Abstract: An image processing apparatus includes a request determining unit receiving an operation event indicating a request to use an image processing function and determining whether the request is from a guest user based on the received operation event; a guest login processing unit generating guest login information including a guest user identifier and access right information of the guest user if the request is from the guest user and sending a login request to request a login process for the guest user based on the guest login information; an access control unit disabling access control on the image processing function in response to the login request based on the access right information in the guest login information; and a usage history recording unit recording a usage history of the image processing function in association with the guest user based on the guest user identifier in the guest login information.

Abstract: Provided is a processing apparatus that authenticates a requestor in response to a request for performing predetermined processing. The processing apparatus executes the predetermined processing upon the authentication succeeding. Whether or not authentication is performed is set individually for each of the processing apparatus and an external apparatus of the processing apparatus that serve as the requestor. The authentication is performed in the case where authentication is set to be performed on the requestor that made the request.

Abstract: The present disclosure provides a cover for an electronic device and a biometric data apparatus for communication with an electronic device, wherein the biometric data apparatus comprises: a body; and a biometric data input element formed on the body; wherein at least part of the body is configured such that the biometric data apparatus may be releasably coupled to the electronic device when the cover for the electronic device is fitted to the electronic device.

Abstract: A method for authenticating a user includes generating an image for authentication based on at least one authenticated image based on an input image, and performing authentication based on the generated image for authentication.

Abstract: Providing access to electronic information. A first password string associated with a user is received. A second password string associated with the user and a rule for configuring and generating a third password string from the second password string is retrieved from a database. The rule specifies a dynamic element to insert in the second password string based on first contextual information associated with the user. The value of the specified dynamic element is determined based on second contextual information associated with the user. Based on the rule, the third password string is configured and generated from the second password string. It is determined that the first password string matches the third password string. Access to the electronic information is granted.

Abstract: A processor can be used to ensure that program code can only be used for a designed purpose and not exploited by malware. Embodiments of an illustrative processor can comprise logic operable to execute a program instruction and to distinguish whether the program instruction is a legitimate branch instruction or a non-legitimate branch instruction.

Abstract: A device for processing data includes: an input interface receiving input data; a processing unit processing data; and an encoding unit encoding data words which are obtained as input data at the input interface data in order to obtain encoded data words, the data words being encoded in such a way that a predefined portion of measured values which characterize the encoded data words and/or their processing by the device and which are ascertainable as a function of at least one physical variable of the device has a difference from a default value, the difference being less than or equal to a predefinable threshold value. The encoding unit executes an encoding rule for encoding the data words as a function of at least one encoding parameter, and the processing unit processes the encoded data words.

Abstract: Among other things, embodiments of the present disclosure help provide entities with the ability to remotely detect behavior associated with malware and identify compromised user-sessions, regardless of the malware variant or family, and independently of the page structure.

Abstract: A computer-implemented method for creating security profiles may include (1) identifying, within a computing environment, a new actor as a target for creating a new security behavior profile that defines expected behavior for the new actor, (2) identifying a weighted graph that connects the new actor as a node to other actors, (3) creating, by analyzing the weighted graph, the new security behavior profile based on the new actor's specific position within the weighted graph, (4) detecting a security anomaly by comparing actual behavior of the new actor within the computing environment with the new security behavior profile that defines expected behavior for the new actor, and (5) performing, by a computer security system, a remedial action in response to detecting the security anomaly. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for allocating resources to processes based on security risk. The methods include actions of receiving a request from a process executing on a system for an allocation of resources and identifying other processes executing on the system. Additional actions include determining, for each of the processes, a risk score that reflects a likelihood that the process is a malicious process and determining a resource allocation priority based on the risk scores of each of the processes. Further actions include allocating resources to the processes based on the resource allocation priority.

Abstract: The disclosed computer-implemented method for detecting text display manipulation attacks may include (1) extracting a file name from a file that is under evaluation for malicious content, (2) inspecting, by a software security system, the file name for at least one control character that manipulates how the file name is displayed, (3) determining, based on inspecting the file name, that the file name includes the control character that manipulates how the file name is displayed, and (4) performing, by the software security system, a security action based at least in part on the determination that the file name includes the control character. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: An apparatus, system, and method is disclosed for protecting against key logger malware. The protection includes protection form grabbing keylogger malware. In response to detecting a form submission event from a browser associated with a user entering data into a form, confidential data is cleared to prevent it being captured by malware. Additional protection of data inputs, entered at a driver level, may be provided as an additional level of protection against hook based malware operating at a virtual keyboard level or operating system level. Data inputs received at a physical driver level may be protected as they pass through a virtual keyboard level and an operating system level. The projection against malware may be provided as a preventive measure that does not require detection of the key logger malware itself.

Abstract: An apparatus for protecting BIOS, including a BIOS ROM, a detector, a generator, JTAG control, a machine specific register, and a controller. The BIOS ROM stores plaintext and an encrypted digest that is an encrypted version of a first digest corresponding to BIOS contents. The detector generates an interrupt at a combination of prescribed intervals and event occurrences, accesses the BIOS contents and the encrypted digest upon the interrupt, and directs a microprocessor to generate a second digest of the BIOS contents and a decrypted digest corresponding to the encrypted digest, compares the second digest with the decrypted digest, and precludes operation of the microprocessor when the second digest and decrypted digest are unequal. A random number is generated at completion of a current BIOS check, and sets a following prescribed interval. JTAG control programs the combination of prescribed intervals and event occurrences.

Abstract: Generally, this disclosure provides methods and systems for dynamic feature enhancement in client server applications and for high volume server deployment with dynamic app store integration and further enable the delivery of a secure server in a pre-configured turnkey state through an automated process with increased efficiency tailored to mass production. The system may include a server application module configured to receive request packets from, and send response packets to, a web based client application, the packets comprising input data, output data and control commands associated with a feature; and a script engine module coupled to the server application module, the script engine module configured to identify a plug-in application on a remote server, download the plug-in application and execute the plug-in application under control of the server application module, wherein the plug-in application implements the feature.

Abstract: A model representing system components and events of a plurality of monitored devices as data objects is described herein. The model resides on a security service cloud and is updated in substantially real-time, as security-relevant information about the system components and events is received by the security service cloud. Each data object in the model has a scope and different actions are taken by security service cloud modules depending on different data object scopes. Further, the security service cloud maintains a model specific to each monitored device built in substantially real-time as the security-relevant information from that device is received. The security service cloud utilizes these device-specific models to detect security concerns and respond to those concerns in substantially real-time.

Abstract: The present disclosure is directed to a system, method, and computer program for detecting and assessing security risks in an enterprise's computer network. A behavior model is built for a user in the network based on the user's interactions with the network, wherein a behavior model for a user indicates client device(s), server(s), and resources used by the user. The user's behavior during a period of time is compared to the user's behavior model. A risk assessment is calculated for the period of time based at least in part on the comparison between the user's behavior and the user's behavior model, wherein any one of certain anomalies between the user's behavior and the user's behavior model increase the risk assessment.

Abstract: In a system for detecting composite vulnerabilities associated with a process or a context, individual defects/vulnerabilities in a software system/application are identified and clustered into two or more classes of defects, where each class includes one or more defects of related types. Given a pattern of defects of different types, where the pattern represents a composite vulnerability, it is determined by searching in the clusters, if the software system/application includes all of the defects/vulnerabilities associated with that pattern.

Abstract: Determining which snapshot deltas tend to occur in: (i) healthy virtual machines (VMs) that have been subject to an attack yet remained healthy, and/or (ii) unhealthy VMs that have apparently been adversely affected by an attack. Snapshot deltas that occur in at least some (or more preferably all) of the healthy VM subset provide information about software changes (for example, updates, configuration changes) that may be helpful. Snapshot deltas that occur in at least some (or more preferably all) of the unhealthy VM subsets provide information about software changes (for example, updates, configuration changes) that may be unhelpful.

Abstract: Methods, devices, systems, and computer program products for implementing a bio-medical sensing platform are provided herein. A method includes receiving one or more items of sensed biological data and/or sensor-related information from one or more sensor devices via a communication link established with the one or more sensor devices, wherein the one or more sensor devices are associated with a given user; analyzing the one or more items of sensed biological data and/or sensor-related information to perform one or more characterization functions pertaining to the one or more items of biological data and/or the given user; and transferring the one or more items of sensed biological data and/or sensor-related information and/or a result of the one or more characterization functions to a private storage component via a communication link established with the private storage component, wherein said transferring comprises implementing one or more security functions in conjunction with said transferring.

Abstract: Disclosed is an apparatus and method to securely activate or revoke a key. For example, the apparatus may comprise: a storage device to store a plurality of pre-stored keys; a communication interface to receive an activate key command and a certificate associated with one of the pre-stored keys; and a processor. The processor may be coupled to the storage device and the communication interface and may be configured to: implement the activate key command to reboot the apparatus with the pre-stored key and the certificate; and determine if the reboot is successful.

Abstract: An example method for managing data in accordance with aspects of the present disclosure includes receiving from a user in the computer network environment a policy about how a piece of data should be treated, an encryption of the piece of data, a signature of a cryptographic hash of the policy and a cryptographic key, requesting from a trust authority the cryptographic key to access the piece of data, transmitting an encryption of at least one share to the trust authority, wherein the at least one share is created by and received from the trust authority, receiving from the trust authority the cryptographic key, wherein the cryptographic key is recreated by a combiner using a subset of the at least one share, shares associated with the trust authority and shares associated with the combiner, and decrypting the encryption of the piece of data using the recreated cryptographic key.

Abstract: A system for spreadsheet region and cell sharing permissions includes an interface and a processor. An interface is to receive a request to display a subset of a spreadsheet document. A processor is to: determine whether to enable display access to the subset of the spreadsheet document based at least in part on a set of user access descriptors; in the event that display access is enabled, provide data associated with the subset of the spreadsheet document for display; and in the event that display access is not enabled, provide an indication of access denial for display.

Abstract: The present invention provides methods for using abstractions of people, including dynamic and static groups of people, to enhance the efficiency of the specification and automation of policies for sharing information between users with a “need-to-know.” An instance of the present invention can also provide these users information based on a “time-to-know.” By providing access to information based on group affiliation and properties of the content of the information, the present invention maintains optimal information privacy while minimizing encumbrances to sharing data with appropriate users and even at appropriate times. The present invention can be integrated with other communication technologies to facilitate access to information in a time appropriate manner. Other instances of the present invention employ automated and semi-automated, mixed-initiative techniques, to make information-sharing decisions.

Abstract: Methods and systems for a networked storage environment are provided. For example, one method includes generating by a processor in response to a request, a storage service level class (SLC) defined by a storage attribute and a protection SLC defined by a protection attribute for a storage item managed by a storage server, where the storage attribute provides a performance level for the storage item and the protection attribute provides a protection level for the storage item; identifying by the processor, a first resource for complying with the storage attribute of the storage SLC for storing the storage item; configuring a second resource for complying with the protection attribute of the protection SLC for storing information associated with the storage item; and monitoring the first resource for compliance with the storage attribute for the storage SLC.

Abstract: A system and method for scheduling data transfers between systems. One or more data requesting systems may request access to particular data. The request for access to the particular data may correspond to a request that a task to be performed. The task may be to exchange the particular data between a data accessing system having access to the particular data and a data requesting system requesting access to the particular data. The communication exchange may be scheduled for processing. In some embodiments, the communication exchange may be initiated based on a parameter included in the request that the task be performed.

Abstract: In one embodiment, a computer-implemented method includes extracting first key derivation data from a first row of data to be stored in a database, where the database includes two or more rows of data. A first encryption subkey is generated, by a computer processor, by combining the first key derivation data with a static key. One or more sensitive fields in each row of the two or more rows of the database are encrypted using a unique corresponding encryption subkey for the row, and the first encryption subkey is unique to the first row among the two or more rows of the database. The one or more sensitive fields in the first row of data are encrypted with format-preserving encryption using the first encryption subkey. The first row of data, including the encrypted one or more sensitive fields, are stored in the database.

Abstract: A system and method to secure information displayed on the screen of a computing device is provided in which an image to be displayed is algorithmically distorted and thereafter displayed on a display device. To properly view the image, a user must use decoding eyewear which will correct for the applied distortion. The displayed image is thereby rendered unviewable to casual observers and passers-by.

Abstract: In an example, a client-server platform identity architecture is disclosed. The platform identity architecture may be used to enable a venue operator to provide online services and to collect telemetry data and metrics while giving end users greater control over privacy. When entering a compatible venue, the user's device generates a signed temporary pseudonymous identity (TPI) in secure hardware or software. Any telemetry uploaded to the venue server includes the signature so that the server can verify that the data are valid. The TPI may have a built-in expiry. The venue server may thus receive useful tracking data during the term of the TPI, while the user is assured that the data are not kept permanently or correlated to personally-identifying information.

Abstract: Methods, devices, systems, and non-transitory process-readable storage media manage unwanted tracking by evaluating conditions encountered by a browser application during sessions with websites. Embodiment methods performed by a processor of a computing device may include operations for identifying predefined browsing execution conditions encountered by the computing device during a session with a website, determining whether unwanted tracking of the computing device likely exists based on the identified predefined browsing execution conditions, and performing a corrective action in response to determining that the unwanted tracking of the computing device likely exists based on the identified predefined browsing execution conditions. Embodiment methods may also include operations for identifying a type of condition for each of the predefined browsing execution conditions and determining whether a number of each type of condition exceeds a predefined threshold for each type of condition for the session.

Abstract: A method of encoding and an encoder are provided. The method includes generating first one-hot bits for most significant bits (MSBs) and second one-hot bits for least significant bits (LSBs) using input one-hot bits; encoding the first one-hot bits to the MSBs and complementary MSBs through a first logical operation using a cross-connection; and encoding the second one-hot bits to the LSBs and complementary LSBs through a second logical operation using a cross-connection. The encoder includes a first bit generator, a first encoder, a second bit generator and a second encoder.

Abstract: A microprocessor conditionally grants a request to switch from a normal execution mode in which encrypted instructions cannot be executed, into a secure execution mode (SEM). Thereafter, the microprocessor executes a plurality of instructions, including a store-key instruction to write a set of one or more cryptographic key values into a secure memory of the microprocessor. After fetching an encrypted program from an instruction cache, the microprocessor decrypts the encrypted program into plaintext instructions using decryption logic within the microprocessor's instruction-processing pipeline.

Abstract: A system includes a removable or replaceable I/O interface (e.g., a panel and associated electronics card). In one embodiment, a security device includes an FPGA I/O array that can be programmed for different interfaces. The interchangeable I/O panel and card is designed with a selected interface's matching physical electronics and connectors. This permits the main physical chassis of a security device to remain unchanged and avoid re-design, so that a user can readily use different interface options that can be changed by the user.

Abstract: The present disclosure is directed to a flexible counter system for memory protection. In general, a counter system for supporting memory protection operations in a device may be made more efficient utilizing flexible counter structures. A device may comprise a processing module and a memory module. A flexible counter system in the memory module may comprise at least one data line including a plurality of counters. The bit-size of the counters may be reduced and/or varied from existing implementations through an overflow counter that may account for smaller counters entering an overflow state. Counters that utilize the overflow counter may be identified using a bit indicator. In at least one embodiment selectors corresponding to each of the plurality of counters may be able to map particular memory locations to particular counters.

Abstract: A device securely accesses data in a memory via an addressing unit which provides a memory interface for interfacing to a memory, a core interface for interfacing to a core processor and a first and second security interface. The device includes a security processor HSM for performing at least one security operation on the data and a remapping unit MMAP. The remapping unit enables the security processor to be accessed by the core processor via the first security interface and to access the memory device via the second security interface according to a remapping structure for making accessible processed data based on memory data. The device provides a clear view on encrypted memory data without requiring system memory for storing the clear data.

Abstract: An anti-tampering system and method typically featuring a printed circuit board with anti-tamper protection circuitry powered by a power source. Switching circuitry is coupled between the power source and the anti-tamper protection circuitry. A transducer outputs a signal to the switching circuitry electrically connecting the power source to the anti-tamper protection circuitry in response to a tampering event. The switching circuitry otherwise disconnects the power source from the anti-tamper protection circuitry to save power.

Abstract: An identifier made using a silicon film. The silicon film has a varying optical index of refraction. The varying optical index of refraction reflects one or more spectral peaks when illuminated with light. The one or more spectral peaks includes a reference peak. The silicon film is fragmented and then oxidized.

Abstract: An IC card reader may comprise a first interface unit that communicates with an IC chip of an IC card by using a first communication mode, a second interface unit that communicates with the IC chip by using a second communication mode, and a control unit that controls the first and second interface units, and reads data from the IC chip through an interface unit, which first receives a response message from the IC chip, between the first and second interface units.

Abstract: An information processing system includes an information bearing medium and an information reading unit. The information bearing medium has a two-dimensional array of unit data zones. Marks are provided on some of the unit data zones so as to form a digital code. Mark patterns of any two Y-directional adjacent unit data zone strings based on the arrangement of marks in an X-direction differ from each other. The information reading unit generates a data string on the basis of a unit signal formed from a plurality of signals output from a group of detection units that detect the marks in synchronization and recognizes the digital code of the information bearing medium on the basis of a group of the data strings sequentially obtained from the array of the unit data zones.

Abstract: A transaction terminal device is provided. The device includes a magnetic head module that supports a magnetic head which reads a magnetic card. A plurality of communication antennas that communicate according to different standards are arranged at a same end of a housing as the magnetic head module. The magnetic head module includes a line-shaped metal urging member that exerts urging force to the magnetic head in a passing path direction of the magnetic card. The line-shaped metal urging member has a first straight portion exerting the urging force to the magnetic head in a direction perpendicular to the first straight portion when viewed from a side view of the transaction terminal device. Even though a communication antenna is arranged close to the magnetic head, a reradiated radio wave generated from the metal urging member of the magnetic head is reduced.

Abstract: A register for counting and tracking items in a bag comprises a manifest and an RFID reader. The RFID reader is used to query a plurality of RFID tags attached to items contained in the bag. The register creates reports counting and/or identifying changes to items contained in the bag while the bag is routed and/or items in the bag are processed for a customer.

Abstract: An object detection system includes a reader waveguide (101) formed as an open transmission line, an RFID tag (102) placed above the reader waveguide (101), a signal strength acquisition unit (103) that acquires signal strength of a read signal read from the RFID tag (102) by electromagnetic coupling through the reader waveguide (101), and an object detection unit (104) that detects physical characteristics of an object (105) corresponding to the acquired signal strength based on a relationship between a plurality of (three or more values of) signal strength of the read signal and physical characteristics of the object to be detected.

Abstract: A radio frequency identification (RFID) integrated circuit includes a transceiver and a processing device. The transceiver may to transmit a first continuous wave radio frequency (RF) signal to a bridge in a no-wire format via an antenna, where the transceiver is to start transmitting the modulated or continuous wave RF signal at a first amplitude value and increase an amplitude of the modulated or continuous wave RF signal to a second amplitude value at which an acknowledge (ACK) pulse is detected. The transceiver may receive a reflected wave RF signal in the no-wire format. The processing device may detect the ACK pulse in the reflected wave RF signal. The processing device may transmit a second modulated or continuous wave RF signal to the transceiver in the no-wire format.

Abstract: A method and apparatus for performing a process associated with an item to be imaged is disclosed. The process requires data associated with a plurality of required features of the item to be imaged. A handheld device is used to obtain a sequence of images. For at least a subset of the obtained images, a camera field of view is directed toward the item from different relative juxtapositions while obtaining the images. At least a subset of the obtained images are examined to identify the required features. Images are obtained until each of the required features are identified in at least one image. Feedback is provided to a user indicating at least one additional required features to be imaged, required features that have already been imaged and guidance indicating how to manipulate the handheld device to obtain images of additional required features.

Abstract: A light-transmissive window is positioned in direct, sealing contact with a chassis of an imaging module for reading a target by image capture. The chassis has a plurality of interior compartments, each having an opening. An imager, an aiming light source, and an illuminating light source are mounted on a common printed circuit board and individually contained in the compartments. The window covers each opening and environmentally seals, optically isolates, and resists entry of the light from the aiming and/or illuminating light sources into, the interior compartment.

Abstract: Targets are read by image capture with a substantially constant resolution over an extended range of working distances. Return light returning from a far-out target located at a far-out working distance is sensed by an array of pixels over a relatively narrow field of view, and over a relatively wide field of view when a close-in target is located at a close-in working distance. A controller processes the sensed return light from the far-out target only from a set of the pixels located in a central region of the array. For the close-in target, the controller groups all the pixels into bins, each bin having a plurality of the pixels, and processes the sensed return light from the close-in target from each of the bins.

Abstract: A device includes a recording medium housed in each of cells; an optically readable ID display part provided on a surface of the recording medium; an accessor that is movable to a position, which faces the ID display part, in an arrangement direction of the cells, and has an optical reading unit which optically reads an ID displayed in the ID display part; and a control unit that controls the optical reading unit. If the ID has not been read while the reading is tried a predetermined number of times, the control unit replaces the exposure value with another value to retry the reading. If the ID has not been read even though the exposure value was replaced a predetermined number of times, the control unit relatively moves the optical reading unit and the target cell and makes the optical reading unit read the ID again.

Abstract: A source image having a bit depth greater than eight is captured from a moving target. The source image is processed to obtain a plurality of target images each having a bit depth of eight. A memory stores the 8-bit target images. A processor obtains statistical data about the source image, and selects one of the stored 8-bit target images based on the statistical data. A controller efficiently decodes only the selected 8-bit target image.

Abstract: A grocery inventory tracking assembly includes a scanning unit has a scanner and an electronic memory. The scanner is electrically coupled to the electronic memory. The scanner may scan bar codes on grocery items. The electronic memory may store the bar codes thereby facilitating the electronic memory to track inventory of the grocery items. A mount is provided and the mount may be removably coupled to a support surface. The mount frictionally engages the scanning unit. Thus, the scanning unit may be retained on the support surface.

Abstract: A symbolic print-to-electronic media bridge system facilitates information flow across a computer network. Such a system can include a printed publication containing a print media instance with a printed symbolic key representation; a system agent with a media database having an electronic version of the print media instance stored therein; and a bridge agent having an output device and an optical input device to optically capture the printed symbolic key representation to provide a primary key. After such a capture, the bridge agent sends the primary key to the system agent, which references the electronic version and sends the same to the bridge agent for storage and subsequent output via the output device.

Abstract: An novel sensor is provided having a plurality of substantially parallel drive lines configured to transmit a signal into a surface of a proximally located object, and also a plurality of substantially parallel pickup lines oriented proximate the drive lines and electrically separated from the pickup lines to form intrinsic electrode pairs that are impedance sensitive at each of the drive and pickup proximal locations.