Abstract: A medical information display apparatus according to an embodiment includes: a displaying unit which displays medical information; a study information acquiring part which acquires study information; a to-be-started-app determining part which determines a starting-target application group from the study information acquired by the study information acquiring part; and a controlling unit which displays, on the displaying unit, a plurality of pieces of medical information created respectively by applications in the start target application group determined by the to-be-started-app determining part.

Abstract: A medical documentation system and a CDI system may be linked together, or integrated, so there is a tie between the two systems that allows for a much more efficient and effective CDI process. In one disclosed embodiment, a medical documentation system transmits to a CDI system a structured data set including at least some information relating to one or more medical facts the medical documentation system automatically extracted from text documenting a patient encounter.

Abstract: A system includes a plurality of RFID chips affixed to medical items, a data collection engine device, and a server device. The data collection engine wirelessly transmits power to a first one of the RFID chips and receives first medical data from the first RFID chip while the first RFID chip is activated by the power receiver. The data collection engine generates a first message indicative of the first medical data to be sent to the server device. The server device can determine aspects of the medical items such as position and consumption based upon the first medical data.

Abstract: An information processing system includes one or more information processing devices and controls bidirectional communication of image data and audio data between a first information terminal used by a first user and a second information terminal used by a second user. The information processing system includes a calculation unit analyzing the image data and the audio data on the second user received from the second information terminal and calculating difference information that indicates a difference between a current state and a past state of the second user; an image generation unit superimposing the difference information on the image data received from the second information terminal, such that the difference information is displayed around a field where an image of the second user is placed; and a transmission unit transmitting, to the first information terminal, the image data on which the difference information is superimposed and the audio data.

Abstract: Embodiments develop a predictive dose-volume relationships for a radiation therapy treatment is provided. A system includes a memory area for storing data corresponding to a plurality of patients, wherein the data comprises a three-dimensional representation of the planning target volume and one or more organs-at-risk. The data further comprises an amount of radiation delivered to the planning target volume and the one or more organs-at-risk. The system further includes one or more processors programmed to access, from the memory area, the data and to develop a model that predicts dose-volume relationships using the three-dimensional representations of the planning target volume and the one or more organs-at-risk. The model is being derived from correlations between dose-volume relationships and calculated minimum distance vectors between discrete volume elements of the one or more organs-at-risk and a boundary surface of the planning target volume.

Abstract: A method of adjusting a patient's undesired hematocrit and/or hemoglobin concentration to a value within a desired range at a predetermined time with an erythropoiesis stimulating agent (ESA) regimen includes obtaining patient parameters required for input into a model for predicting the patient's hematocrit and/or hemoglobin concentration at a predetermined time with a selected ESA administration regimen, the model including iron homeostasis, and employing the patient parameters and an initially selected ESA administration regimen in the model to predict the patient's hematocrit and/or hemoglobin concentration at the predetermined time with the initially selected ESA administration regimen. The method then includes administering ESA to the patient with an ESA administration regimen predicted to adjust the patient's hematocrit and/or hemoglobin concentration to the desired range at the predetermined time. The method can be implemented in a hemodialysis system.

Abstract: Systems and methods for implementing and performing coaching-assisted content delivery and workflows are described. In one example, a goal-based workflow integrates with operations for suggesting and delivering content on behalf of professional users. The operations may be conducted in connection with a subscription or membership to an information service, and various interactions between a client user and a professional user through the information service. In further examples, the information service may track data for the human user, generate suggestions and playlists, manage the accomplishment of goals and logic triggers, and exchange communications, to facilitate the relationship between the professional user and the client user. In other further examples, the information system manages various data values used to provide prompts, reminders, motivators, and other forms of suggested content to the client user.

Abstract: A medication management system is described that is operable to determine whether a user is actually following a protocol, provide additional assistance to a user, starting with instructions, video instructions, and the like, and moving up to contact from a medication administrator if it is determined that the user would need such assistance in any medical adherence situation, including clinical trial settings, home care settings, healthcare administration locations, such as nursing homes, clinics, hospitals and the like. Suspicious activity on the part of a patient or other user of the system is identified and can be noted to a healthcare provider or other service provider where appropriate.

Abstract: Systems and methods for dispensing prescription medication from a medication-dispensing machine. In an embodiment, an identification of medication and patient information for an electronic prescription is received. A container of the identified medication is retrieved from a plurality of containers stocked within the machine. Each container comprises a first barcode. The first barcode is scanned, and a patient label is generated and applied to the retrieved container. An image of the retrieved container is captured and provided to a pharmacist over a network. After an approval is received over the network from the pharmacist, the retrieved container is released to a user.

Abstract: The present Invention relates to methods of treating subjects preparing to undergo surgery or methods of treating chronic disease and methods for reducing transfusions and a computer readable storage medium and a physical computing device for carrying out these methods which include: a) receiving a profile of said subject, in a physical computing device, including a level of hemoglobin of said subject, level of creatinine of said subject, and information regarding current or past history of disease; b) applying said level of hemoglobin and said level of creatinine, in said physical computing device, to determine level of transfusion risk; c) applying said information regarding current or past history of disease of said subject, in said physical computing device, to determine level of comorbidity; d) applying said level of hemoglobin, said level of transfusion risk, and said level of comorbidity, in said physical computing device, to determine a patient care plan.

Abstract: A processor based method for measuring dimensional properties of a photoresist profile by determining a number acid generators and quenchers within a photoresist volume, determining a number of photons absorbed by the photoresist volume, determining a number of the acid generators converted to acid, determining a number of acid and quencher reactions within the photoresist volume, calculating a development of the photoresist volume, producing with the processor a three-dimensional simulated scanning electron microscope image of the photoresist profile created by the development of the photoresist volume, and measuring the dimensional properties of the photoresist profile.

Abstract: A system and method for obtaining an authorization key to use a product utilizes a secured product identification code, which includes a serial number and at least one code that is generated based on a cryptographic algorithm.

Abstract: The present invention relates to data rights management and more particularly to a secured system and methodology and production system and methodology related thereto and to apparatus and methodology for production side systems and are consumer side systems for securely utilizing protected electronic data files of content (protected content), and further relates to controlled distribution, and regulating usage of the respective content on a recipient device (computing system) to be limited strictly to defined permitted uses, in accordance with usage rights (associated with the respective content to control usage of that respective content), on specifically restricted to a specific one particular recipient device (for a plurality of specific particular recipient devices), or usage on some or any authorized recipient device without restriction to any one in specific, to control use of the respective content as an application software program, exporting, modifying, executing as an application program, viewing,

Abstract: Embodiments of the present invention provide a subscription service for documenting, verifying, administering, and auditing use of entitled software products in third-party networked computing environments (e.g., a cloud computing environment). Specifically, aspects of the invention provide an Entitlement Brokering System (EBS) (also referred to as an entitlement broker) that reduces the risk associated with clients improperly running licensed software products on their computing infrastructure, thus increasing the reliability and auditability of the software product's entitlement status and accelerating intake of new or existing clients through automation of the entitlement verification process.

Abstract: Systems and methods described herein include wagering game systems that communicate with servers or other entities in a wagering game network using multicast groups. Data transmitted over the network for the multicast group is encrypted. Keys for the encryption and decryption of the data are generated based on a current key index for the multicast group, and a global passphrase. The global passphrase is not transmitted over the network.

Abstract: A computer implemented method for detecting input gesture events on a touchscreen of an electronic device and for unlocking the electronic device is disclosed. The method may include displaying, while the electronic device is in a locked state, a plurality of guidance lines on the touchscreen of the electronic device, detecting, during an input gesture event, guidance line crossings and calculating a number of guidance line crossings detected during the input gesture event. The method may also include converting a calculated number of detected guidance line crossings into at least one password digit, comparing a sequence of password digits to a stored password in the electronic device and unlocking, in response to comparing the sequence of password digits to the stored password, the electronic device.

Abstract: Mechanisms for controlling access to credentials are disclosed. A computing device receives, at a first time, a request associated with a user to initiate a plurality of actions against a computing resource of a plurality of computing resources, the request including a credential identifier that identifies a credential. A memory is accessed, based on the credential identifier, to retrieve the credential identified by the credential identifier that was stored in the memory at a time prior to the first time, the credential comprising authentication information configured to authenticate the plurality of actions to the computing resource. The computing device communicates the request and the authentication information to an orchestration engine for execution of the plurality of actions against the computing resource.

Abstract: Disclosed is a password authentication system and a password authentication method using continuous password authentication. In the password authentication system, a password is set using an original password and a shift value, and the password authentication system includes a password authentication unit configured to receive a password subjected to the shift value, apply the shift value inversely to the password to obtain the original password and perform authentication processing, a defense mode changing unit configured to change to a defense mode requiring continuous authentication of the password at least twice, and a defense mode control unit configured to require the user to continuously input a first password and a second password, and to determine the authentication of the password as a success and release the defense mode.

Abstract: Systems, methods and articles of manufacture providing analytically enhanced user interfaces and smart CAPTCHAs. The analytically enhanced user interfaces may collect information regarding a user's interaction with the user interface, and asynchronously transmit the collected information to a logging service. The smart CAPTCHAs may gather information regarding a user based on the input the user provides to the smart CAPTCHA.

Abstract: Methods, devices, and systems are provided to rapidly detect and prevent cyber-attacks that are enabled by either misuse of identity credentials or weaknesses within the identity credential lifecycle. An Identity Analytics and Intelligence Engine provides an automated process for the collection, exchange, analysis, correlation, and reporting of identity credential lifecycle data. The Identity Analytics and Intelligence Engine may be implemented as a Software as a Service (SaaS) capability. The Identity Analytics and Intelligence Engine applies Semantic Web concepts/technologies and graph databases to automatically capture the identity credential lifecycle data along with the associated data exchanges within one or more Trust Frameworks.

Abstract: A decryption device for decrypting a document encrypted using biometric information of an intended receiver of the document is provided. The decryption device comprises: an imaging device configured to capture an image of at least a portion of the document; a biometric detection device configured to detect biometric information of a user; a processor configured to decrypt at least the portion of the document using the captured image and the detected biometric information; and a display device configured to display at least the portion of the document decrypted by the processor.

Abstract: A method and an apparatus for detecting an accessory in an electronic device. A connection of accessory with an interface unit is detected. An analog signal in a predetermined frequency is generated. The generated analog signal is applied to an identification terminal of the interface unit. The applied analog signal is converted to a digital signal and the type of the accessory is identified based on the converted digital signal.

Abstract: A wearable device comprises a first member, a second member that is configured to move relative to the first member, a sensor disposed on the first member, one or more components disposed on the second member, and an authentication module. The sensor is configured to output a sense signal that is indicative of a distance between the sensor and at least one of the one or more components. When the wearable device is worn by a user, the wearable device may be authenticated. The sense signal indicates when at least a portion of the wearable device is opened and/or removed. The wearable device may be de-authenticated based at least in part on the sense signal indicating that a portion of the wearable device has been opened or removed.

Abstract: There is provided an information processing device including a first motion body that is a target for imaging performed by another information processing device, a detection unit configured to detect motion of the first motion body, and an authentication unit configured to decide whether to authenticate the another information processing device on the basis of a motion state of the first motion body that has been estimated by the another information processing device on the basis of a captured image acquired through the imaging and a motion state of the first motion body that has been detected by the detection unit.

Abstract: A package identifier for a package from which an application is installed on a computing device is obtained. The package identifier is assigned to each of one or more processes created for running the application and, for each of the one or more processes, whether the process is permitted to access a resource of the computing device is determined based at least in part on the package identifier.

Abstract: A method and apparatus for intrusion detection, the method comprising: receiving a description of a computerized system, the description comprising two or more entities, one or more attribute for each entity and one or more statistical rule related to relationship between the entities; receiving data related to activity of the computerized system, the data comprising two or more events; grouping the events into two or more groups associated with the entities; comparing the groups in accordance with the statistical rule, to identify a group not complying with any of the statistical rules.

Abstract: A system receives a request to filter access by a client device to content over a network and causes access to network content by said client device to be filtered.

Abstract: Methods, systems, and computer-readable media for providing contextual feedback to a user of a computer system upon detection of an invasion of the computer system are provided herein. An invasion of the computer system is detected and a contextually appropriate alert is selected from a set of alerts. The alert is played immediately upon detection of the invasion so that the user is alerted to the invasion within close temporal proximity to the user's action that resulted in the invasion of the computer system. In addition, details of the invasion are logged to a diagnostic log file for later use by support personnel in repairing the computer system.

Abstract: A computer-implemented method for detecting display-controlling malware may include (1) identifying a software program that is controlling a display of the computing device, (2) detecting one or more measures taken by the software program to prevent loss of control of the computing device display, (3) performing an analysis of the software program that may include determining, based on the measure taken by the software program to prevent loss of control of the computing device display, that the software program is suspicious and possibly includes display-controlling malware, and (4) performing a security action in response to determining that the software program is suspicious and possibly includes display-controlling malware. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A secure computer for secure transactions that includes an operating system, a processor, an identity security module, and a loss protection device. The operating system has built-in security features. The processor is manufactured with security features and configured to execute software in a virtualized state outside of the operating system. The computer includes or be able to create at least one virtualized monitoring application that operates outside of the operating system and. monitor system files and duplicate files of the system files for modification by malicious software, such that any of the duplicate files or system files determined to be modified by malicious software are restored to one of an original version or a known operative state and generates and communicates an alert indicating possible suspicious activity based on the determined modification.

Abstract: A method for analyzing a computing system includes the steps of at a first moment in time, scanning the resources of the computing system for indications of malware, at a second moment in time scanning the resources of the computing system for indications of malware and determining the system executable objects loaded on the computing system, determining malware system changes, identifying a relationship between the malware system changes and the system executable objects loaded on the computing system, and identifying as suspected malware the system executable objects loaded on the computing system which have a relationship with the malware system changes. The malware system changes include differences between the results of scanning the resources of the computing system for indications of malware at the second and first moment of time.

Abstract: In one embodiment a method comprises initiating, by a network attached storage device, a virus scan process on the network attached storage device, receiving, by the network attached storage device, a first file access request that identifies a file, and interrupting the virus scan process to respond to the first file access request.

Abstract: Circuits and methods for detecting, identifying and/or removing undesired content are provided. According to one embodiment, a system includes a co-processor (CP), a first memory, a general purpose processor (GPP) and a second memory. The first memory is associated with the CP and coupled to the CP. The first memory includes a first signature compiled for execution on the CP. The GPP is coupled to the CP. The second memory is associated with the GPP and coupled to the CP and to the GPP. The second memory includes a second signature compiled for execution on the GPP. The CP is operable to retrieve the first signature stored within the first memory through an instruction cache. The CP is operable to retrieve a data segment to be scanned for undesirable content stored within the second memory through a data cache that is separate from the instruction cache.

Abstract: A method and system are provided for performing an antivirus scan of a file on a virtual machine. An example method includes performing a first execution of the file on the virtual machine, recording a first log that includes an API function call and an internal event detected during execution, and determining if any signatures in the log are stored in a signatures database. Moreover, if no signatures in the first log are found in the first database of signatures, the file is classified as not malicious. In contrast, if at least one signature is found, a second execution of the file is perform and a second log is recorded that includes a detected internal event. Moreover, the method includes determining if any signatures in the second log are stored in a second database of signatures; and classifying the file as not malicious if no signatures are found.

Abstract: In an example, a system and method for outbreak pathology inference are described. In certain computational ecosystems, malware programs and other malicious objects may infect a machine, and then attempt to infect additional machines that are “networked” to the first machine. In some cases, the network may be a physical or logical network, such as an enterprise network. However, “social networking” may also connect one machine to another, because users may share files or data with one another over social networks. In that case, client devices may be equipped with a telemetry engine to gather and report data about the machine, while a system management server receives reported telemetry. The system management server may use both logical networks and social networks to infer potential outbreak paths and behaviors of malware.

Abstract: A device may detect or emulate a sequence of keystrokes to be used to detect a keystroke logger application. The device may determine a sequence of characters associated with the sequence of keystrokes. The sequence of characters may correspond to the sequence of keystrokes or a portion of the sequence of keystrokes. The device may search a memory for the sequence of characters. The device may determine that the sequence of characters is stored in the memory based on searching the memory for the sequence of characters. The device may perform an action to counteract the keystroke logger application based on determining that the sequence of characters is stored in the memory.

Abstract: Integrity validation of a network device may be performed. A network device comprising a secure hardware module, may receive a root key. The secure hardware module may also receive a first code measurement. The secure hardware module may provide a first key based on the root key and the first code measurement. The secure hardware module may receive a second code measurement and provide a second key based on the first key and the second code measurement. The release of keys based on code measurements may provide authentication in stages.

Abstract: Disclosed is a system and method for updating IOMMU (Input Output Memory Management Unit) tables for remapping DMA (Direct Memory Access) range for a requested bus device when the device is active.

Abstract: An “AR Privacy API” provides an API that allows applications and web browsers to use various content rendering abstractions to protect user privacy in a wide range of web-based immersive augmented reality (AR) scenarios. The AR Privacy API extends the traditional concept of “web pages” to immersive “web rooms” wherein any desired combination of existing or new 2D and 3D content is rendered within a user's room or other space. Advantageously, the AR Privacy API and associated rendering abstractions are useable by a wide variety of applications and web content for enhancing the user's room or other space with web-based immersive AR content. Further, the AR Privacy API is implemented using any existing or new web page coding platform, including, but not limited to HTML, XML, CSS, JavaScript, etc., thereby enabling existing web content and coding techniques to be smoothly integrated into a wide range of web room AR scenarios.

Abstract: The present invention relates to a method of managing switching from a first mode of operation to a second mode of operation a first processor in a processing device which comprises at least one other processor and a controller processor. The method comprises receiving a message which comprises a request to switch the first processor from a first to a second mode of operation; deciding whether the switching is appropriate; and upon decision of switching, switching the first processor from a first mode of operation to a second mode of operation according to the selected type of switching.

Abstract: The present invention is capable of determining the rights to a file based on providing a descriptor. The descriptor can be calculated using an algorithm, which may be cryptographic and/or non-cryptographic. The descriptor may further be based on the file contents, metadata of the file, other file data, or any combination thereof to uniquely identify the file in a shared file repository. Since the descriptor is generated based on file data it will be the same regardless of which user generates it. Accordingly, only one copy of the file needs to be maintained in the shared file repository, thereby reducing the amount of network bandwidth required to assure the file is backed up and further reducing the amount of storage required to backup the files. This results in a vastly more efficient method of backup in terms of processing time, network bandwidth, and storage requirements.

Abstract: According to some embodiments, a list of files comprising each file in a data repository that is associated with the website is determined. A list of user roles comprising each user role in the data repository that is associated with the website is determined. Each file in the list of files based on each user role in the list of user roles is attempted to be accessed and a report indicating the success or failure of the attempt to access each file in the list of files based on each user role in the list of user roles is created.

Abstract: In a hierarchical access permissions environment, a method for enabling efficient management of project-wise permissions including maintaining project-wise lists of network objects, access permissions to which cannot be managed together via a hierarchical folder structure and employing the project-wise lists of network objects to make project-wise changes in access permissions to the network objects without the need to individually modify access permissions to individual ones of the network objects.

Abstract: A secret sharing system transforms shares in ramp secret sharing to shares in homomorphic secret sharing. On a data distribution apparatus, a division part divides information a into N shares fa(n) using an arbitrary ramp secret sharing scheme S1. On each of distributed data transform apparatuses, a random number selecting part generates a random number vector ri whose elements are L random numbers ri1. A first random number division part divides the random number vector into N shares fri(n) using a ramp secret sharing scheme S1. A second random number division part divides each of the L random numbers ri1 into N shares gri,1(n) using an arbitrary secret sharing scheme S2. A disturbance part generates a share Ui by using a share fa(i) and shares fr?(i). A reconstruction part reconstructs L pieces of disturbance information c1 from shares U? by using the ramp secret sharing scheme S1.

Abstract: Provided is a document managing apparatus that can eliminate the complexity of operation related to designation of confidential information, and yet reliably prevents leakage of confidential information. First, a receiving circuit receives target files from a client terminal. Therefore, a file managing circuit manages, of the received target files, a file that is designated as confidential, having been subjected to output restriction, as a confidential designated file. In addition, the file managing circuit manages a file that is not designated as confidential, as a user file. In addition, the file analyzing circuit compares the user file with the confidential designated file. If the content of the user file is similar to the content of the confidential designated file at a rate equal to or higher than a certain value (for example, 80%), the file analyzing circuit applies output restriction to the user file.

Abstract: A method for encrypting on-screen contents, an electronic apparatus using the method, and a recording medium using the method are provided. The method is adapted for the electronic apparatus having a screen. In the method, contents are displayed on the screen. A user's operation is then detected to generate a trigger signal. The displayed contents are encrypted according to the trigger signal.

Abstract: A method implemented on an augmented reality (AR) electronic device includes initiating a security access code software application on the AR electronic device. A user of the AR electronic device is identified. A first electronic computing device at or near a current location of the user is identified. The first electronic computing device is an input device for entry of a security code to permit access to a protected asset. A determination is made as to whether the user is authorized to access the protected asset. When a determination is made that the user is authorized to access the protected asset, a security access code is displayed on the AR electronic device. The security access code permits the user to access the protected asset via the first electronic computing device.

Abstract: An efficient data deduplication method for use in a dispersed storage network (DSN). After a data object is received for storage in the DSN, it is determined whether a substantially identical data object has previously been encrypted and stored. The determination may be made, for example, by comparing an encryption key reference value relating to the data object to key reference information stored in DSN memory. If not detected, the data object is encrypted using an encryption key based on the data object. The encrypted data object is then compressed and stored. The encryption key and a key reference value are also stored as encoded key slices in DSN memory. If the data object was previously stored, it is encrypted using a retrieved encryption key that is substantially identical to the data object. The data object may then be compressed for storage using a pattern based data compression function.

Abstract: A device and software utilizing Global Positioning Satellite (GPS) technologies for monitoring and recovering portable computing devices and, a method and system for acquiring such devices, protecting data on such devices, and for compensating owners of devices. A GPS mechanism of the invention provides real time tracking of missing devices that may be coordinated with security agencies to intercept and recover missing computing devices. When a stolen device is unrecoverable, the invention may receive a signal to initiate data recovery where a wireless network is available to recover data for the owner. Alternatively, the GPS mechanism instructs the device to encrypt or destroy stored data files to prevent commercial espionage or privacy violations. The invention discloses a software system and method for computing a purchase price of the GPS mechanism, computing compensation for loss of the device and lost data.

Abstract: A method enables prefix search of cloud stored encrypted files that are encrypted using an order preserving encryption (OPE) algorithm. The encrypted text prefix search method generates a minimum possible plaintext string and a maximum possible plaintext string of the same character length including the search term as the prefix. The minimum and maximum possible plaintext strings are encrypted using the same order preserving encryption algorithm for the encrypted text. The method determines from the minimum ciphertext and the maximum ciphertext a set of common leading digits. The set of common leading digits is used as an OPE encrypted prefix search term and provided to a cloud storage service to search in the cloud stored encrypted files for encrypted text matching the OPE encrypted prefix search term.