Abstract: A malicious code analysis device and method used on an external device connected via a USB cable. The malicious code analysis method includes connecting a malicious code analysis device to an analysis target terminal, on which malicious code is to be executed, from outside the analysis target terminal via a USB cable, multi-booting the analysis target terminal based on multiple Operating System (OS) image files stored in the malicious code analysis device, providing user input to the analysis target terminal so that malicious code is incapable of recognizing that a current environment is an analysis environment, and analyzing, by the malicious code analysis device, the malicious code in consideration of both data modified by the malicious code, among pieces of data corresponding to the multiple OS image files, and the user input.

Abstract: A trusted computing host is described that provides various security computations and other functions in a distributed multitenant and/or virtualized computing environment. The trusted host computing device can communicate with one or more host computing devices that host virtual machines to provide a number of security-related functions, including but not limited to boot firmware measurement, cryptographic key management, remote attestation, as well as security and forensics management. The trusted computing host maintains an isolated partition for each host computing device in the environment and communicates with peripheral cards on host computing devices in order to provide one or more security functions.

Abstract: A virtual universe system has a system and method for identifying spam avatars based upon the avatar's behavior characteristics through the use of Turing tests. The system may provide a Turing test unit for performing Turing tests and an analysis unit that compares the behavior characteristics of new or newly changed avatars against the behavior characteristics of known spam avatars to determine if the avatar has known spam avatar characteristics. It may further have a scoring system to calculate a spam score based upon similarities of the comparison and identifying the avatar as a spam avatar based upon the calculated spam score. It may further compare the calculated spam score with a spam score threshold wherein the avatar is identified as a spam avatar if the calculated spam score is equal to or greater than the calculated spam score.

Abstract: A system and method in a virtual universe (VU) system for identifying spam avatars based upon the avatars' multimedia characteristics may have a table that stores multimedia characteristics of known spam avatars. It further may have an analysis unit that compares the multimedia characteristics of avatars against the multimedia characteristics of known spam avatars to determine if the avatar has known spam avatar characteristics. It may further have a scoring system to calculate a spam score based upon the similarities of the comparison and identifying the avatar as a spam avatar based upon the calculated spam score. It may further compare the calculated spam score with a spam score threshold wherein the avatar is identified as a spam avatar if the calculated spam score is equal to or greater than the calculated spam score. Multimedia characteristics include graphics, audio, movement, interactivity, voice, etc.

Abstract: There is provided a method for improving security of computer resources, including obtaining raw memory snapshots of a computer memory of one or more computing systems during runtime of identical processes relating to a predetermined application or a service; forming a map of expected memory behaviour relating to the application or the service based on the obtained raw memory snapshots; monitoring the memory behaviour of a computing system during the execution of the same application or the service; comparing the monitored memory behaviour of the computing system with the formed map of expected memory behaviour; and in the event that a deviation from the expected memory behaviour is detected based on the comparison, triggering an alert.

Abstract: In one embodiment, a system for managing a virtualization environment comprises a plurality of host machines, one or more virtual disks comprising a plurality of storage devices, a virtualized file server (VFS) comprising a plurality of file server virtual machines (FSVMs), wherein each of the FSVMs is running on one of the host machines and conducts I/O transactions with the one or more virtual disks, and a virtualized file server self-healing system configured to identify one or more corrupt units of stored data at one or more levels of a storage hierarchy associated with the storage devices, wherein the levels comprise one or more of file level, filesystem level, and storage level, and when data corruption is detected, cause each FSVM on which at least a portion of the unit of stored data is located to recover the unit of stored data.

Abstract: A virtual machine transmits local files to a secure virtual machine hosted by a hypervisor for malware detection. When malware is detected, the secure virtual machine can responsively provide remediation code to the virtual machine on a temporary basis so that the virtual machine can perform suitable remediation without a permanent increase in size of the virtual machine.

Abstract: A small piece of hardware connects to a mobile device and filters out attacks and malicious code. Using the piece of hardware, a mobile device can be protected by greater security and possibly by the same level of security offered by its associated corporation/enterprise. In one embodiment, a mobile security system includes a connection mechanism for connecting to a data port of a mobile device and for communicating with the mobile device; a network connection module for acting as a gateway to a network; a security policy for determining whether to forward content intended for the mobile device to the mobile device; and a security engine for executing the security policy.

Abstract: Systems and methods for providing awareness of a host file system on a storage device are described. In one embodiment, a storage device includes a host interface and a file awareness block. The host interface provides an interface between a host and the storage device. The file awareness block provides an awareness of the host file system to the storage device.

Abstract: A method including collecting, by a processing device, raw data regarding an input to fill a form field. The method further includes converting, by the processing device, the raw data to test data, wherein the test represents behavioral characteristics of the entry of the input. The method further includes identifying a human characteristic model corresponding to the behavior characteristics of the entry of the input. The method further includes generating a predictor from a comparison of the test data against the corresponding human characteristic model. The predictor includes a score indicating a probability that the input originated from a human user or from a malicious code imitating the human user.

Abstract: Secure computer architectures, systems, and applications are provided herein. An exemplary system includes a legacy environment which is an off-the-shelf computing system, a trusted environment device that communicates with a network, and at least one peripheral that is communicatively coupled with the trusted environment device or having an authentication module.

Abstract: Systems, methods, circuits and computer-readable mediums for controlled secure code authentication are provided. In one aspect, a method performed by a host device includes transmitting a request to a client device, the request including a challenge for a property of a code stored within the client device, receiving a response to the request, the response comprising information associated with the property of the code, verifying correctness of the response based on the received information, and based on the verifying of the correctness of the response, determining that the code is an authorized code.

Abstract: Systems, methods, circuits and computer-readable mediums for controlled secure code authentication are provided. In one aspect, a non-transitory computer-readable storage medium having instructions stored thereon which, when executed by one or more processors, cause the one or more processors to perform a method including: sending a request to a client device, the request including a challenge for a property of a particular portion from among a plurality of portions of code stored within the client device, the challenge including data indicating a particular memory address range corresponding to the particular portion of the code, receiving a response to the request from the client device, the response including information associated with the property of the code, verifying correctness of the response based on the received information, and based on verifying correctness of the response, determining that the code is an authorized code.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to initialize a platform. An example disclosed apparatus includes a boot loader manager to prevent operating system loading in response to detecting a power-on condition, a context manager to retrieve first context information associated with the platform, and a policy manager to identify a first operating system based on the first context information, the policy manager to authorize the boot loader manager to load the first operating system.

Abstract: Methods and apparatus for validating a system include reading protected record data for a section of the system from a secure storage element, and verifying integrity of the section of the system using the record data. The secure storage element independently verifies that all record data and data to be written to the system is valid.

Abstract: A system for forecasting one or more threats on a Virtual Attack Domain of a Local Area or Wide Area Network, with a system comprising of: at least one Virtual Attack Domain, containing at least one device, as well as a Local Agent System, an External Data Agent, a Super-Agent System, an Internal Archival System, an Internal Parser System, an External Archival System, an External Parser System, an Internal Data Repository, an External Data Repository, an Internal Assets Repository, a Network Traffic Repository, and a Threat Prediction System. The Threat Prediction System comprising of a prediction modeling system, a learning system, and an alerting system. The learning system is responsible for updating the prediction modeling system. An Administrative System enables the selection of a Virtual Attack Domain for generating reports of threat forecast data and alerts and graphical maps representing the patterns and trends of threat forecast data for the selected Virtual Attack Domain.

Abstract: A pluggable trust architecture addresses the problem of establishing trust in hardware. The architecture has low impact on system performance and comprises a simple, user-supplied, and pluggable hardware element. The hardware element physically separates the untrusted components of a system from peripheral components that communicate with the external world. The invention only allows results of correct execution of software to be communicated externally.

Abstract: An electronic device and method for securely receiving and communicating confidential information. The device comprises a user-defined variable and programmable randomizer module that randomizes a display of at least one of a plurality of data components of a security data interface (“SDI”). Display features of the data components of the SDI, such as location, layout, movement, and/or sequence, are randomized and stored in memory, then driven by a display driver circuit (“DDC”) to generate the randomized SDI on a display device. An exemplary circular keypad SDI having digits from 0-9 has a random anchor position, continuous rotation and translational movement during or between data entry by a user to select credit card (“CC”) number via the SDI for a secure transaction that is resistant to detection and interception.

Abstract: A code protection method may include storing, using a processor of a computer, a package file that includes files for an application on a storage device of the computer; transforming, at the processor, a protection target method and/or function selected from a file that includes an execution code among the files, or converting or deleting a library file among the files; regenerating the package file by adding, to the package file, a first protection module file for restoring the transformed protection target method and/or function or a second protection module file for restoring the library file; and providing the regenerated package file over a network.

Abstract: According to an example, to authenticate a user of a computing device, a user login request with at least one primary credential is received from a computing device. At least one primary credential is validated to authenticate the user, and a first device token is created and transmitted to the computing device. A secondary credential is received from the computing device, and a server token and a reference to the server token is created. The server token is encrypted and stored and the server token reference is sent to computing device for use in a subsequent authentication with the secondary credential.

Abstract: According to an example, a performance of a predetermined action with regard to a data may be prevented. In the method, a first system call pertaining to the data may be intercepted and suspended. A determination may be made as to whether a second system call that is to be executed following execution of the first system call will result in performance of a predetermined action with regard to the data. In addition, an operation may be implemented on the first system call to prevent the performance of the predetermined action with regard to the data.

Abstract: Securing an endpoint against malicious activity includes encrypting a plurality of files on an endpoint to prevent unauthorized access to the plurality of files, receiving a request to access a file from a process executing on the endpoint, decrypting the file for the process, and monitoring a security state of the process. If the security state becomes a compromised state, a technique involves maintaining access to any open files (including the file decrypted for the process), prohibiting access to other files, and initiating a remediation of the process by facilitating a restart of the process. If the remediation is successful, access by the process to the plurality of files may be restored.

Abstract: Securing an endpoint against exposure to unsafe content includes encrypting files to prevent unauthorized access, and monitoring an exposure state of a process to potentially unsafe content by applying behavioral rules to determine whether the exposure state is either exposed or secure, where (1) the process is initially identified as secure, (2) the process is identified as exposed when the process opens a network connection to a URL that is not internal to an enterprise network of the endpoint and that has a poor reputation, (3) the process is identified as exposed when it opens a file identified as exposed, and (4) the process is identified as exposed when another exposed process opens a handle to the process. Access to the files may be restricted when the process is exposed by controlling access through a file system filter that conditionally decrypts files for the process according to its exposure state.

Abstract: An information processing system includes: a search system to search, for an image to be found, a database according to a search request and based on similarity thereof to a search key image, the database having the image and linkage information registered in association with each other, and transmit the linkage information to a transmitter of the request when the image is found; an acquisition unit to acquire an image captured by a terminal and the request with the captured image as the search key image; a search unit to perform the requested searching and transmit, to the terminal, the linkage information as a result of the searching; and a notification management unit to transfer permission information to a notification unit when the found image is a particular image, the permission information enabling identification of the terminal and indicating that providing a notification to the terminal is permitted.

Abstract: A security controller controls secure processing of queries in an encrypted relational database. A query controller receives, from a client device, a secure query in a format of an encrypted token generated using a structured query language (SQL) query in a conjunctive query form, and sends an encrypted response to the secure query to the client device. A search engine generates the encrypted response to the secure query by initiating a search on the encrypted relational database, without decrypting the secure query and without decrypting the encrypted multi-maps. The encrypted relational database includes encrypted multi-maps corresponding to a relational database hosted at the client device, and an encrypted dictionary, based on structured encryption, using structured encryption, in lieu of using property-preserving encryption (PPE), and in lieu of using fully homomorphic encryption (FHE).

Abstract: The present disclosure relates to providing scalable data verification. In some embodiments, a first device receives first data associated with a second device. The first device determines whether a first hash value generated by hashing the first data matches a second hash value received from the second device. Upon determining that the first and second hash values match, the first device stores the first data and the first hash value to a first data log associated with the second device. The first device determines whether a third hash value generated by hashing the first data log matches a fourth hash value received from the second device. The fourth hash value represents a hash of a second data log at the second device. Upon determining that the third and fourth hash values match, the first device updates a verification log to indicate that the first and second data logs match.

Abstract: In some embodiments, a device includes a memory and a processor. The memory is operatively coupled to the processor and configured to store encrypted personal data. The processor is configured to receive query and a personal identifier from a user. Based on the query, the processor further identifies and retrieves a portion of the associated encrypted personal data from the memory. Using the personal identifier, the processor produces decrypted personal data by decrypting a portion of the retrieved encrypted personal data. The processor is further configured to analyze the decrypted personal data to identify a result of the query. The result is sent to the user without sending the decrypted personal data.

Abstract: A client receives sensitive data to be tokenized. The client queries a token table with a portion of the sensitive data to determine if the token table includes a token mapped to the value of the portion of the sensitive data. If the mapping table does not include a token mapped to the value of the portion of the sensitive data, a candidate token is generated. The client queries a central token management system to determine if the candidate token collides with a token generated by or stored at another client. In some embodiments, the candidate token includes a value from a unique set of values assigned by the central token management system to the client, guaranteeing that the candidate token does not cause a collision. The client then tokenizes the sensitive data with the candidate token and stores the candidate token in the token table.

Abstract: Embodiments disclosed herein provide systems, methods, and computer readable media for indicating data object exposure in a cloud computing environment. In a particular embodiment, a method provides receiving information about a data object from the cloud computing environment. The method further provides analyzing the information to determine a plurality of exposure characteristics for the data object. The method further includes determining an indication of exposure of the data object based on the plurality of exposure characteristics.

Abstract: The privacy of linear queries on histograms is protected. A database containing private data is queried. Base decomposition is performed to recursively compute an orthonormal basis for the database space. Using correlated (or Gaussian) noise and/or least squares estimation, an answer having differential privacy is generated and provided in response to the query. In some implementations, the differential privacy is ?-differential privacy (pure differential privacy) or is (?,?)-differential privacy (i.e., approximate differential privacy). In some implementations, the data in the database may be dense. Such implementations may use correlated noise without using least squares estimation. In other implementations, the data in the database may be sparse. Such implementations may use least squares estimation with or without using correlated noise.

Abstract: [Object] To provide an information processing system, a storage medium and a control method through which a user privacy level in a telepresence system can be set depending on a counterpart.

Abstract: Exemplary embodiments are directed to a method and apparatus for storing data for a batch of manufactured items. The method comprises defining in a processor, using a lower limit identifier and an upper limit identifier, a range of unique item identifiers for the batch, wherein each manufactured item in the batch is allocated a unique item identifier falling within the range. The item identifiers are stored in allocated storage space. If an upper limit identifier is specified for each time interval, an amount of storage specified for all manufactured items during a production time period is calculated as a sum of a first product and a second product, the first product being a product of a production time and a size allocated to each upper limit identifier, and the second product being a product of the production time, a total number of manufactured items, and a percentage of unused identifiers.

Abstract: The invention provides methods and apparatus for analysis of images of direct part mark identification codes to measure and assess a print quality. Methods to assess the quality of a direct part mark identification code are presented that provide diagnostic information of a code that cannot be assessed using verification methods that require the results of a valid decoding step.

Abstract: Disclosed are fibers which contains identification fibers. The identification fibers can contain a plurality of distinct features, or taggants, which vary among the fibers and/or along the length of the identification fibers, a fiber band, or yarn. The disclosed embodiments also relate to the method for making and characterizing the fibers. Characterization of the fibers can include identifying distinct features, combinations of distinct features, and number of fibers with various combinations of distinct features and correlating the distinct features to supply chain information. The supply chain information can be used to track the fibers, fiber band, or yarn from manufacturing through intermediaries, conversion to final product, and/or the consumer.

Abstract: An RFID reader includes a transmitter, a receiver, and an evaluator. The receiver receives signals from RFID tags within a given number of slots of a time frame with a given frame size and provides a number of successful slots and a number of collided slots. The evaluator sets a modified frame size based on an estimated number of RFID tags which is determined based on the frame size, the number of successful slots, and the number of collided slots. The invention also refers to a corresponding method.

Abstract: The present invention discloses a type of integrated system and application method for dual-frequency multi-protocol multifunctional near field communication.

Abstract: A system and method for determining and tracking a location of a participant traveling along a route wherein the participant being tracked with an RFID tag using an RFID tag reader and a timing system, the system includes a location device associated with the RFID tag and has a location data receiver for receiving location information from a location providing source, and a wireless communication interface and time stamps each received location information, and transmits tag location data over the wireless interface, and a location detection device that is in wireless communication with the location device receives the transmitted tag location data, and transmits the received location data to the timing system, with the timing system associating the received location data with the RFID tag number as provided by the RFID tag reader provided tag reads of the RFID tag associated with the location device.

Abstract: RFID tags are used for many purpose including tracking. RFID interrogators are used to retrieve information from tags. In many applications, a plurality of RFID interrogators are required. Synchronization between interrogators in the same theatre of operation is critical to ensure that their broadcasts do not interfere with each other. In fixed RFID interrogator applications, RFID interrogators can be wired together allowing a channel to synchronize the transmissions of the RFID interrogators. Methods described herein can ensure that synchronization is maintained in the event of the failure of a synchronizing master. Furthermore, additional methods for synchronizing RFID interrogators in wireless applications are described allowing synchronization in the absence of wired connections between interrogators.

Abstract: A log scanning system and method for scanning a log load. Each individual log in the log load may have an ID element with a unique log ID data on at least one log end face. The system has a handheld scanner unit for free-form scanning by an operator over a load end face of the log load. The scanner unit has a depth sensor configured to capture a series of depth images of the load end face and a texture sensor configured to capture a series of texture images of the load end face during the load end face scan. The system also has a data processor(s) that receives and processes the depth and texture images captured from the scan.

Abstract: A sample processing or assay instrument includes a moveable support. The moveable support defines a first pocket configured to receive a first object having a first machine-readable mark. The moveable support defines a second pocket configured to receive a second object having a second machine-readable mark. The moveable support also includes a first fiducial machine-readable mark and a second fiducial machine-readable mark. The instrument also includes an image capture device that captures a first image including the first fiducial machine-readable mark and the first machine-readable mark of the first object. The image capture device captures a second image that includes the second fiducial machine-readable mark and the second machine-readable mark of the second object. The instrument also includes a processor configured to associate information decoded from the first and second machine-readable marks with first and second locations on the moveable support.

Abstract: The invention relates to a method of optically reading portions in relief on a side wall of a container (14), the method consisting in: using a light source to light a portion of interest with a peripheral incident light beam comprising non-parallel radial light rays; using specular reflection of the beam on the portion of interest and on the portions in relief (12) through an optical element (30) to form a plane image in the field of view of a two-dimensional photoelectric sensor (24); processing the image received by the sensor in order to detect the portions in relief; and causing the light source (34) that provides the peripheral incident light beam to move relative to the optical element in translation along the direction of the theoretical central axis (A1) in order to modify the contrast of the image received by the sensor between zones of the image that correspond to the portions in relief, and adjacent zones.

Abstract: An image enhancer device for use with an associated mobile electronic device having a digital camera. The image enhancer device includes an image manipulator coupled to a first region of a housing and configured to modify an optical path of the digital camera; an aimer having an aiming element configured to direct at least one aiming light beam towards an object of interest; an illuminator having an illumination element configured to direct at least one illumination light beam from the housing towards the object of interest; and electronics allowing for communication between the image enhancer device and the associated mobile electronic device. The image enhancer device forms a scan angle relative to a field of view of the digital camera of the mobile electronic device and allows for bar code imaging and/or native image processing with the digital camera of the associated mobile electronic device.

Abstract: Systems and methods for labeling, identifying, and tracking data related to consumable substance include encoded information related to the substance itself, its container, and/or an animal (e.g., human, feline, canine, livestock) intended to receive the substance in vivo.

Abstract: A reading apparatus includes an illuminator illuminating an optical symbol with blue light, an imager taking an image of the optical symbol illuminated with the blue light, and controller including a receiving circuit receiving the image taken by imager, a determination circuit determining whether or not the received image has a resolution equal to or higher than a predetermined reading resolution, an image acquisition circuit acquiring the received image as image data if the determination circuit determines that the received image has a resolution equal to or higher than the reading resolution, and a light adjusting circuit changing an illumination condition of the blue light if the determination circuit determines that the received image has a resolution less than the reading resolution.

Abstract: A method for generating a two-dimensional barcode, including: obtaining a protection-encoding pattern based on a mask pattern reference, the mask pattern reference being a reference for identifying a mask pattern that is applied to a module group, the module group being composed of a plurality of modules, each module being a unit cell constituting the two-dimensional barcode; obtaining a protection-encoded code block by protection-encoding a code block with the protection-encoding pattern, the code block having at least a data codeword; generating the module group based on the protection-encoded code block; and generating the two-dimensional barcode having the module group to which the mask pattern is applied.

Abstract: Described herein are systems and methods configured for serving pixel mapped content to one or more merchandising communication systems. A merchandising communication system may be included at a retail environment or other location. Pixel mapped content may include barcodes, text, and other desired content.

Abstract: A method for evaluating an output pattern printed on a medium is described. A reference pattern is stored. The output pattern is printed on the medium based correspondingly on the stored reference pattern. A scan based instance of the output pattern is rendered, which has a set of features at least corresponding to the printed output pattern and zero or more features additional thereto. A difference image, having the zero or more features of the rendered scan instance, is computed based on a comparison of the rendered scan instance to the stored reference pattern. Upon the zero or more features including at least one feature, the computed difference image is evaluated in relation to a proximity of at least one feature to locations pixels of the reference pattern.

Abstract: A fingerprint detection circuit includes: a detection electrode, where a first capacitance is formed between a finger and the detection electrode, a second capacitance is formed between the finger and a virtual ground, and a parasitic capacitance is formed between the detection electrode and the virtual ground; an amplifier, where an inverting input end of the amplifier is connected to the detection electrode and a non-inverting input end of the amplifier is connected to an excitation signal; and a feedback capacitance, where one end of the feedback capacitance is connected to the inverting input end of the amplifier, the other end of the feedback capacitance is connected to an output end of the amplifier, and the output end of the amplifier outputs an output signal of the fingerprint detection circuit. There is no need to connect an excitation signal to a finger of a user through an external electrode.

Abstract: The present invention provides a “C-Q-T” type capacitive fingerprint sensor with an integrator. The integrator comprises an amplifier, an integrating capacitor, a reference voltage and a reset circuit. By applying the present invention, linearity and sensitivity of the “C-Q-T” type capacitive fingerprint sensor are improved. During a conversion process of the “C-Q-T”, through introduction of the integrator, charge transfer quantities between a target capacitor and the integrating capacitor can be consistent for each time, so that a sensing equation is optimized, and better linearity is shown in the conversion process. As influence of a background capacitor and of a bus parasitic capacitor on the sensing equation is removed, the sensitivity of the “C-Q-T” type capacitive fingerprint sensor is improved.

Abstract: The present disclosure relates to a method and an apparatus for detecting pressure. The method includes: acquiring, via a fingerprint recognition sensor, a plurality of successive fingerprint images; recognizing sweat pores in the plurality of successive fingerprint images; determining a feature of the recognized sweat pores in the plurality of successive fingerprint images; and determining a changing trend of pressure applied on the fingerprint recognition sensor over time based on a changing trend of the feature of the recognized sweat pores across the plurality of successive fingerprint images.