Abstract: Disclosed herein is a system and method for making allele calls, and for determining the ploidy state, in one or a small set of cells, or where a limited quantity of genetic data is available. Poorly or incorrectly measured base pairs, missing alleles and missing regions are reconstructed and the haplotypes are determined using expected similarities between the target genome and the knowledge of the genomes of genetically related individuals. In one embodiment, incomplete genetic data from an embryonic cell are reconstructed at a plurality of loci using the genetic data from both parents, and possibly one or more sperm and/or sibling embryos. In another embodiment, the chromosome copy number can be determined using the same input data. In another embodiment, these determinations are made for embryo selection during IVF, for non-invasive prenatal diagnosis, or for making phenotypic predictions.

Abstract: Ancestry has a significant impact on the major and minor alleles found in each nucleotide position within the genome. Due to mechanisms of inheritance, ancestral-specific information contained within the genome is conserved within members of an ancestry. For this reason, individuals within a specific ancestry are more likely to share alleles in their genomes with other members of the same ancestry. Functionally, the combination of alleles at all positions within a group of individuals defines that group as having a common ancestry. Moreover, the aggregation of differences between alleles at all positions distinguishes one ancestry from another. The genomic similarities and differences between ancestries provides a mechanism to generate reference genomes that are specific for each ancestry.

Abstract: Ancestry has a significant impact on the major and minor alleles found in each nucleotide position within the genome. Due to mechanisms of inheritance, ancestral-specific information contained within the genome is conserved within members of an ancestry. For this reason, individuals within a specific ancestry are more likely to share alleles in their genomes with other members of the same ancestry. Functionally, the combination of alleles at all positions within a group of individuals defines that group as having a common ancestry. Moreover, the aggregation of differences between alleles at all positions distinguishes one ancestry from another. The genomic similarities and differences between ancestries provides a mechanism to generate reference genomes that are specific for each ancestry.

Abstract: Disclosed are data processing and analysis methods for gene expression data for identifying endogenous reference genes and a composition for the quantitative analysis of gene expression, comprising a pair of primers and/or probes useful in amplifying the identified endogenous reference genes. Introduced with the concepts of “Zero's proportion” and CV, the method allows different datasets to be integrally analyzed, thereby searching for novel reference genes. By the method, 2,087 genes are first found as housekeeping genes which are expressed in most tissues, and the usefulness thereof in the relative quantification of different target genes is determined by analyzing their expression stability. Of the 2,087 genes, 13 genes show higher expression stability with lower expression levels across a wide range of samples than traditional reference genes such as GAPDH and ACTS, and therefore are suitable for the normalization of universal genes having relatively low expression levels.

Abstract: A system simulating the reviewing process of breast imaging examination (i.e. mammographic) information provides a data file of breast imaging information including mammographic (and other breast imaging examinations) images that may be scored by a trainee on computerized worksheet and expert assessments of those images. Quantitative data in the expert assessment may be compared to trainee-entered data recovered from the worksheet to provide an assessment of trainee proficiency in interpreting breast imaging studies. The data file of breast imaging information may be derived from actual clinical data anonymized and selected to provide for realistic yet demanding simulation.

Abstract: Systems and methods to generate a final event stream are provided. The system collects information from a wide variety of sources, and then parses, normalizes, and indexes the information. This generates an initial event stream that can be tagged and then iteratively processed to generate a final event stream. The processing includes first order logic querying and knowledge extraction to infer additional events which is added to the event stream. The final event stream is used by a knowledge exchange for consumption by applications. These applications may be internal applications and/or third party applications. This system may be particularly useful in use with medical information, or any other big data enterprise system.

Abstract: An embodiment provides a method of graphically displaying room information, including: displaying, on an electronic device, a matrix having a plurality of cells therein, at least one cell displaying hospital room information regarding room availability and patient occupancy in the room; said matrix displaying the plurality of cells in column form; and displaying, responsive to a user interaction with a cell in the matrix of a patient occupied hospital room, an overlay window having secondary room status information therein comprising patient specific information regarding the status of the hospital room.

Abstract: Computer-implemented methods for executing transactions between parties seeking services and parties offering services.

Abstract: The present disclosure concerns methods of administering and detecting a distinguishable agent in a sample from and assessing the condition of an organ in a subject. In a particular embodiment, the present invention concerns methods of detecting and comparing the cholate shunt, in a subject, preferably in a subject with chronic hepatitis C. In certain embodiments, the methods may comprise obtaining a sample from a subject such as a blood or saliva sample after administering an oral and intravenous dose of a distinguishable agent such as cholate and analyzing the sample clearance of the distinguishable agent from the subject and comparing the clearance levels in order to assess hepatic health. In another embodiment, the methods may comprise analyzing a sample from a subject for the presence of a distinguishable agent such as cholate and applying information obtained from analyzing the presence of the distinguishable agent to determine a treatment for a medical condition of the subject.

Abstract: A system and method for planning a pathway through an anatomical luminal network of a patient including a computing device having at least one processor; a display device in communication with the computing device; and a user interface configured for display on the display device and configured to guide a user through a pathway planning procedure. The user interface includes a patient selection window configured to receive a user input to select a patient having CT image data on which to perform pathway planning; a target selection window configured to receive a user input to select at least one target from the CT image data; and an airway finder window configured to generate at least one pathway from the at least one target to an entry point of the anatomical luminal network in response to a user input.

Abstract: Reference intervals are established and/or validated based on existing clinical data and exclusion criteria, such as diagnosis coding. A Reference Interval Test Engine is designed to statistically analyze large volumes of existing clinical lab test results to establish and evaluate reference intervals for specific population subgroups and/or to provide other applications.

Abstract: A system comprising a holding area, a manual section, a distribution section, and at least one conveyor. The manual section may include a handling area enabled for pill counting, pharmacist verification, exception handling, or combinations thereof. The distribution section may be disposed proximate the handling area and the manual section, and may include a robot and a scanner. The at least one conveyor may enable transportation of a container between said distribution section and said manual section. The robot may be adapted to pick a container from the holding area and move the container to the scanner for scanning. The robot may also be further adapted to place the container onto the conveyor to direct the container to a handling area which is enabled for an action based on the scan.

Abstract: A method implemented in a system including a copier or scanner connected to a digital rights management (DRM) server, which can prevent unauthorized copy or scan while allowing authorized users to obtain high quality hardcopies or scans. After the copier or scanner scans an input hardcopy document, the server determines whether the scanned document image matches any protected document in the DRM system. If a match is found, and the server determines that the user is permitted to copy or distribute the document, the server transmits an electronic version of the matched document from the DRM system to the copier or user-selected email recipients, so that the user or the email recipients can receive a high quality document. If a matched document is found but the user is not permitted to copy or distribute it, the copier or scanner deletes the scanned document image without printing or saving it.

Abstract: An entitlement card can be assigned a product key real-time to provide a custom order of benefits including product and/or service, amount, and time. A method facilitating product key assignment for an entitlement can include receiving a request for activating a custom entitlement product key from, for example, a point of purchase. The request includes a request for particular benefits to a redeemer, including the particular product and/or service to be provided and the quantity and time period for the product and/or service. The method further includes assigning the benefits to the product key at the time of the request and activating the product key, which may be later redeemed for the assigned benefits.

Abstract: Provided are facilities for secure execution of an encrypted executable comprising an encrypted instruction. The secure execution includes obtaining the encrypted instruction, decrypting the encrypted instruction using a decryption key being maintained in a secure location within a processor, and storing the decrypted instruction to a secure storage for execution, where the decryption key remains in the secure location during the decrypting and the storing to facilitate maintaining security of the decryption key.

Abstract: A system and method provide selective access to portions of digital content. A request to access a digital content item is received, the digital content item including multiple portions. Responsive to the request, multiple policies relating respectively to the multiple portions of the digital content item are identified. Access to the multiple portions of the digital content item is selectively enabled, based on the multiple policies.

Abstract: The fake cryptographic layer obfuscation technique can be used to lure an attacker into expending reverse engineering efforts on sections of code the attacker would normally ignore. To do this the obfuscation technique can identify sections of code that are likely to be of lesser interest to the attacker and disguise them as higher value sections. This can be achieved by transforming a lower value section of code to include code patterns, constants, or other characteristics known to exist in sections of code of higher value, such as cryptographic routines. To transform a code section, the obfuscation technique can use one or more program modifications including control flow modifications, constant value adjustments to simulate well-known cryptographic scalars, buffer extensions, fake characteristic table insertion, debug-like information insertion, derivation function-code generation linking, and/or cryptographic algorithm specific instruction insertion.

Abstract: A method of performing a keyed cryptographic operation by a cryptographic system mapping an encoded input message to an output message, including: receiving an encoding selection parameter p; receiving the encoded input message, wherein the encoding on the input message corresponds to the encoding selection parameter p; decoding the input message using an inverse of a default input encoding; computing a first portion of the cryptographic operation on the decoded input message to produce a first portion output; and compensating the first portion output based upon the encoding selection parameter p.

Abstract: Removing high level logic structure from a source program. Two or more source program fields are characterized by their respective value characteristics. A first field is mapped, with respect to the source program, to a second field having similar value characteristics as the first field. A target program is then created by replacing, in the source program, the first field with the second field and replacing each first field value with a corresponding second field value thereby preserving the value characteristics of the source program.

Abstract: A device may provide a login process to authenticate users prior to admittance to a computing environment. The device may also enable users to adjust various the computing environment, e.g., the language selected for communicating with the user and the user interfaces to be presented to the user, and may store such adjustments in a secured user account. However, if the user account is inaccessible to the device during the login process, the device is unable to adapt the login process to apply the user's adjustments. Instead, the device may be configured to store users' adjustments (including language selection) outside of the user accounts, and to, upon identifying the user during the login process, present login interfaces specified in the user account. Additionally, users may select different login interfaces during login, and the device may retrieve these login interfaces for selection during future login processes for the same user.

Abstract: There is disclosed herein techniques for use in skill-based authentication. The techniques comprise determining a skill associated with a user. Also, the techniques comprise providing a user challenge based on the skill. Further, the techniques comprise receiving a user response to the user challenge. Additionally, the techniques comprise determining whether to authenticate the user based on the user response.

Abstract: Embodiments are directed to providing an identity risk score as part of an authentication assertion, applying operating heuristics to determine an operating application's validity and to providing identity risk scores to requesting third parties. In one scenario, an authentication server receives from a cloud service portal various user credentials from a user. The user credentials identify a user to the authentication server. The authentication server verifies the user's identity using the received credentials and generates an identity risk score based on one or more identity factors. The identity factors indicate a likelihood that the user is a valid user. The authentication server encapsulates the generated identity risk score in an authentication assertion and sends the authentication assertion that includes the generated identity risk score to the cloud service portal.

Abstract: A biometric authentication system (1) records, in a storage unit in an associating manner, position information of a feature area on an image of biometric information whose biometric authentication is successful and reference biometric information referred to in the successful biometric authentication, the feature area being specific to a living-body, and detects a feature area that is specific to a living-body from an image of biometric information of an input object to be authenticated, and narrows down the reference biometric information stored in the storage unit to reference biometric information to be compared with the biometric information of the object to be authenticated, based on the degree of similarity between each position information, and authenticates the biometric information of the object to be authenticated by comparing the reference biometric information obtained as a narrowing-down result and the biometric information of the object to be authenticated.

Abstract: Authenticating users comprises a computing device that receives a manual authentication input of a user and initiates a first user session between the user and the user computing device. The device communicates a request for a first user authorization data from an authentication technology associated with the one or more computing devices and receives the first user authentication data. The user or the device terminates the first user session and subsequently receives an input of the user to initiate a second user session. The device communicates a request for second user authentication data from the authentication technology and compares the first user authentication data and the second user authentication data. The device identifies a match of one or more features of the first user authentication data and one or more features of the second user authentication data and authorizes the user to conduct the second user session.

Abstract: Authenticating users comprises a computing device that receives a manual authentication input of a user and initiates a first user session between the user and the user computing device. The device communicates a request for a first user authorization data from an authentication technology associated with the one or more computing devices and receives the first user authentication data. The user or the device terminates the first user session and subsequently receives an input of the user to initiate a second user session. The device communicates a request for second user authentication data from the authentication technology and compares the first user authentication data and the second user authentication data. The device identifies a match of one or more features of the first user authentication data and one or more features of the second user authentication data and authorizes the user to conduct the second user session.

Abstract: A system and methods for performing authentication to enable a user to access a site monitoring system are provided. The authentication includes voice authentication having at least one threshold that may be dynamically adjustable between false-rejection and false-acceptance. The system includes a processor configured to adjust the at least one threshold for the voice authentication based on at least one factor associated with the site monitoring system. The processor may be configured to perform voice authentication based on the adjusted at least one threshold to authenticate the user.

Abstract: An information processing device includes: an input receiving section receiving an input; a display control section changing a display screen to a first screen when the input receiving section has not received any input for a predetermined time; a registered user information retaining section retaining biological information of a plurality of users registered in the information processing device; a biological information obtaining portion obtaining biological information; and a biometric authenticating portion determining whether a user whose biological information is obtained by the biological information obtaining portion is a registered user by comparing the obtained biological information with the biological information of the plurality of users retained in the registered user information retaining section.

Abstract: A remote control method with identity verification mechanism is suited for a wearable device. The remote control method includes the following steps. Detecting whether the wearable device is close to a target device within a specific distance is performed. If the wearable device is close to the target device within the specific distance, a fingerprint data inputted by the user is obtained from the wearable device and determined whether the fingerprint data matches a predetermined fingerprint data. If yes, a control command is sent to the target device.

Abstract: Systems, apparatuses and methods may provide for receiving one or more radio frequency identifier (RFID) codes from a passive wearable device and identifying gesture input in at least one of the RFID code(s). Additionally, access to a computing system may be granted if the gesture input corresponds to a known gesture. In one example, identifying the gesture input includes detecting a change in at least one of the RFID code(s) and the detected change is compared to an expected change associated with the known gesture.

Abstract: Provided is an operation limiting device which makes it possible to achieve more robust security and safety in processing of a workpiece by a processing apparatus. The operation limiting device limits operations relating to processing of a workpiece by a processing apparatus, and is provided with: an authentication unit for authenticating each of a plurality of users; a receiving unit for receiving an operation request or permission for said operation, from a plurality of authenticated users; an operation enabling unit for enabling an operation if an operation request or permission has been received from the plurality of authenticated users; and a releasing unit for releasing the operation enabled state set by the operation enabling unit if processing relating to the operation has terminated or if a predetermined period of time corresponding to the operation has elapsed.

Abstract: A server receives a piece of data for encryption. The server encrypts the piece of data such that no single key can decrypt the encrypted piece of data and any combination of a first multiple of unique keys taken a second multiple at a time are capable of decrypting the encrypted piece of data. Each of the first multiple of unique keys is tied to account credentials of a different user. The second multiple is less than or equal to the first multiple. The encrypted piece of data is returned.

Abstract: In one or more embodiments, a vehicle resource usage control system includes a vehicle computer having security policies that define usage rules for one or more vehicle resources. One or more devices communicating with the vehicle computer may have installed in memory software applications that use one or more vehicle resources for operation. Programmed instructions may be received that define which of the one or more vehicle resources the software applications use for operation. These programmed instructions may be associated with the one or more security policies. The security policy associated with the software applications may be determined based on the programmed instructions. Operation of the software applications may be permitted according to the security policy.

Abstract: There is disclosed a technique for use in authentication. The technique comprises selecting an authentication challenge when an authentication request is deemed risky. An attack threat determined to be associated with the authentication request acts as a decision factor in the selection of the authentication challenge such that a biometric challenge is selected in the event that the attack threat describes a stolen device and an out-of-band challenge is selected in the event that the attack threat describes a stolen identification credential.

Abstract: The present invention is notably directed to a user trusted device (10), comprising: a connection interface (12) enabling connection (S2) with a computer (101); and a persistent memory (14) storing modules (15, 16, 17), which are configured, upon connection of the user trusted device (10) with said computer (101) via said connection interface (12), to: enable said computer (101) to start booting (S3, S3a) from the user trusted device (10); map (S6) firmware data to a code, the firmware data comprising program code of an initialization firmware and/or data accessible by the initialization firmware (122) of the computer while starting to boot; attest (S7-S12) trustworthiness of the code; and enable (S14) said computer (101) to complete booting from the user trusted device (10) if the code is attested. The present invention is further directed to related systems and methods.

Abstract: A system for managing credentials for authenticating and securely communicating with trusted hosts, for example, in a cloud computing environment. The system dynamically updates credentials stored in a database and injects the updated credentials back into a runtime environment without restarting the runtime environment or applications running on the runtime environment. Embodiments of the present invention further enable credentials to be tracked and managed on a per-tenant basis, allowing each tenant that is running an application on a runtime environment to customize which hosts should be trusted.

Abstract: Dynamic on-device passcode to lock lost device is described. In one method, a security agent executing on a processor of a user device periodically generates a dynamic passcode using a cryptographic function and a cryptographic seed according to a predefined time interval. While the user device is in a first state, the security agent sends the cryptographic seed to an authentication service. The method receives an acknowledgement of receipt of the cryptographic seed from the authentication service and detects that the user device is in a potentially lost or stolen state based on a defined condition of the user device. In response to the detecting that the user device is in the potentially lost or stolen state, the method locks the user device and may unlock the user device when a current instance of the dynamic passcode is correctly entered on the user device.

Abstract: Techniques for detecting security vulnerabilities are disclosed. In one particular embodiment, the techniques may be realized as a method for detecting security vulnerabilities including assigning a reputation to an application, distributing the reputation to a client, receiving monitored system behavior from the client related to the client executing the application, determining whether to change the reputation of the application based on the monitored system behavior, distributing the changed reputation to the client, receiving further monitored system behavior from the client, and determining whether to generate a rule for the application based on the monitored system behavior received from the client.

Abstract: Automated classification of applications (“apps”) for mobile devices is provided. In some embodiments, automated classification of apps for mobile devices includes receiving an application (“app”); performing an analysis of the app using a classification engine; and determining an app category for the app based on the analysis performed using the classification engine.

Abstract: A system and method uses any or all of information of a user and/or user's activity at a second web site, information of the user's friends or other connections at the second web site, or registration information of the user, to determine whether to allow the user to communicate with other users of a first web site, prevent the user from communicating with other users of the first web site, or monitor the user's communications and allow or prevent the user from further communication based on the monitored communications at the first web site.

Abstract: A method and apparatus for analyzing end user license agreements and taking action based on the analysis outcome. In one embodiment, the method includes sensing initialization of an installable software program installation, extracting a EULA from the installable during installation, pausing presentation of the EULA to a user, providing a database of suspect terms, analyzing whether a suspect term exists in the EULA, and presenting at least one of the EULA or a suspect term to the user.

Abstract: A system retroactively detects malicious software on an end user system without performing expensive cross-referencing directly on the endpoint device. A client provides a server with information about files that are on it together with what it knows about these files. The server tracks this information and cross-references it against new intelligence it gathers on clean or malicious files. If a discrepancy in found (i.e., a file that had been called malicious, but that is actually benign or vice versa), the server informs the client, which in turn takes an appropriate action based on this information.

Abstract: Systems and methods for intercepting computing device system calls for a computing device including a kernel having a system call table. A hypervisor is executed on the computing device, the hypervisor configured to control at least one of the computing device processor registers. At least one modified kernel structure is created, the modified kernel structure including a modified system call table. A memory address of an original system call handler is determined, the original system call handler configured to receive kernel operation commands. A size of a loaded image of the original system call handler is determined. A copy of the original system call handler as a second system call handler is created, and the second system call handler intercepts a computing device system call.

Abstract: A method including collecting, by a processing device, raw data regarding an input to fill a form field. The method further includes converting, by the processing device, the raw data to test data, wherein the test represents behavioral characteristics of the entry of the input. The method further includes identifying a human characteristic model corresponding to the behavior characteristics of the entry of the input. The method further includes generating a predictor from a comparison of the test data against the corresponding human characteristic model. The predictor includes a score indicating a probability that the input originated from a human user or from a malicious code imitating the human user.

Abstract: Embodiments of the present invention provide a method, system and computer program product for UEFI firmware database management of keys and certificates during a UEFI secure bootstrap enabled boot of a computer. In an embodiment of the invention, a method for UEFI firmware database management for secure bootstrap of a computer includes initially receiving a request to modify a database in UEFI firmware of an operating computer. Thereafter, an impact of the request is determined in memory of the operating computer in terms of the operability of an accessory driver. As such, a prompt warning of the determined impact is generated in the memory and displayed in a display of the operating computer.

Abstract: There is disclosed a method, a system, and a computer program product suitable for backing up data on a computer system. In at least one embodiment, the method comprises monitoring activity in connection with a plurality of data objects. The method also comprises determining a level of activity in connection with each data object. The method further comprises evaluating the level of activity in connection with each data object. The method still further comprises scheduling a data protection process in connection with at least one of the data objects based on the said evaluation.

Abstract: A method for calculating a partial risk score for a data object may include identifying a request to calculate a partial risk score for a data object, the request including a partial risk score filter, and the data object being associated with one or more policies. The method may further include for each policy associated with the data object, determining whether characteristics associated with the policy match a parameter in the partial risk score filter, and when the characteristics associated with the policy match information in the partial risk score filter, including a data object risk score associated with the policy in the partial risk score for the data object.

Abstract: A method for automatically mitigating vulnerabilities in a source code of an application is provided in the present invention. The method includes the following steps. First, the source code is complied, and a path graph is built according to the compiled source code. The path graph includes a plurality of paths traversing from sources to sinks, and each of the paths includes a plurality of nodes. Then, at least one tainted path is identified by enabling a plurality of vulnerability rules. Each of the at least one tainted path corresponds to a vulnerability, and each of the at least one vulnerability corresponds to a sanitization method. Then, the at least one vulnerability is determined if it is mitigable. If the at least one vulnerability is mitigable, the at least one vulnerability is mitigated automatically. Furthermore, the method may be implemented as a system and a computer program product.

Abstract: In one embodiment, an encryption device may retrieve authentic genetic information from a genetic information database, generate false genetic information based on the authentic genetic information, encrypt the false genetic information to produce encrypted genetic information, assign identifiers to respective segments of the encrypted genetic information, transmit the encrypted genetic information to be genetically analyzed to a gene analyzer, receive, from the gene analyzer, an analysis of the encrypted genetic information, and decrypt the analysis of the encrypted genetic information to parse the analysis of the authentic genetic information.

Abstract: Large volumes of data to be securely imported to, and exported from, a data storage service or other such location in a secure manner without a customer having to manage keys or encryption. A data management component can execute on a client device that can identify data to be stored and obtain the appropriate key for encrypting the data. Once the data is encrypted, the data can be transmitted to the data storage service. When the data is received to the data storage service, an ingestion station reads the encrypted data and causes the encrypted data to be stored to the data storage service. The data remains encrypted from the client device through being stored to the data storage service. When a request for the data is received, access to the key can be obtained and the data decrypted and returned in response to the request.

Abstract: Techniques to interface with an isolated compute environment may be provided. An external interface may be provided by the isolated compute environment identifying a list of applications. Responsive to receiving a first request to access a first application in the list of applications from a source outside of the isolated compute environment, the isolated compute environment may provide interactive support to the first application to share the first application and the first application's data with the source. Responsive to receiving a second request to access a second application not in the list of applications from the source outside of the isolated compute environment, the isolated compute environment may prevent the interactive support to the second application.