Abstract: Static analysis is applied to unrecognized software objects in order to identify and address potential anti-sandboxing techniques. Where static analysis suggests the presence of any such corresponding code, the software object may be forwarded to a sandbox for further analysis. In another aspect, multiple types of sandboxes may be provided, with the type being selected according to the type of exploit suggested by the static analysis.

Abstract: Static analysis is applied to unrecognized software objects in order to identify and address potential anti-sandboxing techniques. Where static analysis suggests the presence of any such corresponding code, the software object may be forwarded to a sandbox for further analysis. In another aspect, multiple types of sandboxes may be provided, with the type being selected according to the type of exploit suggested by the static analysis.

Abstract: A security agent is described herein. The security agent is configured to observe events, filter the observed events using configurable filters, route the filtered events to one or more event consumers, and utilize the one or more event consumers to take action based at least on one of the filtered events. In some implementations, the security agent detects a first action associated with malicious code, gathers data about the malicious code, and in response to detecting subsequent action(s) of the malicious code, performs a preventative action. The security agent may also deceive an adversary associated with malicious code. Further, the security agent may utilize a model representing chains of execution activities and may take action based on those chains of execution activities.

Abstract: Various embodiments of the present technology provide methods for activating a security module of a rack system prior to the loading of an operating system. The security module can be configured to examine server platform security, communicate with an administrator through a baseboard management controller (BMC), certify signatures of firmware pieces on a motherboard of the rack system, exclude malware by isolating unsigned UEFI images, examine a signature list and security key installed on the motherboard, and/or report status of security management to a controller of the rack system (e.g., BMC). When the security module determines that an uncertified firmware or a bootable storage with malware is loaded onto the rack system, the security module can stop process(es) associated with the uncertified firmware and/or the bootable storage, and subsequently send a report the administrator.

Abstract: An electronic device, such as a dynamic transaction card having an EMV chip, that acts as a TPM having a memory, an applet, and a cryptographic coprocessor performs secure firmware and/or software updates, and performs firmware and/or software validation for firmware and/or software that is stored on the electronic device. Validation may compare a calculated checksum with a checksum stored in EMV chip memory. If a checksum calculated for firmware and/or a software application matches a checksum stored in EMV chip memory of the transaction card, the transaction card may operate normally. If a checksum calculated for firmware and/or a software application does not match a checksum stored in EMV chip memory of the transaction card, the transaction card may freeze all capabilities, erase the memory of the transaction card, display data indicative of a fraudulent or inactive transaction card, and/or the like.

Abstract: Methods and apparatus for verifying a boot process of a computing system are disclosed. An example computer-implemented method includes reading, by a computing system during a boot process, a header section of a read-write portion of firmware of the computing system. The example method further includes generating, using a first cryptographic hash algorithm, a message digest corresponding with the header. The example method also includes decrypting, using a first public-key, an encrypted signature corresponding with the header. The example method still further includes comparing the message digest corresponding with the header and the decrypted signature corresponding with the header. In the event the message digest corresponding with the header and the decrypted signature corresponding with the header match, the example method includes continuing the boot process.

Abstract: A security testing framework leverages attack patterns to generate test cases for evaluating security of Multi-Party Web Applications (MPWAs). Attack patterns comprise structured artifacts capturing key information to execute general-purpose attacker strategies. The patterns recognize commonalities between attacks, e.g., abuse of security-critical parameter(s), and the attacker's strategy relating to protocol patterns associated with those parameters. A testing environment is configured to collect several varieties of HTTP traffic. User interaction with the MPWA while running security protocols, is recorded. An inference module executes the recorded symbolic sessions, tagging elements in the HTTP traffic with labels. This labeled HTTP traffic is referenced to determine particular attack patterns that are to be applied, and corresponding specific attack test cases that are to be executed against the MPWA. Attacks are reported back to the tester for evaluation.

Abstract: An investigation apparatus according to an embodiment includes a processor that executes a process including: analyzing uniqueness of a plurality of values included in an attribute for each attribute of a table; reducing a plurality of values included in an attribute of which the analyzed uniqueness is lower than a predetermined value by a predetermined ratio with respect to an investigation original table and outputting a feature of the investigation original table; reducing a plurality of values included in an attribute of which the analyzed uniqueness is higher than a predetermined value by a predetermined ratio with respect to an investigation target table and outputting a feature of the investigation target table; and investigating similarity of the investigation target table to the investigation original table by comparing the feature of the investigation original table with the feature of the investigation target table.

Abstract: A system and method for detecting vulnerabilities in base images of software containers are disclosed. The method includes receiving an event indicating that at least one base image should be scanned for vulnerabilities, each base image including at least one image layer, wherein the event designates at least one source of the at least one base image, wherein the least one base image includes resources utilized to execute at least a software container; extracting contents of each image layer of each base image; scanning the extracting contents to detect at least one vulnerability; and generating a detection event, when the at least one vulnerability is detected.

Abstract: A device for accessing metadata information of a file system is provided. The device includes an interface and a processor. The interface is configured to load encrypted edge metadata from a storage. The processor is configured to decrypt the encrypted edge metadata in order to obtain decrypted edge metadata, having information on a storage location of encrypted node metadata and a node decryption key. The interface is configured to load the encrypted node metadata from the storage using the information on the storage location of the encrypted node metadata. The processor is configured to decrypt the encrypted node metadata using the node decryption key in order to obtain decrypted node metadata.

Abstract: A method and system for recording data including content in a recording medium on a computer apparatus. First encrypted data, obtained by encrypting the data using a medium key created for each recording medium, is recorded in a recording medium. Second encrypted data, obtained by encrypting the medium key using a public key, is recorded in the recording medium. A private key corresponding to the public key is not recorded in the recording medium.

Abstract: A method of protecting an item of software, said item of software arranged to perform data processing based on one or more items of data, the method comprising: applying one or more software protection techniques to said item of software to generate a protected item of software, wherein said one or more software protection techniques are arranged so that said protected item of software implements said data processing at least in part as one or more linear algebra operations over a finite ring.

Abstract: According to one embodiment, a system includes a memory comprising instructions, an interface, and a processor communicatively coupled to the memory and the interface. The interface is configured to receive, from a user device, a request to create a token associated with a financial account. The processor is configured, when executing the instructions, to generate, based on the request, a token associated with the financial account and the user device. The interface is further configured to send the generated token to the user device for storage, and the processor is further configured to generate a token record associated with the generated token.

Abstract: A method of classifying privacy relevance of an application programming interface (API) comprises analyzing a set of input applications to identify a plurality of custom APIs and generating a respective taint specification for each identified custom API. The method further comprises generating taint flows based on each taint specification and matching features and associated feature values from the taint flows to a set of feature templates. The method also comprises correlating the matched features and associated feature values with respective privacy relevance of the plurality of custom APIs to identify a set of privacy relevant features. The method further comprises detecting a candidate API, extracting features from the candidate API and comparing the extracted features to the set of privacy relevant features. Based on the comparison, a label is assigned to the candidate API indicating privacy relevance of the candidate API.

Abstract: An electronic apparatus is provided. The electronic apparatus which executes at least one application to perform a function using personal information includes a storage configured to store the personal information, where information related to protection of the personal information is set for each application and a processor configured to, in response to receiving a request for the personal information from the application, determine whether to protect the personal information based on the set information, to encrypt the personal information and to provide the encrypted personal information to the application based on the determination result, and in response to receiving an execution request with respect to a function related to encrypted personal information from the application, the processor is further configured to decrypt the encrypted personal information and to execute the function.

Abstract: Embodiments of the present invention disclose a privacy protection method, a mode switching apparatus, and a terminal device. The method includes: receiving an input operation of a user; identifying the input operation and extracting an action feature; performing matching in an instruction library according to the action feature, and when the matching succeeds, generating instruction information corresponding to the action feature; determining a protection mode of the terminal device according to the instruction information, and determining an application that subscribes to the protection mode in the terminal device; and controlling display of the application according to the protection mode of the terminal device.

Abstract: An apparatus, method, and computer readable medium for management of infinite data streams. The apparatus includes a memory that stores streaming data with a data set and a processor operably connected to the memory. The processor transforms the data set to a second data set. To transform the data set, the processor determines whether a difference level exceeds a threshold, and transforms the data set by adding a noise when the difference level exceeds the threshold. When the difference level does not exceed the threshold, the processor determines whether a retroactive count is greater than a threshold, transforms the data set by adding a second noise when the retroactive count is greater than the threshold, and transforms the data set by adding a third noise when the retroactive count is not greater than the threshold. The processor transmits the second data set to a data processing system for further processing.

Abstract: The electronic device has a falsification detection bit string generation circuit, a transmission data generation circuit, and a data output circuit. The falsification detection bit string generation circuit generates a transmission falsification detection bit string having a bit array in which at least one “0” to “1” are changed depending on changing at least one “1” of a transmission bit string to “0”. The transmission data generation circuit generates transmission data including a transmission bit string and a transmission falsification detection bit string and the data output circuit transmits the transmission data in the open drain output mode.

Abstract: The securing of data loading originating from an external device into a code memory area defined by an initial program of the secure element and any modification of which is controlled solely by the latter. When the external device obtains data to be transmitted to the secure element, the latter simulates an image of the code memory area as it would be modified by the loading of these data. A signature is calculated on the basis of the simulated image, then dispatched to the secure element with the data. The initial program of the secure element compares a signature that it has calculated over the whole of the code memory area after the actual loading of the data, with the signature received from the external device. The identity between these signatures ensures that the code memory area conforms to the image simulated by the external device, and is unimpaired.

Abstract: The present invention is directed to a mechanical locking device for securing computer Input/Output (I/O) ports that are in use and for securing unused computer I/O ports of an electronic device. The invention is also directed to a mechanical locking device which can be used to secure a portable locking flash memory device in a computer I/O port. The invention is also directed to physically blocking access to a computer I/O port. The mechanical locking device includes a locking mechanism configured for releasably locking the device within the computer I/O port. The mechanical locking device further includes a first actuator configured to move the locking mechanism between a locked condition and an unlocked condition, and a second actuator configured to prevent the locking mechanism from moving to the unlocked condition.

Abstract: An information processing device comprising a control unit which, when a predetermined automatic label generation condition is satisfied by data being input, generates or selects electronic label information having a preset content correlated with an application identification information of an application in operation at time of the input of the data and the automatic label generation condition. The control unit is configured so that, when the control unit generates or selects the electronic label information, the control unit correlates and stores the generated or selected electronic label information with the input data as associated information and the application identification information in a predetermined memory.

Abstract: A method for marking a manufactured item is provided, the manufactured item comprising a container and a removable closure for the container, the method comprising: generating a first code for the container, generating a second code for the closure, marking the container with the first code, and marking the closure with the second code, wherein the first code and the second code are interrelated such that at least a portion of one of the first code and the second code can be derived from the other of the first code and the second code. In an authentication process one of the first or second codes or a portion of the first or second code, in encrypted or unencrypted form, may be compared with a value derived from reading the other of the first or second code.

Abstract: A system for controlling user access to a service includes a read device that reads a payment card of a user, and a first control block coupled an entry gate determines whether online payment authorization should be requested for the payment card. A first memory stores a hot list indicating payment cards for which the first control block denies user access to the service. If the online payment authorization is denied for the payment card, the first control block adds the payment card to the hot list. A further read device is configured to read the payment card, and a second control block coupled to the further read device controls a second gate after determining whether the payment card is on the hot list stored in a second memory coupled to the second control block, the hot list being updated with modifications via a network.

Abstract: A secure element integrated circuit may be mounted to an underside of a bus interface integrated circuit. The bus interface integrated circuit may have a plurality of external contacts and a first plurality of internal contacts.

Abstract: Embodiments herein describe RFID systems that include multiple RFID tag readers that each use a different frequency to communicate with an RFID tag. For example, each of the tag readers may transmit a tag query command using different modulated frequencies. In one embodiment, the RFID tag includes multiple receivers each tuned to one of the different frequencies generated by the tag readers. For example, one receiver in the tag is tuned to receive 200 MHz signals while another receiver is tuned to receive 900 MHz signals. To provide location information, the RFID tag compares power values associated with the received signals to determine which of the RFID tag readers is closest to the tag. The RFID tag conveys this location information to the tag readers by selecting one of the frequencies of the tag readers to use when generating a reply message.

Abstract: Embodiments herein describe RFID systems that include multiple RFID tag readers that each use a different frequency to communicate with an RFID tag. For example, each of the tag readers may transmit a tag query command using different modulated frequencies. In one embodiment, the RFID tag includes multiple receivers each tuned to one of the different frequencies generated by the tag readers. For example, one receiver in the tag is tuned to receive 200 MHz signals while another receiver is tuned to receive 900 MHz signals. To provide location information, the RFID tag compares power values associated with the received signals to determine which of the RFID tag readers is closest to the tag. The RFID tag conveys this location information to the tag readers by selecting one of the frequencies of the tag readers to use when generating a reply message.

Abstract: Systems and methods for reading Radio Frequency Identified (RFID) tags. In an embodiment, an enclosure having, within it, an antenna and processor is provided. The processor may be configured to record tag observations for tag identifiers received by the antenna from RFID tags. For one or more time intervals, tag observations may be identified which satisfy a tag filter, and a confidence that RFID tags satisfying the tag filter were in the field of view of the antenna during the time interval may be computed based on the identified tag observations. According to an embodiment, reports for tag filters may be then generated using the computed confidences, and these reports may be transmitted to an external system over a network.

Abstract: A radio frequency identification (RFID) tag reading system and method accurately and rapidly determine, in real-time, true bearings of RFID tags associated with items in a controlled area. Primary transmit and receive beams are steered over the area, and multiple secondary receive beams are substantially simultaneously steered to a plurality of bearings in the area. The highest signal strength of secondary receive signals from the secondary receive beams determines an approximate tag bearing of each tag. Two secondary receive beams at opposite sides of the approximate tag bearing in elevation are selected to obtain a pair of elevation offset signals, and two secondary receive beams at opposite sides of the approximate tag bearing in azimuth are selected to obtain a pair of azimuth offset signals. The elevation offset signals and the azimuth offset signals are processed to determine a true bearing for each tag in real-time.

Abstract: An electronic device operable with a radio frequency identification device operable with a detector logic and a method for operating the electronic device with a radio frequency identification device and a detector logic is provided. Firstly, a detection event is registered by the detector logic. The detected event relates to an operation of the radio frequency identification device, which is applicable to transmit data to a counterpart radio frequency identification device. A detection signal is generated and issued by the detector logic in response to the registering and detection event, respectively, which detection signal is received by the electronic device. Then, the electronic device initiates one or more operations in response to the receiving of the detection signal.

Abstract: In one aspect of the present disclosure, a method is disclosed. The method involves: a reader detecting an eye-mountable device within a wireless communication range of the reader, wherein the eye-mountable device includes a transparent material having a concave mounting surface configured to be removably mounted on a corneal surface; wirelessly retrieving from the detected eye-mountable device a first set of data; using the retrieved first set of data to determine that a condition has been satisfied; and responsive to using the retrieved first set of data to determine that the condition has been satisfied, retrieving from the detected eye-mountable device a second set of data.

Abstract: A movable Tower Inventory System which contains a number of RFID antennas mounted vertically along the tower. The Tower Inventory System is the moved along the front of storage racks to acquire information from RFID tags affixed to assets positioned on the storage rack. This information enables the determination of the x, y and z location values for each unique RFID number stored in the RFID tags.

Abstract: Disclosed are a fingerprint sensor and a fingerprint sensing method thereof. The fingerprint sensor comprises a substrate, a plurality of sensing electrodes, an integrated circuit and a protection layer. The substrate has a first surface and a second surface. The sensing electrodes are configured on the first surface of the substrate, and electrically connected to the integrated circuit. The integrated circuit comprises a plurality of phase shifters, and each phase shifter is electrically connected to its corresponding sensing electrode to control the phase of electric signal transmitted by the sensing electrode. The first surface of the substrate is covered by the protection layer.

Abstract: An optical apparatus adapted to contact an object is provided. The optical apparatus includes an optical device and a processing circuit. The optical device includes a reflection structure and a transmission structure. The optical device senses light signals of the object via the reflection structure and the transmission structure. The processing circuit is electrically connected to the optical device. The processing circuit is configured to identify the object according to the light signals. In addition, a method for identifying an object is also provided.

Abstract: Methods, systems, computer-readable media, and apparatuses for cover-glass optical isolation for optical touch and fingerprint sensing are presented. One disclosed display assembly includes a cover glass layer; a low refractive index (LRI) layer coupled to a surface of the cover glass layer; a display layer coupled to the LRI layer; a prism structure; and a camera comprising an image sensor optically coupled to the prism structure to capture an image of a fingerprint based on light reflected from a fingertip and propagated within the cover glass layer and directed towards the camera using the prism structure, wherein the cover glass layer defines an overhang region that extends beyond the LRI layer and the display layer, and wherein the prism structure is coupled to the surface of the cover glass layer on the overhang region.

Abstract: A device for eye tracking is disclosed. The device includes a first depth profiler configured to determine a distance from the first depth profiler to a surface of an eye. The device may also include a display device configured to display one or more images selected based on a position of the eye. The position of the eye is determined based on the determined distance. Also disclosed is a method for eye tracking. The method includes determining, with a first depth profiler, a distance from the first depth profiler to a surface of an eye. A position of the eye is determined based on the determine distance. One or more images selected based on the position of the eye are displayed on a display device.

Abstract: A system includes an infrared camera, an infrared light source, and a processor. The processor is programmed to receive, from the infrared camera, an image of a hand illuminated using the infrared light source, and send the image to a remote server to identify a user corresponding to the hand according to a vein pattern of the hand. An image of a hand illuminated using an infrared light source is received from an infrared camera. Region-of-interest segmentation is performed on the image to generate a segmented image of consistent hand location and orientation. Feature extraction is performed on the segmented image to generate a feature-extracted vein image. Matching of the feature-extracted vein image is performed against a database of feature-extracted vein images to identify a user identity corresponding to the hand.

Abstract: Example methods, systems, computer-readable media, and apparatuses for on-screen optical fingerprint capture for user authentication are presented. These allow for the authentication of a fingerprint where the fingerprint image is propagated in a glass layer before being captured by a camera. In some examples, such propagation can result in multiple fingerprint images resulting from total internal reflection within the glass layer. Feature information can then be determined from the captured image of the fingerprint, which can include multiple fingerprint images. The amount of feature information can then be reduced. A histogram associated with the captured image based on the reduced number of features can be generated, and a user can be authenticated based on the histogram.

Abstract: An apparatus comprises a fingerprint sensor having a set of capacitive elements configured for capacitively coupling to a user fingerprint. The fingerprint sensor may be disposed under a control button or display element of an electronic device, for example one or more of a control button and a display component. A responsive element is responsive to proximity of the user fingerprint, for example one or both of a first circuit responsive to motion of the control button, and a second circuit responsive to a coupling between the fingerprint and a surface of the display element. The fingerprint sensor is disposed closer to the fingerprint than the responsive element. The control button or display component may include an anisotropic dielectric material, for example sapphire.

Abstract: The present invention is directed to a computer application for analyzing handwriting. The handwriting is digitized by being captured by a computing device such as a tablet. The application analyzes four components of the digitized handwriting. The initial component provides real-time writing speed feedback to the subject. The second fully automated component computes a variety of kinematic measures based on periods of time when the subject is writing versus the pen being off the tablet. A third component is able to concatenate pen strokes into user defined characters and assesses character and/or word spacing based on preset distances. For the fourth component, a 2-dimensional version of the large deformation diffeomorphic metric mapping (LDDMM) method is used to compare each character to a template character. Together, these components can be used to assess handwriting for a broad range of applications.

Abstract: This invention relates to a method of analyzing a factor of an attribute based on a case sample set containing combinations of image data and attribute data associated with the image data. The attribute factor analysis method includes: a division step of dividing an image region of the image data forming each element of the case sample set into parts in a mesh shape of a predetermined sample size; a reconstruction step of reconstructing, based on the case sample set, the case sample sets for the respective parts to obtain reconstructed case sample sets; an analysis step of analyzing, for each of the reconstructed case sample sets, a dependency between an explanatory variable representing a feature value of image data on each part and an objective variable representing the attribute data, to thereby obtain an attribute factor analysis result; and a visualization step of visualizing the attribute factor analysis result to produce the visualized attribute factor analysis result.

Abstract: Disclosed is a method for constructing a model of a face, including: locating (L) a single plurality of characteristic points of the face, forming a corresponding plurality of specific models of the face each including the positions of the characteristic points of the face of the person at the time associated with the specific model in question; adjusting (A) by determining, for each specific model of the face, a model adjusted relative to a reference model of the face of the person, the adjusted model being obtained in accordance with the specific model in question such that the distance between the adjusted model and the reference model is minimal according to a given metric; and constructing (C), from the adjusted models obtained during the adjustment step (A), the model of the face of the person. Also disclosed are methods and devices for posture analysis using such a constructed model.

Abstract: Some embodiments provide a hybrid facial recognition method that processes both 2D and 3D data relating to the same person. In some embodiments, the method performs a first level facial recognition with one of the 2D and 3D data sets. The method then performs a second level facial recognition with the other remaining data set.

Abstract: A system and method for a participant to securely store select preexisting medical and other information which is then available in real time to emergency workers using a (mobile) software application that uses facial recognition to match a presenting image of a casualty with a master image of the participant to provide their identity. Once identified, pre-existing medical and demographic information may be transmitted to emergency responders to better care for the casualty in an emergency situation.

Abstract: Images are analyzed using sub-sectional component evaluation in order to augment classifier usage. An image of an individual is obtained. The face of the individual is identified, and regions within the face are determined. The individual is evaluated to be within a sub-sectional component of a population based on a demographic or based on an activity. An evaluation of content of the face is performed based on the individual being within a sub-sectional component of a population. The sub-sectional component of a population is used for disambiguating among content types for the content of the face. A Bayesian framework that includes a conditional probability is used to perform the evaluation of the content of the face, and the evaluation is further based on a prior event that occurred.

Abstract: An information processing apparatus includes an evaluation unit configured to evaluate whether a partial region of a photographing range of an imaging unit is a region suitable for analysis processing to be performed based on feature quantities of an object, with reference to a track of the object in an image captured by the imaging unit, and an output control unit configured to control the information processing apparatus to output information reflecting an evaluation result obtained by the evaluation unit. Accordingly, the information processing apparatus can support a user to improve the accuracy of the analysis processing to be performed based on the feature quantities of the object.

Abstract: The invention relates to a method for combining a first Optical Character Recognition (OCR) and a second OCR. The first OCR is run first on an image of string of characters. Its output (first identified characters, positions of the characters and likelihood parameters of the characters) is used to generate a first graph. Segmentation points related to the positions of the first identified characters are used as input by the second OCR performing a combined segmentation and classification on the image of string of characters. The output (second identified characters, positions of the characters and likelihood parameters of the characters) of the second OCR is used to update the first graph to generate a second graph that combines the output of the first OCR with the output of the second OCR. Decision models are then used to modify the weights of paths in the second graph to generate a third graph.

Abstract: The embodiments herein focus on improving recognition accuracy of these fields on credit card bills by detecting and identifying critical fields on a credit card, extracting the data from the critical fields and comparing the data with known data on a payor, payee and biller.

Abstract: In one embodiment, a safety label management system includes a mobile device comprising a camera, a label database, a safety label printer configured to print safety labels, and a computing unit in electronic communication with the mobile device, the label database, and the safety label printer. The mobile device may be configured to capture, via the camera, an image of an existing safety label. The label database may store a plurality of database entries, each entry including a unique label ID number, a set of label characteristics, and a printable label file. The computing unit may be configured to: process the image to identity label characteristics of the existing safety label; compare the label characteristics of the existing safety label to the label characteristics of the label database entries; and prompt a user to perform an action.

Abstract: Computerized techniques for improved binarization and extraction of information from digital image data are disclosed in accordance with various embodiments. The inventive concepts include: rendering, using a processor of the mobile device, a digital image using a plurality of binarization thresholds to generate a plurality of range-binarized digital images, wherein each rendering of the digital image is generated using a different combination of the plurality of binarization thresholds; identifying, using the processor of the mobile device, one or more range connected components within the plurality of range-binarized digital images; and identifying, using the processor of the mobile device, a plurality of text regions within the digital image based on some or all of the range connected components. Corresponding systems and computer program products are also disclosed.

Abstract: A terrain mapping system includes an aerial system including at least one camera configured to capture a plurality of aerial images of an area and transmit the plurality of aerial images to an image database, a plurality of machines each having a ground control point (GCP) disposed thereon, and each being configured to periodically record a global location of the GCP in a location history database, and a mapping unit configured to construct a preliminary three-dimensional (3D) terrain map based on the plurality of aerial images, detect at least one GCP within at least one aerial image, determine an estimated global location and an accurate global location of the at least one GCP, and calibrate the preliminary 3D terrain map based on the estimated global location and the accurate global location of the at least one GCP.