Abstract: The present invention provides a method for creating an electronic document file comprising monitoring creation and changes of an electronic document file, receiving a policy file including document level set-up information and security policy, searching for words associated with business information from the text data retrieved from the electronic document file, computing an exposure score of the electronic document file based on the number of times for words associated with business information being searched and document level set-up information, assigning a document level to the electronic document file based on the exposure score, and inserting a watermark to text of the electronic document file to be displayed on the client device based on the user's personal information received from the server. Accordingly, leakage of business documents for electronic document files including business information can be prevented by providing pre-security and post-security measures stronger than conventional measures.

Abstract: An apparatus for enrollment and verification of a user comprising one touch two factor biometric sensors. An enrollment process creates the baseline abstract identity information for the user. Subsequent verification processes capture new abstract identity information to be matched to the baseline on an encrypted server. A first camera takes a first surface image of a portion of a user's finger to capture the pattern of friction ridges and valleys and intersection points. A second camera takes a second subsurface image of a vein map below the surface of the user's finger. These are then fused into a binary format that cannot be reversed to reacquire either the fingerprint or the vein map. The enrollment data and the verification data are then compared to each other in order to determine if they match for authentication of the user.

Abstract: Provided is an authentication apparatus that can register the fingerprint data for collation for comparing with the read fingerprint data, easily. A fingerprint reading part reads fingerprint data at the time of the touch operation of the input identification code. A fingerprint data collating part, specifies authentication identification code and authenticates a user by comparing the read fingerprint data and the authentication fingerprint data associated with the authentication identification code and stored in the memory part. Authentication-fingerprint-data registering part, when the authentication fingerprint data correspond with the read fingerprint data are not stored, and when the authentication identification code corresponded with the input identification code is stored, associates the read fingerprint data with the authentication identification code corresponded with the input identification code as authentication fingerprint data and store it in the memory part.

Abstract: A method for biometric authentication of a user of a mobile device, and a case for performing the method is provided. The method includes, by the case, coupling the mobile device to the case, receiving from the mobile device biometric data of the user of the mobile device that was captured by the mobile device, storing the biometric data, receiving a request from the mobile device for authenticating the user of the mobile device, the request including biometric data captured by the mobile device, comparing the biometric data stored in the case and the biometric data included in the request, and sending to the mobile device a response to the request for authenticating the user of the mobile device based on a result of the comparison, wherein the response to the request is for use by the mobile device to perform an operation based on the authentication of the user.

Abstract: A system and method for providing secondary-factor authentication with a third party application that can include enrolling a device application instance of an account into a secondary-factor authentication service on behalf of a service provider that includes at the secondary-factor authentication service, receiving a secondary factor of authentication enrollment request of an account, the request received from the service provider, transmitting an activation code, and pairing the device application instance with the account through the activation code; receiving an authentication request identifying the account; transmitting an authentication request to the device application instance paired with the account; validating a response to the application request; and transmitting an assessment to the service provider.

Abstract: Disclosed are systems, apparatus, devices, methods, computer program products, and other implementations, including a method that includes determining location of a device, and controlling monitoring of behavior of one or more processes executing on the device based on the determined location of the device to identify potential one or more security-risky processes from the monitored one or more executing processes. In some embodiments, controlling the monitoring of the behavior of the one or more processes may include one or more of, for example, adjusting frequency of the monitoring of the one or more processes based on the determined location of the device, adjusting level of detail obtained for the monitored behavior of the one or more processes based on the determined location of the device, and/or adjusting features being observed for the monitored one or more processes based on the determined location of the device.

Abstract: Methods, systems, and computer program products are included for determining the risk that a file includes malware. The risk is determined by sending identifying information of the file from a client to a server. The server matches the identifying information with identifying information stored in a registry, in order to identify the file. Once the file is identified, the server identifies the risk of malware corresponding to the file, and sends the risk information to the client. The client is able to use the risk information to make determinations regarding performing operations with regard to the file.

Abstract: A violation of a firmware access rule is detected, and an entry is generated at a log file stored at a baseboard management controller, the entry identifying the violation. In an embodiment, detecting the violation is in response to receiving a system management interrupt at an information handling system.

Abstract: Detecting heap spraying on a computer by determining that values of characteristics of a plurality of requests to allocate portions of heap memory are consistent with benchmark values of the characteristics, wherein the benchmark values of the characteristics are associated with heap spraying; and performing a computer-security-related remediation action responsive to determining that the values of the characteristics are consistent with the benchmark values of the characteristics.

Abstract: A method, product and computer program product for evolving malware variants, the method including the steps of: receiving a malware specimen; generating a first generation of variants corresponding to the malware specimen, wherein the malware specimen is altered by one or more mutations to generate each variant of the first generation of variants; selecting variants from the first generation of variants; and mutating the selected variants to generate successive generations of variants, wherein the successive generations are generated until one or more criteria are met.

Abstract: A method performed by a computing system includes, with a computing system, receiving an application and a security policy corresponding to the application, the security policy for use with a security enforcement mechanism, with the computing system, receiving a data structure associated with the application and the security policy, wherein the data structure associates a logged denial by the security enforcement mechanism with a rule of the security policy, wherein the data structure further associates the logged denial with a test for the rule, the test to determine if the rule prevents the denial, with the computing system, applying the test using a temporary security policy, the temporary security policy having the rule removed, and with the computing system, in response to determining that the applying does not result in a denial corresponding to the logged denial, flagging the data structure.

Abstract: Method, system and computer program product for applying existing anti-tampering and obfuscation techniques to virtual machine technology and offers several distinct advantages. The anti-tampering and obfuscation transforms can be applied continuously to prevent adversaries from gaining information about the program through emulation or dynamic analysis. In addition, the encryption can be used to prevent hackers from gaining information using static attacks. The use of a virtual machine also allows for low overhead execution of the obfuscated binaries as well as finer adjustment of the amount of overhead that can be tolerated. In addition, more protection can be applied to specific portions of the application that can tolerate slowdown. The in-corporation of a virtual machine also makes it easy to extend the technology to integrate new developments and resistance mechanisms, leading to less development time, increased savings, and quicker deployment.

Abstract: In different embodiments of the present invention, systems, methods, and computer-readable storage media allow a user to analyze software application modules, during development of the software. The present invention may be used to analyze the software application modules, to identify vulnerabilities and to provide the user with actionable intelligence that may be used to improve the security of the software application modules. The actionable intelligence may include a list or groupings of the vulnerabilities ranked based on severability, type, and/or location.

Abstract: A system for controlling hard drive data change is disclosed which comprises a hard drive having a first volume and a second volume, the first volume for storing data of a first type, the second volume for storing data of a second type, the hard drive being connected to a computer system which restarts the hard drive and an application for running on the computer system for determining whether data of the second type is attempting to change data of the first type to store data of the second type in the second volume, for determining whether data of the second type has been stored in the second volume, and for erasing data of the second type that has been stored in the second volume when the hard drive is restarted by the computer system.

Abstract: Requests are submitted to a request processing entity where the requests include a cryptographic key to be used in fulfilling the request. The request processing entity, upon receipt of the request, extracts the key from the request and uses the key to perform one or more cryptographic operations to fulfill the request. The one or more cryptographic operations may include encryption/decryption of data that to be/is stored, in encrypted form, by a subsystem of the request processing entity. Upon fulfillment of the request, the request processing entity may perform one or more operations to lose access to the key in the request, thereby losing the ability to use the key.

Abstract: Read-and-reply console messages may be received and a reply automatically generated. Further, a message system may test the availability of an automation sequence for a computing environment. Test commands may be transmitted to a system to test if automation is available. If automation is available, a message system may receive a read-and-reply console message and transmit the message to a host system where an automation sequence may be performed. After the automation sequence is verified, the read-and-reply console message may be answered.

Abstract: A communication device may be configured to control access to geolocation services for applications on the communication device utilizing a first privacy access level setting that enables access to the geolocation services when selected, a second privacy access level setting that disables access to the geolocation services when selected, and other privacy access level settings that are different from, and fall between, the first privacy access level setting and the second privacy access level setting, and enable one time access to the geolocation services for the communication device when selected. The applications can include applications on the communication device that are managed and/or handled by a particular application service provider. The privacy access level settings comprise an anonymous one-time access and a non-anonymous one-time access.

Abstract: A method comprising using at least one hardware processor for: obtaining haptic data comprising multiple data channels representing multiple characteristics of the haptic data; analyzing the haptic data to identify sensitive portions of the haptic data to which haptic masking rules apply; and masking the haptic data by applying the haptic masking rules to the sensitive portions of the haptic data in one or more data channels of the multiple data channels.

Abstract: The embodiments set forth techniques for implementing a cloud service that enables cloud data to be shared between different users in a secure manner. One embodiment involves a sharing manager and a sharing client, where the sharing manager is configured to manage various data components stored within a storage system managed by the cloud service. These data components can include user accounts, share objects (for sharing data between users—and, in some cases, public users not known to the sharing manager)—as well as various “wrapping objects” that enable data to be logically separated in an organized manner within the storage system. According to this approach, the sharing client is configured to interface with the sharing manager in order to carry out various encryption/decryption techniques that enable the cloud data to be securely shared between the users.

Abstract: According to an example, trusted function based data access security control may include determining a restriction set by a first entity and related to access to and/or analysis related to data under the control of the first entity. A trusted function including meta-data that describes a transformation of the data may be ascertained. A determination may be made as to whether the meta-data of the trusted function matches the restriction related to the access to and/or analysis related to the data. In response to a determination that the meta-data of the trusted function matches the restriction, the trusted function may be executed to allow controlled access to the data by a second entity. In response to a determination that the meta-data of the trusted function does not match the restriction, execution of the trusted function may be prevented to prevent access to the data by the second entity.

Abstract: A method of creating content within a secure processing environment can include detecting a wiki identifier, indicating a phrase, within a parent document. The parent document can be associated with an author attribute. The method also can include searching for documents corresponding to the author attribute and that have a name corresponding to the phrase indicated by the wiki identifier. If one or more of documents are identified, a source anchor within the parent document can be created and a universal resource locator for the identified document can be associated with the source anchor.

Abstract: An automation control system is provided that includes an interface device configured to enable a user to monitor, control, or monitor and control processes of the automation control system. The interface device includes a display that presents a graphical-user-interface that enables the user to monitor, control, or monitor and control the process of the automation control system. Further, a processor renders a plurality of interface screens to the display. The processor determines a current set of access rights of a protected interface screen of the plurality of interface screens, at least one object of the protected interface screen, or both. The access rights are inherited from access rights associated with one or more of the plurality of interface screens, a folder containing the at least one interface screen, or both. Further, the processor provides access, via the protected interface screen, to monitor, control, or monitor and control the processes based upon the set of access rights.

Abstract: A system for separation of data is provided. The data separation is implemented using a special data structure—a common attribute. The common attribute is a metadata object, which allows for using the same requisite for many configuration objects (directories, documents, charts of accounts, constants, etc.). A configuration developer can add and configure the common attributes in order not to change the standard objects and configurations. In other words, the developer does not need to add divider-columns into each table or other object. Instead, the developer can set a common attribute for some of the objects and control only this requisite.

Abstract: Disclosed are an apparatus which is capable of easily performing the personal information protection processing without changing the original image recorded in the image recorder, a method thereof, and a computer-readable recording medium having computer program recorded therein. The method for protecting personal information of a recorded image includes: performing personal information protection processing by masking a personal information protection region that needs personal information protection based on a user input signal for an original image in a predetermined section of the recorded image designated by a user; generating metadata which represents a personal information protection processing result; and generating a personal information protection processed image file including a playing program which plays the original image, the original image file, and the metadata which represents the personal information protection processing result for the original image.

Abstract: A user attribute information provision system processes attribute information of users while preventing a leakage of attribute information. A provision apparatus: selects an apparatus group forming a communication path; generates information registration request in which information of a predetermined user is concealed in data recognizable only to a correspondent of the provision apparatus; and transmits the information registration request to an access destination solving apparatus via the apparatus groups.

Abstract: According to one embodiment, a computer system includes one or more programmable processors configured to receive a first set of data, and generate a parent identifier for the first set of data. The programmable processors are also configured to shred the first set of data into a plurality of data elements, including a first data element and a second data element. The programmable processors are further configured to generate a first child identifier for the first data element based on the parent identifier and the first data element. The programmable processors are further configured to generate a first location number for the first data element based on the first data element, and transmit the first data element and the first child identifier for storage in a first database in a first location having the first location number.

Abstract: In a method for cryptographically processing data which are exchanged between a first unit and a control unit, a derived key is used in this process, which is derived from a secret key and an identifier. The exchanged data are encrypted using the derived key, and the exchanged data are encrypted in a tool chain, which provides the identifier.

Abstract: An electronic device has a lower power state in which power to a storage device is disabled. Predetermined information stored in a memory is useable to unlock the storage device during a procedure to transition the electronic device from the lower power state to a higher power state. The predetermined information is different from a credential for use in unlocking the storage device.

Abstract: A decodable indicia reading terminal can comprise a multiple pixel image sensor, an imaging lens configured to focus an image of decodable indicia on the image sensor, an analog-to-digital (A/D) converter configured to convert an analog signal read out of the image sensor into a digital signal, a communication interface, and a microprocessor configured to output decoded message data corresponding to the decodable indicia by processing the digital signal. The decodable indicia reading terminal can be configured, responsive to a triggering event, to transmit via the communication interface a decoding result and an indicia readability rating. The triggering event can be provided by a failure to detect decodable indicia, the indicia readability rating being less than a pre-defined threshold, exceeding a pre-defined time period to decode decodable indicia, a user interface action, and a command received via said communication interface.

Abstract: An RFID tag is equipped with an energy sensor for receiving an appropriate energy signal or registering an appropriate temperature/environmental level. The RFID tag only responds to a query from an RFID reader if the sensor receives the appropriate stimulation.

Abstract: A method for reading/writing a chip in a USB type-C cable comprises converting a read/write command into unstructured vendor defined message (UVDM) that is conforming to a USB power delivery specification. Such UVDM will be delivered to the chip via a type-C configuration channel interface. The chip analyzes the UVDM to acquire the read/write command and reads or modifies the content of a non-volatile memory in the chip according to the read/write command. Due to use of the type-C configuration channel interface, which is inherent in the USB type-C cable, to read/write the chip, it needs no extra interface which otherwise increases costs.

Abstract: Disclosed are a magnetic bar code chip and a reading method thereof. The magnetic bar code chip comprises binary information bits formed by N rows and M columns of permanent magnet bars and/or null bits, and information identification bits that are peripheral to the binary information bits. The information identification bits are composed of permanent magnet bar identifiers and used for representing a position and a state of the magnetic bar code chip. The permanent magnet bars and the null bits represent 1 and 0 or 0 and 1 respectively.

Abstract: Intelligent portable carrier device for supporting movement in product tracking and monitoring of regulated products, such as tissue and biologics. Embodiments of the invention use product identification technology, such as radio-frequency identification (RFID) tags and readers, to uniquely identify the regulated products as they are added to or removed from the intelligent portable carrier device. Embodiments of the invention may also be configured to monitor and report temperature and other environmental conditions associated with the intelligent portable carrier device.

Abstract: A system and a method for enabling a fingerprint registration on a mobile device are provided. The mobile device includes a fingerprint registration unit configured to receive at least one first image of a fingerprint input in a first orientation, receive at least one second image of the fingerprint input in a second orientation, and generate a fingerprint image by stitching the at least one first image with the at least one second image such that the first orientation and the second orientation are substantially perpendicular to each other.

Abstract: A sensor includes a sensor array formed on a first side of a substrate and at least one circuit operative to communicate with the sensor array formed on a second side of the substrate. At least one via extends through the substrate to electrically connect the sensor array to the at least one circuit. Placing the at least one circuit on the second side of the substrate allows the sensor array to occupy substantially all of the first side of the substrate.

Abstract: A system and method for enhancing biometric security utilizing a fingerprint sequence authentication process. The method comprising, during an enrollment period for an electronic transaction system, obtaining a set of fingerprint templates associated with a registering user; storing the fingerprint templates on a memory of the electronic transaction system; determining an verification sequence unique to the registering user, wherein the verification sequence comprises a pattern of entering fingerprint images; and associating the verification sequence with the stored set of fingerprint templates to be used for a subsequent authentication of the registering user.

Abstract: A user interface device and method for biometric information processing in a user interface device for biometric collection, quality checking, and matching are disclosed. Embodiments provide a user interface device for capturing biometric information (such as fingerprints) of a subject, determining the quality of the captured biometric information, and comparing the captured biometric information to stored biometric information for possible matches. Comparisons using high quality captured biometric information result in quicker and more accurate verification of identities.

Abstract: Provided is a fingerprint authentication system and a method of authentication. The fingerprint authentication system may have a configuration to analyze a reflection wave signal reflected at a surface of an object under examination or an internal of the object under examination by applying a wave signal from at least one of signal communication unit of a fingerprint sensor to the object under examination. In the method of authentication, the controller in the fingerprint authentication system may be configured to selectively perform a first step authentication to authenticate a shape of a fingerprint, and a second step authentication to detect internal biometric information of the object under examination.

Abstract: Described herein are systems, methods, and apparatus for automatically identifying and recovering individual cells of interest from a sample of biological matter, e.g., a biological fluid. Also described are methods of enriching a cell type of interest. These systems, methods, and apparatus allow for coordinated performance of two or more of the following, e.g., all with the same device, thereby enabling high throughput: cell enrichment, cell identification, and individual cell recovery for further analysis (e.g., sequencing) of individual recovered cells.

Abstract: An article recognition device of an embodiment includes each of a selection unit, an election unit, and an input unit. The selection unit selects a display color close to a color of the appearance of an article from among a plurality of display colors based on feature amount data shown in dictionary data by digitizing the features of the appearance including the colors of the articles. The election unit elects candidates from among the plurality of articles by matching the feature amount data acquired by digitizing the features of the appearance of the articles with the feature amount data in the dictionary data. The input unit inputs an operation of the operator for selecting one candidate from among candidate articles according to the operation on the operation screen.

Abstract: The invention relates to a method for the localization of gripping points of objects, wherein the objects are scanned by means of a 3D sensor and the objects are illuminated by means of at least one first illumination unit while the objects are detected by means of a camera, wherein the relative positions of the 3D sensor, of the first illumination unit and of the camera with respect to one another are known and the 3D sensor, the first illumination unit and the camera are arranged in a fixed position with respect to one another. In this respect, the boundary of the objects is determined from a two-dimensional image generated by the camera, a spatial position is determined from detected distance information of the 3D sensor and of the two-dimensional image and the gripping points for the objects are determined from the boundaries and from the spatial position of the objects.

Abstract: An image processing device (10) includes a posture estimation unit (110) that estimates posture information including a yaw angle and a pitch angle of a person's face from an input image including the person's face, and an image conversion unit (120) that generates a normalized face image in which an orientation of a face is corrected, on the basis of positions of a plurality of feature points in a face region image which is a region including the person's face in the input image, positions of the plurality of feature points in a three-dimensional shape model of a person's face, and the posture information.

Abstract: A new image-based representation and an associated reference image is disclosed called the emotion avatar image (EAI), and the avatar reference, respectively, which leverages the out-of-plane head rotation. The method is not only robust to outliers but also provides a method to aggregate dynamic information from expressions with various lengths. The approach to facial expression analysis can consist of the following steps: 1) face detection; 2) face registration of video frames with the avatar reference to form the EAI representation; 3) computation of features from EAI using both local binary patterns and local phase quantization; and 4) the classification of the feature as one of the emotion type by using a linear support vector machine classifier.

Abstract: Embodiments of the present invention disclose a method for facial recognition processing using biometric pre-filters. The computer determines a first eye-to-eye distance of a first detected face of a first image, and wherein the eye-to-eye distance is a biometric measurement. The computer receives a selection of a demographic characteristic. The computer determines a search range for the first eye-to-eye distance based, at least in part, on the selection of the demographic characteristic, and the first eye-to-eye distance. The computer identifies a second image from a plurality of images, wherein the second image includes a second eye-to-eye distance that is included in the determined search range for the first eye-to-eye distance. The computer applies a facial recognition algorithm to the second image to determine at least one potential identity that is associated with the first detected face.

Abstract: Systems, methods, and non-transitory computer readable analyzing facial expressions within an interactive online event to gauge participant level of attentiveness are provided. Facial expressions from a plurality of participants accessing an interactive online event may be analyzed to determine each participant's facial expression. The determined expressions may be analyzed to determine an overall level of attentiveness. The level of attentiveness be relayed to the host of the interactive online event to inform him or her how the participants are reacting to the interactive online event. If there are participants not paying attention or confused, the host may modify their presentation to increase the attentiveness of the students.

Abstract: The present invention relates to a system and a method for inspecting an emotion recognition capability using multisensory information, and a system and a method for training emotion recognition using multisensory information.

Abstract: [Object] To provide an information processing device able to automatically understand action possibilities of an environment for a person, and reflect such action possibilities in a picture to project. [Solution] There is provided an information processing device including an action possibility analysis unit configured to acquire data of a three-dimensional shape of an environment, and by breaking down the data of the three-dimensional shape, analyzes an action possibility of the environment for a user, and a picture generation unit configured to use an analysis result of the action possibility analysis unit to generate a picture to project onto the environment.

Abstract: A method and system are disclosed for locating or otherwise generating positional information for an object, such as but not limited generating positional coordinates for an object attached to an athlete engaging in an athletic event. The positional coordinates may be processed with other telemetry and biometrical information to provide real-time performance metrics while the athlete engages in the athletic event.

Abstract: A system that analyzes data from multiple sensors, potentially of different types, that track motions of players, equipment, and projectiles such as balls. Data from different sensors is combined to generate integrated metrics for events and activities. Illustrative sensors may include inertial sensors, cameras, radars, and light gates. As an illustrative example, a video camera may track motion of a pitched baseball, and an inertial sensor may track motion of a bat; the system may use the combined data to analyze the effectiveness of the swing in hitting the pitch. The system may also use sensor data to automatically select or generate tags for an event; tags may represent for example activity types, players, performance levels, or scoring results. The system may analyze social media postings to confirm or augment event tags. Users may filter and analyze saved events based on the assigned tags.

Abstract: Disclosed is a fall detection device and the like such that even when a video with low frame rate is used, and a CPU that demonstrates inferior performance is employed, it is possible to detect, with a higher accuracy, that a human body has fallen. This fall detection device 1 comprises includes a height detection unit 2 detects whether or not the height of a human body decreases, an appearance feature extraction unit 3 that extracts an appearance feature, an appearance detection unit 5 that determines whether or not the human body has fallen and a moving distance detection unit 4 that detects when the moving distance is small, that the human body to be detected has fallen.