ID tag. The RF ID tag reader is at least one of connectable to a PC or the internet, or is compatible for uploading the identification and any user input to an internet accessible device. A database is provided, having item related information.

Abstract: An optical indicia reading terminal can comprise a microprocessor, a memory, and an image sensor integrated circuit for decoding decodable indicia. The image sensor integrated circuit can be configured to output a plurality of digital signals, each digital signal being representative of light incident on at least one pixel of the two-dimensional image sensor. The optical indicia reading terminal can be configured to selectively acquire a plurality of luminance signals from the plurality of digital signals. Whether the output image data from the sensor is digitally stored as YUV data or YCBCR data, the terminal parses out the luminance signal, Y, in the data matrix to store a monochrome image for decoding. The optical indicia reading terminal can be configured to process the frame of image data for decoding decodable indicia.

Abstract: A method for decoding decodable indicia includes sensing the polarization of light from a plurality of orientations in connection with the decodable indicia, and controlling at least one of energizing an illumination subsystem based on the sensed polarization indicating a generally randomly polarized light, and inhibiting energization of the illumination subsystem based on the sensed polarization indicating a generally linearly polarized light. One or more images are captured, and an attempt is made to decode the decodable indicia using at least one of the one or more images.

Abstract: A laser scanning indicia reading apparatus (1000) comprises one or more adjustable aperture assemblies (2024) for adjusting the diameter of a laser beam and adjustable lens assemblies (2026) for adjusting the distance of a laser beam waist (W).