Abstract: An illustrative mobile computing device executing weight, nutrition, health, behavior and exercise application software serves as a simulated combination personal trainer and dietician/nutritionist for the user using comprehensive databases storing personalized health, nutrition and exercise information. A mobile computing device, such as a smartphone, executing such software monitors, tracks and/or adjusts caloric intake, energy expenditure taking into account nutritional information and behavioral factors. The mobile computing device receives food consumption, exercise-related, behavior and other input using speech input and the device's GPS subsystem to ease data entry burden on users and to promote continued long-term usage. The system rewards user goal achievement in an automatic, seamless manner, through, for example, downloading music, books, or other media.

Abstract: A method for remotely facilitating labeling of laboratory media may include placing a user request at a computing system serving as a remote computing system, the user request including print content to remotely facilitate labeling of a laboratory media within a laboratory environment. The laboratory media may include at least one of a media cassette or a media slide to hold one or more laboratory samples. The method may further include communicating the user request from the computing system to a printing device over a network. The printing device representing a local computing system. The method may further include remotely facilitating the printing device to label the laboratory media.

Abstract: A management system connected with a clinical testing apparatus is disclosed. The system acquires, from the clinical testing apparatus, a parameter that varies according to deterioration of the unit at a plurality of points of time, stores the parameters and/or analysis results that are obtained by analyzing the parameters, and provides a screen data for showing the stored parameters and/or the stored analysis results in a time-series format. A method for managing a clinical testing apparatus and a clinical testing system for the method are also disclosed.

Abstract: In various aspects, code-based indicia contain secured network access credentials. In some aspects, a computer processor receives user input that specifies secured network access credentials, and the computer processor creates or modifies credentials for establishing a secured network connection. In these aspects, the computer processor generates code-based indicia that contain at least part of the secured network access credentials. In other aspects, a computer processor scans the code-based indicia and extracts the network access credentials. In these aspects, the computer processor employs the network access credentials to establish the secured network connection. In additional aspects, a network router apparatus renders the code-based indicia to an active display. In further aspects, a network router apparatus conditions grant of network access to a device on receipt from the device of an answer to a security question included in the secured network access credentials.

Abstract: In response to a request for launching a program, a list of one or more application frameworks to be accessed by the program during execution of the program is determined. Zero or more entitlements representing one or more resources entitled by the program during the execution are determined. A set of one or more rules based on the entitlements of the program is obtained from at least one of the application frameworks. The set of one or more rules specifies one or more constraints of resources associated with the at least one application framework. A security profile is dynamically compiled for the program based on the set of one or more rules associated with the at least one application framework. The compiled security profile is used to restrict the program from accessing at least one resource of the at least one application frameworks during the execution of the program.

Abstract: A method includes receiving a verification request in a verification agent running on a given device and determining whether the verification agent is able to invoke a verification platform application programming interface (API). The method also includes, in the event that the verification agent is able to invoke the verification platform API, performing remote verification of the verification request via the verification platform. The method further includes, in the event that the verification agent is unable to invoke the verification platform API, starting an internal timer and performing local verification of the verification request at the given device. The method further includes granting the verification request responsive to one of a successful remote verification and a successful local verification within a given time period specified by the internal timer, otherwise denying the verification request.

Abstract: Methods, systems, and computer readable mediums for implementing role-based access control (RBAC) are disclosed. According to one method, the method includes authenticating a user for implementing RBAC across multiple components associated with one or more converged infrastructure systems, receiving, from the user, RBAC related information for implementing RBAC across the multiple components associated with the one or more converged infrastructure systems, and implementing, using the RBAC related information, RBAC across the multiple components associated with the one or more converged infrastructure systems.

Abstract: Methods, systems, and products verify identity of a person. A signature, representing the presence of a device, is acquired. The signature is compared to a reference signature. When the signature favorably compares to the reference signature, then the identity of a user associated with the device is verified.

Abstract: The present application provides methods and corresponding systems for accessing services in a gaming or other environment based on conditional biometric identity verification. In one aspect, this includes the step or steps of determining a location of a gaming device having a display and at least one biometric sensor associated therewith; prompting a user of the gaming device for at least one item of physical biometric data with the biometric sensor based at least on the location of the gaming device; receiving the at least one item of physical biometric data; and enabling at least one service on the gaming device based on a match between the at least one item of physical biometric data received and at least one authenticated item of physical biometric data associated with the user.

Abstract: A user detecting apparatus includes: a memory; and a processor that executes a procedure, the procedure including: obtaining a first image and a second image, extracting a user-associated area from the first image according to a given condition, dividing the user-associated area into a plurality of areas, storing a histogram of each of the plurality of areas in the memory, detecting from the second image a corresponding area that corresponds to an area that is one of the plurality of areas and has a first reference histogram according to similarity, and changing a reference histogram used for a third image from the first reference histogram to a second reference histogram.

Abstract: A computing machine including a sensor to capture a fingerprint image from a user and generate a password in response to the user accessing the sensor, a component to create a package of the fingerprint image and the password, and a processor to authenticate the fingerprint image from the package before decrypting an encryption of the password if a request for the password has been received before a predefined time has elapsed.

Abstract: An invalid digital certificate can be saved and subsequently compared to an incoming digital certificate when performing a security check. If a subsequently provided digital certificate does not match the saved digital certificate, an error condition can be generated. Because a digital certificate can be invalid for non-malicious reasons, such technologies can be useful for improving software security.

Abstract: An unlock procedure for an electronic device can be based at least in part upon a determined gaze direction or viewing location of a user. During a device unlock process, the user can be directed to follow an element or path on a display element with the user's eyes. Image information captured of the user during this process can be used to correlate the user's eye position in the image with the corresponding gaze location on the device, in order to calibrate the gaze tracking in a way that is substantially transparent to the user. Further, certain devices can also utilize captured image information during the unlock process to authenticate the user using a process such as iris recognition or retinal scanning. Such an approach enables secure access to the device without requiring the user to manually enter identifying information, and re-authentication can be performed without distracting the user.

Abstract: A system and method for employing a mechanism for unlocking a vehicle ECU. The ECU stores a unique ECU identification value that identifies the particular ECU and a secure server stores the ECU identification value and a unique ECU security key value, where the identification value identifies the security key value in the server, and where the secure server stores the unique ECU identification value and the unique security key value for many ECUs. A service tool that wants to gain access to the ECU for software reprogramming or service requests the ECU identification value and a challenge from the ECU and sends them to the secure server, which then identifies the security key value associated with that ECU identification value and the response for the challenge. The secure server then sends the response to the service tool, which provides it to the ECU to unlock it for programming.

Abstract: Various embodiments of modular battery authentication circuits are described. The various modular battery authentication circuits are intended to be utilized with electrically powered devices that do not comprise existing battery authentication capabilities. In one embodiment, a modular battery authentication adapter is described. The adapter comprises a housing in which a modular battery authentication circuit resides. One end of the adapter is positioned within a power input port of a device and a modular battery is positioned within the opposing end of the adapter. The authentication circuit within the adapter communicates with the modular battery to determine its authenticity before allowing the battery to power the device. A modular battery comprising an internal authentication circuit is also described. The modular battery is designed to interact with firmware stored within the device to determine whether the modular battery meets certain operational criteria.

Abstract: A method for operating an electronic device is provided. The method includes executing, by a processor of the electronic device operable in a first mode (e.g. a trusted execution environment (TEE)) or a second mode (e.g. a non-trusted execution environment (NTEE)), wherein the first mode is more secure than the second mode; receiving, by the processor operating in the first mode, data or information related to a first software program stored in a first memory region; and authenticating, by the processor operating in the first mode, at least a portion of the data or information using a second software program stored in a second memory region.

Abstract: A security channel interface providing device is provided. The device includes a sensor unit that comprises at least two sensors configured to sense a motion of a user, and a control unit that determines whether or not at least two sensing values sensed by the sensors satisfy a security channel interface activation condition, and activates or inactivates a security channel interface according to a result of the determination. When the security channel interface is activated, the control unit provides a security channel to the user.

Abstract: A method for managing passwords for a user. A processor of an apparatus storing at least one received, incorrect password proposal receives via a user interface a further password proposal from a user; generates a hash value for the further password proposal; sends the hash value to the authentication server; receives from the authentication server a message indicative of whether the hash value corresponds to a correct password or to an incorrect password. In case the message indicates that the hash value corresponds to a correct password, the processor uses a distance function on each incorrect password proposal to obtain a distance value representative of a distance between the incorrect password proposal and the correct password; and sending to the authentication server hash values for password proposals for which the distance value is lower than or equal to a threshold value. Also provided are the apparatus and a computer program support.

Abstract: The present invention provides, in at least one embodiment, a system, and method for detecting fraud rings. The system gathers a small group of highly likely fraudsters. The system then looks for groups of these likely fraudsters who are interconnected. When the interconnections are strong, these groups are likely to be fraud rings. Once fraud rings are detected, the links can be applied to better prevent fraud and to help in criminal investigations.

Abstract: A data processing system supports remeasurement of a virtual machine monitor (VMM). In one example process, the VMM may obtain a secret value from a trusted platform module (TPM) of the processing system. The VMM may provide the secret value from the VMM to a measurement agent executing in system management mode (SMM) of the processing system. The measurement agent may be a system management interrupt (SMI) transfer monitor (STM) that can create virtual machines to execute in SMM, for example. However, the VMM may verify the measurement agent before providing the secret value to the measurement agent. The measurement agent may generate a remeasurement value for the VMM, use the secret value that was obtained from the TPM to certify the remeasurement value, and communicate the remeasurement value to a requesting program, via the VMM. Other embodiments are described and claimed.

Abstract: A system and method are disclosed for mobile information management using a code injection approach. The method for information management of applications includes the steps of: receiving, by a computer, one or more compiled applications, and receiving, by a computer, one or more security policies, wherein each security policy indicates one or more use cases and one or more security actions associated with each use case. The method also includes the step of associating the received applications with the one or more received security policies. Additionally, the method includes the step of automatically wrapping the received applications with the associated security policy using a code injection script.

Abstract: A network computer system is protected from malicious attacks by its own system administrators by a large number of addressable and assignable smart-agents that are individually allocated to independently follow and represent those system administrators, the jobs those system administrated are assigned to work on, and the system resource tasks that such system administrators can employ in furtherance of the completion of a particular job.

Abstract: When a computer system process is acting contrary to the rules established for that process for the resource it is running on, the process is moved to a quarantined section and its continued operation is isolated from other processes. While in isolation, the quarantined process is tested and appropriate action, such as, for example, rehabilitation, change of the rules, or termination, is performed. The divided quarantined sections are used for each misbehaving process.

Abstract: An apparatus and method for analyzing malware in a data analysis system are provided. The apparatus includes a data analysis unit and a controller. The data analysis unit sorts data into primary harmful data and primary harmless data using screening data information of malicious code information and virus information. The controller screens or deletes the primary harmful data, and sends a request for precision analysis of the primary harmless data to a server. The data analysis unit sorts secondary harmful data from the primary harmless data using the precision analysis result received from the server.

Abstract: An apparatus and method for blocking the activity of malware are disclosed. The apparatus for blocking the activity of malware includes a storage unit, a posting unit, and a control unit. The storage unit stores an automatic execution permission list and a set security level. The posting unit posts a predetermined control time immediately after user terminal booting and a predetermined control time immediately after user login. The control unit permits or blocks the execution of an execution attempt file for the predetermined control time immediately after the booting and the predetermined control time immediately after the user login based on the automatic execution permission list and the set security level.

Abstract: Disclosed are various embodiments for fast and accurate identification of message-based application programming interface (API) calls in Objective-C binaries. An application binary is analyzed to determine a first listing of classes and a first listing of methods. Metadata is extracted from the application to determine a second listing of classes and a second listing of methods. A listing of external classes and a listing of external methods are determined. Data identifying public API definitions is obtained. Public APIs invoked by the application are determined by comparing the external classes and methods with the public API definitions.

Abstract: A method and an electronic device for protecting data for a first electronic device with a data transmission interface are provided. A basic I/O system of the first electronic device is provided with a verification program for verifying a second electronic device. The method includes: loading the verification program into a memory of the first electronic device; verifying the second electronic device to acquire a verification result by the memory running the verification program via the memory; disabling the data transmission interface to cause the second electronic device to be unable to perform data transmission with the first electronic device by the data transmission interface in a case that the verification result indicates that the second electronic device is not a valid device.

Abstract: A system comprises a security manager to scan a network for host instances representing hosts on the network at that time, and record characteristics of the host instances in a host record. The security manager subsequently scans the network for host instances in order to identify persistent hosts. A host profiling module takes snapshots of the network to generate host instances based on characteristics such as an IP address, a NetBIOS name, a DNS name, a MAC address. A host matching module correlates host instances from different snapshots using weighted rules (predetermined or customized) to discriminate between multiple potential matching host instances. Also, security logic makes security decisions based on data including persistent host information.

Abstract: A method of detecting correlated operations in a common storage. The method comprises providing at least one input operation, each the input operation being designated to write uniquely identifiable data on a memory unit of an application, monitoring a plurality of output operations of the application, each the output operation includes data read from the memory unit, comparing between the at least one input operation and the plurality of output operations to identify at least one matching group of input and output operations wherein each member of the at least one matching group has correlated written or read data in a common correlated target address in the memory unit, and outputting an indication of the at least one matching group.

Abstract: The present invention provides a method and system for calculating a security index of an application hosted in a cloud environment. The application is mapped to a cloud service provider of the cloud environment, and a set of security controls and a set of security metrics applicable for the application are identified. The set of security controls and the set of security metrics are encapsulated into a security profile object by a security control module. A set of values of the set of security metrics are retrieved from the cloud service provider, by a cloud probe module, and the security index of the application is calculated.

Abstract: The present invention relates generally to information processing, and more particularly to techniques for securely organizing, sharing, accessing and storing valuable information related to a family or individual in conjunction with a computer-based platform. Users will have the ability to organize, share, access, send and receive information online using a plurality of personal devices. A computer web browser, mobile device web browser, facsimile machine, scanning device can send and receive information over a communication link with the system using standard software applications such as email, mobile messaging, scanning software and facsimile software. The present invention provides a user friendly web based platform that allows individuals to instantly setup a secure account and store important information, as well as, establish a seamless and effective contingency plan to organizing highly sensitive and personal information.

Abstract: A semiconductor device includes a CPU, an EEPROM, and a ROM. The ROM includes an encryption area and a non-encryption area and the encrypted firmware is stored in the encryption area. The semiconductor device includes a decrypter which holds the encryption key, decrypts the encrypted firmware, and supplies the decrypted firmware to the CPU. The EEPROM includes a system area to which an access from the CPU is forbidden in a user mode. The encryption key is divided into split keys of plural bit strings, and stored in the distributed address areas in the system area. An encryption key reading program which is not encrypted is stored in the non-encryption area of the ROM. Executing the encryption key reading program, the CPU reads and reconfigures plural split keys stored in the EEPROM in a distributed manner to restore the encryption key and supplies the restored encryption key to the decrypter.

Abstract: A method for printing a composite document creates a fixed data unit for a composite document, the fixed data unit being a portion of an individual document which is consistent in each individual document within the composite document. A variable data unit is created for each individual document to be represented by the composite document, a variable data unit being a portion of the individual document which is unique to that individual document. The data within each created variable data unit is analyzed to determine a set of rights for each created variable data unit, and the determined set of rights are embedded into the appropriated created variable data unit. A composite document is created by bundling the fixed data unit with the embedded variable data units and submitted for printing.

Abstract: Disclosed is an image forming apparatus that connects to a device. The image forming apparatus includes a storage unit that stores, for each types of page description languages for describing printing data, permission information indicating whether execution of a control command described in the corresponding page description language is allowed; a receiving unit that receives the control command transmitted from the device; a determination unit that determines whether the execution of the control command is allowed for the image forming apparatus, based on the permission information being stored in the storage unit; and a controller that controls the image forming apparatus. When the execution of the image forming apparatus is disallowed for the image forming apparatus, the controller prevents the image forming apparatus from executing the control command.

Abstract: An information processing apparatus includes a memory and a processor coupled to the memory and configured to receive an instruction to transfer a first application to an execution environment, detect a second application that shares a resource with the first application, the resource being information used upon executing the first application and the second application, provide information for causing a user to determine whether to prohibit transferring the second application to the execution environment when the second application is detected, and invalidate a state in which the second application shares the resource with the first application when instruction to prohibit transferring the second application to the execution environment is received.

Abstract: Data storage circuitry for securely storing confidential data and a data processing apparatus for processing and storing the data and a method are disclosed. The data storage circuitry comprises: a data store comprising a plurality of data storage locations for storing data; an input for receiving requests to access the data store; renaming circuitry for mapping architectural data storage locations specified in the access requests to physical data storage locations within the data store; encryption circuitry for encrypting data prior to storing the data in the data store, the encryption circuitry being configured to generate an encryption key in dependence upon a physical data storage location the data is to be stored in; and decryption circuitry for decrypting data read from the data store, the decryption circuitry being configured to generate a decryption key in dependence upon the physical data storage location the data is read from.

Abstract: In accordance with aspects of the disclosure, a system and methods are provided for managing development of business applications. The system and methods may be provided for defining security relevance for data types associated with business objects, defining security rules for the data types associated with the business objects, and defining validation and test fulfillment of the security rules by providing one or more security runtime modules for each security rule defined by the security rules handler to ensure validation and test fulfillment of each security rule.

Abstract: A system for securely mediating messages between a native application and a browser application on a computing device includes running the browser application and a browser process that controls access by the browser-based application to the native resource. The browser process may use a data file distributed with the native application to allow or deny communications between the browser-based application and the native application. When communications are allowed the browser-based application accesses the native resource via the native application. In one implementation, the browser process may initiate a native messaging host and send communication requests to the native messaging host. The data file may be downloaded with the native application or separately from the native application from a site that distributes the native application or a site controlled by the developer of the native application. The data file identifies browser-based applications allowed to communicate with the native application.

Abstract: Methods and systems for vendor independent and secure cloud storage distribution and aggregation are provided. According to one embodiment, an application programming interface (API) is provided by a cloud storage gateway device logically interposed between third-party cloud storage platforms and users of an enterprise. The API facilitates storing of files, issuing of search requests against the files and retrieval of content of the files. A file storage policy is assigned to each user, which defines access rights, storage diversity requirements and a type of encryption to be applied to files. Responsive to receiving a request to store a file, (i) searchable encrypted data is created relating to content and/or metadata of the file based on the assigned file storage policy; and (ii) the searchable encrypted data is distributed among the third-party cloud storage platforms based on the storage diversity requirements defined by the assigned file storage policy.

Abstract: Methods, systems, and computer-readable media for granting application permissions and providing notifications of API activity are provided. An example method may include processing a request to install an application that requires API calls by the application. The method may further include determining an authoring entity of the application, and determining whether the authoring entity is certified by one or more trusted entities. In addition, the method may include allowing an installation of the application when the authoring entity is certified by at least one trusted entity.

Abstract: Method and system for providing an augmented photobook that includes at least one interactive feature. An image of a symbology printed on a page of a photobook is captured, and address information contained therein is decoded. A web browser of an electronic device is directed to a website identified by the address information, and additional information related to the photobook is received from a remote computing device associated with the website. The additional information related to the photobook is displayed on the electronic device. Additionally, a level of access to the website is determined for a user of the electronic device. A user request to transmit new content to the website is received it is determined whether the level of access corresponds to permission rights for the website. If the level of access corresponds to the permission rights then the new content is transmitted and aggregated at the website.

Abstract: An environmental monitoring device that monitors the operation of a legacy electronic device is described. In particular, a sensor in the environmental monitoring device provides sensor data that represents an environmental condition in an external environment that includes the environmental monitoring device. This environmental condition is associated with the operation of the legacy electronic device in the external environment. The environmental monitoring device analyzes the sensor data and provides feedback about the operation of the legacy electronic device based on the analyzed sensor data. Moreover, the sensor provides the sensor data without or excluding communication and/or electrical coupling between the environmental monitoring device and the legacy electronic device. In this way, the environmental monitoring device facilitates monitoring, analysis and feedback of the sensor data without directly interacting with the legacy electronic device.

Abstract: A private information management apparatus, a method, and a program that allows individual users to easily set and apply their privacy rules. A private information management apparatus receives setting data from a user terminal and creates a privacy rule that defines a condition for restricting disclosure of private information and a restriction method. If undisclosed image data contains private information of a user, the private information management apparatus extracts metadata contained in this undisclosed image data, and determines whether or not the metadata satisfies the condition for restricting disclosure of the private information. If it is determined that the condition is satisfied, the private information management apparatus executes the restriction method defined by the privacy rule.

Abstract: A method for storage management of client files in a multi-service cloud environment is provided. The method includes receiving a mapped list of available cloud storage services of the multi-service cloud environment. The method further includes receiving categorization of the client files. The method further includes performing a qualitative analysis of the received mapped list of available cloud storage services and the categorized client files, to generate a decision data structure representative of cloud storage preferences of a client. The method further includes storing the client files in the multi-service cloud environment. The method further includes determining whether to encrypt the stored client files. The method further includes tagging individual files of the stored client files, or groups of client files of the stored client files, or a combination of the individually stored client files or the groups of client files for encrypting the stored client files.

Abstract: A system and method verify and validate a user identity for enrollment in a secure personal dataset accessing system, wherein a personal dataset includes identifiable attributes of the user. Authenticity of an asserted user identity includes electronically verified identifiable attributes to form the personal dataset. A biometric identifier is automatically captured for validating the identifiable attributes by confirming that the asserted identity matches identifiable attributes. A traceable e-audit trail is provided in an enterprise infrastructure and bench mark performance indicator. A generated digital security element results in the user electronically receiving a password and unique electronic address assigned to the user. The digital security element is then transmitted to the user and enables electronic access to the personal dataset, the personal dataset having been authenticated through the verification and validation.

Abstract: The system and method for portable medical records provides an electronic medical record that is stored in a key fob-sized portable device. A user can purchase the portable device and upload his/her medical record to the device over the Internet, after which the device is sent to the user. The user accesses the device for information in the portable electronic medical record and adds information when necessary. An encryption system controls health provider access to the information stored in the device. The ability to read, write or modify information can be made specific to a particular group of health care providers. Access to the portable electronic medical record can be limited to an individual patient and his/her designated authorized healthcare provider(s). Medical record information transfer is done via secure communication between a computer and the portable electronic device to assure compliance with applicable medical record privacy laws.

Abstract: Multiple variants of an API can coexist through API management by using metadata in a pre-processing and post-processing system to weed out requests to which a client does not have permission and return parameters that do not belong with the API request variant. Metadata is added to request objects such that an instance of a request object may be examined to determine a request handler to properly inspect the request object and recommend further processing or rejection of the instance. Metadata may also be added to a response object created as a result of processing the request object such that a response handler may be identified to ensure the fields match the proper response to the request object. The API may be dynamically managed at the point of request and also at the point of return rather than a statically coded whitelist checked multiple times within the code itself.

Abstract: An apparatus for cryptographic pre-boot authentication includes a cryptographic processor configured to perform cryptographic operations. The cryptographic processor includes a portion dedicated to the boot interface. The apparatus also includes a storage device storing machine readable code and a processor executing the machine readable code. The machine readable code includes a storage module storing a first cryptographic key on the cryptographic processor. The machine readable code further includes an encryption module encrypting an electronic message with a second cryptographic key. The machine readable code also includes a decryption module decrypting the electronic message with the first cryptographic key where an authorized user is granted access to a device upon successful decryption of the electronic message.

Abstract: A method to assess and predict pressurized water stress corrosion cracking in operational nuclear power plants and the effect of adding zinc compounds into a reactor coolant system of the nuclear power plant.

Abstract: Methods and apparatus for conducting offline commerce transactions that use a barcode as an alternative means for personal identification. The user represented in the bar code format, User ID Barcode, is generated from a number that uniquely identifies the user. Numbers such as a cell phone number or a credit card number may be used to generate the User ID Barcode. These numbers are prefixed with a special character before they are converted to the barcode format. Prefixing a special character is necessary so that the bar code generated can be distinguished from any bar code representing products being sold. If a credit card number is used, the User ID Barcode is printed on the back of the credit card which then becomes a 2 and 1 credit card.