Patents Issued in May 25, 2017
  • Publication number: 20170147790
    Abstract: The present disclosure relates to system(s) and method(s) for enabling role based privileged access to a user for accessing a plurality of applications. The system is configured to maintain a user profile in a profile database. The user profile stores authentication details and a functional role as well as application role and privilege level corresponding to each application from a plurality of applications, wherein the plurality of applications are configured for conducting clinical trials. Further, the system is configured to provide the user a privileged access to the plurality of application based on the application role of the user and the privileged level associated with the application role.
    Type: Application
    Filed: November 24, 2015
    Publication date: May 25, 2017
    Applicant: HCL Technologies Limited
    Inventors: Mehul Ravjibhai PATEL, Sunil AGARWAL
  • Publication number: 20170147791
    Abstract: A method for facilitating medical admissions includes ascertaining an understood language, accessing a database on an electronic device configured to communicate with a patient, selecting a translation of a question, and communicating the translation to the patient. The patient provides a response to the question to a medical professional without a translator. A system for facilitating medical admissions includes a database of prerecorded question translations by medical professionals and response cues. Potential responses to a question are limited to predetermined choices. Trust ratings are associated with the translations. Response cues provide answers to the questions to be communicated to a medical professional without a translator. A system for facilitating medical admissions includes reference information and a database containing closed-ended questions and translations. The reference information includes a translating medical professional's expertise and fluent language.
    Type: Application
    Filed: November 24, 2015
    Publication date: May 25, 2017
    Inventor: Bradley M. Dalton
  • Publication number: 20170147792
    Abstract: The present invention provides an electronic data document (EDD) and related system and method for use in a computerized clinical trial verification system. In an exemplary embodiment, the EDD is authenticated by the creator and validated by the receiver, and comprises an image of a source document (SD) that comprises a masked record of at least one interaction between a clinical trial investigator and a patient enrolled in a clinical trial, at least one revealed portion of the SD that includes evidence relevant to at least one question in a clinical trial questionnaire, and at least one annotation connecting the revealed portion to the at least one question. The present invention provides a computerized system and method for allowing a clinical trial investigator to answer questions from a clinical trial questionnaire pertinent to a clinical trial of a medical treatment using encrypted and partially masked electronic documents comprising images of original patient records.
    Type: Application
    Filed: April 6, 2016
    Publication date: May 25, 2017
    Applicant: Ikeguchi Holdings, LLC
    Inventors: Edward Ikeguchi, James Henderson
  • Publication number: 20170147793
    Abstract: A system for remote monitoring and supervision of data, particularly for activities associated with clinical trials, which comprises: a first station, which pertains to an area in which the data are stored, the station being provided with first processing elements and elements for acquiring an item of information associated with the monitored data; a second station, provided with second processing elements and located in a remote area with respect to the area of the first station and connected to the first station by way of a telecommunications network; wherein the system has the peculiarity that the second processing elements are configured to display the information acquired at the first station and to prevent the saving of this information on non-volatile memory devices and to optionally save restore information in an encrypted manner.
    Type: Application
    Filed: June 26, 2015
    Publication date: May 25, 2017
    Inventor: Luca EMILI
  • Publication number: 20170147794
    Abstract: One example method for predictive clinical planning and design includes instantiating a plurality of data objects, each data object of the plurality of data objects comprising clinical trial information; displaying a graphical user interface on one or more display screens, the graphical user interface providing a graphical representation of at least a portion of a clinical trial and comprising a plurality of graphical nodes; receiving a selection of the second graphical node; receiving, via an editor associated with the second graphical node, a modification of the second data object; propagating an indication of the modification to the first data object, the propagation modifying a clinical trial data item of the first data object; and displaying, within the first graphical node, the modified clinical trial data item of the first data object.
    Type: Application
    Filed: February 8, 2017
    Publication date: May 25, 2017
    Inventors: Donald R. Harder, Daniel D. Siders, Leslie Thomas, Sara L. Zembrodt
  • Publication number: 20170147795
    Abstract: Systems for managing personalized access to shared online objects. A user accesses a server in a cloud-based environment, wherein the server is interfaced with storage devices that store one or more content objects. The server receives communications packets comprising at least one session attribute, wherein receiving the one or more communications packets is responsive, either directly or indirectly, to an act of the user to invoke a new content access session. The session attribute is used to generate personalized workspace properties that are based on explicitly-provided information or based on inferences that pertain to the invoked content access session. Access to content objects is personalized using explicit or inferred workspace session properties. Personalization includes any aspects of branding preferences, working group colleagues, roles, privileges, friends, etc. Personalization can be based on personalized workspace properties that are inferred based on rules or combinations of data.
    Type: Application
    Filed: November 25, 2015
    Publication date: May 25, 2017
    Applicant: Box, Inc.
    Inventors: Vikram Sardesai, Ketki Warudkar, Ravi Teja Tiruvury, Matthew Self, Rand Wacker
  • Publication number: 20170147796
    Abstract: Systems for managing personalized access to shared online objects. A user accesses a server in a cloud-based environment, wherein the server is interfaced with storage devices that store one or more content objects. The server receives communications packets comprising at least one session attribute, wherein receiving the one or more communications packets is responsive, either directly or indirectly, to an act of the user to invoke a new content access session. The session attribute is used to generate personalized workspace properties that are based on explicitly-provided information or based on inferences that pertain to the invoked content access session. Access to content objects is personalized using explicit or inferred workspace session properties. Personalization includes any aspects of branding preferences, working group colleagues, roles, privileges, friends, etc. Personalization can be based on personalized workspace properties that are inferred based on rules or combinations of data.
    Type: Application
    Filed: November 25, 2015
    Publication date: May 25, 2017
    Applicant: Box, Inc.
    Inventors: Vikram Sardesai, Ketki Warudkar, Ravi Teja Tiruvury, Matthew Self, Rand Wacker
  • Publication number: 20170147797
    Abstract: Methods, computer program products, and systems are presented and can include for instance: crowdsourcing data from a plurality of users via a computer network, the data including feedback data regarding digital rights click through documents, wherein each of the users is a party to at least one of the digital rights click through documents; storing the data obtained by the crowdsourcing into a digital rights history repository; examining a digital rights click through document of a certain user, wherein the digital rights click through document controls access to a digital asset, wherein the examining includes using at least a portion of the feedback data of the digital rights history repository; and augmenting content of the digital rights click through document based on a result of the examining.
    Type: Application
    Filed: January 30, 2017
    Publication date: May 25, 2017
    Inventor: Katsuhisa KATAOKA
  • Publication number: 20170147798
    Abstract: A mobile device and a method of operating a mobile device are disclosed. The mobile device includes a main processor executing a normal code of a mobile application program, a co-processor executing a core code of the mobile application program, and a co-processor driver enabling the main processor and the co-processor to communicate with each other. The normal code includes commands executable by the main processor, and the core code includes commands executable by the co-processor. Since the core code is separated from the mobile application program on a level lower than an operating system level when the mobile application program is installed on the mobile device and the core code is stored in a core code storage to which the main processor is not allowed to access directly, the core code is not exposed to an attacker, such that resistance to a reverse engineering attack is increased.
    Type: Application
    Filed: March 6, 2015
    Publication date: May 25, 2017
    Applicant: Soongsil University Research Consortium Techno-Park
    Inventors: Jeong-Hyun Yi, Yong-Jin Park
  • Publication number: 20170147799
    Abstract: Fraud and identity theft are enabled by two faulty assumptions about the way that the identity of a person is verified in our society. The first is that someone who demonstrates knowledge of certain items of personal or financial information about a particular person is presumed to be that person. The second assumption, which gives rise to the first assumption, is that these items of information can be kept confidential. Because fraudsters and identity thieves often seek to use their victim's personal and financial information, this invention proposes a direct authentication system and method that does not depend on these assumptions. The proposed method enables businesses to determine whether the customer is truly the person who he says he is by adopting a new “two-factor” authentication technique and authenticating customer's identity utilizing customer's trusted authenticator.
    Type: Application
    Filed: October 2, 2012
    Publication date: May 25, 2017
    Inventors: Nader Asghari-Kamrani, Kamran Asghari-Kamrani
  • Publication number: 20170147800
    Abstract: Example implementations relate to fingerprint scans with power buttons. For example, a computing device may include a power button and a processor. The power button receives a user input associated with an activation of the power button to turn on the computing device and scans a fingerprint associated with the user input while the computing device is initialized in response to the activation. The processor determines whether the fingerprint matches an authorized fingerprint from a database of stored fingerprints, identifies an account associated with the fingerprint when the fingerprint matches the authorized fingerprint, and provides a desktop environment associated with the account.
    Type: Application
    Filed: November 19, 2015
    Publication date: May 25, 2017
    Inventors: Yi-Hsuan HUANG, Chin-Lung CHIANG, Tao-Sheng CHU, An Chih CHU
  • Publication number: 20170147801
    Abstract: A pre-boot authentication (PBA) credential sharing system includes a secure subsystem including an off-host processing system and a secure storage. A credential management application is coupled to the off-host processing system. A data protection engine is coupled to the off-host processing system and a PBA database. The data protection engine receives a notification from the off-host processor of the enrollment of an authentication credential in the secure storage by the credential management application, and provides PBA object information for association with the authentication credential to create a PBA object that is stored in the secure storage. Subsequently, while in a pre-boot environment, the data protection engine requests the PBA object from the secure storage, retrieves storage authentication information from the PBA database using the PBA object, and performs a pre-boot authentication process using the storage authentication information.
    Type: Application
    Filed: November 25, 2015
    Publication date: May 25, 2017
    Inventors: Daniel Hamlin, Brijesh Kumar Mishra, Minhaj Ahmed
  • Publication number: 20170147802
    Abstract: The present disclosure discloses a message display method and apparatus. The method comprises: receiving unlock information and authenticating the unlock information; and selecting one message from at least one received messages and displaying content of a selected message if it is determined that authentication of the unlock information is passed. That is, in the technical solution as described in the embodiments of the present disclosure, if it is determined that authentication of the unlock information is passed, then one message would be selected directly and its content is displayed, so that flows of displaying the message are simplified and steps of manual operation are reduced, which enables that the message display method as described in the embodiment of the present disclosure become more user-friendly and user experience would be better.
    Type: Application
    Filed: January 8, 2016
    Publication date: May 25, 2017
    Inventor: Xin LI
  • Publication number: 20170147803
    Abstract: In accordance with one embodiment, a method for locally verifying the identification of a user with an electronic device is disclosed. The method includes regenerating a neuro-mechanical fingerprint (NFP) in response to a micro-motion signal sensed at a body part. In response to a plurality of authorized user calibration parameters, a match percentage of the neuro-mechanical fingerprint is determined. The match percentage is determined without the use of a calibration NFP that was previously used to generate the user calibration parameters. Access to the electronic device and its software applications is then controlled by the match percentage. If the match percentage is greater than or equal to an access match level, access to the electronic device is granted. If the match percentage is less than the access match level, access is denied. Subsequent access requires further regeneration of the NFP and a determination of its match percentage in response.
    Type: Application
    Filed: February 2, 2017
    Publication date: May 25, 2017
    Applicant: Aerendir Mobile Inc.
    Inventors: Martin Zizi, Hugh Sharkey
  • Publication number: 20170147804
    Abstract: A key integrates with a biometric input device. According to an aspect of the present disclosure, a fingerprint scanner may be integral with a spacebar.
    Type: Application
    Filed: February 6, 2017
    Publication date: May 25, 2017
    Applicant: BlackBerry Limited
    Inventors: Timothy Ryan SALTER, Mark David MESAROS
  • Publication number: 20170147805
    Abstract: [Object] To provide an information processing system capable of making it difficult to be easily recognized as being a key at a glance by others. [Solution] Provided is an information processing system including a state acquisition unit configured to acquire information on a state of an object, and an authentication information acquisition unit configured to acquire authentication information corresponding to the information on the state of the object acquired by the state acquisition unit. According to such an information processing system, it is made difficult to be easily recognized as being a key at a glance by others.
    Type: Application
    Filed: March 25, 2015
    Publication date: May 25, 2017
    Inventors: MIWA ICHIKAWA, KUNIHITO SAWAI, YUHEI TAKI, HIROYUKI MIZUNUMA, TAIZO SHIRAI, KOICHI SAKUMOTO
  • Publication number: 20170147806
    Abstract: A method for computer security. A gallery comprising a first identity of a first human person is maintained, the first identity associated with a plurality of tags, with first properties, useful for identifying the first human person. A first Internet search for facial images of the first human person is performed using the plurality of tags. A first facial image is selected from the results of this search. A second Internet search is performed for facial images of other human persons based on second properties that are generated by modifying the first properties of the plurality of tags. A plurality of additional facial images of the other human persons retrieved by the second Internet search is selected. A palette of randomized facial images including the first facial image together with the plurality of additional facial images is presented. Access is denied unless the correct facial image is selected.
    Type: Application
    Filed: January 3, 2017
    Publication date: May 25, 2017
    Inventor: Alan David McFarland
  • Publication number: 20170147807
    Abstract: An image capture device for a secure industrial control system is disclosed. In an embodiment, the image capture device includes: an image sensor; a signal processor coupled to the image sensor; and a controller for managing the signal processor and transmitting data associated with processed image signals to at least one of an input/output module or a communications/control module via a communications interface that couples the controller to the at least one of the input/output module or the communications/control module, wherein the controller is configured to establish an encrypted tunnel between the controller and the at least one of the input/output module or the communications/control module based upon at least one respective security credential of the image capture device and at least one respective security credential of the at least one of the input/output module or the communications/control module.
    Type: Application
    Filed: December 16, 2016
    Publication date: May 25, 2017
    Inventor: Albert Rooyakkers
  • Publication number: 20170147808
    Abstract: One embodiment provides a method for token management in a multi-tenant transactional database, including: utilizing at least one processor to execute computer code that performs the steps of: receiving a request for one or more tokens to be used by an entity; verifying that the entity is qualified to receive the one or more tokens for use on the multi-tenant transactional database; and responsive to the verifying, issuing, using a processor associated with a database management device, the one or more tokens for use by the entity in association with a transaction in the multi-tenant transactional database; each of the one or more tokens comprising a function of a public key that corresponds to a private key associated with a token of the one or more tokens. Other aspects are described and claimed.
    Type: Application
    Filed: November 19, 2015
    Publication date: May 25, 2017
    Inventor: David William Kravitz
  • Publication number: 20170147809
    Abstract: A mobile device includes a pre-authentication mechanism that allows a user to define a pre-authentication sequence that includes actions such as movement of the device, taps on the screen, key presses, etc., or any suitable combination of these. Correctly entering the pre-authentication sequence gives the user access to the main authentication screen for the device, while a failure to enter the pre-authentication sequence correctly keeps the device locked. Multiple pre-authentication sequences can be defined, each having a corresponding sleep time threshold. This requires the user to enter the appropriate authentication information corresponding to the time the device has been asleep. Multiple pre-authentication sequences can also be defined, each having corresponding authentication information. Thus, the authentication information the user needs to enter can be a function of the corresponding pre-authentication sequence.
    Type: Application
    Filed: November 23, 2015
    Publication date: May 25, 2017
    Inventors: Gregory J. Boss, Andrea del Pilar Macias Garcia, Diego Xirinachs Jimenez, Stephen J. McConnell, Piotr Pierga, Stacey Ramos
  • Publication number: 20170147810
    Abstract: A source of side-loaded software is determined. An action may be performed in response to the determination of the source. In one case, the handling of an application on a mobile device may be based on whether the source of the application is trusted or untrusted. If a software application being newly-installed on a mobile device of a user is determined to be untrusted, installation or execution is blocked. In one approach, the determination of the source includes: determining whether a first source identifier of a first application matches a white list of source identifiers or a black list of source identifiers; and sending the first source identifier, a first application identifier, and a signature of authorship for the first application to a different computing device.
    Type: Application
    Filed: February 8, 2017
    Publication date: May 25, 2017
    Inventors: David Richardson, Ahmed Mohamed Farrakha, William Neil Robinson, Brian James Buck
  • Publication number: 20170147811
    Abstract: A migration service and module for software modules are disclosed. The migration service detects a security flaw in a first environment in which the software modules are running and migrates the software modules or part of the software modules from the first environment to a second environment when a security flaw is detected.
    Type: Application
    Filed: May 8, 2015
    Publication date: May 25, 2017
    Inventors: Ola Angelsmark, Per Persson
  • Publication number: 20170147812
    Abstract: Provided is a fraud detection rule updating method enabling the updating of rules that serve as the basis for detecting malicious frames as necessary in an on-board network system. In an on-board network system equipped with multiple electronic control units (ECUs) that communicate via buses and fraud detecting ECUs that determine, based on fraud detection rules, whether messages transmitted on the buses conform to the rules, a fraud detection rule updating method is used in which delivery data including updated fraud detection rules is received from a server external to the on-board network system, and if a certain update condition is satisfied, the fraud detection rules in a fraud detecting ECU are updated to the updated fraud detection rules.
    Type: Application
    Filed: December 16, 2016
    Publication date: May 25, 2017
    Inventors: YOSHIHIRO UJIIE, HIDEKI MATSUSHIMA, TOMOYUKI HAGA, YUJI UNAGAMI, TAKESHI KISHIKAWA
  • Publication number: 20170147813
    Abstract: The subject matter of this specification can be implemented in, among other things, a method that includes receiving, by a processing device in a platform-as-a-service (PaaS) system, package metadata including one or more attributes for each of a plurality of packages. Each of the plurality of packages includes one or more components of one or more applications to execute on the PaaS system. The method further includes receiving threat metadata including one or more attributes for each of a plurality of threats. The method further includes storing the package metadata or the threat metadata in one or more data stores. The method further includes comparing, by the processing device, the attributes of the packages to the attributes of the threats to determine that at least one package among the packages includes at least one threat from the threats.
    Type: Application
    Filed: November 24, 2015
    Publication date: May 25, 2017
    Inventors: Daniel McPherson, Benjamin Michael Parees, Cesar Augusto Wong
  • Publication number: 20170147814
    Abstract: Methods and systems for detection and prevention of exploitation of embedded devices. A sensing component is configured to detect a plurality of emanated analog signals and generate one or more synchronization events. The synchronization events are used to perform one or more attestation analyses, including execution attestation, integrity attestation, and control-flow reconstruction, the results of which may be used to generate security events.
    Type: Application
    Filed: November 17, 2016
    Publication date: May 25, 2017
    Applicant: Red Balloon Security, Inc.
    Inventor: ANG CUI
  • Publication number: 20170147815
    Abstract: Aspects of the disclosure include a threat detecting apparatus. The threat detecting apparatus can include an interface circuit, an opcode detector, and a pattern analyzer. The interface circuit is configured to receive a data stream. The opcode detector can be configured to identify an opcode sequence embedded in the data stream based on a first model graph that includes a plurality of interconnected token nodes. Each token node is representative of an occurrence or a non-occurrence of a token. The pattern analyzer may be configured to identify an opcode signature embedded in the identified opcode sequence based on a second model graph, and to output a signal indicative of the successful identification of the opcode signature. The second model graph can include a plurality of interconnected opcode nodes, and each opcode node can be representative of an occurrence or a non-occurrence of a predetermined combination of one or more opcodes.
    Type: Application
    Filed: November 25, 2015
    Publication date: May 25, 2017
    Applicant: Lockheed Martin Corporation
    Inventors: Richard N. PEDERSEN, Thomas PLUMMER, Ben Anthony CALLONI, Peter Alan VANEMBURG
  • Publication number: 20170147816
    Abstract: A system including a hypervisor and a guest virtual machine. The hypervisor is configured to communicate a measurement request that identifies virtual machine operating characteristics metadata, to receive packets comprising virtual machine operating characteristics, and to communicate packets comprising virtual machine operating characteristics to a virtual vault machine for processing. The guest virtual includes one or more virtual machine measurement points and a hypervisor control point. The hypervisor control point is configured to receive the measurement request, to determine one or more of the one or more virtual machine measurement points to collect the virtual machine operating characteristics metadata, and to receive virtual machine operating characteristics metadata from the determined one or more virtual machine measurement points.
    Type: Application
    Filed: May 31, 2016
    Publication date: May 25, 2017
    Inventors: Jeffery Ray Schilling, Chase Cooper Cunningham, Tawfiq Mohan Shah, Srujan Das Kotikela
  • Publication number: 20170147817
    Abstract: Provided is an analysis apparatus including a first storage device configured to store data, and a processing circuitry that is configured to control the own apparatus to function as: a dispatcher that is communicably connected to an analysis target device that performs operational processing by use of a processor and a memory unit, and generates collection target data for reproducing at least part of a state of the operational processing in the analysis target device, in accordance with data being transmitted and received between the processor and the memory unit; a data mapper that assigns, to one or more areas included in the collection target data, tag information for identifying the area; and a data writer that saves the one or more areas into the first storage device in accordance with a first policy defining a procedure of saving the collection target data into the first storage device.
    Type: Application
    Filed: June 24, 2015
    Publication date: May 25, 2017
    Applicant: NEC Corporation
    Inventors: Masato YAMANE, Yuki ASHINO, Yoichiro MORITA, Masafumi WATANABE
  • Publication number: 20170147818
    Abstract: A method and a device for obtaining virus signatures in the field of computer security have been disclosed. The method includes: obtaining text strings contained in each virus sample within a virus sample set; selecting text strings for use as virus signatures candidate according to a first frequency at which each text string occurs in a non-virus sample set and a second frequency at which each text string occurs in the virus sample set; calculating an information entropy of the virus signatures candidate according to a quantity of virus samples containing the virus signatures candidate and a quantity of non-virus samples containing the virus signatures candidate; and selecting virus signatures from the virus signatures candidate according to the information entropy. The present disclosure may timely identify the latest virus signatures and ensure that the obtained virus signatures are optimal signatures and may identify a wide range of virus variants.
    Type: Application
    Filed: February 7, 2017
    Publication date: May 25, 2017
    Applicant: Tencent Technology (Shenzhen) Co., Ltd.
    Inventor: Sheng GUAN
  • Publication number: 20170147819
    Abstract: A shadow sandbox is maintained for malware detection. The shadow sandbox is a virtual machine replica of a target computing environment from a protected computing system. The shadow sandbox is maintained through all change events that occur to the target computing environment. The described systems and methods of detecting or preventing malware execution include maintaining a virtual machine replica of a target computing system by monitoring the target computing system for a plurality of possible events, the plurality of possible events including change events and risk events, detecting a change event on the target computing system, and updating the virtual machine based on the detected change event. The described systems and methods detect a risk event on the target computing system, execute the risk event on the virtual machine, and determine whether the risk event is malicious based on observation of execution of the risk event on the virtual machine.
    Type: Application
    Filed: November 20, 2015
    Publication date: May 25, 2017
    Inventors: Roman Vasilenko, Clemens Kolbitsch
  • Publication number: 20170147820
    Abstract: A system that includes a vault management console configured to determine a measurement request for virtual machine operating characteristics metadata. The system further includes a guest virtual machine that includes virtual machine measurement points and a hypervisor control point. The system further includes a hypervisor associated with the guest virtual machine that is configured to communicate the measurement request to the hypervisor control point. The hypervisor is further configured to receive a packet with the virtual machine operating characteristics metadata and to communicate the packet to the virtual vault machine. The hypervisor device driver is configured to receive the packet from the hypervisor and to communicate the virtual machine operating characteristics to an analysis tool.
    Type: Application
    Filed: May 31, 2016
    Publication date: May 25, 2017
    Inventors: Jeffery Ray Schilling, Chase Cooper Cunningham, Tawfiq Mohan Shah, Srujan Das Kotikela
  • Publication number: 20170147821
    Abstract: A system that includes a trusted measurement machine comprising a profiling tool, a semantics virtual machine profiling engine interface, a semantics virtual machine profiling engine. The profiling tool is configured to receive virtual machine operating characteristics metadata for a guest virtual machine and to communicate the virtual machine operating characteristics metadata to the semantics virtual machine profiling engine using the semantics virtual machine profiling engine interface. The profiling tool is further configured to compare the virtual machine operating characteristics metadata to a target profile comprising known configurations for guest virtual machines, to determine a classification for the guest virtual machine, and to communicate the determined classification to the vault management console.
    Type: Application
    Filed: May 31, 2016
    Publication date: May 25, 2017
    Inventors: Jeffery Ray Schilling, Chase Cooper Cunningham, Tawfiq Mohan Shah, Srujan Das Kotikela
  • Publication number: 20170147822
    Abstract: In one embodiment, a system comprises: a processor including at least one core to execute instructions; a plurality of sensors, including a first sensor to determine location information regarding a location of the system; and a security engine to apply a security policy to the system. In this embodiment, the security engine includes a policy logic to determine one of a plurality of security policies to apply based at least in part on the location information, where the location information indicates a location different than locations associated with the plurality of security policies. Other embodiments are described and claimed.
    Type: Application
    Filed: February 7, 2017
    Publication date: May 25, 2017
    Inventors: Nathaniel J. Goss, Nathan Heldt-Sheller, Kevin C. Wells, Micah J. Sheller, Sindhu Pandian, Ned M. Smith, Bernard N. Keany
  • Publication number: 20170147823
    Abstract: A method for providing security vulnerability information is provided. The method may include checking for the security vulnerability information product supplier servers. The method may further include sending alerts to a security vulnerability administrator associated with a client environment. Additionally, the method may include performing a security check on the security vulnerability administrator to authorize the security vulnerability administrator to receive the security vulnerability information. The method may also include authenticating customers associated with the client environment to authorize the customers to receive the security vulnerability information. The method may further include prompting the authorized security vulnerability administrator to acknowledge an information confidentiality reminder. The method may also include sending an audit record to the product supplier server.
    Type: Application
    Filed: October 20, 2016
    Publication date: May 25, 2017
    Inventors: Margaret M. Bennett, Barbara J. Bryant, William E. Spencer
  • Publication number: 20170147824
    Abstract: A method for providing security vulnerability information is provided. The method may include checking for the security vulnerability information product supplier servers. The method may further include sending alerts to a security vulnerability administrator associated with a client environment. Additionally, the method may include performing a security check on the security vulnerability administrator to authorize the security vulnerability administrator to receive the security vulnerability information. The method may also include authenticating customers associated with the client environment to authorize the customers to receive the security vulnerability information. The method may further include prompting the authorized security vulnerability administrator to acknowledge an information confidentiality reminder. The method may also include sending an audit record to the product supplier server.
    Type: Application
    Filed: October 20, 2016
    Publication date: May 25, 2017
    Inventors: Margaret M. Bennett, Barbara J. Bryant, William E. Spencer
  • Publication number: 20170147825
    Abstract: Various aspects of the disclosure relate to providing secure containers or data vaults for data of one or more managed applications. In some embodiments, each managed application may be assigned its own private data vault and/or may be assigned a shared data vault that is accessible to at least one other managed application. As the managed application executes, calls for access to the data may be intercepted and redirected to the secure containers. Data stored in a secure container may be encrypted according to a policy. Other aspects relate to deleting data from a secure container, such as via a selective wipe of data associated with a managed application. Further aspects relate to configuring and creating the secure containers, retrieving key information required to encrypt/decrypt the data stored in the secure containers, and publishing the managed applications, policy information and key information for download to a mobile device.
    Type: Application
    Filed: February 2, 2017
    Publication date: May 25, 2017
    Inventors: Gary Barton, Zhongmin Lang, Nitin Desai, James Robert Walker
  • Publication number: 20170147826
    Abstract: Accessing a password-secured computer software application by acquiring an input password, generating at a first computer an output password from the input password using password generation data, where the output password differs from the input password, and providing the output password to a second computer as part of a request to access a password-secured computer software application using the output password, where the password-secured computer software application is accessible using the output password, and where the password-secured computer software application is inaccessible using the input password.
    Type: Application
    Filed: November 19, 2015
    Publication date: May 25, 2017
    Inventors: Ariel Farkash, Ayman Jarrous, Micha Moffie
  • Publication number: 20170147827
    Abstract: A computing device may perform integrity checks on a closed operating system defining a preconfigured user portion and a preconfigured system portion using an integrity checking module. The integrity checking module may access parameters associated with an object stored on the system portion of the operating system. Files on the system portion may be accessed by submitting a query that comprises a file name, a file directory, and at least one parameter to the system portion of the operating system. The integrity checking module may provide an indication of a potential compromise to the integrity of the computing device based on the integrity check. The integrity check may be performed periodically and/or aperiodically. Updated integrity values may be compared against previously determined integrity values to update the integrity check. The integrity checking module may perform the integrity check using a signature function or hashing function to generate the integrity values.
    Type: Application
    Filed: November 19, 2015
    Publication date: May 25, 2017
    Applicant: Federal Reserve Bank of Philadelphia
    Inventors: Bradley C. Bowers, Keith Morales, George C. Makin, V, Abraham Vegh
  • Publication number: 20170147828
    Abstract: A computing system for redacting and/or tokenizing non-public information of electronic documents stored in a database may include a data redaction computing device and/or a data tokenization computing device, a first database storing a plurality of electronic documents, and a second database storing computer executable instructions for analyzing information associated with the plurality of electronic documents stored in the first database. The computer executable instructions may cause the data redaction/tokenization computing device to identify non-public information in one or more of the plurality of electronic documents and/or at least one of a document type, a source of the electronic document, and a destination to which the electronic document is to be communicated.
    Type: Application
    Filed: November 24, 2015
    Publication date: May 25, 2017
    Inventors: Manu Kurian, Sorin N. Cismas, Paul Roscoe, Jeffrey McGonnell
  • Publication number: 20170147829
    Abstract: A computing system for redacting and/or tokenizing non-public information of electronic documents stored in a database may include a data redaction computing device and/or a data tokenization computing device, a first database storing a plurality of electronic documents, and a second database storing computer executable instructions for analyzing information associated with the plurality of electronic documents stored in the first database. The computer executable instructions may cause the data redaction/tokenization computing device to identify non-public information in one or more of the plurality of electronic documents and/or at least one of a document type, a source of the electronic document, and a destination to which the electronic document is to be communicated.
    Type: Application
    Filed: November 24, 2015
    Publication date: May 25, 2017
    Inventors: Sorin N. Cismas, Manu Kurian, Paul Roscoe
  • Publication number: 20170147830
    Abstract: Methods, systems, computer-readable media, and apparatuses for providing policy-based copyright enforcement of media content items streamed to client devices are described. Various aspects discussed herein relate to managing content access rights in an adaptive bitrate environment (e.g., where an asset may be encoded and delivered at multiple different bitrates). The system discussed herein permits differentiated access to the same video, or portions of the same video, where any DRM-type client may read a manifest file including content verification data, which may be video authentication information that is specific to the video. Additional aspects discussed herein provide DRM metadata specific to each frame of a multi-bitrate video to enable the client device to verify the multi-bitrate video on a frame-by-frame basis.
    Type: Application
    Filed: November 24, 2015
    Publication date: May 25, 2017
    Inventors: Kyong Park, Michael Chen
  • Publication number: 20170147831
    Abstract: Embodiments include method, systems and computer program products for protecting sensitive data. Aspects include accessing computer readable program instructions having one or more output commands. Aspects also include locating the one or more output commands in the computer readable program instructions. Aspects also include identifying target output variables and output constants in the one or more output commands. Aspects also include modifying the computer readable program instructions to append one or more obfuscate commands to the target output variables.
    Type: Application
    Filed: October 12, 2016
    Publication date: May 25, 2017
    Inventors: Allon Adir, Ehud Aharoni, Lev Greenberg, Roza Miroshnikov, Asaf Polakovski
  • Publication number: 20170147832
    Abstract: An enterprise level data element review system including a data access event collection subsystem operative to collect data access event notifications relating to ones of a multiplicity of data elements, a data element metadata modification subassembly receiving an output from the data access event collection subsystem and providing a script indicating which data elements have had a metadata modification over a given period of time, and a data element dancer operative to collect at least one of metadata and access permissions for a plurality of data elements which is substantially less than the multiplicity of data elements and is selected on the basis of the script.
    Type: Application
    Filed: February 7, 2017
    Publication date: May 25, 2017
    Inventors: Yakov FAITELSON, Ohad KORKUS, David BASS, Yzhar KAYSAR, Ophir KRETZER-KATZIR
  • Publication number: 20170147833
    Abstract: Computers and networks are configured to operate according to alternative protocols for using software applications, depending on geographic location. In one approach each computer incorporates a GPS receiver using GPS satellite signals to generate the computer's current location. The location is compared with permitted use region information stored in the computer or network, e.g. based on a boundary defining a permitted use region. In another approach, E-911 compliant transceivers use signals from E-911 towers in the same manner In a further approach, each computer incorporates a WiFi adaptor, RFID reader or RFID tag, and the territory is defined by the distance from a center point. In all cases, the computer either operates under a relatively open protocol relative to using a given software application, or operates under a relatively restricted protocol, depending on whether it is inside or outside of the permitted use region.
    Type: Application
    Filed: February 7, 2017
    Publication date: May 25, 2017
    Inventor: Daniel J. Horon
  • Publication number: 20170147834
    Abstract: In various implementations, a plurality of non-private n-grams that satisfy a privacy criterion may be identified within a search log of private search queries and corresponding post-search activity. A plurality of query patterns may be generated based on the plurality of non-private n-grams. Aggregate search activity statistics associated with each of the plurality of query patterns may be determined from the search log. Aggregate search activity statistics associated with each query pattern may be indicative of search activity associated with a plurality of private search queries in the search log that match the query pattern. In response to a determination that aggregate search activity statistics for a given query pattern satisfy a performance criterion, a methodology for generating data that is presented in response to search queries that match the given query pattern may be altered based on aggregate search activity statistics associated with the given query pattern.
    Type: Application
    Filed: November 24, 2015
    Publication date: May 25, 2017
    Inventors: Mike Bendersky, Donald Metzler, Marc Alexander Najork, Dor Naveh, Vlad Panait, Xuanhui Wang
  • Publication number: 20170147835
    Abstract: A querying node generates public keys, secret keys, and switch key matrices. A public key associated with a first level and the switch key matrices are sent to a receiving node. The receiving node generates a key-value table, mapping values to keys, and encodes the keys and values using a polynomial ring of a predetermined type. The querying node encodes using a polynomial ring of the same predetermined type, then encrypts a query, using a public key, and sends the query to the receiving node. The receiving node performs a homomorphic comparison of the encrypted, encoded query with each encoded key entry in the encoded key-value store to determine a comparison result. The receiving node sums the results for each of the value entries and returns the summed result to the querying node. The querying node decrypts and decodes the received result using the corresponding secret key.
    Type: Application
    Filed: November 25, 2015
    Publication date: May 25, 2017
    Inventors: DAVID F. BACON, GRAHAM A. BENT, FLAVIO A. BERGAMASCHI, WEI ZHANG
  • Publication number: 20170147836
    Abstract: This disclosure relates to a storage provider for storing first encrypted data associated with first meta tags from a first publisher and second encrypted data associated with second meta tags from a second publisher. The storage provider consolidates the first meta tags and the second meta tags to determine unencrypted consolidated meta tags. The storage provider then stores the encrypted first data associated with the unencrypted consolidated meta tags and stores the encrypted second data associated with the unencrypted consolidated meta tags. Since the meta tags are consolidated, less storage is required and the data and the meta tags can be stored more efficiently. This is an advantage over other methods that encrypt the meta tags and the data and therefore do not consolidate the meta tags.
    Type: Application
    Filed: June 26, 2015
    Publication date: May 25, 2017
    Applicant: IXUP IP Pty Ltd
    Inventor: Dean JOSCELYNE
  • Publication number: 20170147837
    Abstract: Certain aspects of the disclosure are directed to an apparatus including a scale and external circuitry. The scale includes a platform, and data-procurement circuitry for collecting signals indicative of the user's identity and cardio-physiological measurements. The scale includes processing circuitry to process data obtained by the data-procurement circuitry, generate cardio-related physiologic data, and send user data to the external circuitry. The external circuitry validates the user data as concerning a specific user, correlates the user data with a user profile of the user, provides a clinical indication using the user data, and controls access to the user profile by allowing access to the clinical indication and the user data to or by a physician and not allowing access to the clinical indication to the user until the user provides an input indicating interest in the clinical indication and the physician provides a prescription for the clinical indication.
    Type: Application
    Filed: November 17, 2016
    Publication date: May 25, 2017
    Inventors: Gregory T. Kovacs, Richard M. Wiard
  • Publication number: 20170147838
    Abstract: Apparatus for authentication of system memory content, the apparatus operative in conjunction with system memory storing content (code or non-code) utilized by a CPU, the apparatus comprising cache memory and an authentication module configured to use free time over a memory interface defined between the system memory and the cache memory, for authentication of content stored in the system memory, including use of at least one signature stored on the system memory to authenticate the content.
    Type: Application
    Filed: June 21, 2016
    Publication date: May 25, 2017
    Applicant: NUVOTON TECHNOLOGY CORPORATION
    Inventor: Moshe ALON
  • Publication number: 20170147839
    Abstract: An information handling system processing component is selectively disabled by inflation of a bladder with a microfluidic reservoir in response to a predetermined condition, such as detection of malicious code or unauthorized access to information stored on the information handling system.
    Type: Application
    Filed: November 25, 2015
    Publication date: May 25, 2017
    Applicant: Dell Products L.P.
    Inventors: Stefan Peana, Munif M. Farhan, Mark A. Schwager, David M. Meyers, Brian Hargrove Leonard, Lawrence E. Knepper