Abstract: Systems and methods for testing to tell computers and humans apart and generating said tests are described. To generate a test, a selection of a range of characters at least including the 8-bit ASCII character range is received. Each character in the selected range of characters is tested to determine if the character has a glyph in the selected font, if the character is a whitespace character, and if the character leaves a visible impression. From all the characters in the selected range of characters that pass the tests, a plurality of characters is selected for a challenge, and a larger set of characters (that includes the plurality of characters from the challenge) is selected for a response. An image is generated that includes the challenge and the response, and a solution threshold is calculated based on the location of the challenge characters within the generated response.

Abstract: Methods, systems, apparatuses, and computer-readable media for utilizing just-in-time polymorphic authentication techniques to secure information are presented. In one or more embodiments, a computing platform may receive, from a computing device, a request to access a user account. In response to receiving the request to access the user account, the computing platform may dynamically select, based on one or more polymorphic authentication factors, an authentication method for authenticating a user of the computing device, and the authentication method may be selected from a plurality of predefined authentication methods. Subsequently, the computing platform may generate one or more authentication prompts based on the selected authentication method. The computing platform then may provide the one or more authentication prompts to the user of the computing device.

Abstract: In one embodiment, a method includes detecting a request from a user agent of a client computing device of a user to access a communication network through the router; and automatically redirecting the user agent from a first network resource to second network resource. The first network resource is configured to authenticate the user to provide access to the communication network. The second network resource is configured to authenticate the user to provide access to a particular domain of the communication network. The method also includes providing to the user agent access to the particular domain of the communication network if the second network resource successfully authenticates the user.

Abstract: Embodiments include a method, apparatus, and computer program product for authentication for speech recognition. The method can include sensing an authentication device with a target device. One or more decoded voice commands can be processed after verification of the authentication device by the target device. Further, one or more decoded voice commands can be executed by the target device.

Abstract: In one example, a method includes receiving, by a wireless docking center (WDC) and from a wireless dockee (WD), a request to access one or more peripheral functions (PFs) associated with the WDC, and receiving, by the WDC and from the WD, one or more authentication credentials. In this example, the method also includes determining, by the WDC, whether or not the one or more authentication credentials received from the WD grant access to the one or more PFs to which the WD requests access. In this example, the method also includes permitting, by the WDC, the WD to access a first PF of the one or more PFs to which the WD requests access in response to determining that the one or more authentication credentials grant access to the first PF.

Abstract: A method provides access to an integrated circuit which may comprise a storage containing an unalterable first security key and a memory containing a second security key. The method may comprise: checking the second security key by comparing the first security key and the second security key, if the second security key is valid, providing access to the integrated circuit, optionally depending on the validity of an access key, and if the second security key is invalid, enabling erasing the memory, and storing in the memory a new second security key which corresponds to the first security key. Erasing the memory may be followed by checking the erasing for completeness.

Abstract: A behavior change detection system collects behavior from a service, such as an online service, and detects behavior changes, either permanent or transient, in the service. Machine learning hierarchical (agglomerative) clustering techniques are utilized to compute deviations between clustered data sets representing an “answer” that the service presents to a series of requests.

Abstract: The disclosed computer-implemented method for detecting potentially malicious applications may include (1) detecting a request issued by an application running on a client device to download a file from a remote device, (2) determining that the request calls an application programming interface that enables the client device to download the file from the remote device, (3) determining that a parameter passed to the application programming interface in the request has been implicated in a previous attempt to download a known malicious file, and then in response to determining that the parameter has been implicated in a previous attempt to download a known malicious file, (4) classifying the application that issued the request as potentially malicious. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Disclosed are a method and a device for identifying a virus APK. The method comprises: presetting a virus database comprising a virus characteristic code; detecting whether a designated file in a target Android installation package APK contains the virus characteristic code; and if yes, determining that the target Android installation package APK is a virus APK. In the application, the virus APK and a variation thereof can be rapidly, accurately and effectively identified, thereby improving the security of an APK application.

Abstract: A method of testing a target in a network by fault injection, includes: defining a transaction baseline; modifying at least one of an order and a structure of the transaction baseline to obtain a modified transaction with malformed grammar; and transmitting the modified transaction to a target. The method may further include, receiving a feedback from the target to determine fault occurrence. An apparatus for testing a target in a network by fault injection, includes: a driver configured to generate patterns, where a pattern can generate a plurality of packets for transmission to the target, the pattern being represented by an expression with a literal string and a wild character class; and a network interface coupled to the driver and configured to transmit and receive network traffic.

Abstract: In accordance with embodiments, there are provided mechanisms and methods for determining a risk score for an entity. These mechanisms and methods for determining a risk score for an entity can enable more effective monitoring of a system, can create more relevant data associated with the entity, etc.

Abstract: Embodiments of a system and method for detecting a security compromise on a device are described. Embodiments may be implemented by a content consumption application configured to protect content decryption keys on a device, such as a computer system (e.g., a desktop or notebook computer) or a mobile device (e.g., a smartphone or tablet). For instance, the content consumption application may be configured to provide decryption keys for respective content to a media component (or another component of the operating system) if multiple conditions have been met. For instance, in various embodiments, the content consumption application may pass the key to the media component after ensuring that i) one or more security mechanisms of the device operating system have not been compromised and ii) one or more executable instructions of the content consumption application have not been tampered (e.g., instructions corresponding to a function that handles the decryption key(s)).

Abstract: Methods and systems for application monitoring through collective record and replay are disclosed herein. The method includes recording a number of execution traces for an application from a number of user devices at a runtime library, wherein the number of execution traces relates to non-deterministic data. The method also includes replaying the number of execution traces to determine whether a behavior of the application creates a security risk.

Abstract: An automated software vulnerability scanning and notification system and method provide an automated detection and notification regarding a software vulnerability. The operation of the system and the method includes obtaining software vulnerability information, periodically scanning a web application and a corresponding web server associated with an operator, and evaluating the periodic scans relative to the software vulnerability information to detect software vulnerabilities. Upon detection of a software vulnerability, a notification message is provided automatically to the operator regarding the software vulnerability.

Abstract: Example embodiments of the present invention may include an example method of performing steganography. The example method may include processing a data message into multiple message blocks each representing a portion of the data message, and assigning the multiple message blocks to a corresponding set of multiple data files. The method may also include storing the multiple data files in at least one memory location.

Abstract: Implementation manners of the present disclosure provide a method and an apparatus for storing a redeem code and a method and an apparatus for verifying a redeem code. The method for storing a redeem code includes: generating a random value, and determining an index of the random value according to an order in which the random value is generated; generating a number pair according to the random value and the index of the random value, mapping the number pair to a string, and generating a redeem code according to the string; and determining a storage location of the random value according to the index of the random value, and saving the random value at the determined storage location.

Abstract: A homomorphically encrypted one instruction computation (“HEROIC”) computing system is described. The described HEROIC cloud computing system utilizes a homomorphic encryption scheme. The homomorphic encryption scheme allows for meaningful manipulation of encrypted data directly within the encrypted domain (i.e., without the need to first decrypt the data and then re-encrypt the data after processing). The HEROIC cloud computing system eliminates the need for the cloud computing processor to first decrypt data prior to processing thereby eliminating the need for the cryptographic keys to be provided to the provider of the cloud computing system.

Abstract: Systems and methods for securing or encrypting data or other information arising from a user's interaction with software and/or hardware, resulting in transformation of original data into ciphertext. Generally, the ciphertext is generated using context-based keys that depend on the environment in which the original data originated and/or accessed. The ciphertext can be stored in a user's storage device or in an enterprise database (e.g., at-rest encryption), or shared with other users (e.g., cryptographic communication). Use of context-based encryption keys enables key association with individual data elements, as opposed to public-private key pairs, or use of conventional user-based or system-based keys. In scenarios wherein data is shared by a sender with other users, the system manages the rights of users who are able to send and/or access the sender's data according to pre-defined policies/roles.

Abstract: The electrode patch can store an identifier, such as a serial number, and a password associated with the identifier. The password can include a cryptographic hash of the identifier. The password and the identifier are coupled to the data collected using the patch and the data can be stored as electronic medical records (EMR) in a database based on the identifier. A patient or another authorized party can access the data using the identifier and the password. The EMRs can also include results of analysis of data received from the monitor, such as an automated over-read of an ECG trace based on the received data.

Abstract: A method and system for managing personal data is provided as a means to increase the efficiency and effectiveness of personal data access, approval and curation across multiple content sources. The method and system accomplishes this by discovering, identifying, collecting normalizing personal information from content sources then alerting the user to any identifiable use of their personal information and allowing the user to directly dictate personal information use policies and manually control individual personal data attributes on multiple content platforms.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for implementing virtual network pairs between virtual machines and other devices. In one aspect, a method includes associating each of a plurality of different virtual machine network addresses with a respective host machine network address; receiving, from a sender, a request for a source virtual machine to communicate with a destination virtual machine; determining that the source virtual machine is authorized to communicate with the destination virtual machine; selecting, from the associations, a host machine network address for the destination virtual machine; generating a token based at least partly on the selected host machine network address and on a secret key of the destination virtual machine, wherein the secret key is not known by the source virtual machine; and sending the selected host machine network address and generated token to the sender.

Abstract: A replaceable printer component includes a first memory device and a communication link. The first memory device is configured to store a first secret. The communication link is configured to communicatively link the first memory device to a printer controller when the replaceable printer component is installed in a printing system. The printing system comprises a second memory device storing a second secret. The second memory device is communicatively linked to the printer controller. The printer controller is configured to determine an authenticity of the replaceable printer component based on the first secret and the second secret.

Abstract: Systems and methods for handling electronic messages are provided. One method includes monitoring a message and recipients of the message, detecting a reference in the monitored message to an entity, obtaining an access control list for the detected entity, the access control list defining permitted access to the entity, identifying a recipient of the message who is not permitted to access the entity, and performing a predefined action in response to the identification of the non-permitted recipient. The predefined action includes one or more specific actions such as identifying an administrator for the access control list, generating a reporting message, and transmitting the reporting message to the administrator. The predefined action additionally or alternatively includes preventing the transmission of the message to the non-permitted recipient and/or providing an alert to the author of the message. One system includes a processor and memory storing code for performing the above method.

Abstract: The present invention relates to a method and system for adding dynamic labels to a file and encrypting the file, after having the file be converted and added at least one label related to information about the file and user, the file is encrypted for reading after decryption. First, transferring at least one file by a file upload unit; converting the file from the file upload unit into PDF format by a first file conversion unit, and adding at least one label corresponding to information about the file and its users via a label-adding unit; encrypting the file from the first file conversion unit by an encryption unit to form an encrypted file, and then generating a decryption key corresponding to the encrypted file; saving the encrypted file and the decryption key respectively in a first storage unit and a second storage unit.

Abstract: A method for verifying a target attribute of a company profile record for a procurement application. It is ascertained that a database stores the company profile record including the target attribute and a validity attribute associated with the target attribute. The validity attribute has a VALID or INVALID value respectively indicating that the target attribute in the company profile record has a valid or invalid value within the database. It is insured that the database stores a first and second user profile record, that a first user of a requisition transaction corresponds to the first user profile record, that the first user profile record includes the target attribute having a value identical to a value of the target attribute of a first company profile record associated with a first company represented by the first user, and that the validity attribute of the first company profile record has the VALID value.

Abstract: The described embodiments relate to methods, systems, and products for providing data protection and encryption on a plurality of devices configured for electronic communication with a server. Specifically, the methods, systems, and products can automatically and securely synchronize a user's file encryption/decryption keys across a plurality of devices, authenticating the user on each device before receiving and processing information from the server necessary to recreate the user's file encryption/decryption keys.

Abstract: A device may correspond to a physical access controller in a distributed physical access control system. The device in a distributed system may include logic configured to detect a request from an application to access an application dataset, wherein the application dataset corresponds to a distributed dataset and determine whether the application dataset exists in the distributed system. The logic may be further configured to generate the application dataset in the distributed system, in response to determining that the application dataset does not exist in the distributed system, and send, to other devices in the distributed system, a request to join a dataset group that includes devices associated with the application dataset, in response to determining that the application dataset exists in the distributed system.

Abstract: Various systems, computer-readable media, and computer-implemented methods of providing improved data privacy, anonymity, and security by enabling subjects to which data pertains to remain “dynamically anonymous,” i.e., anonymous for as long as is desired—and to the extent desired—are disclosed herein. This concept is also referred to herein as “anonosizing.” In some embodiments, the anonosizing of data may be implemented by encoding and decoding data under controlled conditions to support specific uses within designated authorized contexts. By anonosizing data controls via “identifying” and/or “associating” data elements within a population, data uses may be restricted to only those uses permissioned by a data subject or authorized third party. If new authorized data uses arise, all original data value and utility may be retained to support them—to the extent authorized by a data subject or authorized third party—but inappropriate, i.e., non-permissioned, uses of identifying information may be prevented.

Abstract: A system for detecting user credentials comprising a data chunker, a data chunk storage, a bytewise checker, a bit counter, and a credential checker. The data chunker is for determining a data chunk. The data chunk storage is for storing the data chunk. The bytewise checker is for checking that each byte of the data chunk comprises an appropriate value. The bit counter is for: determining a continuous number of bytes greater than or equal to the threshold byte value; and in the event the continuous number of bytes is greater than or equal to a threshold number of bytes, determining a credential address range corresponding to the continuous number of bytes. The credential checker is for determining whether data stored in the data chunk storage corresponding to the credential address range comprises a credential.

Abstract: A platform including a security system is described. The security system comprises, in one embodiment, a multi-state system having a plurality of modes, available whenever the platform has a source of power. The modes comprise an unarmed mode, in which the security system is not protecting the platform, an armed mode, in which the platform is protected, the armed mode reached from the unarmed mode, after an arming command, and a suspecting mode, in which the platform is suspecting theft, the suspecting mode reached from the armed mode, when a risk behavior is detected.

Abstract: A processor capable of secure execution. The processor contains an execution unit and secure partition logic that secures a partition in memory. The processor also contains cryptographic logic coupled to the execution unit that encrypts and decrypts secure data and code.

Abstract: Embodiments disclosed herein can allow a user of mobile device in a network environment to switch between using public network services and using private network services. To access private network services, a virtualization cloud client application running on mobile device connects to a virtualized device hosted in virtualization cloud and brokers access to private network services as well as local device functions. Embodiments disclosed herein provide a system, method, and computer program product for capturing touch events for a virtual mobile device platform and relaying the captured touch events to the virtual mobile device platform while ensuring that movements and speed of touch events are accurately represented at the virtual mobile device platform.

Abstract: A method, computer program product, and system to implement access control from a master device to a slave device over an inter-integrated circuit (I2C) interface are described. The method includes generating, using a processor, a control block defining the access control to the slave device over the I2C interface. The generating the control block is performed by the trusted code layer and the generating the control block is prohibited by the user-modifiable code layer. The method also includes controlling a command over the I2C interface to the slave device based on a generated command from the trusted code layer and the user-modifiable code layer in accordance with the control block.

Abstract: A system and method for disposing a capacitive proximity and touch sensor in locations where an integrated circuit package may be vulnerable to intrusion by providing electrodes in the packaging that may prevent interception of data obtained by a probe that is brought into proximity of the integrated circuit.

Abstract: A touch sensor and RFID apparatus is described. In one implementation, the apparatus includes a passive RFID module disposed proximate to a touch panel, and a control module configured to receive an electrical signal from the passive RFID module. The apparatus may be configured to determine, based on a characteristic of the electrical signal, whether the passive RFID module has been energized by an RFID reader or, in the alternative, has exhibited an impedance change as a result of contact being made with the touch panel. The apparatus may also be configured to operate in a first mode if the passive RFID module is determined to have been energized by an RFID reader, or, in the alternative, operate in a second mode if the passive RFID module is determined to have been energized as a result of contact being made with the touch panel.

Abstract: A method for communication, intended in particular for the purpose of a configuration, calibration, parameterization, interrogation or even a test or diagnosis, between a master device and a slave product including at least a processing unit and a direct current power supply line or input, and, if necessary, at least one output line and/or output interface. The method includes transmitting to the product data that can be interpreted by the processing unit thereof, the data being transmitted via the power supply line and by modulating the supply voltage.

Abstract: An RFID interrogation probe (1) comprises a ring shaped housing (2), having a maximum thickness (I) (measured along its cylindrical axis) which is less than the innermost diameter (di) of the housing, and a looped antenna (3) housed within the ring shaped housing.

Abstract: An object locating, identifying, tracking, and surveillance system, denoted the Assets Locating, Tracking, and Surveillance System (ALTSS), is provided for managing physical objects and evidence in environments such as police departments, law offices, and the Courts. ALTSS employs radio frequency identification (RFID) technology, computer programming and database applications, networking technologies, and hardware elements. ALTSS may locate and track physical evidence, merchandise, information carriers like files, folders or individual pieces of paper, and people, under certain conditions, in near-real time. It may be configured as part of a local area network, a wide area network, or the Internet. ALTSS may employ exemplary components such as RFID transponders, scanners, strategically located antennas and computers to facilitate tracking of objects and people as needed.

Abstract: A vehicle communication system includes a switch module having a plurality of control switches, each of the control switches including a rocker button actuatable between an off position and an activated position, and an RFID tag secured to the rocker button, the RFID tag including thereon a unique identifier tied to a function of the control switch. The vehicle communication system also includes an RFID reader that receives switch messages from RFID tags whose respective rocker button is in an activated position, each switch message including the unique identifier for its respective RFID tag. The vehicle communication system also includes a vehicle communications link that is connected to the RFID reader to receive switch messages therefrom, the vehicle communications link providing the switch messages to a vehicle controller for purposes of controlling vehicle outputs associated with the switch messages.

Abstract: Provided are a device detecting the spatial variation of the complex permittivity and an article presence/absence detection system which are capable of detecting the presence or absence of an article by using a UHF-band RFID tag. A device detecting the spatial variation of the complex permittivity includes an RFID tag, a conductor electrode unit, and a dielectric tag base material. The RFID tag performs communication using an electromagnetic wave in a UHF band. The conductor electrode unit communicates with the RFID tag by using the electromagnetic wave in the UHF band. The dielectric tag base material is provided between the RFID tag and the conductor electrode unit and separates the RFID tag from the electrode unit.

Abstract: An electronic device operable with a radio frequency identification device operable with a detector logic and a method for operating the electronic device with a radio frequency identification device and a detector logic is provided. Firstly, a detection event is registered by the detector logic. The detected event relates to an operation of the radio frequency identification device, which is applicable to transmit data to a counterpart radio frequency identification device. A detection signal is generated and issued by the detector logic in response to the registering and detection event, respectively, which detection signal is received by the electronic device. Then, the electronic device initiates one or more operations in response to the receiving of the detection signal.

Abstract: A method of reading RFID tags may include providing a device that can read barcodes and RFID tags. The barcodes may be attached to an object and respectively having a predetermined sequential read order. While reading the barcodes in the predetermined sequential read order, outputting an interrogation signal to RFID tags so that the RFID tags can be read while the barcode reader moves to sequentially read the barcodes in the predetermined sequential order.

Abstract: A method and a system for recording data that are generated by manipulating an animal, which can be done by a manipulator, wherein the data are transmitted from a transmission apparatus to a reception apparatus, wherein a network including the transmission apparatus, the reception apparatus and the animal is set up for the purpose of transmitting the data, and wherein the animal is recognized from an identification code and the data are associated with the animal. As part of the data from the manipulation, the identity of the manipulator is also captured.

Abstract: An encoded information reading (EIR) terminal can comprise a microprocessor communicatively coupled to a system bus, a memory, a communication interface, and a pluggable imaging assembly identified by a type identifier and configured to acquire an image comprising decodable indicia. The imaging assembly can comprise a two-dimensional image sensor configured to output an analog signal representative of the light reflected by an object located within the field of view of the imaging assembly. The EIR terminal can be configured to output, by processing the analog signal, the raw image data derived from the analog signal and/or a decoded message corresponding to the decodable indicia. The imaging assembly can be communicatively coupled to the system bus via an imaging assembly interface comprising a plurality of wires and a multi-pin connector. The imaging assembly interface can comprise one or more wires configured to carry the imaging assembly type identifier.

Abstract: Eliminate or reduce the impact of glare in printed information tag recognition applications using single- and multi-pose external illumination coupled with intelligent processing. A shelf imager can acquire shelf images for printed information tag localization and recognition. An external illuminator can provide at least one illumination condition/pose for shelf image acquisition in addition to lighting associated with the enclosed environment. A glare region of interest (ROI) detector can analyze all or a portion of the acquired shelf images for glare to determine whether additional images need to be acquired using different illumination conditions provided by the single- or multi-pose external illuminator or whether full or portion of acquired images need to be analyzed by a printed information tag locator and recognizer. A printed information tag locator and recognizer can analyze all or a portion of the acquired images to localize and recognize data printed on the printed information tags.

Abstract: An article identifier or code including at least one photo-responsive dye and a method of encoding or embedding information in same. A reader device for decoding or extracting information in an article identifier or code and verifying or authenticating that information and the associated extraction and authentication methods.

Abstract: Navigation techniques including map based and object recognition based and especially adapted for use in a portable reading machine are described.

Abstract: A biometric scanner having an electric field device and a method of using that scanner are disclosed. The electric field device (a) has no electric field generator or an electric field generator that is prevented from providing an electric field to a biometric object, such as a finger, and (b) has an electric field sensor array comprised of a plurality of electric field sensors. Capacitance readings from the sensor array are used to generate values that are attributed to locations corresponding to the sensors.

Abstract: An authentication apparatus includes a prism and an imaging unit. The prism comprises: a contact surface, an imaging surface, a first reflection surface opposed to the imaging surface, contacted with the contact surface to make an angle to be lower than an optimum angle to an incident light from a concave portion of the living body, and to reflect an incident light from a convex portion of the living body on the imaging surface and a second reflection surface opposed to the imaging surface, contacted with the first reflection surface, and to form a reflection body that reflects the incident light from the concave portion of the living body and the incident light from the convex portion of the living body on the imaging surface. The imaging unit images the light which is reflected by the first reflection surface and the light, which is reflected by the second reflection surface.

Abstract: A method of detecting objects in three-dimensional (3D) point clouds and detecting differences between 3D point clouds and the objects therein is disclosed. A method includes receiving a first scene 3D point cloud and a second scene 3D point cloud, wherein the first scene 3D point cloud and the second scene 3D point cloud include first and second target objects, respectively; aligning the first scene 3D point cloud and the second scene 3D point cloud; detecting the first and second target objects from the first scene 3D point cloud and the second scene 3D point cloud, respectively; comparing the detected first target object with the detected second target object; and identifying, based on the comparison, one or more differences between the detected first target object and the detected second target object. Further aspects relate to detecting changes of target objects within scenes of multiple 3D point clouds.