Abstract: A computerized pain visualization system and method. A web-based application and interface allows individuals to anonymously share information about where they hurt or specific regions of the body that are most worrisome to them. The web-based application comprises a visual interface that supports selection of parts or regions on an image of a human body. The data becomes viewable and filterable by geographic location, age, sex, or a variety of other data sets collected from the anonymous users. In an example embodiment, Users register and sign in at a web site. A selectable body interface is presented and the user is prompted to select one or more pain locations on the virtual body. The user's selections are recorded in a database. Another page of the application presents a search option that facilitates searching and visualizing the data, filterable by users' registration information.

Abstract: Displaying targeted website content based on social user profile data is disclosed. In some embodiments, the displaying of targeted website content based on social user profile data includes requesting social profile data for a user from an authentication provider using a token associated with the user; and generating a rule for web site customization using the social profile data.

Abstract: A method and apparatus configure privacy settings for publishing electronic images. An image including first image content and second image content can be received. A first image content data file can be created for the first image content and a second image content data file can be created for the second image content. A publication privilege can be assigned to the first image content data file. The publication privilege can be based on a relationship between a consumer of the image and a subject of the first image content. The first image content data file with the publication privilege can be stored separate from the second image content data file. Image reconstruction data can be stored.

Abstract: A method for performing a delayed license validation may include receiving a request to execute a software application. In response to receiving the request to execute the software application, the execution of the software application may be permitted. Subsequent to permitting the execution of the software application, compliance with a license associated with the software application may be determined.

Abstract: A computing system includes a first security central processing unit (SCPU) of a system-on-a-chip (SOC), the first SCPU configured to execute functions of a first security level. The computing system also includes a second SCPU of the SOC coupled with the first SCPU and coupled with a host processor, the second SCPU configured to execute functions of a second security level less secure than the first security level, and the second SCPU executing functions not executed by the first SCPU.

Abstract: A computing system receives an authentication request from a user device for access to a web application hosted in a cloud and determines that the authentication request is a candidate for modification based on initial user credentials in the authentication request. The computing system modifies the authentication request to include replacement user credentials that correspond to the initial user credentials and transmits the modified authentication request to the web application in the cloud. The web application determines whether the modified authentication request is valid based on the replacement user credentials.

Abstract: Systems and methods according to one or more embodiments are provided for detecting or recognizing a user and intelligently altering or adjusting user device settings appropriate for the detected user. In an embodiment, a method comprises detecting, electronically by a processor, a first user interacting with a user device via a user input interface of the user device; determining, electronically by the processor, one or more characteristics associated with a primary user of the user device; determining, electronically by the processor, the first user is not the primary user based at least in part on comparing interactions of the first user with the user device and the one or more characteristics associated with the primary user of the user device; and altering one or more settings of the user device.

Abstract: Systems and methods are disclosed that enable authentication based on a physical document. Specifically, a document authentication service is disclosed that utilizes characteristics of a physical document, such as an identification card already in a user's possession, to authenticate a user. In one embodiment, the characteristics of a document may be processed based at least in part on an expected wear of the document (e.g., from use by the user). Expected wear may be identified, for example, based on historical data gathered across a number of users of the document authentication service.

Abstract: An information processing apparatus, a method of controlling the same, and a non-transitory computer-readable storage medium. The information processing apparatus comprises management unit configured to manage a login application at least having both a login screen display function and a user authentication function. The apparatus, in a case where a plug-in module, having one function out of the login screen display function and the user authentication function, is added to the information processing apparatus, enables the function of the plug-in module, and enables the function of the login application other than the function of the plug-in module.

Abstract: The present invention is generally directed toward a mobile device that can be used in a secure access system. More specifically, the mobile device can have credential data loaded thereon remotely updated, enabled, disabled, revoked, or otherwise altered with a message sent from, for example, a control panel and/or controller in the system.

Abstract: A storage device contains a smart-card device and a memory device, both of which are accessed though a controller. The storage device may be used in the same manner as a conventional smart-card device, or it may be used to store a relatively large amount of data in various partitions corresponding to the protection level of the data stored therein. The smart-card device stores critical security parameters that are provided to the controller to protect access to some or all of the partitions of the memory device. A host connected to the controller issues commands, and the controller analyzes the commands and responds to them in various ways depending upon the nature of the command. In particular, depending upon the nature of the command, the controller may either pass the command to the smart-card device, or ignore the command either indefinitely or until a predetermined event has occurred.

Abstract: Disclosed are a terminal authentication method and a terminal. The authentication method comprises: setting on the terminal a detection device; setting on a stylus a label device capable of being detected by the detection device; the detection device detecting for label information preconfigured in the label device, and authenticating the stylus according to a detection result. Employment of the technical solution of the disclosure solves the technical problems in the related art of the incapability of the terminal to authenticate the stylus.

Abstract: Methods and apparatus are disclosed for generating a short term password that may be used to access a data warehouse. According to aspects of the disclosure, a user may request a password after inputting a data warehouse environment, an ID name, and a reason for the password reset. A server may receive the request and determine whether the difference in time of the present request and a previous request for the same ID name and data warehouse environment is greater than a time limit. Additionally, the server may determine whether a previous user has logged in using a password for the same ID name and data warehouse environment. Thereafter, the server may generate and output a short term password that expires after the time limit.

Abstract: Methods, systems, and computer readable media for active monitoring, memory protection, and integrity verification of a target device are disclosed. For example, a normal world virtual processor and a secure world virtual processor are instantiated on a target device. A target operating system is executed on the normal world virtual processor. An integrity verification agent is executed on the secure world virtual processor. One or more predetermined operations attempted on the normal world virtual processor are trapped to the secure world virtual processor. The integrity verification agent is used to determine the effect of the execution of the trapped operations on the target device.

Abstract: Systems, methods, apparatuses, and computer program products are described for checking the integrity of applications installed on a computing device and preventing the launch of applications that appear to have been tampered with or modified. In accordance with embodiments, the content of an application is validated at the time the application is to be launched, but before the launch has actually occurred. In accordance with additional embodiments, integrity protection can also be extended to content that is generated by an application (e.g., documents or other files generated by the application), thereby enabling applications to write their own files and data with the same degree of integrity protection.

Abstract: A computer system may be employed to verify program execution integrity by receiving a request to launch a program that has been instrumented to include at least one integrity marker, instantiating the program with an integrity marker value, and verifying the execution integrity of the program based on the integrity marker value and information received from the program during execution. A computer system may also be employed for program instrumentation by modifying the program to include at least one instruction for passing an integrity marker value to an operating system kernel during execution of the instruction.

Abstract: A system comprising a processor adapted to activate multiple security levels for the system and a monitoring device coupled to the processor and employing security rules pertaining to the multiple security levels. The monitoring device restricts usage of the system if the processor activates the security levels in a sequence contrary to the security rules.

Abstract: A secure application system and method for a host computing device. The system includes an ultraboot application divides the host computing device into a resource management partition, at least one virtual service partition and at least one virtual guest partition. The virtual service partition provides a virtualization environment for the basic operations of the virtualization system. The virtual service partition is an isolated secure partition having a secure application executing therein. The isolated secure partition includes a security manifest portion for controlling the execution of the secure application within the isolated secure partition, and a secure application operating system (OS) portion that supports only the execution of the secure application within the isolated secure partition. The secure application is executed within the isolated secure partition without the need for any standard operating system (OS).

Abstract: A system and method for deterring malicious network attacks. The system and method is configured to execute instructions on at least one of the processors to generate a plurality of random blocks of data; generate a first XOR result by using the XOR function with the plurality of random blocks of data as the XOR function inputs; generate a tail value by using the XOR function with the first XOR result and a random encryption key as the XOR function inputs; encrypt a designated file using the random encryption key; write the plurality of random blocks and tail value to at least one storage medium; and write the encrypted designated file to at least one storage medium.

Abstract: A method for the performance of a function by a microcircuit, includes: at least one step of determining (205) whether an anomaly is detected or whether the operation of the microcircuit is normal; when it is determined that an anomaly is detected, a step of performing (210) a protection function; when it is determined that the operation of the microcircuit is normal, a step of performing (215) a decoy function simulating the protection function by being perceptible, from the outside of the microcircuit, in a manner more or less identical to the protection function; the method being characterized in that it includes an interruption (250) of the performance of the decoy function by a timer.

Abstract: A method for detecting malicious active processes and self replicating executable binary files on a computing device.

Abstract: The disclosed computer-implemented method for creating behavioral signatures used to detect malware may include (1) maintaining a database that identifies (A) known malicious files and behaviors exhibited by the known malicious files and (B) known non-malicious files and behaviors exhibited by the known non-malicious files and (2) creating a behavioral signature used to detect malware by (A) determining a combination of behaviors exhibited by at least one of the known malicious files, (B) identifying the number of known malicious files that exhibit each behavior within the combination, (C) identifying the number of known non-malicious files that exhibit each behavior within the combination, and (D) determining that the number of known malicious files that exhibit each behavior within the combination exceeds the number of known non-malicious files that exhibit each behavior within the combination by a certain threshold. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: According to one embodiment, a threat detection platform is integrated with at least one virtual machine that automatically performs a dynamic analysis of a received object and monitors the processing during the dynamic analysis for a change to a file system within the virtual machine wherein the change involves a lure file placed in the file system. The file system is configured based on a received configuration file. Upon detection of a change in the file system associated with a lure file, the changes associated with the lure file during processing are compared to known file activity patterns of changes caused by file altering malware to determine whether the object includes file altering malware.

Abstract: A system, method, and computer program product are provided for identifying unwanted data based on an assembled execution profile of code. In use, an execution profile of code is assembled by tracking interface usage of the code. Further, it is determined whether the code is associated with unwanted activity, based on the execution profile.

Abstract: Technology is disclosed for preventing an exfiltration of a data associated with an application executing on a mobile device. The technology can migrate the application from a computing platform of the mobile device to a secure computing platform, where the secure computing platform is independent of the computing platform of the mobile device. The technology can further receive a request to access the application through the mobile device, execute the requested application on the secure computing platform, and provide an access to the requested application executing on the secure computing platform through the mobile device. The access provided through the mobile device includes displaying information on the mobile device, where the displayed information includes data generated by the execution of requested application on the secure platform.

Abstract: Methods and apparatus for verifying a boot process of a computing system are disclosed. An example computer-implemented method includes reading, by a computing system during a boot process, a header section of a read-write portion of firmware of the computing system. The example method further includes generating, using a first cryptographic hash algorithm, a message digest corresponding with the header. The example method also includes decrypting, using a first public-key, an encrypted signature corresponding with the header. The example method still further includes comparing the message digest corresponding with the header and the decrypted signature corresponding with the header. In the event the message digest corresponding with the header and the decrypted signature corresponding with the header match, the example method includes continuing the boot process.

Abstract: A mapping engine may be used to determine an attack model enumerating software attacks, the software attacks being represented by linked attack components, and may be used to determine a software architecture to be tested, the software architecture being represented by linked architectural components in an architecture diagram. The mapping engine may then associate each attack component and each architectural component with at least one attack tag characterizing attack requirements. A global test plan generator may be used to determine an attack test model, including associating attack components with corresponding architectural components, based on associated attack tags, and may thus generate attack test workflows from the attack test model, to thereby test the software architecture.

Abstract: There is provided an image processing device including a photographic subject position acquisition unit that acquires position information of a photographic subject corresponding to a person image included in a photographic image, a transmission unit that transmits the position information of the photographic subject to an information processing device that compares the position information of the photographic subject with position information of a communication terminal transmitted from the communication terminal, and a determination unit that determines whether a process of protecting the person image is performed based on information according to a result of the comparison received from the information processing device.

Abstract: Systems and methods for managing a data incident are provided herein. Exemplary methods may include receiving data breach data that comprises information corresponding to the data breach, automatically generating a risk assessment from a comparison of data breach data to privacy rules, the privacy rules comprising at least one federal rule, at least one state rule, and at least one contractual obligation, each of the rules defining requirements associated with data breach notification laws, and providing the risk assessment to a display device that selectively couples with the risk assessment server.

Abstract: Systems and techniques for transferring data to a storage device. A storage device includes storage, a processor, and a wireless transceiver, as well as a connector allowing the storage device to operate according to an appropriate standard when connected to a playback or data device. The storage device can communicate with a data transfer station to wirelessly receive data from the station. A user may select data to be transferred to a removable media device, and the station transfers the data over a wireless connection. The removable media device stores the data in memory as it is received. Once the data has been received, the data can be played or otherwise used in any playback or data device to which the storage device may be connected for use as a memory device.

Abstract: In one embodiment, a method for enabling user privacy for content on a network includes receiving input from a first user instructing at least one change in user access to shared content provided by a network system. The change modifies the user access from an existing set of one or more users of the network system to a different set of one or more users of the network system. The method checks a privacy setting associated with each of one or more referred users of the network system who are referred to by the shared content. The privacy setting indicates whether the associated referred user is to be sent a notification indicating that the at least one change in user access has been instructed.

Abstract: Techniques for securely displaying sensitive information against attempts to capture such information via screenshots are introduced. Similar to the pieces of a puzzle, a plurality of images that collectively represent a keypad (for example) are generated and each image represents a different part of the characters. The generated images are to be displayed to a human user in a sequential fashion at at least a predetermined minimum frame rate, such that the plurality of images sequentially displayed are perceivable by the human user collectively as the keypad. In each of the plurality of images, at least a part of the characters of the keypad is disguised or concealed, and in some embodiments, to the extent that not a single character of the keypad is recognizable by a human or a machine. Not all of the plurality of images are displayed at any instant in time.

Abstract: Embodiments of the subject invention relate to systems and methods for presenting and managing user information. Specific embodiments allow creating, editing, presenting, and storing user information. In a more specific embodiment, the systems and methods can be used to provide a digital safe deposit box (DSDB) that allows users to save, maintain, update, and/or share information about themselves and/or their organization. Specific embodiments provide a personal financial solution that is designed for customers interacting with professional institutions, such as accounting firms, banks, and insurance agencies, and/or interacting with family members and people that may need to access certain documents. Embodiments of the invention provide individuals, based on permission granted/allocated to them, access to specific information, while providing safety from fraud.

Abstract: A method for automatically encrypting files is disclosed. In some cases, the method may be performed by computer hardware comprising one or more processors. The method can include detecting access to a first file, which may be stored in a primary storage system. Further, the method can include determining whether the access comprises a write access. In response to determining that the access comprises a write access, the method can include accessing file metadata associated with the first file and accessing a set of encryption rules. In addition, the method can include determining whether the file metadata satisfies the set of encryption rules. In response to determining that the file metadata satisfies the set of encryption rules, the method can include encrypting the first file to obtain a first encrypted file and modifying an extension of the first encrypted file to include an encryption extension.

Abstract: A method of securely storing data to a dispersed data storage system is disclosed. A data segment is arranged along the columns or rows of an appropriately sized matrix. Data slices are then created based on either the columns or the rows so that no consecutive data is stored in a data slice. Each data slice is then stored in a separate storage node.

Abstract: The data vaporizer provides secure online distributed data storage services that securely store and retrieve data in a public distributed storage substrate such as public cloud. The data vaporizer vaporizes (e.g., fragmented into tiny chunks of configurable sizes) data and distributes the fragments to multiple storage nodes so that the data is not vulnerable to local disk failures, secures data so that even if some of the storage nodes are compromised, the data is undecipherable to the attacker, stores data across multiple cloud storage providers and/or parties using keys (e.g., tokens) provided by multiple parties (including the owners of the data) and maintains data confidentiality and integrity even where one or more data storage provider is compromised. The data vaporizer is configurable for different domain requirements including data privacy and anonymization requirements, encryption mechanisms, regulatory compliance of storage locations, and backup and recovery constraints.

Abstract: A method of operating a display device, such as a tablet device, comprises displaying a plurality of covers corresponding to respective different data items, such as financial information, and selecting at least one cover and displaying the corresponding data item or data items.

Abstract: Some embodiments involve methods and systems for instant personalization security. For example, a social networking system can provide a platform for a user to open applications and/or access external websites. In some cases, an application does not have access to the user's fully identifying profile (e.g., UID or other public information). Instead, the application has access to a pseudonymous profile corresponding to a hashed ID that is generated by the platform and provided to the application. Access to the pseudonymous profile enables the application or an external website to personalize its environment without breaching the security of the platform.

Abstract: The present invention is directed to a system that enables a user (an associate, a data specialist, a researcher, an adjuster, an agent, a teller, or the like) of a financial institution to quickly and accurately validate a repository of an enterprise content management platform. The user typically utilizes the system of the present invention to schedule and/or execute a variety of validation processes for one or more repositories. For example, the user may test read and write capabilities of a particular storage of a server. Once execution of desired validation processes is complete, the system of the present invention generates a report based on the completed validation processes. The generated report may assist the user in identifying unwanted errors in repository performance.

Abstract: Systems and methods for requesting transmission of a document from a sender device to a signer device, for purposes of obtaining an e-signature from the signer device, are disclosed. In some example embodiments, the systems and methods establish and/or determine a physical proximity between a signer device and a sender device, such as via a handshake between the devices, and a document to be signed is provided to the signer device in response to the established physical proximity.

Abstract: A virtual security coprocessor is created in a first processing system. The virtual security coprocessor is then transferred to a second processing system, for use by the second processing system. For instance, the second processing system may use the virtual security coprocessor to provide attestation for the second processing system. In an alternative embodiment, a virtual security coprocessor from a first processing system is received at a second processing system. After receiving the virtual security coprocessor from the first processing system, the second processing system uses the virtual security coprocessor. Other embodiments are described and claimed.

Abstract: A method of read or write access by an electronic component of data, including generating a first secret key for a first data of an ordered list of data to access, and for each data of the list, following the first data, generating a distinct secret key by means of a deterministic function applied to a secret key generated for a previous data of the list, and the application of a cryptographic operation to each data to be read or to be written of the list, carried out by using the secret key generated for the data.

Abstract: Encryption of data within a memory 6 is provided by key generation circuitry 12 which serves to generate a key as a function of the address within the memory 6 being accessed and then encryption circuitry 14 or decryption circuitry 16 which serve respectively to encrypt or decrypt the data as a function of the key that has been generated based upon the address. The encryption and the decryption may be performed using a bitwise XOR operation. The key generation circuitry may have the form of physically unclonable function circuitry, which varies from instance to instance of implementation and that operates to generate the same key for the same address upon both write and read operations within the same instance.

Abstract: A method and a computer program are provided for implementing memory accesses. A hypervisor is used for this purpose, via which the memory access takes place.

Abstract: The logarithmic and exponential function generator for analog signal processing is implemented with CMOS circuits operating in current mode and includes current mirrors connected to a square root function circuit and two current amplifiers. A third current amplifier utilizes a constant current input. The outputs of the current amplifiers are combined to provide the logarithmic and exponential functions.

Abstract: In accordance an example embodiment, there is disclosed herein a card reader having an opening allowing for card to be inserted. The card reader determines how long a card has been inserted into the card reader. If a card is inserted into the card reader for a time period greater than a predetermined time period, the card reader reads a chip on the card to obtain card data. If the card is removed from the card reader before the predetermined time period, the card reader obtains the card data from a magnetic stripe on the card.

Abstract: Capacitive sensing electrodes may be placed in strategic locations inside, outside or inside and outside of a card reader, wherein touch sensor circuitry is then used to take mutual capacitance or self-capacitance measurements that are saved in non-volatile memory as a reference intrusion measurement that is not deleted when power is removed, wherein the reference intrusion measurement may then be used during subsequent intrusion measurements to determine if a skimming device has been disposed adjacent to the card reader, and if a skimming device is detected, appropriate action may be taken such as the automatic disabling of the card reader, the display of a message indicating that the card reader should not be used, or any other action that may prevent a financial card from being compromised.

Abstract: A workstation includes a proximity system having multiple object sensors each associated with an object field of view for detecting a target object outside the housing. Each object sensor includes an IR emitter for emitting IR light into an IR emission field and an IR sensor for sensing returned IR light within an IR detection field that intersects the IR emission field. The workstation also includes a controller is operatively connected to the proximity system for activating each one of the multiple object sensors sequentially.

Abstract: According to one embodiment, a RFID tag writing system has a conveying unit configured to convey a plurality of RFID tags, an antenna configured to transmit a first write signal towards the RFID tags and receive return signals generated by the RFID tags in response to the first write signal, and a controller configured to determine an intensity of a second write signal to be transmitted by the antenna based on intensities of the return signals.

Abstract: Embodiments of the present invention include systems with Readers and Tags in which a Reader queries the Tags with a parameter that includes a level of probability of reply according to which the Tags individually and randomly decide whether or not to reply. In one embodiment, the Tags can switch between two states: A and B. The query command also specifies a state (A or B) so that only the Tags in the specified state can reply. After successfully sending the Tag identification data from a Tag to the Reader, the Tag switches to the other state from the specified state. In one embodiment, the operations about the two states are symmetric. In one embodiment, the Tags can remember the parameters used in a query so that a short form of query command can be used to repeat the query with the same query parameters.