Abstract: A semiconductor monitoring device includes a substrate, a die seal ring formed on the substrate, a deep n-typed well formed in the substrate under the die seal ring, and a monitoring device electrically connected to the die seal ring. The monitoring device is formed in a scribe line region defined on the substrate. A width of the deep n-typed well is larger than a width of the die seal ring.

Abstract: The timing analysis of an integrated chip component using dynamic load sensitive timing feedback constraints maintaining the timing accuracy for all the boundary paths is achieved by capturing a reduced order representation for parasitic load within a component for each of its primary input and primary output along with sensitivities of the arrival time, the slew and the required arrival time to the load representation at the component parent level of hierarchy as part of generating load sensitive feedback constraints. During the out-of-context timing closure of the component, the base load representation and the sensitivities, and an updated load representation enables the calculation of the updated boundary constraint for an accurate timing analysis. The accuracy improvement increases a chip designer productivity during timing closure resulting in a shortened time to take the chip design through timing closure to manufacturing.

Abstract: Embodiments of an electromigration (EM) check scheme to reduce a pessimism on current density limits by checking wire context. This methodology, in an embodiment, includes applying existing electronic design automation (EDA) flows and tools to identify potentially-failing wires based on a worst-case EM check using conservative foundry current density limits. A more accurate, context-specific check can be performed on the potentially-failing wires to eliminate one or more of the potentially-failing wires if those wires do not experience worst-case conditions and meet current density limits based on an actual context of those wires. A designer can correct remaining wires which are not eliminated by the context-specific check.

Abstract: The present invention provides a highly-safe information processing system that is capable of effectively using nucleotide sequence information differences between individual organisms to offer semantic information useful for each individual organism while properly preventing leakage and illegal use of nucleotide sequence information. Further, the present invention includes steps a and b. Step a is performed to acquire either encrypted nucleotide sequence-related information or cryptographic key that corresponds to positional information indicating a position within a nucleotide sequence.

Abstract: The present invention relates to methods for providing a set of symbols uniquely distinguishing an organism.

Abstract: Systems, methods, and apparatuses are provided for detecting and potentially invalidating or correcting jump errors in data from growth processes. A jump error can be identified by determining a second derivative of the data set, and identifying two consecutive cycles with opposite signs in the second derivative. Once a jump error has been detected, the data set can be invalidated or corrected based on various criteria. Whether to invalidate or correct can be based on an absolute jump height, a relative jump height (e.g., relative to the net growth or relative to the baseline), an absolute location (cycle number) of the jump, or a relative location. In one implementation, the jump can be corrected by subtracting a jump height from points subsequent to the jump or by adding the jump height to points prior to the jump.

Abstract: Systems and methods are disclosed for using vessel reactivity to guide diagnosis or treatment for cardiovascular disease. One method includes receiving a patient-specific vascular model of a patient's anatomy, including at least one vessel of the patient; determining, by measurement or estimation, a first vessel size at one or more locations of a vessel of the patient-specific vascular model at a first physiological state; determining a second vessel size at the one or more locations of the vessel of the patient-specific vascular model at a second physiological state using a simulation or learned information; comparing the first vessel size to the corresponding second vessel size; and estimating a characteristic of the vessel of the patient-specific vascular model based on the comparison.

Abstract: Methods, devices, and computer program products facilitate the application of a content use policy based on watermarks that are embedded in a content. Watermark extraction and content screening operations, which can include the application of content usage enforcement actions, may be organized such that some or all of the operations can be conducted at different times by different devices. These operations can be conducted by one or more trusted devices that reside in a networked environment. The authenticity of various devices can be verified through the exchange of certificates that can further enable such devices to ascertain capabilities of one another. Based on the ascertained capabilities, an operational configuration for conducting watermark extraction and content screening can be determined.

Abstract: A token-based validation method for delivery of at least part of a segmented content item and a content delivery system configured for executing such method are described. Said segmented content item may be associated with at least one manifest file comprising one or more segment identifiers. The method may comprises the steps of: a content processing device sending a first segment request message comprising a first segment identifier associated with a first segment to said at least one delivery node; generating first validation information for use with a further second segment request message, said first validation information comprising at least a first token and associated first timing information; and, sending a first response message and said first validation information to said content processing device, said first response message comprising at least part of said segment or location information associated with at least one delivery node for delivering said segment.

Abstract: A method and apparatus for inserting a watermark into a compiled computer program. A location process specifies an insertion point in the compiled program and a watermark generating process inserts a watermark, based on data to be encoded, into the program at the insertion point. The location process is also utilized to specify the location of watermark data to be decoded.

Abstract: Protected publication of sensitive documents with authentication and accountability enables storing and sharing confidential files, while reducing risk that a recipient will distribute and share the file information with unauthorized recipients. Every user request for an original file generates a unique provided file based on the original file, the user request, and configuration information. The provided file has characteristics that make the provided file based on a first user request unique from any other provided file based on any other user request. Unique characteristics include changing the format of the original file to another format for the provided file, altering file properties, altering file content, and watermarking.

Abstract: A system and method of managing a plurality of assets by associating a smart card with a compute subsystem by installing a database on the smart card and embedding an identifier of the compute subsystem. The system and method, in turn, may receive a request to access an asset of a compute subsystem; verify that a feature of the database is enabled in response to the request, the feature corresponding to the asset; and grant the access to access the asset upon the verifying of the feature.

Abstract: For a secure attention indicator at a mobile device, a method is disclosed for detecting a secure attention indicator at a mobile computing device, the secure attention indicator comprising input from one or more of a microphone, a touch sensor, an accelerometer, a photoreceptor, and an orientation sensor, notifying the mobile computing device in response to detecting the secure attention indicator, and executing secure trusted executable code in response to the notification, the secure trusted executable code not modifiable by a user.

Abstract: For verbal command processing, a phoneme module selects recognition phonemes from a phoneme input stream. A user recognition module selects a user profile for a user recognized based on the recognition phonemes. The command module processes a command concurrently identified from the phoneme input stream based on the user profile.

Abstract: Approaches utilize image information to not only identify a user, but also verify that the user is actually a physical person and not a false representation of that user. For example, a computing device can utilize image information with a facial recognition process in order to verify an identity of a current user of the device. A fingerprint or other verification metric can be generated from the image information and can be used to verify that the user is actually a physical human user instead of a representation (e.g., photo) of a human user. The fingerprint can include a number of cues, such as a shape of the face, a stereo disparity signature of the face, facial feature movement, as well as a presence of a human pulse. The cues can be combined and utilized for authenticating a user into the device as well as for verifying that the user is actually a physical person and not a false representation of that user.

Abstract: Methods, apparatus and articles of manufacture for map-based authentication are provided herein. A method includes establishing a set of cryptographic information, wherein said set of cryptographic information comprises (i) at least one graphical-based input element and (ii) one or more graphical-based input sub-elements derived from said at least one graphical-based input element, wherein said at least one graphical-based input element comprises at least one given map and wherein said one or more graphical-based input sub-elements comprise one or more points of interest on said at least one given map; generating a prompt via a computing device interface in connection with an authentication request to access a protected resource associated with the computing device; processing input cryptographic information entered via the computing device interface in response to the prompt against the set of cryptographic information; and resolving the authentication request based on said processing.

Abstract: In an embodiment, the present invention includes a method for receiving a request for user authentication of a system, displaying an authentication image on a display of the system using a set of random coordinates, receiving a plurality of gesture input values from the user, and determining whether to authenticate the user based at least in part on the plurality of gesture input values. Other embodiments are described and claimed.

Abstract: The present invention relates to a mobile terminal and a control method thereof. The mobile terminal displays a plurality of figures arranged in a first composition on a touch screen when a specific mode is locked, rearranges the plurality of figures in a second composition different from the first composition upon receiving a specific input, and determines whether to unlock the specific mode on the basis of a pattern which is input using the plurality of figures arranged in the first or second composition.

Abstract: Mechanisms are provided for facilitating recertification of a user access entitlement. These mechanisms collect, from a system resource of the data processing system, access information representative of accesses of the system resource by a user access entitlement. These mechanisms determine that recertification of the user access entitlement, with regard to the system resource, is to be performed and a pattern of access is determined based on the access information for the user access entitlement. A recertification request graphical user interface is output to a user based on the pattern of access. The graphical user interface includes the pattern of access and one or more graphical user interface elements for receiving a user input specifying acceptance or denial of the recertification of the user access entitlement.

Abstract: Disclosed are various embodiments for provisioning account credentials via a trusted channel. An identification of an account is received. A security credential reset corresponding to the account is requested. The account is linked to a trusted channel of communication for reset purposes. A security credential communication corresponding to the account is received via the trusted channel of communication. The security credential communication may be parsed to obtain a token.

Abstract: A method, system and computer-usable medium are disclosed for identifying risk within an information technology (IT) environment, comprising: analyzing characteristics of a user accessing a system within an IT environment; associating a risk profile with the user based upon the characteristics of the user; determining when the user accesses a system within the IT environment; maintaining a user risk profile record of all systems within the IT environment accessed by the user, the user risk profile record continuing to be associated with the system after access by the user ceases; and, identifying a risk level for all systems within the IT environment based upon the user risk profile record.

Abstract: In an embodiment, a method comprises downloading an application program to a first storage coupled to a first device, wherein the application program comprises an encrypted portion based on a set of personally identifying data stored on the first storage; configuring the application program to load and execute a pre-compiled library when the application program is launched and which when executed by the first device, causes storing an unencrypted version of the application program on the first storage; launching the application program.

Abstract: Methods, devices and systems for detecting suspicious or performance-degrading mobile device behaviors intelligently, dynamically, and/or adaptively determine computing device behaviors that are to be observed, the number of behaviors that are to be observed, and the level of detail or granularity at which the mobile device behaviors are to be observed. The various aspects efficiently identify suspicious or performance-degrading mobile device behaviors without requiring an excessive amount of processing, memory, or energy resources.

Abstract: A method and system for detecting software tampering includes: at a device having one or more processors and memory: receiving a software verification instruction from a server, the software verification instruction comprising a verification parameter dynamically selected by the server for verifying whether particular software stored at the device contains unauthorized modifications; executing a respective verification procedure corresponding to the verification parameter to obtain a first verification data value; and returning the first verification data value to the server, wherein the server compares the first verification data value to a second verification data value to determine whether the particular software stored at the device contains unauthorized modifications.

Abstract: Method, apparatus, and computer readable medium for detecting malware on a target computer system is described. A threat profile is obtained at the target computer, the threat profile having manifestation information for known malware, the manifestation information including effects of the known malware on computer systems infected by the known malware. Using the threat profile, at least a portion of the manifestation information is detected on the target computer. A confidence level for detection of potential malware is determined based on the at least a portion of the manifestation information detected. The potential malware on the target computer is convicted as malware for remediation if the confidence level satisfies a threshold confidence level.

Abstract: A system and method for updating a system that controls files executed on a workstation. The workstation includes a workstation management module configured to detect the launch of an application. A workstation application server receives data associated with the application from the workstation. This data can include a hash value. The application server module can determine one or more categories to associate with the application by referencing an application inventory database or requesting the category from an application database factory. The application database factory can receive applications from multiple application server modules. The application database factory determines whether the application was previously categorized by the application database factory and provides the category to the application server module. Once the application server module has the category, it forwards a hash/policy table to the workstation management module.

Abstract: A file stored in a first portion of a computer memory of a computer is determined to be a malicious file. A duplicate of the file is stored in a quarantine area in the computer memory, the quarantine area being in a second portion of the computer memory that is different from the first portion of the computer memory. One or more protection processes are performed on the file. The determination that the file is a malicious file is determined to be a false positive and the file is restored, during a boot sequence, to a state prior to the one or more protection processes being performed on the file.

Abstract: Systems, methods, computer readable media and articles of manufacture consistent with innovations herein are directed to computer virtualization, computer security and/or data isolation. According to some illustrative implementations, innovations herein may utilize and/or involve a separation kernel hypervisor which may include the use of a guest operating system virtual machine protection domain, a virtualization assistance layer, and/or a rootkit defense mechanism (which may be proximate in temporal and/or spatial locality to malicious code, but isolated from it), inter alia, for detection and/or prevention of malicious code, for example, in a manner/context that is isolated and not able to be corrupted, detected, prevented, bypassed, and/or otherwise affected by the malicious code.

Abstract: Techniques are presented for detecting malware in an executable. The method includes receiving an executable to evaluate for malware, emulating an execution of the executable up to a first count of instructions, determining a number of cache misses that occur while emulating the executable up to the first count of instructions, comparing the number of cache misses to a threshold, and upon determining the number of cache misses exceeds the threshold, identifying the executable as potentially containing malware.

Abstract: Disclosed is a method for detecting clock tampering. In the method a plurality of resettable delay line segments are provided. Resettable delay line segments between a resettable delay line segment associated with a minimum delay time and a resettable delay line segment associated with a maximum delay time are each associated with discretely increasing delay times. A monotone signal is provided during a clock evaluate time period associated with a clock. The monotone signal is delayed using each of the plurality of resettable delay line segments to generate a respective plurality of delayed monotone signals. The clock is used to trigger an evaluate circuit that uses the plurality of delayed monotone signals to detect a clock fault.

Abstract: Access-control and information-flow integrity policies are enforced in a computing system by detecting security-sensitive sinks in software code for an application running on the computing system and retrieving an access-control policy from a database accessible to the computing system. The access-control policy maps a set of access permissions within the computing system to each one of a plurality of principals. For each detected security-sensitive sink, all principals that influence that security-sensitive sink are detected and an overall access permission is assigned to each security-sensitive sink by taking the intersection of the access permission sets for all influencing principals of that security-sensitive sink. If this permission set is inadequate, an integrity violation is reported. In addition, permission labels are assigned to each value of variables used in the security-sensitive sinks. Each permission label is a set of permissions.

Abstract: A system for analyzing an environment to identify a security risk in a process, comprising a model engine to generate a model of the environment using multiple components defining adjustable elements of the model and including components representing a patching process for the environment, a risk analyzer to calculate multiple randomized instances of an outcome for the environment using multiple values for parameters of the elements of the model selected from within respective predefined ranges for the parameters, and to use a results plan to provide data for identifying a security risk in the patching process using the multiple instances.

Abstract: A system and method that includes identifying a vulnerability in a computing device; accessing a vulnerability exploitation mapped to the identified vulnerability; at the computing device, executing the vulnerability exploitation and entering an operating mode of escalated privileges; and while in the operating mode of escalated privileges, updating the system with a vulnerability resolution.

Abstract: Methods and devices for providing a private page are provided. A method includes operations of entering a security mode based on a user input; extracting the private page that corresponds to the security mode; and providing both the private page and a normal page that is provided during a normal mode, wherein the private page includes at least one object that is selected by a user so as to be provided during the security mode. A device includes a user input configured to receive a user input; a controller configured to enter a security mode based on the received user input, and extracting a private page that corresponds to the security mode; and a display configured to provide both the private page and a normal page that is provided during a normal mode, wherein the private page comprises at least one object that is selected by a user so as to be provided during the security mode.

Abstract: A computing apparatus outputs ?1 and ?2 corresponding to a ciphertext x, a capability providing apparatus uses ?1 to correctly compute f(?1) with a probability greater than a certain probability and sets the result of the computation as z1, uses ?2 to correctly compute f(?2) with a probability greater than a certain probability and sets the result of the computation as z2, the computing apparatus generates a computation result u=f(x)bx1 from z1, generates a computation result v=f(x)ax2 from z2, and outputs ub?va? if the computation results u and v satisfy a particular relation, where G and H are groups, f(x) is a function for obtaining an element of the group G for x?H, X1 and X2 are random variables having values in the group G, x1 is a realization of the random variable X1, and x2 is a realization of the random variable X2.

Abstract: A method, computer program product, and system for selecting and generating a key to perform a cryptographic operation are described. The method includes receiving one or more inputs representing criteria for the key, the one or more inputs excluding an explicit identification of the key and one of the one or more inputs specifying the cryptographic operation; retrieving, from a memory device, information corresponding with the one or more inputs; selecting and generating the key based on the one or more inputs and the information; and performing the cryptographic operation using the key.

Abstract: A method of providing encryption and decryption of plaintext strings in a program file, includes: at a device having one or more processors and memory: marking each of a plurality of plaintext strings in a source file with a respective marking macro (e.g., Decrypt); scanning (e.g., using a reflection tool) for the respective marking macros to identify the plurality of plaintext strings in the source code; generating a respective ciphertext string for each of the plurality plaintext strings that have been identified; and storing the plurality of plaintext strings in a dictionary file, where each plaintext string is indexed by a respective hash value computed from the plaintext string, and where the respective hash value for each of the plaintext strings is used to retrieve the respective ciphertext string of the plaintext string from the dictionary during program execution.

Abstract: Methods, systems, and computer-readable storage media for selecting columns for re-encryption in join operations. In some implementations, actions include determining a first column and a second column to be joined, receiving a first key corresponding to the first column and a second key corresponding to the second column, receiving a first rank associated with the first key and a second rank associated with the second key, selecting the second column for re-encryption based on the first rank and the second rank, and providing the first column, the second column, and the first key for performing a join operation, the second column being re-encrypted based on the first key.

Abstract: A support system negotiates secure connections on behalf of multiple guest systems using a set of credentials associated with the guest systems. The operation of the secure connection may be transparent to the guest system such that guest system may send and receive messages that are encrypted or decrypted by the support system, such as a hypervisor. As the support system is in between the guest system and a destination, the support system may act as a local endpoint to the secure connection. Messages may be altered by the support system to indicate to a guest system which communications were secured. The credentials may be managed by the support system such that the guest system does not require access to the credentials.

Abstract: An information processing apparatus determines, in response to acceptance of an edit of a file including a plurality of setting items, whether or not the information processing apparatus supports a version corresponding to the plurality of setting items included in the file. In the case of determining that the information processing apparatus supports the version, the information processing apparatus displays an edit screen of the file on a display unit of the information processing apparatus. In the case of determining that the information processing apparatus does not support the version, the information processing apparatus displays the edit screen of the file on the display unit of the information processing apparatus, using edit screen data for a display process by a network device that supports the version.

Abstract: A communication apparatus has an auto-complete function using an LDAP protocol. The apparatus inputs character information, and verifies a certificate of an LDAP server. The apparatus obtains, by the LDAP protocol, address information including the character information input by the input unit after verifying the certificate of the LDAP server.

Abstract: Methods, systems, and computer program products for initializing a page with watchdog code, by: positioning a first set of instructions in a first address range on the page; determining that there is a second address range that is unused by the first set of instructions; and initializing the second address range with a second set of instructions, the second set of instructions being watchdog instructions.

Abstract: Embodiments are disclosed for managing and providing access to a collection of digital resources. One embodiment provides a method comprising receiving a request to access a resource for a principal and determining one or more principal groups to which the principal belongs. The method further comprises obtaining resource set membership information indicating a resource set to which the resource belongs, and obtaining resource set access policy information for the resource set to which the resource belongs. The method yet further comprises determining whether the principal is allowed to access the resource based on the principal group membership information and the resource set access policy information, and, if the principal is allowed to access the resource, then permitting access to the resource by the principal.

Abstract: A graphical user interface for uploading an application data file may be generated by a computing platform and communicated to a computing device. The computing platform may receive the application data file from the computing device. A graphical user interface comprising a link configured to provide the computing device with access to a modified version of the application data file that comprises an element for tracking dissemination of the application data file may be generated by the computing platform and communicated to the computing device.

Abstract: A method begins by a processing module receiving a data segment for dispersed storage. The method continues with the processing module encoding the data segment in accordance with an error coding dispersed storage function to produce a plurality of error coded data slices. The method continues with the processing module generating a slice name for an error coded data slice of the plurality of error coded data slices, wherein the slice name includes a dispersed storage routing information section and a data identification section. The method continues with the processing module performing a securing function on at least the data identification section to produce a secure data identification section. The method continues with the processing module replacing, within the slice name, the data identification section with the secure data identification section to produce a secure slice name.

Abstract: A mobile terminal including a wireless communication unit configured to provide wireless communication; a touch screen; and a controller configured to receive a user signature that identifies a user and has a predetermined trace on the touch screen, and enter a user-only accessible folder based on the received user signature.

Abstract: A cloud data encryption and security system includes a central computing authority and a network of computing devices. At least some of the computing devices are pod computing devices physically hosted by an operator. The pod computing devices include a central processing unit and a computer readable storage media in data communication with the central processing unit. Data is encrypted in the computer readable storage media so that the owner can access the data but the operator cannot access the data.

Abstract: Methods, systems, and computer program products for preventing sharing of sensitive information through code repositories are provided herein. A method includes detecting one or more items of sensitive information in a check-in associated with a given user in a shared version management system; automatically refactoring the one or more items of sensitive information in the check-in by externalizing the one or more items of sensitive information as an encrypted file; and upon acceptance by the user of one or more changes to the check-in, automatically (i) decrypting the encrypted file using one or more code repository credentials associated with the given user, and (ii) incorporating the one or more items of sensitive information into the check-in.

Abstract: An apparatus for providing security for an integrated circuit (IC) chip is disclosed. The apparatus may include the IC chip, attached to a surface of a printed circuit board (PCB). The PCB may include a first, electrically insulative, conformal coating layer attached to the PCB surface and to exposed IC chip surfaces. The PCB may also include a Wheatstone bridge circuit to indicate changes to a second, X-ray opaque, optically opaque and electrically resistive, conformal coating layer. The circuit may include four resistors, formed from second conformal coating layer regions, four sets of electrically conductive pads on the PCB, each set electrically connected to a resistor of the four resistors. The circuit may also include a voltage source, connected to two conductive pads and a monitoring device, connected to another two conductive pads and configured to detect a change of resistance of the Wheatstone bridge.

Abstract: There is provided an information processing apparatus including a first computation protocol generation unit configured to generate a first computation protocol that does not include a confidentiality securing protocol that is executed in order to maintain confidentiality of a plurality of input values on the basis of a secure computation protocol in which a plurality of operation processing apparatuses compute an output value on the basis of the input values, and a second computation protocol generation unit configured to generate a second computation protocol by arranging the confidentiality securing protocol to a position at which the confidentiality is secured in the first computation protocol.