Abstract: Functionality is disclosed herein for monitoring an execution environment to determine if the execution environment is in an approved configuration. Memory used by the execution environment may be scanned from outside of the execution environment to determine whether the execution environment is in an unapproved configuration. The scanning may include examining the memory for abnormalities or other irregular or unapproved data. When the execution environment is in the unapproved configuration, actions may be performed that change how the execution environment accesses resources or performing other types of functionality.

Abstract: A monitoring unit in a monitoring system determines whether or not a program to be executed is a program to be monitored. If it is determined that the program to be executed is a program to be monitored, the monitoring unit in the monitoring system adds, in order, before an instruction string included in a function called by the program to be monitored, an instruction string satisfying a predetermined condition, and a condition branch instruction, which is an instruction starting a predetermined control process when the predetermined condition is satisfied.

Abstract: An identity and access management (IAM) system is associated with a set of data sources from which data is collected. A set of vulnerabilities that the IAM system should attempt to detect is identified. For each vulnerability to be detected, a prioritized list of strategies used to detect that vulnerability is generated. Preferably, each strategy specifies the type(s) of data required to detect that vulnerability. An algorithm to determine a best strategy to be used for detecting each vulnerability, preferably based on the data available from the data sources, is then identified. The IAM system then collects data in an optimized manner. In particular, during the collection process, the IAM system preferably collects only what is necessary based on the configuration, even if the data source is capable of providing additional data. The collected data is then processed to detect security vulnerabilities associated with the IAM accounts.

Abstract: This method in which an attempt to attack a security processor is detected by the security processor itself comprises: measurements (50) of several different events occurring independently of one another in the absence of attack attempts, :building (52) the value of at least one attack indicator as a function of at least one index of concomitance between at least two different events measured, the index of concomitance representing the temporal proximity between the two different events measured, and detecting (54) an attack attempt if the value of the attack indicator crosses a predetermined threshold.

Abstract: Disclosed are a method and a device for extracting a characteristic code of an APK virus. The method comprises: scanning a designated file in an Android installation package APK; extracting an operation instruction in the designated file, and judging whether the operation instruction contains virus information; and if yes, generating a characteristic code of the virus according to the operation instruction. In the application, the characteristic code of the virus APK can be accurately and effectively extracted, so as to facilitate improvement of efficiency and accuracy of identification of the virus APK and a variation thereof, thereby improving the security of an APK application.

Abstract: A system of resource-based action attribution provides a mechanism for tracking actions performed on a resource shared among multiple users of a resource sharing system, whether the users are authenticated within the resource sharing system or not. The tracking mechanism may allow users to track identifying information of other users who perform actions (e.g., editing actions) on the shared resource. A user can access a resource by providing a resource identifier and/or an access credential associated with the resource. The user's actions on the resource can be associated with an invitee identifier (e.g., an email address) that is associated in memory with the resource identifier and/or the access credential.

Abstract: In one embodiment, a system comprises: a processor including at least one core to execute instructions; a plurality of sensors, including a first sensor to determine location information regarding a location of the system; and a security engine to apply a security policy to the system. In this embodiment, the security engine includes a policy logic to determine one of a plurality of security policies to apply based at least in part on the location information, where the location information indicates a location different than locations associated with the plurality of security policies. Other embodiments are described and claimed.

Abstract: Described herein is technology for restoring access to a user account. In particular, systems and methods for account recovery using a platform attestation credential are described. In some embodiments, the platform attestation credential is generated by an authentication device in a pre boot environment. A first copy of the platform attestation credential may be bound by an account management system to a user account. Access to the user account may subsequently be restored using a second copy of the platform attestation credential.

Abstract: Techniques are described for dynamically enabling or disabling portions of an executing software module based on control data. During compilation of source code for a software module, switching instructions may be generated to enable the conditional bypassing of executable instructions for one or more functions described in the source code. In some cases, the switching instructions may be generated for the public functions of a software module. During execution of the software module, the switching instructions may trap a call to a function and dynamically determine whether to execute the function based on the value of control data corresponding to the function. A user interface may be presented to enable an operator to set the control data to enable or disable the execution of one or more functions.

Abstract: A risk evaluation method and a risk evaluation device for evaluating an anonymous dataset generated according to an original dataset are provided. The risk evaluation method comprises the following steps. Acquiring a plurality of appearing times respectively corresponding to a plurality of original values of the original dataset. Generating a partition set and a weight table according to a sample parameter, an anonymous parameter and the appearing times. Dividing the original dataset into a plurality of data partitions according to the partition set, and generating a penetration dataset according to the weight table and the data partitions, wherein the penetration dataset comprises a plurality of sample data. Comparing each sample data with a plurality of anonymous data of the anonymous dataset to obtain a plurality of matching quantities respectively corresponding to the sample data. And calculating and outputting a risk evaluation result according to the matching quantities.

Abstract: A wireless face-to-face bilateral communication method between at least two users of a service provider, each having a token device, and at least one having a user-defined profile, comprising: between a sending token device and a receiving token device, transmitting unique electronic transaction tokens between a consenting sending party and a consenting or optionally consenting receiving party wherein said transaction tokens may be used for single use, party-approved after-contact, computer-network facilitated access to each other's profile.

Abstract: Certain example embodiments relate to file transfer systems and/or methods that enable a single provider to offer to different customers customizable file transfer solutions that are secure, scalable to handle enterprise-level amounts of data, and able to meet customer-specific needs even though such needs are not necessarily known in advance. Once initially set up, the file transfer solution of certain example embodiments delegates management of the customer-specific instances of the solution, optionally in a sub-delegatable manner and, thus, the single provider need not be consulted after specific initial instance deployment time (e.g., for security management and/or other routine maintenance issues).

Abstract: Methods and devices for communicating sensitive data to applications are provided. A wearable device can wirelessly connect with a second computing device. The wearable device can be configured to obtain sensitive data. The second computing device can provide a first software application and a second software application. The wearable device can wirelessly receive a first request for the sensitive data from the first application. The wearable device can send a response denying the first request to the first application. The wearable device can wirelessly receive a second request for the sensitive data from the second application. The wearable device can determine whether the second request is authenticated to be associated with the second application. After determining that the second request is authenticated to be associated with the second application, the wearable device can wirelessly send the sensitive data to the second application.

Abstract: Provided a database apparatus comprising a control means to execute data access control on a database, wherein the control means, receiving a database operation command from a user apparatus, comprises, regarding data and/or metadata to be handled associated with the database operation command, means for executing database operation or computation on encrypted data and/or encrypted metadata as is in ciphertext and means for executing database operation or computation on plaintext data and/or plaintext metadata, and the control means sends a processing result to the user apparatus.

Abstract: An image is selected responsive to receiving an access request for access to protected content. An access code is assigned to the image, and the image is partitioned into a plurality of image tiles. Each image tile comprises a code segment, which is a part of the access code. The image tiles are then scrambled into a scrambled version of the image and displayed to a user. The user rearranges the scrambled version of the image to reassemble the image, identifies a correct sequence for the code segments, and then enters the code segments in the correct sequence as a codeword. The codeword is matched against the assigned access code. If they match, the user is granted access to the protected content. Otherwise the person is denied access to the protected content.

Abstract: Techniques for resource operation based on usage, sharing, and recommendations with modular authentication are provided. A resource space is associated with a principal. The resource space comprises resources local to a device of the principal and remote from the device. The resources presented in a merged view within a local file system and operating system of the device. In an embodiment, the device negotiates authentication with an intermediary for access to a legacy service where authentication is performed by the intermediary on behalf of the device, and the intermediary establishes an authentication session between the principal and the legacy service.

Abstract: Facilities are provided herein for unmasking content presented on a display of a computing device. An unmask rule for unmasking the content on the display is determined based on confidentiality level of the content and includes an unmasking parameter indicating an extent to which a masked version of the content is to be physically shielded to unmask the content. A mask is selected and applied to the content in displaying the content on the display. The mask is selected based on the determined unmask rule to convey the unmasking parameter to a user. A shielding level indicating an extent to which the user has physically shielded the masked content on the display is detected and it is determined whether the detected shielding level satisfies the unmasking parameter. If so, the content is temporarily unmasked on the display.

Abstract: The present disclosure relates to a telecommunication method for controlling data access to a telecommunication server, the telecommunication server being connected to at least one first client terminal via at least a digital cellular telecommunication network, wherein the telecommunication server and the first client terminal communicate via a stateless protocol within at least a first communication session, the first client terminal being a battery powered device, the telecommunication server comprising an electronic document, the electronic document having a plurality of input fields for entry of electronic data, wherein a first lock and a session ID are assigned to the electronic document, the session ID being indicative of the first communication session, wherein the first lock is released by the telecommunication server upon ending the first communication session, the telecommunication server comprising multiple applications for accessing the electronic document, the telecommunication server further com

Abstract: In one implementation, a computer-implemented method includes receiving a request to run a particular process; determining whether the particular process is to be run in isolation on the computer system; selecting a particular permission scheme from among a plurality of permission schemes based, at least in part, on one or more characteristics of the particular process; fetching, according to the particular permission scheme, a copy object that corresponds to an actual object for the particular process, wherein the copy object is instantiated in an isolated environment; running the particular process is isolation on the computer system by executing the copy object in the isolated environment; applying, according to the particular permission scheme, one or more changes to the copy object; and mapping, according to the particular permission scheme, the one or more changes in the copy object to the actual object.

Abstract: The disclosed embodiments provide a system that processes data. The system includes a first client that encrypts a first set of data, uploads the encrypted first set of data to a volume on a cloud storage system, and creates a commit record of the upload. The system also includes a synchronization server that verifies access to the volume by the first client and includes the commit record in a change set containing a set of commit records associated with the volume. The synchronization server also signs the change set and provides the change set for use in synchronizing the upload with a second client.

Abstract: Provided are techniques for deleting sensitive information in a database. One or more objects in a database that are accessed by a statement are identified. It is determined that at least one object among the identified one or more objects contains sensitive information by checking an indicator for the at least one object. One or more security policies associated with the at least one object are identified. The identified one or more security policies are implemented for the at least one object to delete sensitive information.

Abstract: Provided are techniques for deleting sensitive information in a database. One or more objects in a database that are accessed by a statement are identified. It is determined that at least one object among the identified one or more objects contains sensitive information by checking an indicator for the at least one object. One or more security policies associated with the at least one object are identified. The identified one or more security policies are implemented for the at least one object to delete sensitive information.

Abstract: A method, non-transitory computer readable medium and apparatus for decrypting a document are disclosed. For example, the method captures a tag on an encrypted document, transmits the tag to an application server of a communication network to request a per-document decryption key, receives the per-document decryption key if the tag is authenticated, and decrypts a portion of the encrypted document using a temporary decryption key contained in the tag, the tag decrypted with the per-document decryption key.

Abstract: An approach is provided in which a cognitive digital security assistant intercepts a personal data request from a client that is requesting personal data from a user. The cognitive digital security assistant analyzes the personal data request against the user's security statements to determine whether to provide the user's personal data to the client. During the analysis, the cognitive digital security assistant determines whether the personal data request includes benefits that meet the user's benefit thresholds included in the user's security statements. When the benefits meet the user's benefit thresholds, the cognitive digital security assistant provides the requested personal data to the client in exchange for the benefit from the client.

Abstract: The security and privacy of a user is enhanced by distinguishing between potentially sensitive information and non-sensitive information being displayed on a display of a computing device. In an embodiment, potentially sensitive information on a display is identified by parsing information to be displayed. A front-facing camera of the user's computing device is used to monitor the user's background and compare any changes to a threshold amount. In response to a detected change in the background, actions are taken to alert the user or reduce the visibility of identified potentially sensitive information shown on the display screen.

Abstract: Systems and method for allowing an identifier value associated with a computing device, and that is delivered to content providers when requesting content, to be altered from that of the unique identifier value associated with the computing device. A computing device will include user interface elements that allow a user to request a new identifier on-demand. In some cases, the user can also configure the computing device to obtain a new identifier value in response to other actions at the computing device or automatically when some type of usage criteria is met. The identifier value is configured to be substantially unique and to be different than a unique identifier associated with the computing device to provide anonymity for the user.

Abstract: Sensitive pieces of information stored on an individual's device can be protected using a device identification system that applies, for each sensitive piece of information, a function that integrates an identifier of the individual with a respective sensitive piece of information to create a respective identity element. Each identity element can be signed with a signature to create a trust group. The identity element and signature can be uploaded to the individual's device using an application that is configured to provide a subset of the sensitive pieces of information in response to a query.

Abstract: An apparatus and a method for displaying information required to be secured in a wireless communication terminal are provided. The method includes recognizing generation of notification information of one or more processes activated in a first operation mode among a plurality of operation modes including the first operation mode and a second operation mode; and notifying a user of a part of the notification information when a current operation mode is the second operation mode.

Abstract: Disclosed aspects include managing access to a particular storage unit in a storage facility. The particular storage unit is coupled, in the storage facility, with both a particular storage unit identifier for the particular storage unit and an access management parameter for managing access to data on the particular storage unit. A device is used to identify the particular storage unit for write protection based on the particular storage unit identifier. In embodiments, the device includes an indicator to visually indicate a proper configuration and the particular storage unit identifier can be a world wide name. Aspects of the disclosure include managing the device for connection with the storage facility and access management for the storage facility.

Abstract: Systems and apparatus disclosed herein provide for a tamper resistant electronic device. The electronic device can include a circuit board, a shell, an anti-tamper material, a memory, one or more sensors, and tamper responsive electronics. The one or more sensors can be configured to sense when the shell moves away from the circuit board. The anti-tamper material can be integrated into the first portion of the shell and disposed to protect the memory, one or more sensors, and the tamper responsive electronics. The tamper responsive electronics on the circuit board can be coupled to the anti-tamper material and the one or more sensors, and can be configured to zeroize data in the memory if tampering is sensed by the anti-tamper material or if one or more of the one or more sensors sense the shell has moved away from the circuit board.

Abstract: A manufacturing method for sapphire crystal material is disclosed, including a laser-etched bar code formed into the interior of the sapphire crystal material. The laser-etched bar code may be associated with one or more manufacturing parameters or other manufacturing data. The sapphire crystal may be used to create a cover sheet for use with a display screen of a portable electronic device.

Abstract: A method for performing data transmission/reception using Near Field Communication (NFC) in a terminal includes loading a preset data transmission/reception policy upon recognizing a target device capable of communication using NFC; acquiring at least one sensing information used to determine a particular data transmission/reception operation; and determining the particular data transmission/reception operation based on the loaded data transmission/reception policy and the acquired sensing information.

Abstract: A system for monitoring a lockout condition of a component includes a lockout device, a lock unit, and a reader. The lockout device is moveable between a lockout condition blocking operation of the component and an access condition permitting operation of the component. The lock unit is configured to be secured to a lockout interface of the lockout device to secure the lockout device in the lockout condition. One of the lockout device and the lock unit includes a communication module configured to communicate a data signal including an identification code identifying the one of the lockout device and the lock unit. The reader is remote from the one of the lockout device and the lock unit, and is configured to receive the data signal at least when the lockout device is assembled with the component and the lock unit is secured to the lockout interface of the lockout device.

Abstract: An electronic entity includes contact communication elements (4) and remote communication elements (6). Members (2, K) are also provided to authorize an exchange of certain data at least via the remote communication elements based on the prior reception of an instruction via the contact communication elements. A terminal for communication with such an electronic entity as well as methods for controlling and for customizing the electronic entity are disclosed.

Abstract: Disclosed are systems and methods for behavior-based source monitoring to detect location of at least a source and gas leakage with a time stamp. The system comprises: at least a badge having a RFID tag and a gas sensor, the badge is capable of detecting leakage and location of the leakage of the gas, the badge is powered with rechargeable and permanent uninterrupted power back-up, at least a processing unit capable of processing at least a data packet, at least a source locator configured to at least locate a most confident center of an uncertain movement of a Radio Frequency Signal Indicator source readings, and at least a behavior characterization module capable of characterizing at least a behavior of the source. At least a RFID node is adapted for conveying at least a data packet received from the RFID badge to at least a computing device.

Abstract: An inventory system can include radio frequency identification (RFID) tags and RFID tuners that can be brought into interacting proximity with one another to provide input or other information about the location or other condition of movable elements within the inventory system. A wearable accessory that is wearable by a human operator can include RFID tuners thereon for interacting with RFID tags on other elements of the inventory system in order to communicate details about the elements and facilitate functions of the inventory system.

Abstract: Disclosed are a portable electronic device and an operation method thereof. The portable electronic device comprises a body, a barcode detector and a barcode decoder. In the barcode detector, a first image capturing module continually captures a barcode image when the portable electronic device is operating in the resting mode, a first buffering module temporarily stores the captured barcode image, and a first image processing module processes the stored barcode stored and counts a number of times when the barcode image has a predetermined pattern feature. When the number of times reaches to a threshold number, the barcode decoder is turned on to capture and decode the barcode image, and the barcode detector is switched to operate in a power-saving mode.

Abstract: A sending computing device encodes data items as barcodes and simultaneously displays two or more barcodes on a first display screen of, or operatively coupled to, the sending computing device. A receiving computing device obtains the two or more barcodes from a single video frame captured by a first camera module of, or operatively coupled to, the receiving computing device. Furthermore, the receiving computing device encodes, as an acknowledgement barcode, an acknowledgement that identifies each barcode that was successfully received and displays the acknowledgement barcode on a second display screen of, or operatively coupled to, the receiving computing device. The sending computing device captures the acknowledgement barcode via a second camera module of, or operatively coupled to, the sending computing device. Based on the acknowledgement barcode, the sending computing device determines which of the data items were or were not successfully received by the receiving computing device.

Abstract: An image processing system includes a mark in which an information display portion presenting predetermined information is included in a region formed by a pair of fiducial lines; a camera that is provided to be relatively movable with respect to the mark; an information acquisition unit that acquires the information presented in the information display portion of the mark, out of the image data; a distance calculation unit that calculates a distance from the camera to the mark in an optical axis direction; and an angle calculation unit that calculates a tilt angle of the camera with respect to the mark.

Abstract: Systems and methods are described for acquiring and decoding a plurality of images. First images are acquired and then processed to attempt to decode a symbol. Contributions of the first images to the decoding attempt are identified. An updated acquisition-settings order is determined based at least partly upon the contributions of the first images to the decoding attempt. Second images are acquired or processed based at least partly upon the updated acquisition-settings order.

Abstract: An novel impedance sensor is provided having a plurality of substantially parallel drive lines configured to transmit a signal into a surface of a proximally located object, and also a plurality of substantially parallel pickup lines oriented substantially perpendicular to the drive lines and separated from the pickup lines by a dielectric to form intrinsic electrode pairs that are impedance sensitive at each of the drive and pickup crossover locations.

Abstract: The present invention relates to a capacitive fingerprint sensing device comprising a plurality of sensing elements. Each sensing element includes a protective dielectric top layer to be touched by a finger; an electrically conductive sensing structure arranged underneath the top layer; a charge amplifier connected to the sensing structure for providing a sensing voltage signal indicative of a change of a charge carried by the sensing structure resulting from a change in a potential difference between the finger and the sensing structure; and a voltage-to-current converter for converting the sensing voltage signal to a sensing current signal indicative of the change of charge carried by the sensing structure. Hereby, accurate sensing as well as faster operation of the sensing elements can be achieved without a corresponding increase in power consumption.

Abstract: An apparatus and a computer-implemented method of acquiring a fingerprint image from a fingerprint sensor with an array of sensor elements spanning a sensing area, comprising: monitoring groups of sensor elements located at group-wise spaced apart positions in the array of sensor elements, to determine a touch event occurring on the array of sensor elements; from the array of sensor elements, acquiring, at respective points in time, fingerprint sub-images which are confined in size to a subarea of the sensing area; as the fingerprint sub-images are acquired, computing values of a statistical indicator for the fingerprint sub-images; and acquiring a full fingerprint image when a predefined criterion indicates that the values of the statistical indicator has reached or is about to reach a stable state.

Abstract: There is provided a capacitive fingerprint sensing device comprising a plurality of sensing elements, sensing circuitry for providing an analog sensing signal, drive signal circuitry providing a drive signal comprising a drive pulse having a maximum level and a minimum level, providing a change in potential difference between the finger and the sensing structure, analog sampling circuitry comprising at least three analog sample and hold circuits arranged to sample the sensing signal, and a sampling control unit for individually controlling the sample and hold circuits to capture a sample at a specified time, wherein the samples comprises one sample captured when the drive signal is at a first voltage level V1 and one sample captured when the drive signal is at a second voltage level V2, different from V1; and an analog-to-digital converter, ADC, configured to convert a combination of the samples into a digital signal, wherein the three samples are captured times such that a noise component is suppressed from

Abstract: Provided is a transparent fingerprint recognizing sensor array, including: a pixel driving circuit formed on a substrate; an antistatic wiring disposed in an upper part of the pixel driving circuit; and a pixel electrode connected to the pixel driving circuit, wherein the pixel electrode is made of a transparent material or has an open formed in a center part thereof.

Abstract: Methods and systems for enrolling biometric data that is easier to use and provides a more positive end user experience. Additionally, machine readable medium storing instructions configurable to achieve the results when executed by a computing device are also provided.

Abstract: At least first and second digital images of the sample are acquired having different focal heights relative to a platform on which the cells are disposed. A contrast matrix is produced having elements computed in dependence upon the difference between the values of the corresponding pixels in the first and second images. A phase matrix is produced by convolution of the contrast matrix with a predetermined distance matrix. The phase matrix is used to assess characteristics of the sample, such as the presence of cells in the sample or the heights of cells in the sample.

Abstract: This disclosure provides a method and system for automatically recognizing facial expressions at variable resolutions of video. According to one exemplary method, facial expressions are detected, extracted and classified from a video sequence based on an automatic localization of the periocular region associated with a detected and extracted face.

Abstract: A method and apparatus for processing digital images are provided. The method includes: recognizing faces from a plurality of images of a jumping subject; determining respective priorities for the plurality of images of the jumping subject, wherein an index of the priorities is based on face recognition information; and aligning the plurality of images of the jumping subject based on the priorities.

Abstract: A computer-implemented method of processing an input digital image is provided. The method includes forming a representation of the input digital image as wavelet components; and for each of a plurality of facial regions in the input digital image: forming a reconstructed facial region based on a subset of the wavelet components; and identifying pixels associated with facial wrinkles in the facial region as pixels In the reconstructed facial region that differ from corresponding pixels in the facial region by a first threshold amount.