Abstract: Certain embodiments of the invention may include systems and methods for identifying drug targets using biological networks. According to an example embodiment of the invention, a method is provided for predicting the effects of drug targets on treating a disease. The method can include constructing a structure of a Bayesian network based at least in part on knowledge of drug inhibiting effects on a disease; associating a set of parameters with the constructed Bayesian network; determining values of a joint probability distribution of the Bayesian network via an automatic procedure; deriving a mean Bayesian network with one or more averaged parameters based at least in part on the joint probability values; and calculating a quantitative prediction based at least in part on the mean Bayesian network.

Abstract: A method may include receiving, at an application server, a session initiation protocol (SIP) message including a public user identifier (ID) associated a user. The public user ID corresponds to a plurality of user devices. The method also includes determining an applicable order of alerting at least one of the plurality of user devices. The method further includes identifying at least one available user device associated with the user, based on a terminal identifier (ID) associated with each at least one available user device. The method includes selecting a user device from the at least one available user device based on the applicable order of alerting. A SIP invite message, including a terminal ID for the selected user device, is generated. The method includes sending the SIP invite message to the selected user device based on the applicable order of alerting, and receiving a response to the SIP invite message.

Abstract: A system for software license control is described that is particular useful for use in a virtualized system, such as a cloud computing system. A module can be made available for use within the virtualized network, wherein a license fee is payable for use of the module. The module includes a license file that can be located wherever it is required. In addition, a central license file is provided at an administration node. The central license file is configured such that it can only be operated from that administration node, thereby preventing the copying of that file. The license file operating in the virtual network communicates with the central license file. The central license file controls the use of the licensed module.

Abstract: Systems, methods, and devices for displaying digital content. In one embodiment, a method of simulating digital content includes providing information corresponding to a plurality of pixels of displayable content at an electronic device; and simulating the displayable content at the electronic device by displaying a representation of a first subset of the plurality of pixels during a first time period and displaying a representation of a second subset of the plurality of pixels during a second time period.

Abstract: A method and a system for naming-conflict-free integration of software components originating from software component manufacturers (OEM), comprising software development devices from different software component manufacturers (OEM) that manufacture and encrypt software components with the respective cryptographic key, wherein when a naming conflict occurs during the integration of encrypted software components, at least one of the encrypted software components in which the naming conflict occurred is expanded by a naming conflict resolution rule to thereby allows for the resolution of naming conflicts in encrypted software components that can originate from different software component manufacturers without the source code of the software components becoming visible to third parties.

Abstract: A method and structure in a computer system, including a mechanism supporting a Secure Object that includes code and data that is cryptographically protected from other software on the computer system.

Abstract: Methods and apparatus for embedding digital watermark information into and extracting digital watermark information from a text are disclosed. The method for embedding digital watermark information into a text comprises: creating a menu item of the digital watermark information; and embedding a binary string into a value of a predetermined attribute for the menu item of the digital watermark information, the binary string to be embedded being the digital watermark information to be embedded. According to the present invention, it is able to increase the amount of information to be embedded.

Abstract: The present invention is directed to an apparatus, system and method for managing bank transactions, configured for communicating with a depositor's account at a banking institution and operative for obtaining account balances, available funds for future transactions, confirming account balances or placing automatic holds on available funds as well as any other check transaction management services that a depositor may require to effectively manage his/her checking or savings account.

Abstract: Techniques are provided for entering and saving a gesture on a touch-sensitive display device. In one embodiment, the device displays an array of visible graphical elements and may detect a gesture based on a user's touch of the visible graphical elements as well as on hidden areas not displayed to the user. For example, the device may detect a user's touch over hidden dots between the visible graphical elements or through hidden lines connecting the visible graphical elements. Some embodiments may include algorithms for improving accuracy in detecting the intended gesture. For example, the device may estimate possible or probable paths based on a current user touch position. In some embodiments, the visible graphical elements may be illuminated when a touch of the visible graphical elements is detected, or a disc representing a user's touch may be displayed as the user enters a gesture.

Abstract: Apparatuses, methods, and systems pertaining to the verification of portable consumer devices are disclosed. In one implementation, a verification token is communicatively coupled to a computer by a USB connection so as to use the computer's networking facilities. The verification token reads identification information from a user's portable consumer device (e.g., credit card) and sends the information to a validation entry over a communications network using the computer's networking facilities. The validation entity applies one or more validation tests to the information that it receives from the verification token. If a selected number of tests are passed, the validation entity sends a device verification value to the verification token, and optionally to a payment processing network. The verification token may enter the device verification value into a CVV field of a web page appearing on the computer's display, or may display the value to the user using the computer's display.

Abstract: A system and method for establishing and monetizing trusted identities in cyberspace relying upon user opt in. Users request to attain secure IDs for accessing parties that will rely on secure IDs to complete a transaction, for example merchants and service providers (relying parties). The relying parties (RPs) communicate with identity service providers and attribute providers via an Attribute Exchange Network (AXN) in order to obtain verified attributes associated with an entity (end user or user) that wishes to conduct business with the relying party. The relying party makes requests for verified attributes that are important to consummating business transactions for the relying party. Users are informed of requests for attributes on behalf of relying parties and users have the option to verify attributes, and add new attributes that may be useful or required for conducting business with relying parties.

Abstract: An attribute-based access control policy (e.g., XACML policy) for a set of elements depends on attributes carried by elements in one of several predefined categories. In order to evaluate such policy for a set of elements, the invention provides a method including the steps of (I) selecting a primary category; (II) partitioning the elements in the primary category into equivalence classes with respect to their influence on the policy; and (III) using the equivalence classes to replace at least one policy evaluation by a deduction. The result of the evaluation may be represented as an access matrix in backward-compatible format. The efficiency of the policy evaluation may be further improved by applying partial policy evaluation at intermediate stages, by forming combined equivalence classes containing n-tuples of elements and/or by analyzing the influence of each element by extracting functional expressions of maximal length from the policy.

Abstract: A method for determining if a user of a computer system is a human. A processor receives an indication that a computer security program is needed and acquires at least one image depicting a first string of characters including at least a first and second set of one or more characters. A processor assigns a substitute character to be used as input for each of the second set of one or more characters. A processor presents the at least one image and an indication of the substitute character and when to use the substitute character to the user. A processor receives a second string of characters from the user. A processor determines whether the second string of characters substantially matches the first string of characters based on the substitute character assigned to each of the second set of one or more characters and determines whether the user is a human.

Abstract: According to an aspect of an embodiment, a system for secure recording and sharing of audio data includes a communication interface, a registration module, a microphone, an encryption engine, and a storage device. The registration module is configured to register an attendee device associated with an attendee for a meeting. The microphone is configured to convert sound generated at the meeting to audio data representing the sound. The encryption engine is configured to encrypt the audio data. The storage device is configured to store and associate the encrypted audio data with the attendee device for subsequent access by the attendee.

Abstract: A computerized learning multi-modal fraud prevention system and method for generating a data signature of a user, such as one engaged in electronic commerce, to prevent fraudulent activities by machines and persons imitating the user. Steps comprise: fetching a signal of a user's signature stored in memory; generating at least one challenge sequence based on the signal to create a second signature; presenting the generated challenge sequence to the user; collecting the user's challenge response to the generated challenge sequence; computing a quality factor between the user's challenge response and the generated challenge sequence; computing a transaction quality factor and content quality factor and reporting an impostor or re-challenging if the quality factor is below a threshold. Lastly, generating a new signature based on any portion of a user's challenge response and/or any portion of the previously generated signature and/or any portion of collectable information from the user's device memory.

Abstract: A screen unlocking method, device and terminal, wherein the method includes: a first terminal sending a key information acquisition message to a second terminal, wherein the key information is used to unlock the first terminal; and the first terminal unlocking the screen of the first terminal according to the key information from the second terminal. By using the embodiment of the present document, it solves the problem that, when the screen cannot be unlocked since the user forgets the password, the version needs to be upgraded to unlock the screen, resulting in a waste of time and a loss of important data in the terminal caused by upgrading the version, the user can unlock the terminal according to standby key information, thus avoiding the situation in which the terminal cannot be unlocked since the unlocking code of the terminal is forgotten, and further improving the ease for using the terminal.

Abstract: A device with a touch sensitive display and a plurality of applications, including a camera application, while the device is in a locked, passcode-protected state: displays a lock screen interface, the lock screen interface including a camera access indicia; detects a gesture; in response to a determination that the gesture starts on the camera access indicia: ceases to display the lock screen interface; starts a restricted session for the camera application; displays an interface for the camera application, without displaying a passcode entry interface; and maintains the device in the locked, passcode-protected state for the applications other than the camera application; and in response to a determination that the gesture starts at a location other than the camera access indicia: displays a passcode entry interface, wherein in response to entry of a correct passcode in the passcode entry interface, the device enters an unlocked state.

Abstract: The present invention discloses methods, devices, and systems for unobtrusively recognizing a user of a mobile device. Methods including the steps of: unobtrusively collecting motion data from the mobile device during normal device usage by monitoring standard authorized-user interaction with the device, without any form of challenge or device-specified action; demarcating the motion data into user motion-sequences based on changes in a motion-state or an elapsed time-period without an occurrence of the changes, wherein the motion-state refers to a placement and speed of the mobile device at a point in time; calculating user motion-characteristics from the user motion-sequences; and generating a motion-repertoire from the user motion-characteristics, whereby the motion-repertoire enables unobtrusive recognition of the user.

Abstract: Systems and methods may provide for receiving an authentication input and determining an authentication orientation of a mobile platform during entry of the authentication input. In addition, a determination may be made as to whether to validate a user based on the authentication input and the authentication orientation of the mobile platform. Platform orientation may also be used to detect malware.

Abstract: An electronic device and a method for unlocking a screen of the electronic device are provided. The electronic device includes a screen and a storage unit. The method includes detecting, in a screen-locked state, intent of a user to unlock the screen; if it is detected that the user intends to unlock the screen, extracting contact information from the storage unit of the electronic device, where the extracted contact information includes a first attribute value and a second attribute value; displaying the first attribute value of the extracted contact information on the screen and prompting the user to input a second attribute value; and detecting an input of the user, and comparing the input of the user with the second attribute value; if the input of the user is the same as the second attribute value, unlocking the screen; and otherwise, maintaining the screen-locked state.

Abstract: A system and computer program product for using a multi-user operating system. A user attempts to access the multi-user operating system. The system prompts the user to enter a shared credential associated with the multi-user operating system and an individual credential of the user. The system verifies the entered shared credential and the entered individual credential. The system grants the access to the user if both the entered shared credential and the entered individual credential are verified. The system tracks commands entered by the user granted the access via the entered shared credential while the user is using the multi-user operating system. The tracked commands indicate the entered individual credential.

Abstract: An apparatus and method of controlling permission to an application in a portable terminal, the apparatus including a controller for, when requested for an invocation of a specific function provided by a framework during an execution of a specific application, determining whether a permission for the specific function is obtained using the specific application's user ID and process ID, and if the permission for the specific function is determined to be restricted, displaying a first message indicating that the permission is restricted.

Abstract: An embodiment of the invention provides for an authenticated launch of VMs and nested VMMs. The embodiment may do so using an interface that invokes a VMM protected launch control mechanism for the VMs and nested VMMs. The interface may be architecturally generic. Other embodiments are described herein.

Abstract: There is provided an information processing device including a first program execution unit that loads, interprets, and executes code of a computer program created by a procedural language. The program execution unit includes at least one port, and via this port, executes a second computer program created by a procedural language executed by a second program execution unit after authenticating with the second program execution unit.

Abstract: A mechanism is provided for selective password synchronization. An indication is received that a password is to be changed for an account in a plurality of accounts associated with an individual, where the indication includes a new password. Responsive to receiving the indication of the password change, the account is grouped with one or more other accounts in the plurality of accounts thereby forming a first subset of accounts, where grouping the account with the one or more other accounts in the plurality of accounts excludes at least one account in the plurality of accounts thereby forming a second subset of accounts. The new password is propagated to the first subset of accounts according to a first policy. The new password is propagated to a second subset of accounts of the plurality of accounts according to a second policy, where the second policy is different from the first policy.

Abstract: A machine has a processor and a memory storing instructions executed by the processor to issue a challenge in response to a first request, evaluate a response to the challenge to establish confirmation that the first request originated from a human user, issue a user identification in response to the confirmation, store the user identification with encrypted identity data, receive a second request that includes the user identification, and return the encrypted identity data in response to the second request.

Abstract: Embodiments of systems, apparatuses, and methods to protect data stored in a storage system of a device from malware alternation are described. In some embodiments, a system receives an indication that the data is to be protected. In addition, the system further triggers an interrupt of the device and secures the data from the malware alternation.

Abstract: A system, method and computer readable medium for detecting and diffusing malware on a computer. Malware is analyzed to generate signatures and determine a fixing moment. All of the system calls of the operating system of a client computer are hooked and processed without emulation or the need for unpackers or decrypters, and a multi-level filter removes all system calls that are not associated with malware. The resulting system calls are accumulated on a per-thread basis and scanned, and the relevant threads are compared with the signatures to match with malware. The threads associated with malware are addressed at the fixing moment before the malware can operate to cause undesirable effects on the client computer.

Abstract: Detecting heap spraying on a computer by detecting a plurality of requests to allocate portions of heap memory, measuring the plurality of requests to determine a value of a characteristic of the plurality of requests, identifying an activity consistent with heap spraying by determining that the value of the characteristic is consistent with a benchmark value of the characteristic, wherein the benchmark value of the characteristic is associated with heap spraying, and performing a computer-security-related remediation action responsive to determining that the value of the characteristic is consistent with the benchmark value of the characteristic.

Abstract: Prior to execution of computer program instructions, the computer identifies one or more addresses in memory corresponding to the locations of one or more of the computer program instructions in the computer program. During execution of the computer program instructions, the computer identifies in the computer program another computer program instruction located in another address in the memory, and in response, the computer makes an indication that the computer program has an indicia of maliciousness.

Abstract: A method comprises capturing a first state of a computer prior to installing a software package on the computer; using an installer to install the software package on the computer; capturing a second state of the computer after installation of the software package; and identifying file differences between the first and second states to ensure integrity of the installation.

Abstract: A disclosed example method involves configuring a processor to, when transitioning the processor system to a low-power mode, use a key and a random or pseudo-random value to generate a first signature based on a sample of memory regions to be protected during the low-power mode, the memory regions based on a manufacturer required regions table and a third-party required regions table. The disclosed example method also involves configuring a processor to, during a resume process of the processor system from the low-power mode, generate a second signature based on the sample of the memory regions protected during the low-power mode. The disclosed example method also involves configuring a processor to, when the first signature matches the second signature, cause the processor system to resume from the low-power mode, and when the first signature does not match the second signature, generate an error.

Abstract: Systems and methods for mapping IP addresses to an entity include receiving at least one domain name associated with the entity. Embodiments may further include determining one or more variations of the at least one domain name based on analysis of domain name data collected from a plurality of domain name data sources that mention a variation of the at least one domain name. Some embodiments may also include identifying one or more IP addresses pointed to by the one or more variations of the entity's domain name based on analysis of IP address data collected from a plurality of IP address data sources. Additional embodiments include assigning weights to each of the identified one or more IP addresses and creating a mapping of IP addresses to associate with the entity based on analysis of the weighted one or more IP addresses.

Abstract: A vulnerability countermeasure device stores configuration information associating multiple computers connected via a network and software possessed by each computer, vulnerability information associating the software with information related to the vulnerability of the software, and countermeasure policy information associating the software with a countermeasure policy to be executed if there is a vulnerability in the software; calculates the computer that data will reach based on information related to a route of the data included in the data received from a used terminal; acquires software existing in the computer based on the calculated computer and configuration information; assesses whether or not there is a vulnerability in the acquired software based on the acquired software and the vulnerability information; and is provided with countermeasure unit for executing a countermeasure to a vulnerability in accordance with a countermeasure policy with respect to the software assessed to have the vulnerabili

Abstract: An approach is provided for protecting data owned by an operating system on a mobile computing device having multiple operating systems. A map specifying protected data regions for the operating systems on the mobile computing device is generated. At least a portion of the map is secured with a shared key. Based on the map and the shared key, and in response to a data cleanup activity being performed by a software utility being executed on another, currently running operating system included in the multiple operating systems, a data region included in the protected data regions is determined to be owned by the operating system. Based on the data region being owned by the operating system and the data region being specified by the map, the data cleanup activity is blocked from being performed on the data region owned by the operating system.

Abstract: A computing device is described that includes one or more processors and at least one module operable by the one or more processors to determine whether the computing device is currently designated to display private information, receive an incoming communication, and determine that the incoming communication includes content that is private information. The at least one module is further operable by the one or more processors to, if the computing device is currently designated to display private information, output, for display, an indication of the incoming communication, and, if the computing device is not currently designated to display private information, refrain from outputting, for display, the indication of the incoming communication.

Abstract: Client-side encryption in a deduplication backup system. In one example embodiment, a method includes a backup phase in which various steps are performed for each allocated plain text block stored in a source storage. One step includes hashing, using a first cryptographic hash function, the plain text block to generate a first hash. Another step includes hashing, using a second cryptographic hash function, the first hash to generate a second hash. Another step includes searching a key-value table of a deduplication storage to determine whether the second hash matches any key in the key-value table. Another step includes, upon determining that the second hash does not match any key in the key-value table, encrypting, using an encrypt/decrypt function, the plain text block using the first hash as an encryption password and inserting a key-value pair into the key-value table with the key being the second hash and the value being the encrypted block.

Abstract: Methods and systems for child authentication are described. In one embodiment, a communication enablement request may be received to enable electronic communications between a first child and a second child. A confirmation acceptance code may be electronically generated. The confirmation acceptance code may be associated with the first child and the second child. The confirmation acceptance code may be received from a parental representative of the second child. The electronic communication may be enabled between the first child and the second child based on the receiving of the confirmation acceptance code from the parental representative of the second child. Additional methods and systems are disclosed.

Abstract: Techniques described herein relate to facilitating interaction in the physical world, after initial interaction has occurred within the virtual world, while also maintaining at least a degree of privacy, anonymity, safety, and/or deniability for the physical world parties. This may be accomplished, according to some example embodiments, by the exchange of one or more self-identifiers between virtual world personas, each of which is defined by its sending physical world party but that lacks any personal identification information associated with the sending party. Content of a self-identifier may only be known to the sending physical world party, at least until the receiving party is authorized and/or consents to view or display the self-identifier in a manner that may be perceived by the sending party. A sending party that perceives their own self-identifier, as displayed by a receiving party, may correlate the receiving party with a virtual world persona to which the self-identifier was sent.

Abstract: System, computer readable medium and method for decryption. The method may include receiving, by a third computerized system and from a fourth computerized system, a first encrypted file entity key and signed access metadata. The first encrypted file entity key is created by encrypting a file entity key by a first computerized system using an encryption key of a second computerized system. The signed access metadata is signed by the file entity key. The encrypted file entity is created by encrypting a file entity by the first computerized system using the file entity key. Sending, by the third computerized system, the signed access metadata and the first encrypted file entity key to the second computerized system. Receiving a response from the second computerized system. Determining, based on the response from the second computerized system, whether to facilitate a decryption of the encrypted file entity by the fourth computerized entity.

Abstract: In one embodiment, system to manage and delivery electronic documents is disclosed.

Abstract: Systems and methods are provided for automatically handling multiple levels of encryption and decryption. An electronic file is received to add to encrypted storage. The electronic file is encrypted to generate a new level of encryption for the electronic file using an encryption process that uses encryption data to generate the new level of encryption and to decrypt the new level of encryption. A set of existing encryption data associated with the electronic file is identified, wherein each existing encryption data from the set of existing encryption data is associated with an existing level of encryption already applied to the electronic file. The encryption data is added to the set of existing encryption data associated with the electronic file so that the existing levels of encryption and the new level of encryption can be decrypted.

Abstract: A method of deleting log records may include identifying a plurality of log records generated during a time period, for each identified log record, determining whether a delete request associated with the log record has been made, and, in response to determining that a delete request has not been received, identifying a unique identifier associated with the log record, searching a user activity table for an entry having a key table index associated with the unique identifier, where the entry is associated with a timestamp, using the key table index and the timestamp to identify a key associated with the unique identifier and the timestamp from a key table, encrypting at least a portion of the log record with the identified key to generate an encrypted value, and storing the encrypted value as an entry in the log record database that is associated with the identified log record.

Abstract: In one embodiment, the data storage apparatus includes a control unit configured to decode at least one input command and configured to generate at least one of a read signal and a start signal in response to the input command. The start signal indicates to start an internal mode determination process. The data storage apparatus also includes a memory unit configured to output data in response to the read signal, and a coding unit configured to start and perform the internal mode determination process in response to the start signal. The internal mode determination process includes autonomously determining a coding mode, and the coding unit is configured to code the output data based on the determined coding mode to produce coded data.

Abstract: In one example embodiment, a card payment apparatus includes a member having a magnetic strip reader configured to read account information from a magnetic strip of a first payment card and an integrated chip (IC) reader configured to read account information from an IC chip of a second payment card; a sliding face configured to allow the first payment card to slide thereon, when the magnetic strip reader reads the account information from the magnetic strip; and a card receptacle configured to receive the second payment card, when the IC reader reads the account information from the IC chip.

Abstract: A low-cost system comprising a pattern arranged to encode information and a decoder for decoding the information encoded in the pattern is described. In particular, the mechanism employs a capacitive sensing technique. Electrodes are arranged (or stimulated, during operation) to each generate an electric field, and sense disturbances on the electric field caused by the pattern when the pattern is positioned over the electrodes. The spatial arrangement of the pattern allows information to be encoded on a strip or surface and decoded by capacitive sensors arranged to detect disturbances caused by possible patterns. The resulting solution is cheaper and less complex than optical solutions, e.g., barcodes and optical barcode readers. The mechanism may be used in a glucose meter for encoding and decoding an identifier for distinguishing batches of glucose meter test strips.

Abstract: This invention provides a system and apparatus that is able to authenticate and prevent illegal manufacturing and unauthorized operation of disposable bioprocess components. This invention utilizes a ferro-electric random access memory chip (FRAM) chip to store error-correctable information on a RFID tag attached to the disposable bioprocess components, where the error-correctable information is written in sequence into the memory chip, so that the redundant information can remain in the chip when the RFID tag and disposable bioprocess component is gamma-sterilized. Also, this invention includes a method for authenticating the disposable bioprocess component that reduces liability in that a counterfeit poor quality disposable component is not used on the hardware so the user will not file an unjustified complaint.

Abstract: Tags may be grouped into a tag cluster to be represented by a master tag. Tag transmission reports may be received from one or more tag readers that receive wireless transmissions from a plurality of tags. Tag IDs corresponding to each tag of the plurality of tags in the tag transmission reports may be determined. A plurality of the tag IDs may be grouped into a tag cluster and one of the tag IDs may be selected as a master tag ID to represent the tag cluster. A control command may be transmitted to each tag of the tag cluster except for the master tag. The control command may instruct each tag of the tag cluster except the master tag to stop broadcasting wireless transmissions. The tags in the tag cluster will be represented by the master tag.

Abstract: A passive tag embedded in a package includes multiple conductive coils. A first coil receives radio frequency (RF) energy used to power the tag. Additional coils receive and/or transmit data signals, clock signals, and carrier signals. The RF energy and other signals may be at different frequencies. An RF probe includes a first coil to emit the RF energy to power the tag. The RF probe includes additional coils corresponding to the additional coils in the tag. The RF probe may turn off the RF signal used for power during communication. The RF energy may be rectified to provide DC power to circuits in the tag, or may be used directly for adiabatic circuits. The RF probe and the package may have complementary shapes to facilitate alignment of the coils.

Abstract: A system and method is provided for the identification and authentication of precious metals and small jewelry. The system can include an embedded RFID tag, RFID tag reader and reader based unit (wired or wireless), and a basic tag information system for tag capture, look-up and display. The RFID tag can be embedded in absorbing dielectric medium inside epoxy in a tiny cavity placed in the metal or jewelry. A thin layer of epoxy placed over the tag can ensure that the tag will not be damaged from rubbing against skin, abrasion or chemicals while still allowing the desired electromagnetic properties (antenna and the circuitry performance). The RFID tag information can be transferred to a computer through the reader, and can be matched with preprogrammed information in a database.