Abstract: A system and method for a patient to initiate and complete a voice-enabled, computerized, symptom-based medical history, at the time the patient is concerned about a medical problem. The interview mimics the real in-office medical interview between a patient and physician, complete with voice audible questions and responses, and is constructed to uncover factual information related to the patient's current complaint. Once the medical history is complete it is sent to the patient's physician through the physician's Electronic Health Record system, the physician is then alerted that history report is waiting, and after reviewing the report, the physician calls the patient for a follow up interview to determine an appropriate next action for the patient.

Abstract: System and methods are disclosed, one method comprises generating a patient profile comprising a patient identifier and information relating to the patient identifier, linking one or more service providers of the plurality of service providers to the generated patient profile, wherein the one or more linked service providers are capable of accessing the patient profile over a secure network connection, receiving an update relating to the patient profile, automatically transmitting a notice the one or more linked service providers, wherein the notice indicates that an update has been received relating to the patient profile, receiving a request to access the patient profile from the one or more linked service providers, and granting access to the patient profile including the update, via a secure network connection.

Abstract: An example of an information processing system includes a stationary type device, a hand-held type device, and a server. The stationary type device senses user information for evaluating health of a user. The hand-held type device transmits the user information sensed by the stationary type device and/or information calculated from the user information to the server as transmission information. The server transmits, to the hand-held type device, service data for providing the user with a network service in accordance with an evaluation result of health, indicated by the transmission information transmitted from the hand-held type device and/or calculated from the transmission information.

Abstract: An example of an information processing system includes: a terminal system including a hand-held type terminal; and a server. The terminal system acquires first information for evaluating health of a user. The information processing system performs an evaluation regarding health of the user on the basis of the acquired first information. The server transmits, to the terminal system, service data for providing a network service in accordance with the evaluation regarding health of the user. The server stores, in a predefined storage section, privilege information indicating a privilege to be given to the user and regarding the network service and/or the hand-held type terminal. The server updates the privilege information such that a privilege in accordance with a result of the evaluation regarding health of the user is to be given to the user.

Abstract: A system for providing actionable annotations includes a clinical database storing one or more clinical documents including clinical data. A natural language processing engine which processes the clinical documents to detected clinical data. A context extraction and classification engine which generates clinical context information from the clinical data. An annotation recommending engine which generates a list of recommended annotations based on the clinical context information. A clinical interface engine which generates a user interface displaying the list of selectable recommended annotations.

Abstract: A system for reducing processor workload is provided that includes an engagement module operating on the processor and configured to generate one or more profile user interface controls in response to data received from a mapped clinical intelligence rule and to generate user profile data in response to user selection of the profile user interface controls. An assessment module operating on the processor and configured to generate one or more assessment user interface controls in response to data received from the mapped clinical intelligence rule and to generate assessment data in response to user selection of the assessment user interface controls. The mapped clinical intelligence rule includes one or more algorithms for generating a relevancy metric for the one or more profile user interface controls and the one or more assessment user interface controls.

Abstract: A method for determining a user's well-being based on a user's digital activity, the method having the steps of: associating said user with a unique identifier; logging each instance said device accesses said digital services or content; determining a type of said digital services or content being accessed by said user; capturing user generated content and device generated content; forming core data associated with said user derived from data associated with each of said steps; and analyzing said core data to determine whether elements within said core data are indicative of distress, and providing an alert when said elements exist.

Abstract: This invention relates to a method and network system for selecting an appropriate bariatric surgery for a patient based upon baseline patient parameters.

Abstract: There is provided an apparatus and method for use in selecting healthcare services for a user, the method comprising: providing (101, 201) a database of health conditions, wherein the database includes symptom information for the health conditions; providing the user with means for monitoring interactions of the user with a network via one or more network-enabled devices; wherein the means for monitoring is configured to detect data which has been input to or generated by the one or more network-enabled devices; monitoring (103, 203), with the means for monitoring, interactions of the user with a network via the one or more network-enabled devices by detecting data input to or generated by the one or more network-enabled devices; analyzing (105, 205) the detected data to determine whether a given interaction includes one or more health-related terms; and if the given interaction is determined to include one or more health-related terms: identifying the one or more health-related terms in the given interaction

Abstract: Systems and methods for communicating orthodontic treatment information are disclosed herein. The methods may include methods of delivering an informational resource corresponding to an orthodontic treatment instruction to a patient of an orthodontist, and optionally to a caretaker of the patient and a dentist of the patient. The methods may further include delivering receipt information to the orthodontist and/or the caretaker, wherein the receipt information is indicative of an interaction between the patient and the informational resource. The systems may include electronic devices and interfaces associated with the orthodontist, the patient, the caretaker, and the dentist that may facilitate the communication methods.

Abstract: The present disclosure relates to techniques for receiving glucose data from a continuous glucose sensor and controlling the use and redistribution of that data so it is used in an intended manner. In one aspect, a method includes obtaining one or more data points relating to glucose levels from a transmitter associated with a continuous glucose monitor device; distributing the one or more data points among one or more display devices and one or more servers; identifying a missing data point from among a display device of the one or more display devices or a server of the one or more servers, the missing data point being one of the one or more data points; and providing the missing data point to the display device or the server when the missing data point falls within a defined time period.

Abstract: A device and system are provided for notifying a user contact of the status of a user of a portable device. The status is determined by the portable device collecting user provided information and device collected information relevant to a user of portable device. The portable device may then transmit the device collected information and the user provided information to a server that in turn performs an analysis on the device collected information and the user provided information to determine whether a triggering event has occurred. If it is determined that a triggering event has occurred, the server will proceed to send a status update regarding the user of the portable device to preset user contacts. The triggering event is determined to have occurred based on preset user conditions and algorithms and artificial intelligence being executed at the server.

Abstract: A risk management system (RMS) device includes a RMS database and a RMS processor. The RMS processor includes a prescriber module to receive a request to enroll a patient in a RMS program of a therapeutic agent associated with multiple indications. The request includes a specification of at least one indication, and a confirmation of a diagnostic test conducted on the patient. The RMS processor also includes a patient module configured to generate a patient profile. The RMS processor also includes a database module configured to store the patient profile in the RMS database. The RMS processor also includes an authorization module configured to generate an authorization code indicating whether the patient is authorized to receive the therapeutic agent. The RMS processor also includes a communication module configured to transmit the authorization code to a pharmacy or a prescriber.

Abstract: The method and system of this invention provides for the use of the Simcyp Simulator to identify the characteristics of a Virtual Twin to a real patient based on physiological data and demographic characteristics of the real patient. The Virtual Twin can be used to estimate appropriate dosage levels for a real patient undergoing pharmaceutical treatment and to indicate drug interactions that can occur during the administration of multiple drugs.

Abstract: Various embodiments are described herein for a system and a method for treatment planning for providing ablative therapy to a patient. The treatment planning may involve segmenting images of the patient to define areas to receive treatment, defining trial parameters, simulating treatment of ablative therapy to the patient according to the trial parameters; analyzing a thermal dose distribution resulting from the simulated treatment to determine treatment effectiveness; determining when the treatment effectiveness meets a treatment effectiveness criteria; and providing an indication of the trial parameters when the treatment effectiveness meets the treatment effectiveness criteria.

Abstract: Disclosed are some examples of systems, apparatus, methods and storage media for automated device management, and more specifically, for detecting exceptions in devices and facilitating workflows to resolve the exceptions. In one innovative aspect, a database system is configurable to maintain at least one knowledge database storing a plurality of prescriptions, each prescription defining a respective action-oriented workflow for one or more exceptions. The system is further configurable to receive device data associated with the devices, analyze the received device data, and detect occurrences of exceptions based on the analysis. The system is further configurable to determine whether the knowledge base includes a prescription for a detected exception, and responsive to a determination that the knowledge base includes a prescription for the detected exception, trigger a first workflow for remedying the detected exception based on the prescription.

Abstract: Systems, methods, and computer-readable media are disclosed for remote monitoring and dynamic document management. Example methods may include receiving a first document from a device driver associated with a hardware device, identifying a clinical trial identifier associated with the first document based at least in part on metadata associated with the first document, and determining a first document type of the first document by analyzing contents of the first document. Methods may include managing user permission to access the first document. Methods may further include identifying a folder associated with the clinical trial identifier at which to store the first document based at least in part on the first document type, and assigning a first document state to the first document based at least in part on the first document type of the first document.

Abstract: A process for determining the distillation characteristics of a liquid petroleum product that contains an azeotropic mixture of an oxygenated or nitrogen-containing component and at least one petroleum blending component.

Abstract: An approach and mechanism relative to a license that is forced or locked to a particular localization. Forcing a license of a product to be localized may be effected with an attribute specifying the locale or language of a particular region, area, or country. The lock-to-locale region or area may be set and thus force a use of localization settings, lexicon files and resources of the particular region, area or country. A hash or code may be developed and embedded as a value of an attribute on the lock-to-locale feature. The hash or code on the files installed may be validated by matching it with the hash or code securely stored within the license file to ensure that the localization files for the region or area have not been tampered with or changed.

Abstract: It is provided a method for managing stream in home media network having home gateway and a plurality of devices comprising; building converged home media index at a home gateway by synchronizing local media index of each of the devices; receiving by a source device a request from a user to play a media stored on the source device at the first render device; assigning a multicast IP and port for streaming of the media by the source device or the home gateway; sending by the source device hash value of the media, the multicast IP and port, and the streaming ID to the first render device, in addition to source device IP and render device IP to the home gateway; checking the media file's metadata and corresponding management policy stored on the converged home media index; notifying the source device that the steam can be transmitted to the first render device when receiving authentication and authorization from the gateway; sending security keys to the source device and the first render device to encrypt and de

Abstract: Methods and apparatus for providing access to content across a plurality of devices and environments. In one embodiment, a downloadable rights profile is utilized in order for a user device to determine whether to provide content to a subscriber. The user device is first registered to content delivery the network; the device then requests a rights profile indicating the rights of the subscriber associated with the device to access content. The rights profile is transmitted to the device. The rights profile may be configured to be valid only for a pre-determined time, thus enabling a subscriber's rights to be updated (including revoked). Security mechanisms may also be utilized to ensure access to content is limited only to authorized subscribers. In another embodiment, a user-based authentication procedure is utilized, thereby making the rights determination and content provision process completely agnostic to the underlying hardware.

Abstract: Systems and methods for controlling access to digital works are described herein, e.g., including receiving a request for a digital work from a requestor; retrieving the digital work from a repository; incorporating a digital signature throughout the digital work specific to a device, wherein the incorporated digital signature includes information identifying the device having the ability to access to the digital work; providing the identified device with a device key associated with the device; encrypting the digital work, wherein the digital work is decryptable using the device key and the identified device; and providing the requestor with the encrypted digital work.

Abstract: A portable information handling system having an NFC device obtains identifier information from information handling systems through NFC and applies the identifier information to obtain license keys for applications stored on the information handling system from a license server through a network interface. NFC transfer of license keys in a secure environment, such as to server information handling system management controller in a data center, provides the convenience of public license servers without the security risk of an open public network access to the management controller.

Abstract: The present invention relates to managing a Unity file in a mobile platform in order to forestall a Unity library executable in a mobile platform from being analyzed by reverse engineering and decompiling and provides an apparatus for managing a Unity file in a mobile platform comprising a file extracting section that extracts a Unity library file from a Unity application; an encrypting section that encrypts a programming library file in the Unity library file thus extracted and creates an encrypted programming library file; a file creating section that creates a decrypting library to decrypt the encrypted programming library file and creates a secured Unity application using the decrypting library and the encrypted programming library file; and a file executing section that, upon request to execute the secured Unity application, executes the secured application by decrypting the encrypted programming library file using the decrypting library.

Abstract: Systems and methods for determining access to a home automation system may include receiving a command from a user to perform a home automation function, and determining a privilege for the user, which may be based on the location of the user. The methods may include comparing the command and the user privilege to an authorization list, where the authorization list defines system access to perform home automation functions based at least on individual commands and associated privileges. The methods may also include determining whether to allow the user access to the home automation system to perform the commanded home automation function.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for unlocking time to non-educational tasks on devices. In one aspect, a method includes receiving an indication that a user has completed the first educational task; calculating a first educational value score for the first educational task; calculating a first amount of earned non-educational time based on the first educational value score and adding the first amount to a total amount of earned non-educational time maintained in a user profile of the user; identifying a second educational task of the plurality of educational tasks; receiving an indication that the user has completed the second educational task; and in response, updating the total amount of earned non-educational time associated with the user profile of the user.

Abstract: Provided is a classifier training method, including: acquiring a training sample set; determining a classification condition at a root node according to a preset classification condition feature, performing classification on training samples in the training sample set according to the classification condition at the root node, and acquiring a classification subset corresponding to a child node of the root node; using the child node of the root node as a current node, circularly implementing the step of determining a classification condition at the current node according to another preset classification condition feature, performing classification on training samples in a classification subset corresponding to the current node according to the classification condition at the current node, and acquiring a classification subset of a child node of the current node, till a leaf node; and determining a user identity classification result at the current node, and obtaining a decision tree classifier.

Abstract: The present invention provides a device (10) for facilitating an exchange of personal information between a user and a third party. The device comprises a body (12) configured to be carried by a user. A contact pad (14) is provided on a surface of the body (12). The contact pad (14) is configured to be contacted by the user and comprises a plurality of sensor elements (25) for taking a plurality of biometric readings from the user for verification purposes. A data storage module (29) is provided with said body (12) for storing personal data about said user together with said user's biometric data. A processor (28) is provided for processing the biometric readings obtained by the plurality of sensor elements (25) and comparing the biometric readings against the user's stored biometric data to confirm identity of the user. The processor (28) is further configured to facilitate a transfer of said user's personal data with the third party upon confirmation of the identity of the user.

Abstract: In physical token-less security screening using biometrics, a person provides biometric data to a security computing device as part of a security screening. The biometric data is used by the security computing device to look up an identifier (such as an airline account identifier or a security status identifier) for the person from a security back end. The identifier is used by the security computing device to obtain electronic pass information (such as an electronic boarding pass or a security screening status indicator) from a third party computing system (such as an airline computing system or a clearinghouse), which may be used to clear the person and/or otherwise facilitate the security screening. In some implementations, these techniques may also be used for physical token-less pass processing (such as boarding pass-less airline processing, confirmation of assigned traveling credentials, or determination of security protocols).

Abstract: Disclosed embodiments relate to a terminal having improved security and a method of releasing a locked state of a terminal. There is provided a terminal, including an input unit configured to receive dragging; a storage unit configured to store a password pattern; a control unit configured to compare the received dragging with the password pattern and release a locked state of the terminal according to the comparison result; and an output unit configured to display at least a part of a user interface including at least two markers arranged in a grid, wherein the user interface includes a first marker and a second marker, and the password pattern includes movement from the first marker to the second marker and movement from the second marker to the first marker.

Abstract: Systems, apparatuses and methods may provide for conducting a signature verification of a mandatory access control policy and provisioning the mandatory access control policy into kernel memory if the signature verification is successful. Additionally, the kernel memory may be protected from unauthorized write operations by one or more processes having system level privileges. In one example, the mandatory access control policy is provisioned without a system reboot.

Abstract: An apparatus and a method for detecting a buffer overflow attack, and a security protection system. The apparatus for detecting a buffer overflow attack includes a memory storing instructions, a processor configured to execute the instructions stored in the memory to obtain external input data for a target process, determine that the target process decodes the external input data, detect attack code on the decoded external input data, wherein the attack code is a code used for performing an overflow attack on a buffer, where the apparatus or the method facilitates detection of attack code from the data obtained by decoding, and may improve a detection rate of the attack code.

Abstract: A method to secure a non-native application. The non-native application is processed to obtain an application stub to be triggered within a virtual machine. The processing of the non-native application also provide a native code function upon which the application stub depends. The non-native function is part of a trusted module that extends application security services from the trusted module to the virtual machine. The trusted module is a native code application that creates a trusted zone as a root of trustiness extending to the virtual machine by an execution-enabling mechanism between the application tab and the non-native function.

Abstract: Described systems and methods allow a computer security system to automatically classify target objects using a cascade of trained classifiers, for applications including malware, spam, and/or fraud detection. The cascade comprises several levels, each level including a set of classifiers. Classifiers are trained in the predetermined order of their respective levels. Each classifier is trained to divide a corpus of records into a plurality of record groups so that a substantial proportion (e.g., at least 95%, or all) of the records in one such group are members of the same class. Between training classifiers of consecutive levels of the cascade, a set of training records of the respective group is discarded from the training corpus. When used to classify an unknown target object, some embodiments employ the classifiers in the order of their respective levels.

Abstract: Intrusion detection systems dedicated to an operating system, and an intrusion detection system in a device implementing at least a first operating system and a second operating system. The intrusion detection systems includes: a listening module (1110) configured to be executed in the first operating system in order to listen to the activity of this first operating system; a collecting module (1120) configured to be executed in the first operating system in order to collect data characterizing the activity of the first operating system; and an analysis and detection module (1150) configured to be executed in the second operating system in order to analyze the data collected in the first operating system and detect a suspicious activity in the first operating system depending on the analysis.

Abstract: Methods for creating a hybrid string representation include determining string components from input string information that may be represented concretely by comparing the one or more components to a set of known concretizations using a processor. The set of known concretizations includes string configurations that cannot be interfered with by an attacker. All string components that could not be represented concretely are abstracted. A hybrid string representation is created that includes at least one concrete string component and at least one abstracted string component.

Abstract: Aspects of the present disclosure relate to threat detection of executable files. A plurality of static data points may be extracted from an executable file without decrypting or unpacking the executable file. The executable file may then be analyzed without decrypting or unpacking the executable file. Analysis of the executable file may comprise applying a classifier to the plurality of extracted static data points. The classifier may be trained from data comprising known malicious executable files, known benign executable files and known unwanted executable files. Based upon analysis of the executable file, a determination can be made as to whether the executable file is harmful.

Abstract: Systems, apparatuses and methods may provide for locating operating system (OS) kernel information and user mode code in physical memory, wherein the kernel information includes kernel code and kernel read only data, and specifying permissions for the kernel information and the user code in an extended page table (EPT). Additionally, systems, apparatuses and methods may provide for switching, in accordance with the permissions, between view instances of the EPT in response to one or more hardware virtualization exceptions.

Abstract: Provided are a method and device for feature extraction. The method comprises: acquiring a batch of black sample files and white sample files from an application layer of a smart terminal operating system; parsing each file, acquiring information structure of all functions contained in each file, and computing a checksum for each function; determining whether or not the files contain the functions corresponding to the checksums, thus compiling statistics on the number of occurrences of each function in the black sample files and the white sample files; and, extracting a black sample feature on the basis of functions occurring only in the black sample files and not occurring in the white sample files, or extracting a white sample feature on a similar basis.

Abstract: Various systems and methods for locking computing devices are described herein. In an example, a portable device comprises an electro-mechanical lock; and a firmware module coupled to the electro-mechanical lock, the firmware module configured to: receive an unlock code; validate the unlock code; and unlock the electro-mechanical lock when the unlock code is validated. In another example, device for managing BIOS authentication, the device comprising an NEC module, the NEC module comprising an NEC antenna; and a firmware module, wherein the firmware module is configured to: receive an unlock code from an NEC device via the NEC antenna; validate the unlock code; and unlock a BIOS of the device when the unlock code is validated.

Abstract: Disclosed herein is an apparatus and method for detecting unsteady flow of a program to protect against distribution of malicious codes through vulnerabilities of the program by detecting unsteady flow occurring in the program. The apparatus for detecting unsteady flow of a program includes a program flow interrupter for interrupting a flow of a program being performed in a process; a program collector for collecting the program interrupted by the program flow interrupter; an unsteady flow determiner for determining unsteady flow in the program collected by the program collector; and an unsteady flow detector for detecting unsteady flow based on the determination result of the unsteady flow determiner.

Abstract: A method and apparatus are provided for secure multiparty computation. A set of first parties is selected from a plurality of first parties for computation. Inputs for computation associated with each party in the set of first parties are divided into shares to be sent to other parties in the set of first parties. The computation on the shares is performed by the set of first parties using multiparty computation functions. In response to a trigger event, shares of the set of first parties are transferred to a set of second parties selected from a plurality of second parties. The computation is completed by the set of second parties using the transferred shares. Finally, the transferred shares are recombined to reveal an output of the computation.

Abstract: The presenting invention relates to techniques for implementing a secure operating environment for the execution of applications on a computing devices (e.g., a mobile phone). In The secure operating environment may provide a trusted environment with dedicated computing resources to manage security and integrity of processing and data for the applications. The applications may be provided with a variety of security services and/or functions to meet different levels of security demanded by an application. The secure operating environment may include a security engine that enumerates and/or determines the security capabilities of the secure operating environment and the computing device, e.g., the hardware, the software, and/or the firmware of the computing device. The security engine may provide security services desired by applications by choosing from the security capabilities that are supported by the secure operating environment and the computing device.

Abstract: Automatically establishing and/or modifying a trust relationship between devices, including mobile devices, in communication, and customizing a user interface workflow based on the trust relationship. Trust relationships are based on numerous proximity-related factors including automatically gathered proximity data, length of time in proximity, and signals detected from a target communication device as well as other nearby communication devices.

Abstract: A data transmission system includes a storage site information transmitter, an access acceptor, and a password information transmitter. The storage site information transmitter transmits storage site information representing a storage site of data to a certain destination. The access acceptor accepts an access accompanied with the storage site information. The password information transmitter transmits, in a case where the access accompanied with the storage site information is accepted, password information for using the data to the destination.

Abstract: According to an example embodiment of the present invention, there is provided a method of controlling digital user rights on a mobile device comprising the computer implemented steps of running an application having a first set of digital user rights on a mobile device, wherein the first set of digital user rights have predetermined activation criteria associated therewith, obtaining, by the mobile device, proximity data about the proximity of at least one secondary device, determining, based on at least the obtained proximity data and the predetermined activation criteria, a digital user right to be activated, and activating the determined digital user right.

Abstract: A system that encrypts a protected file embedded with encrypted policy rules. The policy rules are one or more ‘access rules’ and ‘use rules’ that determine how the file is accessed and used. The rules may be changed at any time and may be location, time and date sensitive. The file may be sent to a recipient or stored in a file accessed by the recipient may accessed. The recipient registers with the system and assigned an ID. Using the ‘access rule’, the file owner assigns a particular recipient ID to the file. A reader program generates a request to a management server to access and use the file. The management server reviews the policy rules to determine if they are satisfied. If the rules are satisfied, a digital certificate is assigned to the protected file is then used allowing the protected file to be accessed and used according to the policy rules.

Abstract: Systems and methods that automatically compare sets of files to determine what has been copied even when sophisticated techniques for hiding or obscuring the copying have been employed. The file compare system comprises a file compare program that uses various operational data and user interface options to detect illicit copying, highlight and align matching lines, and to produced a formatted report. A discovered translations file is used to match translated tokens. Other operation data files specify rules that the file program then uses to improve its results. The generated report contains statistics and full disclosures of the discovered translations used and the other methods used in creating the exhibits. The system includes a bulk compare program that automatically detects likely file pairings and candidates for validation as suspected translations, which can be used on iterative runs.

Abstract: Various embodiments relate to a method, network node, and non-transitory machine-readable storage medium including the following: providing access to an enterprise file system to end user devices via a virtual private network (VPN); encrypting at least a portion of an enterprise file system to produce an encrypted file system, wherein an encrypted file from the encrypted file system is capable of being decrypted using a decryption key; transmitting the encrypted file system to a content distribution network (CDN) server for storage and access, wherein the CDN server is located outside the VPN; and transmitting the decryption key to an end user device via the VPN.

Abstract: A content management system allows a user to create a collection folder to which a submitting user can add content items without being able to access content items added to the folder by other submitting users. A collection folder is created in a namespace of a collecting user and folder is made available to multiple submitting users to allow the submitting users to add items to the folder. When a submitting user first request to store a content item in the collection folder, the content management system creates a sub-folder associated with the submitting user in the collection folder and stores the content item in the sub-folder. The submitting user is given rights to the sub-folder, but is not given rights to sub-folders created for other submitting users.