Abstract: An Internet-based disease monitoring system may include a network-based disease sensor device, which is coupled to a sensor, such as a spirometer. A remote server may be coupled to the network-based disease sensor device to provide analysis of input signals from the sensor. The remote server may be able to provide various services for grouping or handling functions relating to such input signals. A service may provide the ability to aggregate input signals from multiple sensors coupled to sensor devices and provide predictive modeling or statistical analysis, which may then be used to adjust future input signals. A service may also contain instructions how to handle billing based on usage of the network-based disease sensor device.

Abstract: The present invention relates to a monitoring information providing device and method which provide more information regarding a patient's physiological signs in real-time, in particular in case of a drug administration to the patient.

Abstract: A system and method processes blood donation data for presentation on an operator interface. A handheld computing device has a touch screen display and a processing circuit to provide an icon associated with an executable application on a first display screen, the icon configured to be positioned along with icons for other executable applications on the first display screen. The processing circuit is to retrieve an indication of a need for a particular blood component, wherein the particular blood component is selected from the group comprising whole blood, double red cells and plasma. The processing circuit is to provide the indication of the need for a particular blood component to the display. The processing circuit is to provide to the touch screen display a remaining time or a date the blood donor is next eligible to donate a blood component based on a donation eligibility guideline.

Abstract: The present invention relates to a method for monitoring a chronic disease using a chronic disease management device, the chronic disease management device comprising a rule engine unit and a receiving unit, the method comprising: providing a database for storing a plurality of clinical items related to the chronic disease; receiving, by the receiving unit, at a first point in time first data from a first user of the chronic disease management device, the first data being indicative of first values of at least part of the plurality of clinical items; selecting by the rule engine a set of clinical items of the plurality of clinical items using at least the first values, each or some of the set of clinical items being associated with a final target value; determining, by the rule engine unit, a set of target values including intermediate target values and the final target value for each or some of the set of clinical items, the set of target values being sequenced chronologically, wherein the final target value

Abstract: Methods, devices and systems for sharing information related to exercise/health activities are disclosed. A user terminal can acquire a device identifier associated with a health monitoring device, such as a monitoring wristband or a treadmill, through a communication program (e.g., an instant messaging application). The user terminal can communicate with a server of the communication program so that the server binds the device identifier with a user ID. The association of the user ID and the device identifier allows the user to share the health monitoring information from the health monitoring device with other users through the server. In addition, the connected users can participate in real-time competitions and share information related to the competition. The server also generates ranking lists or other sharing formats for the competition, improving user experience and making exercise and competition more attractive.

Abstract: Described herein are methods and systems to measure dynamics of disease progression, including cancer growth and response, at multiple scales by multiple techniques on the same biologic system. Methods and systems according to the invention permit personalized virtual disease models. Moreover, the invention allows for the integration of previously unconnected data points into an in silico disease model, providing for the prediction of disease progression with and without therapeutic intervention.

Abstract: Embodiments include systems and methods for determining cardiovascular information for a patient. A method includes receiving patient-specific data regarding a geometry of the patient's vasculature; creating an anatomic model representing at least a portion of the patient's vasculature based on the patient-specific data; and creating a computational model of a blood flow characteristic based on the anatomic model.

Abstract: A method, system, and database is provided that permits users treating patients with genomic alteration to more easily and effectively exchange information with other users treating patients with similar genomic alterations. In one example, a user may be permitted to assign genomic alteration tags to patients and filter through patients based on the genomic alterations. Additional features, such as automatically identifying, and facilitating communication with, other users that have treated similar patients may be provided to further enhance the user's ability to treat genomic alterations.

Abstract: A personalized antibiotic dosing platform may comprise method and systems configured for: receiving infection data, wherein the infection data comprises a bacterial strain and a first bacterial load of the bacterial strain; receiving patient characteristics; receiving a prescribed drug and a prescribed dosage; receiving historic bacterial response data; receiving at least one pharmacokinetic model; applying at least one algorithm based on at least one of the following: the at least one pharmacokinetic model, and the historic bacterial response data, to compute a time interval for receiving a measurement of a second bacterial load; providing the computed time interval to a user; receiving the second bacterial load after an actual time interval; analyzing data based on at least two of the following: the first bacterial load, the second bacterial load, the actual time interval, the prescription drug, and the prescription dosage; and providing a treatment recommendation.

Abstract: A plurality of available effective selections is determined in accordance with a prescription. A differential value for one of the selections is determined based on insurance coverage, values of the available effective selections, and a predetermined maximum value for the differential value. The differential value and the available effective selections and their associated values are transmitted to a user computer device over a network.

Abstract: A prescription association system and method for grouping together prescription-related transactions and creating groups or “clusters” of prescriptions having similar characteristics. Through an association process, the prescription cluster describes the events surrounding prescription activity. This includes prescribing patterns, payer influences, and patient acceptance of therapy. The same prescription transaction from one data provider may contain additional or different information that can enhance a corresponding duplicate transaction or set of claim lifecycle transactions from another provider. The disclosed processes create unique linking across claims, payers, and patients and form the basis for relating and measuring payer, patient, practitioner, and pharmaceutical promotion influences on healthcare utilization and treatment.

Abstract: There is provided a method for dosing a drug to a patient, including (a) administering the drug to the patient according to a titration dosing schedule, where the titration dosing schedule is determined from a database storing data containing observations of previous patient responses to the drug, and the titration dosing schedule is associated with a subcohort of a cohort of patients, where a subcohort classification is based on one or more factors associated with variability of the drug; (b) monitoring the patient during the administering (a) to determine when a desired clinical endpoint is reached; (c) administering the drug to the patient according to a maintenance dosing schedule, where the maintenance dosing schedule is based on an estimate of drug level, where the estimate is based on (i) when the desired clinical endpoint is reached, and (ii) a pharmacokinetic model for the subcohort; and (d) updating the database to incorporate data from the monitoring (b) of the patient.

Abstract: A system for managing prescriptions. The system includes a server to operate a prescription manager, a prescription manager, and a client. The server includes a processing device and a memory. The prescription manager includes a prescription receiver operating on the processing device of the server to receive from a care provider a prescription for a patient. The prescription receiver includes a medication manager to display a recommendation in response to selection of a medication to be administered to the patient. The client interacts with the prescription manager and is in communication with the server via a network. The client displays the recommendation.

Abstract: Provided are a method and apparatus for designing and processing a rule pipeline for in silico prediction of chemical reactions. The method includes designing a rule pipeline from at least one rule for chemical conversion and processing at least one input molecule by using the designed rule pipeline to predict a chemical reaction based on a processing result of the processing.

Abstract: The present disclosure describes a vehicle implementing one or more processing modules. These modules are configured to connect and interface with the various buses in the vehicle, where the various buses are connected with the various components of the vehicle to facilitate information transfer among the vehicle components. Each processing module is further modularized with the ability to add and replace other functional modules now or in the future. These functional modules can themselves act as distinct vehicle components. Each processing modules may hand-off processing to other modules depending on its health, processing load, or by third-party control. Thus, the plurality of processing modules helps to implement a middleware point of control to the vehicle with redundancy in processing and safety and security awareness in their applications.

Abstract: A tool for identify verification using computing device collaboration. The tool generates a hash based, at least in part, on device specific information for one or more user owned devices. The tool determines whether a hash for the initial device matches the hash for at least one of the one or more user owned devices, and if so, sends, one or more challenge questions to the initial device, wherein the one or more challenge questions include at least one challenge question based on the device specific information for the one or more user owned devices. The tool determines whether each of one or more responses to the one or more challenge questions is correct.

Abstract: A tool for credential validation using multiple computing devices. The tool selects at least one challenge question. The tool selects one or more user owned devices, wherein selecting the one or more user owned devices includes querying a database for each user owned device associated with a user account. The tool selects at least one device order, based, at least in part, on a level of security desired in credential validation. The tool presents the at least one challenge question to the one or more user owned devices, wherein the at least one challenge question includes the at least one device order for returning at least one response. The tools determines whether the at least one response received from the one or more user owned devices is a correct response relative to the at least one challenge question and the at least one device order.

Abstract: A method for determining if a user of a computer system is a human. A processor receives an indication that a computer security program is needed and acquires at least one image depicting a first string of characters including at least a first and second set of one or more characters. A processor assigns a substitute character to be used as input for each of the second set of one or more characters. A processor presents the at least one image and an indication of the substitute character and when to use the substitute character to the user. A processor receives a second string of characters from the user. A processor determines whether the second string of characters substantially matches the first string of characters based on the substitute character assigned to each of the second set of one or more characters and determines whether the user is a human.

Abstract: A decryption device for decrypting a document encrypted using biometric information of an intended receiver of the document is provided. The decryption device comprises: an imaging device configured to capture an image of at least a portion of the document; a biometric detection device configured to detect biometric information of a user; a processor configured to decrypt at least the portion of the document using the captured image and the detected biometric information; and a display device configured to display at least the portion of the document decrypted by the processor.

Abstract: A wearable device includes: a touch screen; an acceleration sensor configured to generate an acceleration signal; an optical sensor using a light source and configured to generate a touch interrupt signal; and a control unit configured to detect a wearing state of the wearable device, the wearing state of the wearable device including a not-wearing state for the wearable device, a wrist wearing state, and a hand gripping state on the basis of the acceleration signal and the touch interrupt signal, and to execute a function corresponding to the wearing state of the wearable device.

Abstract: The invention provides a method of generating at least one derived identity of an individual 1, the method comprising the following steps: generating a first identifier id1 from biometric data of the individual; defining a serial number ns associated with the individual; generating first check data ctrl1 for verifying consistency between the first identifier id1 and the serial number ns; and concatenating the serial number ns, the first identifier id1, and the first check data ctrl1 in such a manner as to form a first derived identity ident1 of the individual.

Abstract: In an unlocking password setting method executed by a first electronic device, the first electronic device is connected to a second electronic device. Handwriting of a user is captured from an input device when a command of setting the unlocking password of the second electronic device is received. The handwriting is translated into a digital password. The digital password is stored in the first electronic device and the second electronic device as the unlocking password of the second electronic device.

Abstract: A method and process for users to have secure access to multiple mobile, embedded or web based applications, is provided whereby each requires different authentication, and access to such applications is automated through the use of a single authenticating and authorizing software; the software thereby securely managing the individual authorizations and, in so doing, the authentication required by any individual application independent of the device used. To protect against any intrusion and manipulation whilst assuring that only legitimate user(s) that are properly authenticated have access to their applications the method secures the secret information required to access these applications and minimizes exposure to any sensitive information. Moreover, any secrets that protect information are themselves secured and made strong and the means of access is simplified and automated as much as possible whilst safeguarding security and confidentiality.

Abstract: Multi-touch groupings of characters are detected for device authentication and access. In an embodiment, one or more non-character based factors are used in combination with an inputted authentication code (character based) for device authentication and access.

Abstract: Unattended secure device authorization techniques are provided. An operating system (OS) module, which is responsible for device validation when that device is interfaced to a host device, is enhanced. The enhanced OS module silently checks the peripheral device's identifier against a white list and if a match occurs, the enhanced OS module grants permission to the host device applications; if no match occurs, the enhanced OS module silently rejects application access to the device. In an embodiment, the enhanced OS module interacts with the device to determine whether the device is to be authorized or rejected.

Abstract: A self-authentication device and method. The self-authentication device being for the user or owner of an electronic security device, wherein the self-authentication recovery device is separate from the security device and is configured for connecting to a computing device via a first communication link for authentication processing, preferably for authentication and recovery processing.

Abstract: The disclosed computer-implemented method for classifying security events as targeted attacks may include (1) detecting a security event in connection with at least one organization, (2) comparing the security event against a targeted-attack taxonomy that identifies a plurality of characteristics of targeted attacks, (3) determining that the security event is likely targeting the organization based at least in part on comparing the security event against the targeted-attack taxonomy, and then in response to determining that the security event is likely targeting the organization, (4) classifying the security event as a targeted attack. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Methods, systems, and computer-readable media for providing contextual feedback to a user of a computer system upon detection of an invasion of the computer system are provided herein. An invasion of the computer system is detected and a contextually appropriate alert is selected from a set of alerts. The alert is played immediately upon detection of the invasion so that the user is alerted to the invasion within close temporal proximity to the user's action that resulted in the invasion of the computer system. In addition, details of the invasion are logged to a diagnostic log file for later use by support personnel in repairing the computer system.

Abstract: Identification information of a program read from outside, such as firmware, is acquired, and usability of a piece of key data in a range corresponding to the identification information is set, among a plurality of pieces of key data to be used for the program. As another example, based on new key data generated based on key data stored in advance in a memory and identification information, firmware corresponding to the identification information is decrypted.

Abstract: A method is provided in one example embodiment and includes storing secure boot variables in a baseboard management controller; and sending the secure boot variables to a basic input/output system (BIOS) during a power on self-test, where the BIOS utilizes the secure boot variables during runtime to authenticate drivers and an operating system loader execution. In particular embodiments, the secure boot variables may be included in a white list, a black list, or a key list and, further, stored in erasable programmable read only memory.

Abstract: A computing device processor may be configured with processor-executable instructions to implement methods of using behavioral analysis and machine learning techniques to identify, prevent, correct, or otherwise respond to malicious or performance-degrading behaviors of the computing device. As part of these operations, the processor may generate user-persona information that characterizes the user based on that user's activities, preferences, age, occupation, habits, moods, emotional states, personality, device usage patterns, etc. The processor may use the user-persona information to dynamically determine the number of device features that are monitored or evaluated in the computing device, to identify the device features that are most relevant to determining whether the device behavior is not consistent with a pattern of ordinary usage of the computing device by the user, and to better identify or respond to non-benign behaviors of the computing device.

Abstract: A method for verifying a security of a service operation is provided. The method includes receiving, by a service terminal, a creditability analysis instruction of the service operation, where the creditability analysis instruction is sent by a service server. The method may further include obtaining, by the service terminal, a creditability analysis result of the service operation based on the creditability analysis instruction and one or more risk control models pre-stored in the service terminal, and sending the creditability analysis result to the service server for determining the security of the service operation.

Abstract: A method of encrypting information using a computational tag may include, by a mobile electronic device, detecting a computational tag within a near field communication range of the mobile electronic device, identifying a document to be encrypted by the mobile electronic device, transmitting the document to the computational tag by the mobile electronic device, receiving, from the computational tag, an encrypted document, wherein the encrypted document comprises an encrypted version of the document that was to be encrypted, and storing the encrypted document in a memory of the mobile electronic device.

Abstract: A method and related system obtains consent from a user for electronic delivery of sensitive information. The user operating a first computer accesses a web page on a server system to input the consent. The web page prompts for the consent from the user. Once the consent is received at the server system, the consent is stored and sensitive information is delivered electronically to an e-mail address specified by the user. Once consent is indicated, it is communicated from the individual's computer to another computer such as a server over, for example, a modem connection. Having secured the individual's consent, the additional sensitive information may be delivered to the individual's computer as, for example, a URL attachment to an email message.

Abstract: Methods and systems allow secure acquisition and transmission of images by a mobile communication device. The method includes acquiring an image by the mobile device and allocating volatile memory space in the mobile device for a defined session. The image may be acquired by a digital camera built in the mobile device. The method includes digitally storing the acquired image in the allocated volatile memory space. The method includes encrypting and transmitting the stored image using a secure transmission protocol during the session. The method includes de-allocating the volatile memory space at the termination of the session. The de-allocation of the volatile memory space may cause the digitally stored image to be erased from the volatile memory space. Thus, the stored image is not persistently retained by the mobile device.

Abstract: The subject matter of this specification can be embodied in, among other things, a method that includes receiving at a computing device that is in a locked state, one or more user inputs to unlock the device and to execute at least one command that is different from a command for unlocking the device. The method further includes executing in response to the user inputs to unlock the device an unlocking operation by the device to convert the device from a locked state to an unlocked state. The method further includes executing the at least one command in response to receiving the user inputs to execute the at least one command. The at least one command executes so that results of executing the at least one command are first displayed on the device to a user automatically after the device changes from the locked state to the unlocked state.

Abstract: A predicate-based row level security system is used when workers build or split an analytical data store. According to one implementation, predicate-based means that security requirements of source transactional systems can be used as predicates to a rule base that generates one or more security tokens, which are associated with each row as attributes of a dimension. Similarly, when an analytic data store is to be split, build job, user and session attributes can be used to generate complementary security tokens that are compared to security tokens of selected rows. Efficient indexing of a security tokens dimension makes it efficient to qualify row retrieval based on security criteria.

Abstract: The technology disclosed preserves the tenant specificity and user specificity of the tenant data by associating user IDs to complementary special IDs referred to as the integration user(s). In particular, it combines the traceability of user actions, the integration of security models and the flexibility of a service ID into one integration user(s).

Abstract: An aspect of the present disclosure facilitates controlling access to objects having attributes defined against hierarchically organized domains, with each domain containing a corresponding fixed number of values. In one embodiment, in response to receiving data indicating specific hierarchies of the hierarchically organized domains, the corresponding fixed number of values of the corresponding domains in each hierarchy is displayed. Accordingly, a user is enabled to select a desired set of values from the corresponding fixed number of values of the corresponding domains, and to specify a security rule for a combination of the selected set of values and a user entity. The security rule is thereafter enforced when objects having attributes matching the selected set of values are accessed by the user entity.

Abstract: In accordance with embodiments, there are provided mechanisms and methods for facilitating tenant-based customization of access and security controls in an on-demand services environment in a multi-tenant environment according to one embodiment. In one embodiment and by way of example, a method includes generating, by the database system, a plurality of nodes corresponding to a plurality of tenants in a multi-tenant environment, where a node corresponding to a tenant includes data relating to the tenant. The method may further include accepting, by the database system, a plurality of security models associated with the plurality of tenants, and configuring, based on the plurality of security models, security privileges including user privileges to be assigned to the plurality of users representing the plurality of tenants.

Abstract: A portable electronic device, a wearable device and methods for operating the same are provided. The portable electronic device includes a display, a communication interface that communicates with a wearable device using wireless short-range communication, and a processor that provides, via the display, a menu for controlling data of the wearable device, receives, via the communication interface, a security status from the wearable device, limits access to at least one item in the menu if the security status corresponds to a first security state, and allows access to the at least one item in the menu if the security status corresponds to a second security state.

Abstract: A method for data privacy management is disclosed. The method includes: predefining, at an electronic device, an action for visualizing hidden data, wherein the hidden data is stored in the electronic device; selecting, at the electronic device, at least one data to be hidden; hiding, at the electronic device, the at least one selected data; detecting, at the electronic device, whether the action is being performed; and visualizing, at the electronic device, the hidden data if the action is detected.

Abstract: A method is provided, including establishing a plurality of context profiles for a user, at least one context profile is associated with: (i) subject areas pertinent to the at least one context profile (ii) permissions identifying respective third parties with which personal information can be shared when the at least one context profile is active; (iii) permissions identifying what personal information can be shared with respective third parties when the at least one context profile is active; (iv) permissions identifying respective third parties that are permitted to contact the user when the at least one context profile is active; and (v) permissions identifying how respective third parties may contact the user when the at least one context profile is active; when the at least one context profile is active, operating in one of two or more modes (e.g., a regular mode or a discovery mode).

Abstract: A microprocessor and method are provided for securely decrypting and executing encrypted instructions within a microprocessor. A plurality of master keys are stored in a secure memory. Encrypted instructions are fetched from an instruction cache. A set of one or more master keys are selected from the secure memory based upon an encrypted instruction fetch address. The selected set of master keys or a decryption key derived therefrom is used to decrypt the encrypted instructions fetched from the instruction cache. The decrypted instructions are then securely executed within the microprocessor. In one implementation, the master keys are intervolved with each other to produce a new decryption key with every fetch quantum. Moreover, a new set of master keys is selected with every new block of instructions.

Abstract: A microprocessor conditionally grants a request to switch from a normal execution mode in which encrypted instructions cannot be executed, into a secure execution mode (SEM). Thereafter, the microprocessor executes a plurality of instructions, including a store-key instruction to write a set of one or more cryptographic key values into a secure memory of the microprocessor. After fetching an encrypted program from an instruction cache, the microprocessor decrypts the encrypted program into plaintext instructions using decryption logic within the microprocessor's instruction-processing pipeline.

Abstract: A microprocessor is provided in which an encrypted program can replace the decryption keys that are used to decrypt sections of the encrypted program. The microprocessor may be decrypting and executing a first section of the encrypted program when it encounters, decrypts, and executes an encrypted store-key instruction to store a new set of decryption keys. After executing the store-key instruction, the microprocessor decrypts and executes a subsequent section of the encrypted program using the new set of decryption keys. On-the-fly key switching may occur numerous times with successive encrypted store-key instructions and successive sets of encrypted instructions.

Abstract: A data storage system including a SSD includes a capability to detect whether its location is acceptable for function, and a capability to self-disable in the event the location of the device is unacceptable, or to self-enable only while the location of the device is acceptable.

Abstract: A localization method and system, including determining at least two phases associated with at least two response signals transmitted by a radio frequency identification (RFID) tag at different frequencies in response to a plurality of interrogation signals transmitted by a reader; determining a first distance estimate of a distance between the RFID tag and the reader based on a signal strength measured from a first response signal of the at least two response signals; based upon the first distance estimate, generating a set of phase data points that follows a substantially periodic function over a range of frequencies; and determining a second distance estimate of the distance based upon the at least two phases and the periodic function.

Abstract: The present invention relates to a method of recognizing whether a transponder of an RFID system, comprising a reading device and the transponder, is present in a boundary region, wherein a comparison is made with at least one threshold value. In accordance with the invention a bit error rate of signals transmitted between the transponder and the reading device is determined and the at least one threshold value comprises a predefined bit error rate for signals transmitted between the transponder and the reading device.

Abstract: A reader is provided, including a power amplifier (PA), a low-noise amplifier (LNA), a circulator, an auto-tuning matching network, and a control circuit. The PA emits a first RF transmission signal. The LNA transmits a first RF induced signal corresponding to the first RF transmission signal. The circulator is coupled between the PA and LNA, transmits the first RF transmission signal to an RF connection terminal or receives the first RF induced signal from the RF connection terminal. The auto-tuning matching network is coupled to the circulator, matches impedances between the circulator and the RF connection terminal. The control circuit is coupled to the auto-tuning matching network, adjusts the auto-tuning matching network to match impedances between the circulator and the RF connection terminal.