Abstract: A computer-implemented method for identifying and assessing public health events, and a corresponding system and apparatus, includes capturing public health-related information from structured and unstructured sources, where the information is contained in one or more documents, extracting meta-data from the captured public health-related information, creating an index of the extracted meta-data; archiving the meta-data and the documents, where the index links meta-data to its associated document, processing the extracted meta-data according to one or more detection algorithms to determine if an anomaly exists, and where an anomaly exists, providing a public health event notification, and monitoring and evaluating the responses to the public health events.

Abstract: Apparatuses and methods are disclosed for identifying with a single, small, intelligent activity monitor a particular type of activity from among a plurality of different activities. The monitor may include a multi-axis accelerometer and microcontroller configured to combine and process accelerometer data so as to generate features representative of an activity. The features may be processed to identify a particular activity (e.g., running, biking, swimming) from among a plurality of different activities that may include activities not performed by a human subject. An intelligent activity monitor may be configured to operate as a versatile sensor, or to operate in combination with a versatile sensor, to further receive and process physiological data and compute a fitness metric for a subject.

Abstract: A clinical data management system (1) has databases (20), processors in servers (2-4) which are programmed to process clinical data and communicate with user interfaces and external systems interfaces, and at least one database. The system imports source data from disparate clinical site sources into staging databases at refresh intervals, maintains data models, and maps data from the staging databases into the data models, and feeds data from the data models into data delivery databases. There is a uniform refresh frequency for the staging databases. The system output is regularly updated data for clinical site performance, quality and risk metrics to a clinical study team. The data mapper servers identify each of a plurality of source data stages, and transform data from each stage to one or more data models according to one or more mapsets, each mapset defining a transformation.

Abstract: [Object] It is desirable to realize a more efficient coordination between the genetic analysis company and the medical institution. [Solution] Provided is an information processing device including: a data acquisition unit configured to acquire predetermined information; a determination unit configured to determine whether or not personal information of a subject has been set in the predetermined information; and an identification information provision unit configured to provide a medical institution terminal with user identification information required when the subject uses a service, in a case where it is determined that the personal information of the subject has not been set in the predetermined information.

Abstract: A streamlined workflow for digital rights management (DRM) licensing for content such as media assets is achieved via an authentication server establishing an authenticated session that is referenced by other processes, whereby a content grant may include a key to desired encrypted content with a portion of the content or content meta-data. The authentication server verifies the user's identity and provides a session grant including a session security mechanism, such as a token, session key, or negotiated secret. The session grant may be used to obtain a content authorization from a content router. The content authorization includes an address at which the content may be found and may be decorated with security mechanisms. The session grant and/or content authorization may include an entitlement record reflecting the user's entitlements to access content. The session grant and/or content authorization may be used to obtain a content grant from a content server.

Abstract: An exemplary virtual reality media content access control system (“system”) selectively provides access to virtual reality media content for experiencing by a user of a media player client device (“client device”). In certain examples, the system detects a request from the client device to access an immersive virtual reality world that includes a virtual object assigned an access permissions profile, determines an access key and a device key associated with the request, validates the access key and the device key associated with the request, determines metadata associated with the access key, and selectively provides, based on the access permissions profile for the virtual object and on at least one of the device key associated with the request and the metadata associated with the access key, access to the virtual object for experiencing by the user of the client device as part of the immersive virtual reality world.

Abstract: Systems and methods for creating and sharing protected content between individuals is disclosed. In one embodiment, a method for creating and sharing protected content between individuals may include (1) receiving foundation content; (2) receiving a selection of cover content; (3) receiving a selection of one or more unlock actions; (4) receiving a selection of one or more recipients for the protected content; (5) at least one computer processor creating a layered data file comprising the foundation content fully obscured by the cover content; (6) providing the one or more recipients access to the layered data file; (7) receiving an unlock action by the one or more recipients; (8) verifying, by the at least one computer processor, the unlock action; and (9) displaying to the one or more recipients the foundation content from the layered data file.

Abstract: Presented is a system and methods for receiving metadata, a decryption module and encrypted content from a cable headend, decrypting the encrypted content with the decryption module and presenting the decrypted content to a user. The client device can receive, load and execute any decryption module compatible with the system framework allowing flexibility in the choice or changing of client device manufacturer and/or Digital Rights Management system vendor.

Abstract: Methods, devices, systems and computer program products are provided for embedding and detection of a watermark message to and from an object-based composite content. One exemplary method includes for embedding a watermark message in an object-based composite content includes designating a plurality of content objects for carrying the watermark message comprising one or more watermark symbols in the composite object-based content that is generated according to an object-based encoding scheme. The method also includes obtaining a mapping of each watermark symbol to a temporal or spatial position of one or more of the designated content objects in the composite content, and embedding each watermark symbol by including each of the one or more of the designated content objects in the composite content in conformance with the temporal or spatial relationship provided by the mapping.

Abstract: A locator beacon (16) is configured to detect a nearby customer device (60), such as when a customer enters the store, and obtains identity information from the customer device (60). A server device (20) coupled to the locator beacon (16) receives the identity information and retrieves corresponding order information from an order database (28). At least one in-store device, such as a pair of wearable smart glasses (30a), is coupled to the server device (20) and is configured to receive the order information from the server (20) and display the order information to facilitate collection by the customer of one or more product items relating to the order.

Abstract: A visual motion CAPTCHA.

Abstract: A system includes a wearable device having at least one sensor configured to determine a user's fingerprint data, at least one data storage device containing authentication data, and at least one processor configured to compare the user's fingerprint data with the authentication data in order to authenticate a user. A method of authenticating a wearable device includes producing a fingerprint, determining fingerprint data derived from the fingerprint with one or more sensors, comparing the fingerprint data with authentication data on one or more data storage devices, and authenticating the user if the fingerprint data and the authentication data match.

Abstract: A system may include a sensing device and an application device. The sensing device includes an imaging device, an image processing unit that detects a whole or part of a person from an image captured with the imaging device as a sensing target and extracts information on the detected sensing target, and a wireless communication unit that transmits the sensing result including the information extracted by the image processing unit through wireless communication. The application device includes a communication unit that receives the sensing result from the sensing device and an application processing unit that performs processing using information included in the sensing result received by the communication unit. The information transmitted from the sensing device as the sensing result includes neither a person's image nor information that can directly identify an individual.

Abstract: The present invention provides an apparatus and a method for improving terminal security to improve security of a terminal. The method in the present invention includes: displaying, by the terminal, a randomly generated dynamic password on a display interface, and starting a voice receiving device of the terminal; obtaining by using the voice receiving device, voice information when a user reads the dynamic password, converting the voice information into a text password, and extracting a voiceprint feature of the voice information; and when the text password is the same as the dynamic password, determining terminal usage permission of the user according to a prestored correspondence between terminal usage permission and a voiceprint feature, and setting the display interface to an unlocked or locked state according to the determined terminal usage permission; or setting the display interface to a locked state when the text password is different from the dynamic password.

Abstract: A device and method, the purpose of which is to secure digital fingerprint reading by sequential optical captures with optimization of the exposures to light. At least one of the illumination and detection parameters is adjusted as a function of the acquisition conditions (physiological condition of the epidermis, exposure to ambient light) owing to the means of control.

Abstract: Described herein are devices and techniques for remotely controlling user access to a restricted computer resource. The process includes obtaining an image from equipment of a user, wherein the image includes an indication of an individual and an indication of a local environment. The individual is identified within the image to obtain an identification of the individual, and the local environment is determined as a predetermined local environment based on the identification of the local environment. Access to a restricted computing resource is facilitated based on the determining that the individual is the user and that the local environment is the predetermined local environment. Other embodiments are disclosed.

Abstract: A user interface control method executed in a security-locked electronic device with a touch screen detects an i-th sliding operation on the touch screen, wherein 1?i?n. An i-th set of unlocking sub-password is obtained by analyzing a slide starting point, a sliding track, and an ending point of the i-th sliding operation. The i-th set of unlocking sub-password comprises a character corresponding to a key at the starting point and a sliding distance corresponding to the i-th sliding operation. The user interface of the electronic device is unlocked when I sets of unlocking sub-passwords are the same as preset N sets of standard sub-passwords. Positions of the characters in an array of keys in the user interface are adjusted according to the i-th sliding operation.

Abstract: The invention relates to a computer system (10) and to a method for authenticating a user device (Bm) associated with a user during the process of logging into a server (20), wherein the user device (Bm) belongs to a user device group (B1-Bn) known to the server (20) and has both a user ID (IDBm) and a password (PBm), which are known to the server (20).

Abstract: An account management server, a communication device and a service device are provided for managing access to an account.

Abstract: In response to a user access request, a media object containing a plurality of media components is constructed and transmitted to the user. At least one of the media components has been categorized as having different degrees of relevance to humans from a first culture/geographical location and humans from a second culture/geographical location. The user is prompted to solve a puzzle by selecting one or more of the media components or rearranging a location, size, appearance, or orientation of one or more of the media components. A description of an action performed by the user in response to the prompting is obtained. A determination is made, based on the obtained description of the action performed by the user, whether the user is more likely to be a human from the first culture/geographical location or a machine or a human from outside the first culture/geographical location.

Abstract: Various embodiments are generally directed to an apparatus, method and other techniques to determine a valid target address for a branch instruction from information stored in a relocation table, a linkage table, or both, the relocation table and the linkage table associated with a binary file and store the valid target address in a table in memory, the valid target address to validate a target address for a translated portion of a routine of the binary file.

Abstract: A method for runtime analysis of a software program (24) written in a scripting language. The method includes, before running the software program, adding patching code in the scripting language to the software program so as to define a proxy method that is to run in place of an existing method in the software program and comprises logic configured to provide information that is associated with operation of the existing method at runtime. Upon running the software program with the added patching code on a computer 32, the information provided by the logic in the proxy method is received and acted upon.

Abstract: This disclosure provides techniques for pooling and searching network security events reported by multiple sources. As information representing a security event is received from one source, it is searched against a central or distributed database representing events reported from multiple, diverse sources (e.g., different client networks). Either the search or correlated results can be filtered and/or routed according at least one characteristic associated with the networks, for example, to limit correlation to events reported by what are presumed to be similarly situated networks. The disclosed techniques facilitate faster identification of high-relevancy security event information, and thereby help facilitate faster threat identification and mitigation. Various techniques can be implemented as standalone software (e.g., for use by a private network) or for a central pooling and/or query service. This disclosure also provides different examples of actions that can be taken in response to search results.

Abstract: In one or more examples, there is disclosed a system and method of detecting agent presence for self-healing. An out-of-band monitoring process, such as Intel® AMT, or any process in firmware executing on a co-processor, may monitor one or more processes to determine if one goes down or otherwise meets a security criterion. Crashed processes may be reported to an enterprise security controller (ESC). The ESC may notice trends among affected machines and instruct the machines to take appropriate remedial action, such as booting from a remedial image.

Abstract: Systems and methods to detect and neutralize malware infected electronic communications are described. The system receives, at a server, a request for interface information from a client machine. The system generates interface information. The interface information includes at least one input mechanism and countermeasure information. The at least one input mechanism is authorized for being included in a user interface to receive the user information at the client machine. The countermeasure information is for detecting whether the interface information is being modified to include an input mechanism that is not authorized to receive user information at the client machine. The system communicates the interface information, over the network, to the client machine.

Abstract: The present invention provides a method, apparatus, system, device and a computer storage medium for treating virus. A client reports a scan log to a cloud service platform, and/or reports virus family information to the cloud service platform after the virus family information is identified based on the scan log. The cloud service platform identifies the scan log to obtain virus family information, and/or issues the virus removal instruction corresponding to the virus family information to the client after receiving the virus family information from the client, for the client to execute the virus removal instruction. Compared with the method of simply performing the behavior analysis and deleting files by the client, it is more advantageous that the method of the present invention issues virus removal instructions regarding the virus family information from the cloud, the virus treating is more personalized and precise, and the security of the machine system is improved.

Abstract: A global response network collects, analyzes, and distributes “cross-vector” threat-related information between security systems to allow for an intelligent, collaborative, and comprehensive real-time response.

Abstract: In one embodiment of file integrity preservation in accordance with the present description, a file is subdivided into a plurality of subfiles, and a write update originally targeted for a portion of that file contained within one of the subfiles, is instead directed to a temporary copy subfile. As a consequence, the temporary copy subfile which is updated with the write data, may be scanned for viruses or other malware separately from the original file and its corresponding original subfile. If the temporary copy subfile passes the scanning test, the originally targeted file may be updated with the updated contents of the clean temporary copy subfile. Conversely, in the event that the write update introduced malicious software to the temporary copy subfile, the original file and its corresponding original subfile remain uncontaminated by the write update. Other aspects are also described.

Abstract: Provided are a method and device for preventing the application in an operating system from being uninstalled. The method includes monitoring the operation which creates log contents in a log system of the operating system; determining whether the operation is to uninstall the application based on the log contents; displaying a prompt whether it is agreed to uninstall the application, if the operation is to uninstall the application. Therefore, the method may prevent the malicious software from uninstalling maliciously, enhancing the security of the intelligent terminal.

Abstract: A security solution can be implemented using a layering system. By using a layering system, any changes that are made to a computing system can be isolated within a separate write layer. Due to this isolation, the changes, which may even be malicious, can be evaluated without fear that the resources in other layers will be negatively affected. In this way, even security threats that are still unknown to antivirus solutions (so-called zero-day attacks) can be prevented from harming the system.

Abstract: In one embodiment, a software application that is downloaded from an untrusted source is marked, based on the untrusted classification of the source, to be translocated when the software application is launched. When the software application is launched it is translocated, through a mirroring file system, to a random mount point that is a partial bind mount to the real file system that stores the image of the software application (e.g. the image of the software application's bundle).

Abstract: A control graph representing a model of data flow of a computer program can be generated during a static analysis. Respective edge weights can be assigned to edges of a plurality of paths in the control flow graph. A size of the uniform-cost search method can be dynmically configured based on a size of the control flow graph. A total edge weight for the considered paths can be determined based the edge weights assigned to the respective edges of the considered path. At least one path of the considered paths in the control flow graph whose total edge weight satisfies a particular total edge weight criteria can be identified. The control flow graph can be updated to indicate to a user the at least one path in the control flow graph whose total edge weight satisfies the particular total edge weight criteria.

Abstract: Disclosed are various embodiments for identifying characteristics of developers of problematic software. Report data generated by a security analysis tool is received, which is based at least in part on a security analysis of a program or an operational configuration. The report data indicates one or more security issues identified in the program or the operational configuration. A user is identified who is responsible for at least a threshold impact of the security issue(s). Coding or configuration characteristics associated with the user are then determined.

Abstract: Described is a system for obfuscating a computer program. Sensitive data of an unprotected computer program is received as input. A random oracle is used to algebraically hide a set of polynomial-size point functions representing the sensitive data. The system outputs a set of obfuscated instructions internally hiding the sensitive data. The set of obfuscated instructions are used to transform the unprotected computer program into a protected, obfuscated computer program that is accepting of the set of polynomial-size point functions. The obfuscated computer program is written to a non-volatile computer-readable medium.

Abstract: A system for auditing physical access to at least one resource includes a static permission database containing a plurality of static permission records identifying access permissions for at least one credential holder to the at least one resource, a policy database containing a plurality of policies, a processor to execute at least one policy of the plurality of policies to generate an outcome of execution of at least one policy to compare the outcome of execution of at least one policy with at least one appropriate static permission records of the plurality of static permission records, and a scheduler to trigger the processor to execute and compare the outcome of execution of at least one policy with the at least one appropriate static permission records in response to at least one of an occasional event, a schedule, or an action by administrator.

Abstract: Disclosed herein are a secure message-sending method using a personalized template and an apparatus using the method. A personalized template for a message service is acquired from a user. A personalized message to be sent to a terminal of the user is generated based on the personalized template. A secure message is generated by obfuscating the personalized message in accordance with the personalized template, and the secure message is sent to the terminal. Accordingly, it is possible to provide secure messages without requiring the construction of separate infrastructure.

Abstract: According to an example, multi-factor authentication based content management may include receiving a document viewing device certificate of a document viewing device, where the document viewing device certificate may enable the document viewing device to view an encrypted document. A determination may be made as to whether to permit the document viewing device to modify or print the encrypted document based on the document viewing device certificate. In response to a determination to permit the document viewing device to modify or print the encrypted document based on the document viewing device certificate, an authentication apparatus certificate that enables the document viewing device to modify or print the encrypted document may be forwarded to the document viewing device.

Abstract: The present invention provides a method of preventing pry for random access memory. A functional interface is designed between a computer program and a random access memory. When the computer program wants to store an original data into the random access memory, an encryption procedure is processed on the original data first, and then stoic into the random access memory for being an encrypted data. When the computer program ants to fetch related data float the random access memory, the functional interface is used to fetch the encrypted data for decryption, so that the original data is obtained for calculation.

Abstract: Issuance of job tokens performed by an authorization computing entity so that authoring authorizations can be shared with other authors. Each of the job tokens represents an authorization to engage in a particular manner in an authoring session in which a declarative document is being authored. That engagement includes sharing one or more authorizations with other possible author. The declarative document is a computer program in the form of a list of declarative statements made in a declarative programming language. The management occurs by evaluating incoming requests to engage in various ways in an authoring session.

Abstract: System and method for enabling data modification, classification and enforcement of IRM capabilities in standard isolated software applications is disclosed, according to which an add-on code is installed on the terminal device of a user that runs the standard application. The add-on code is adapted to interact with the virtual keyboard used by the standard application, to form a custom virtual keyboard to which the features of classifying data item(s) and/or of modifying the content of the data item are added, without changing the natural environment, the user is normally used to. Then a custom virtual keyboard that includes a designed UI interfacing objects is created, for adding inputs that are associated with classification and modification in the data item in the form of a hidden tag to the content of the data item.

Abstract: A method for integrating a new secure datacenter into a data storage network is provided. The method detects, by an accessible datacenter connected to the data storage network, the new secure datacenter connected to the data storage network, wherein the new secure datacenter includes a high security level that prevents user access, and wherein the accessible datacenter includes a decreased security level that permits user access; expands a storage layer in the accessible datacenter, by increasing available storage hardware of the accessible datacenter; connects a data pipeline from the new secure datacenter to the storage layer in the accessible datacenter, wherein the data pipeline comprises dedicated servers configured to buffer data, orchestrate a cluster of servers, and push data from the new secure datacenter to the accessible datacenter; and provides end user access to the storage layer.

Abstract: Systems, devices, methods, and computer program products are provided for temporarily implementing storage access policies within a storage system on behalf of an external computing agent while the external computing agent is offline or otherwise unable to receive and process storage access requests. A storage system receives a set of storage rules from a partner computing system. The set of storage rules define a storage access policy that allows specific users or user groups to perform storage access operations within a file system hosted by the storage system. The set of storage rules also include a time to live (TTL) instruction defining a period of time for which to enable the storage access policy. Upon receiving a storage access request from an external client computing system, the storage system compares the storage access request against the storage access policy to allow or deny the storage access request.

Abstract: A system for protecting data managed in a cloud-computing network from malicious data operations includes an Internet-connected server and software executing on the server from a non-transitory physical medium, the software providing a first function for generating one or more security tokens that validate one or more computing operations to be performed on the data, a second function for generating a hash for each token generated, the hash detailing, in a secure fashion, the operation type or types permitted by the one or more tokens, a third function for brokering two-party signature of the one or more tokens, and a fourth function for dynamically activating the one or more signed tokens for a specific time window required to perform the operations permitted by the token.

Abstract: A hosted application gateway server node may be communicatively coupled to backend systems, client devices, and database shards associated with database servers. Through the gateway server node, various services may be provided to managed containers running on client devices such that enterprise applications can be centrally managed. A sharding manager may manage relationships of database items across database shards. Each shard stores a copy of a table representing a split of a relationship. A shard ID mask is included in each item's ID. At query time, the shard ID can be extracted and used to query the correct database. This query routing mechanism allows navigation from one shard to another when multiple items are in a relationship (e.g., share the same resource such as a document). As such, embodiments can eliminate the need for APIs to join in data that span multiple shards.

Abstract: Embodiments of the present disclosure are directed toward publication and/or removal of attributes in a multi-user computing environment. In some embodiments, a consumer information manager (CIM) associated with a user of a multi-user computing system may receive a notification, from a dimension authority (DA), of a decrease in a population count of users of the computing system who have published an attribute within the computing system, and may determine whether the user has published the attribute. In response to receiving the notification of the decrease and determining that the user has published the attribute, the CIM may determine a likelihood that continued publication of the attribute will enable identification of the user, compare the likelihood to a threshold, and, when the likelihood exceeds the threshold, remove the attribute from publication. Other embodiments may be disclosed and/or claimed.

Abstract: Systems and methods are disclosed for securing an information handling system. A method for securing an information handling system may include securing the information handling system in an enclosure with a locking mechanism of a bezel; receiving a request to unlock the bezel at a baseboard management controller (BMC), the BMC communicatively coupled to the bezel; retrieving a first artifact stored in a trusted platform module (TPM) in response to the request; attempting to authorize the request using the first artifact; and unlocking the locking mechanism if the request is authorized.

Abstract: The present disclosure includes systems and techniques relating to information flow and hardware security for digital devices and microprocessor systems. In general, in one implementation, a technique includes: receiving a hardware design specifying an implementation for information flow in a hardware configuration; receiving one or more labels annotating the hardware design; receiving a security property specifying a restriction relating to the one or more labels for implementing a secure information flow in the hardware configuration; designating each of the one or more labels to a corresponding security level in accordance with the specified restriction; and automatically assigning a respective value to each of the one or more labels in the hardware design, wherein each respective value is determined in accordance with the corresponding security level designated for each of the one or more labels.

Abstract: Tamper-proof electronic packages and fabrication methods are provided including an enclosure enclosing, at least in part, at least one electronic component within a secure volume, a two-phase dielectric fluid within the secure volume, and a tamper-respondent detector. The tamper-respondent detector monitors, at least in part, temperature and pressure of the two-phase dielectric fluid. In operation, the two-phase dielectric fluid deviates from an established saturation line of the two-phase dielectric fluid within the secure volume with an intrusion event into the secure volume, and the tamper-respondent detector detects, from the monitoring of the temperature and pressure of the two-phase dielectric fluid, the deviation from the established saturation line, and thereby occurrence of the intrusion event.

Abstract: Systems, device and techniques are disclosed for implementing a security configuration change based on one or more base events and a current security configuration. An inference module may identify a security configuration change based on receiving base events from a state storage/event listener and analyzing the base events to determine if a current security configuration is optimal given the base events.

Abstract: Embodiments of the present disclosure are based on a recognition that some processors are configured with instructions to compute logarithms and exponents (i.e. some processors include log and exp circuits). Embodiments of the present disclosure are further based on an insight that the use of the existing log and exp circuits could be extended to compute certain other functions by using the existing log and exp circuits to transform from a Cartesian to a logarithmic domain and vice versa and performing the actual computations of the functions in the logarithmic domain, which may be computationally easier than performing the computations in the Cartesian domain.