Abstract: Health-related data is accessed; as is a database of payment card transaction data. At least a portion of the health-related data is linked to at least a portion of the payment card transaction data to obtain linked data. Statistical analysis is carried out on the linked data, and the results of the statistical analysis are made available to at least one appropriate party. Privacy is protected, for example, via an opt-in approach or through data aggregation.

Abstract: A system and method for assessing the immunological status of one or more individuals in a patient population is presented. The method includes establishing a database comprising a plurality of records of information each representative of the immune status of an individual in the population, each of said records including (1) current information from one or more assays for the presence of a biochemical, and (2) individual specific information comprising one or more of said individual's medical history, said individual's doctors' observations and historical, demographic, lifestyle, and familial information relating to said individual. The method further includes processing the information in said database to find trends or patterns relating to the immune status of individuals in said patient population; and using the said trends or patterns as part of a health care related decision making process.

Abstract: A method for processing an input into a control device (3) for controlling the infusion operation of at least one infusion device (20) comprises the steps of: displaying a first view (V) on a touch-sensitive display device (30) of the control device (3), the first view (V) including a multiplicity of input elements (301-304); upon a first touch input by a user, determining a projection area (P) associated with the touch input on the first view (V); if the projection area (P) intersects with at least one input element (301-304) of the multiplicity of input elements (301-304), determining an intersection area (A1, A2) of the projection area (P) with the intersected at least one input element (301-304); and if the intersection area (A1, A2) with an intersected input element (301-304) is larger than a selection threshold (R1), identifying the associated input element (301-304) as selected.

Abstract: A video game in possession of and/or in the proximity of a patient. The patient computing system receives an indication that it is to begin a game, and executes the game using identified game parameters that are associated with the patient by a clinician as part of a disease therapy program. As the game executes, game state progresses in response to physical activity of the patient, causing the patient to exercise. The physical activity is received as input into the patient computing system. Such input causes game state to be progressed dependent on the identified game parameters that are associated with the game. Thus, the game is tailored for the patient by a clinician in order to motivate physical activity that is medically beneficial to the patient in order to advance through the disease therapy program.

Abstract: Media, method, and system are described for generating a graphical user interface reflecting patient experience data. Particularly, embodiments describe behavior and satisfaction data from a hospital used to generate a prioritized task list graphical user interface. The graphical user interface may be presented at a separate location of care from the location at which behavior data was recorded.

Abstract: The invention enables bi-directional mobile communication by researchers, clinicians or counselors with their patients and study participants. An exemplary application is ecological momentary assessment of psychological and physical status related to weight management. The system may be combined with objective information to trigger a communication and enhance responses assessed on food choices, dietary intake, physical activity, exertion, mood and companions.

Abstract: Systems and methods are provided for drug development under a fully transparent development model. The model is configured to provide transparency to the patients, the researchers, clinicians, physicians, and any other registered users of the system who wish to contribute. According to various embodiments, the system and model enable drug development that leverage the combined wisdom and insight of the user population eliminating many of the drawbacks of conventional development approaches. In one embodiment, the system includes drug development engine configured to manage execution of parameters of a clinical trial, including collection of health and treatment information from a patient population. The development engine can publish collected execution data for review and analysis.

Abstract: An initial value is set for an apparent molecular weight. Iterating occurs on calculations to determine a converged value for the apparent molecular weight, including the following. A specific gas gravity is determined. Pseudo-critical gas properties are determined. A pseudo-reduced gas pressure and temperature are determined. A gas deviation factor is determined using the pseudo-reduced gas properties. An average pressure, an average temperate, and a pressure gradient are determined for each depth interval. A new apparent molecular weight is determined. The absolute value of a relative error between a current value of the apparent molecular weight and the new apparent molecular weight is determined. If the absolute value of the relative error has converged to a constant, the iterating is terminated.

Abstract: The present invention relates to a fresh water acute criteria prediction method based on a quantitative structure-activity relationship for metals. An unknown toxic endpoint of a metal is predicted according to a quantitative relationship between structural characteristics of heavy metal ions and acute toxicity effects of aquatic organisms, and hazard concentrations for protecting the aquatic organisms of different proportions are derived from sensitivity distribution analysis on different species. The fresh water acute criteria prediction method is a method for establishing a metal toxicity predictive model by integrating physicochemical structural parameters of heavy metals and toxic mechanisms of different aquatic organisms and applying the metal toxicity predictive model to prediction of an unknown criteria reference value.

Abstract: A computing system that provides access to electronic content includes a processor, a data store, and a user interface component. The data store is coupled to the processor and configured to store the electronic content. The user interface component is coupled to the processor and configured to generate a user interface allowing an internal user to generate a sharing request to share electronic content with an external user. The processor is configured to determine whether the internal user is a member of a group that is allowed to externally share content and to inhibit external sharing of the electronic content if the internal user is not a member of the group that is allowed to externally share the electronic content.

Abstract: In some embodiments, a method includes sending an authentication request to a client device to obtain a utilization code in response to a request from the client device to access data. The utilization code is uniquely associated with the client device. The method includes obtaining an authentication response including the utilization code from the client device and authenticating the client device if the utilization code matches a utilization identifier stored in a database. The method includes generating an encryption key using a seed based at least in part on the utilization code and encrypting the data with the encryption key to generate encrypted data and sending, when the utilization code matches the utilization identifier stored in the database, the encrypted data to the client device without requiring a user of the client device to login.

Abstract: Systems and methods for monetizing the reproduction of digital media content for the rights-holders of the digital media content. Embodiments of the present disclosure relate to determining whether a user of a media content item has a license to reproduce the media content item. In one embodiment, the media content item may be reproduced when the user is licensed. The user is prompted to select to acquire a license to reproduce the media content item or to decline the license to reproduce the media content item when the user is not licensed. Further embodiments determine whether a user may receive a license when the user wishes to acquire a license. In an embodiment, the user is declined a license when not approved for the license.

Abstract: A context of one or more interactions is determined. Base objects are transformed into interpreted objects by interpreting the base objects based on evaluation of the context, and by resolving references of the base objects relative to domain model types and concepts, each of the base objects modeled using a same declarative modeling language, the same declarative modeling language enabling transitions between the interpreted objects, at least one of the interpreted objects including at least one post-condition providing hooks for transition policies which allow the at least one of the interpreted objects to be logically chained in a non-linear process. Transitioning between at least two of the interpreted objects by chaining the at least two interpreted objects based on a particular post-condition of a particular interpreted object to create at least a portion of a particular non-linear process. At least a portion of the particular non-linear process is executed.

Abstract: The present invention provides a dynamic authentication method (200), comprising the steps of displaying (210) a plurality of keys (103) on a screen (104) of a computing device (102) in a random order, receiving (220) a password having a predetermined number of characters entered using a pointing device (110), hashing (240) the password to obtain a hash value and performing (250) at least one of storing the hash value at a memory (106) provided within the computing device (102) and transmitting the hash value to a database (112). Further, the random order is shuffled on receiving each character from the predetermined number of characters. Also, the plurality of keys (103) is erased from the screen (104) when a character from the predetermined number of characters is not received for a predetermined period of time.

Abstract: When a user's finger is pressed on a fingerprint reading region in which fingerprint information of the user's finger is read, a user authentication unit (201) reads the fingerprint information of the user's finger and determines whether or not the read fingerprint information matches registered fingerprint information that is registered in advance. If the read fingerprint information matches the registered fingerprint information, an icon acquisition unit (202) acquires icons indicating functions that can be used by the user of the read fingerprint information. If the press by the user's finger is continued, an icon switching unit (203) switches, every predetermined switching time, the acquired icons for display in the vicinity of the user's finger in the order in which the icons are acquired.

Abstract: Exemplified herein is a system and method to accept password on a touch-screen HMI (human-machine interface) device. The system and method uses a combination of tactile gestures that are each received at predefined quadrants (or regions) or the touch-screen. The combination of such tactile gestures and quadrant information are used as an authentication sequence to allow or enable access to control screens that manages operations of a nearby subsystem.

Abstract: The present disclosure provides a verification method for distinguishing a man from a machine, wherein the method comprises: S1: receiving trajectory information input by a terminal; S2: comparing the trajectory information with a preset trajectory; S3: judging whether verification passes at least from dimensionality of a comparison result of the trajectory information and the preset trajectory. As compared with the prior art, the verification method and apparatus for distinguishing a man from a machine in the present disclosure may recognize user identity through simpler operation, and particularly applied to the mobile device, may bring about better user experience, and meanwhile exhibit very high security and difficulty in cracking the machine.

Abstract: Embodiments of the disclosure provide a method of incorporating multiple authentication systems and protocols. The types of authentication systems and protocols can vary based on desired assurance levels. A Centralized Authentication System together with an authentication policy dictates acceptable authentication systems. Authorization data for each authorization system are captured and packaged into a single Object Data Structure. The authorization data can be compared to data stored in an identity store for authentication. The authorization data can also be used for user and device registration and for transferring an authentication or registration token from a previously authenticated and registered device to a new device.

Abstract: A manageability engine (ME) receives an authentication response from a user during pre-boot authentication and registers the user with a key distribution center (KDC), indicating that the user has successfully authenticated to the PC. The KDC supplies the ME with single-sign-on credentials in the form of a Key Encryption Key (KEK). The KEK may later be used by the PC to obtain a credential used to establish secure access to Enterprise servers.

Abstract: Methods, media, and systems for detecting attack are provided. In some embodiments, the methods include: comparing at least part of a document to a static detection model; determining whether attacking code is included in the document based on the comparison of the document to the static detection model; executing at least part of the document; determining whether attacking code is included in the document based on the execution of the at least part of the document; and if attacking code is determined to be included in the document based on at least one of the comparison of the document to the static detection model and the execution of the at least part of the document, reporting the presence of an attack.

Abstract: A display apparatus which determines a screen to be displayed when a power-on command is input, and method thereof, is provided. The display apparatus includes a display configured to display a content; an input unit configured to receive a command; and a controller configured to: in response to a power-off command being input while a content is displayed, determine whether or not the displayed content is appropriate to be subsequently displayed when a power-on command is input; in response to determining that the displayed content is not appropriate to be subsequently displayed when the power-on command is input, store a predetermined initial screen; in response to determining that the displayed content is appropriate to be subsequently displayed when a power-on command is input, store the displayed content; and in response to a power-on command being input, control the display to display the predetermined initial screen or the displayed content.

Abstract: An enhanced information assurance system may comprise an improved computer including a central processing unit (CPU) emulator configured to extend the available machine instruction set. The CPU emulator may be configured to emulate machine language instructions taken from a nonnative set of secure opcodes. The CPU emulator may ensure that instructions and data in random access memory (RAM) remain encrypted at all times when in RAM, for example by storing the instructions and data in CPU registers when decrypted on an as-needed basis.

Abstract: A message is received via a first mobile device. The message is sent from a second mobile device. The message contains unobfuscated visual content. The un-obfuscated visual content is displayed on a screen of the first mobile device. A detection is made via the first mobile device that a first user of the first mobile device made one or more engagements with the first mobile device. Based on the detecting, a determination is made that the first user is attempting to screenshot the un-obfuscated visual content via the first mobile device. In response to the determining, the un-obfuscated visual content displayed on the screen of the first mobile device is obfuscated.

Abstract: The present invention discloses a method, apparatus and a storage medium for defending against malicious clicks. The method includes: acquiring a shielding policy corresponding to promotional content; determining a user in a shielding policy list as the user to be shielded based on the shielding policy and historical click information of users; and performing shielding processing on the promotional content for the user to be shielded, if the user to be shielded in the shielding policy list conducts a retrieval. According to the technical solution provided by the embodiments of the present invention, malicious clicks are prevented at the stage of displaying promotional content in a front end of a server.

Abstract: A device may identify a set of features associated with the unknown object. The device may determine, based on inputting the set of features into a threat prediction model associated with a set of security functions, a set of predicted threat scores. The device may determine, based on the set of predicted threat scores, a set of predicted utility values. The device may determine a set of costs corresponding to the set of security functions. The device may determine a set of predicted efficiencies, associated with the set of security functions, based on the set of predicted utility values and the set of costs. The device may identify, based on the set of predicted efficiencies, a particular security function, and may cause the particular security function to be executed on the unknown object. The device may determine whether another security function is to be executed on the unknown object.

Abstract: Systems and methods associated with domain name system (DNS) based infection scores. One example method includes maintaining query profiles for members of a set of clients in a network. The query profiles may be maintained based on DNS queries sent from the members of the set of clients, and on DNS responses received by the members of the set of clients. The method also includes generating infection scores for the members of the set of clients based on their respective query profiles. The method also includes prioritizing a vulnerable member of the set of clients for remedial action. The vulnerable member may be prioritized based on infection scores of members of the set of clients.

Abstract: A system for selectively enabling a microprocessor-based system is disclosed. State information that describes the operating conditions or circumstances under which a user intends to operate the system is obtained. In the preferred embodiment of the invention, a valid hash value is determined, preferably based on the state information and preferably by locating the valid hash value within a table of valid hash values indexed by the state information. Candidate authorization information is obtained from the user, and a candidate hash value is generated by applying a hashing algorithm to the candidate authorization information, the state information, or a combination of the candidate authorization information and state information. The candidate hash value and the valid hash value are then compared, and the microprocessor-based system is enabled if the candidate hash value matches the valid hash value.

Abstract: A method for allowing a computer to boot from a user trusted device is provided. The computer includes a long-term data storage device storing operating system (OS) services. The user trusted device is connectable to the computer and stores a boot loader detectable and executable by a firmware of the computer, an OS loader designed to load an OS of the computer, and one or more crypto drivers designed for allowing access to the OS and data stored encrypted on the data storage device. The method comprises letting the boot loader be executed to cause to transfer the OS loader from the user trusted device to the computer and executing the transferred OS loader to cause to execute the one or more crypto drivers for the OS and the data stored encrypted on the data storage device to start the OS services and complete booting of the computer.

Abstract: A virtual machine creation method and apparatus are disclosed. The method includes: acquiring a first installation package of a first application; determining essential environmental data corresponding to the first installation package; obtaining a simplified operating system via compilation according to the essential environmental data; packaging the simplified operating system and the first installation package to obtain a virtual machine installation package; and running the virtual machine installation package to create a virtual machine.

Abstract: A system and method for encrypting data in an electronic document. The method includes analyzing the electronic document determine at least one transaction parameter for the electronic document, wherein the electronic document includes at least partially unstructured data; creating a template for the analyzed electronic document, wherein the template is a structured dataset including the determined at least one transaction parameter; determining, based on the template, at least one portion of the electronic document to be encrypted; and customizing the electronic document by encrypting the determined at least one portion.

Abstract: The invention relates to a system for providing an automated program management framework for an enterprise based on the enterprise's operations, infrastructure, and user-based processes, as well as industry-specific rules and regulations associated with the enterprise. The system is configured to generate recommendations or instructions based on correlation of enterprise's operations, infrastructure, and user-based processes with industry-specific rules and regulations. The recommendations or instructions are then provided to a user associated with the enterprise so as to facilitate actions to be taken to address a potential threat, hazard or risk.

Abstract: The present invention provides a method of notifying a user of a request for data controlled by a server, the method including the steps of: monitoring, at the server, requests for data controlled by the server; and if a data request is detected which corresponds to a predetermined type of data request, notifying the user of the detected data request via a haptic feedback mechanism provided on a wearable device which is communicably coupled with the server. Embodiments of the invention relate to a wearable device and a system including the server and the wearable device. Embodiments of the invention allow users to be informed non-obtrusively of a potential privacy breach in real-time and may also allow a user to control in a non-intrusive (e.g. eyes-free) manner whether access is given to personal data.

Abstract: A computing device includes a network interface, a storage controller, a sharing tool and a protection service. The network interface communicatively couples the computing device to one or more computing devices. The storage controller is configured to access a plurality of digital payloads. Each of the digital payloads is associated with a plurality of access tags including content tags and context tags. The sharing tool is configured to share, with a recipient computing device via the network interface, a selected digital payload. The protection service configured to automatically control sharing of the selected digital payload with the recipient computing device based on determining that a prospective recipient associated with the recipient computing device has a work designation or a personal designation that is inconsistent with one or both of a context indicated by the context tags and a content indicated by the content tags.

Abstract: Technical solutions are described for generating a secured system snapshot of a system. An example computer-implemented method includes receiving an instruction to generate a system snapshot. The system snapshot captures data from a computer executable object loaded in a memory. The method also includes accessing metadata that is associated with the computer executable object from a mapping list. The method also includes capturing the secured system snapshot by. Capturing the secured system snapshot includes determining sensitivity of the computer executable object by comparing the metadata with a predetermined criteria, and excluding a capture of sensitive data from the computer executable object into the system snapshot in response to the metadata of the computer executable object matching the predetermined criteria. The method also includes storing the secured system snapshot.

Abstract: Disclosed aspects relate to data management for a mass storage device. The mass storage device may be structured to include an encrypted file system to store a set of data and a token analyzer to manage access to the encrypted file system. A connection between the mass storage device and a computing device may be sensed. In response to sensing the connection, a token corresponding with the computing device may be detected. Based on the token, the token analyzer may determine to provide the computing device a set of selected permissions to the encrypted file system. The set of selected permissions to the encrypted file system may be provided by the mass storage device to the computing device.

Abstract: A database includes a run-time database container, which provides an isolated computing environment for a database object deployed therein. The database further includes a public synonym object outside the run-time database container in the database. The public synonym object is associated with the database object deployed inside the run-time database container and provides external access to the database object deployed inside the run-time database container independent of the location of the run-time database container.

Abstract: A computer implemented method of deploying a software application in a virtualized computing environment, comprising: receiving a description of the software application including an identification of a set of one or more application software resources; determining one or more types of security facility required for the set of application software resources and determining a security requirement for each of the determined types of security facility; selecting a security software resource for each of the determined types of security facility; determining a security configuration for each of the selected security software resources, the security configuration being based on a security requirement associated with a type of security facility for the security software resource; and generating a deployment specification for the software application specifying the application software resources and the security software resources for deployment of the application in the virtualized computing environment, each of the

Abstract: Provided is a process of securing data in a distributed storage and processing application, the process including: obtaining a cluster of computing nodes, wherein: the cluster stores a plurality of ciphertexts; accessing a transformation key with a first computing node; transforming the ciphertext with the first computing node based on the transformation key into a transformed ciphertext configured to be decrypted with a temporary access key; decrypting the transformed ciphertext with the second computing node based on the temporary access key to obtain plaintext data.

Abstract: The present application relates to the field of communications. A method and apparatus for remotely deleting information are provided. In some embodiments, the method includes: when a user logs in to a terminal and requests enabling a remote deletion function, acquiring a permission for deleting all information; receiving an all information deletion command sent by a server after the user performs remote login; and performing, according to the command and the permission, an operation of deleting all information in the terminal. In some embodiments, the apparatus includes an acquiring module, a reception module, and a deletion module.

Abstract: Systems and methods which enable an authentication procedure to be used within the standard network security architecture to authenticate third party applications that are forbidden access to a particular secret key are disclosed. Third party smartphone applications that are unable to use SIM-based authentication due to being forbidden access to a SIM-based key are provided an alternate secret key for use in an EAP-AKA or EAP-SIM type procedure according to embodiments. An authentication server or other backend authentication infrastructure of embodiments requests authentication vectors from a backend system sharing the alternative secret key. Accordingly, the backend authentication platform of embodiments is adapted to know or detect that an application is using an alternative secret key (e.g., a secret key other than the SIM-based secret key) and to perform the appropriate procedure for the key type.

Abstract: Techniques are disclosed for enabling tenant hierarchy information to be migrated directly between different multi-tenant system (e.g., from a shared IDM system to a Nimbula system, or vice versa). A corresponding new tenant is created in a Nimbula system based on a combination of the tenant information and the service information from the shared IDM system. The Nimbula system extracts the tenant name and the service name from a request and asks the shared IDM system to verify that the user actually is a member of the tenant identified by the extracted tenant name. Upon successful authentication of the user, the Nimbula system requests the IDM system for roles that are associated with both the user and the extracted service name. The Nimbula system enable access to the service upon determining whether the requested operation can be performed relative to the specified service based on the roles.

Abstract: Apparatuses and methods for private information retrieval are provided. One example method may include receiving a query state machine that is an encoding of a search pattern. The query state machine may include a plurality of states and a transition function that defines a plurality of transitions based on the search pattern. The example method may also include performing a private query against a target query string of a target query record by applying the query state machine to the target query string to develop a private encoding. The method may further include transmitting query results based on the private encoding.

Abstract: Embodiments disclosed herein may be useful for controlling access to data, and particularly to data intended for restricted access. In at least one embodiment, a system and method for dynamic data masking intercepts input/output (I/O) read requests for data in external memory, determines if the data to be read should be masked, and appropriately, dynamically masks data before the requested data is written into system memory. The system and method for dynamic data masking provides a technical improvement to computing systems by, for example, avoiding the need to create an entirely separate database with scrubbed data and, thus, resource and costs associated with creating a separate, scrubbed database.

Abstract: A method and apparatus for Dynamic Executable Verification (DEV) is disclosed that includes a random prefix of functions of a binary application, a check function for at least a subset of the functions and a jump table for at least a subset of the functions. DEV provides low-impact dynamic integrity protection to applications that is compatible with standard code signing and verification methods, and ensures that software cannot be tampered with either statically or dynamically without detection.

Abstract: Apparatus (400, 500) and method (200, 220, 240, 260, 280, 300) for detecting unauthorized tampering with a data storage device (100, 110, 140, 520). In some embodiments, the data storage device has a housing (112, 142) and a memory (192) supported by the housing. A first identifier value (202A, 222A, 242A, 262A, 282A, 306A) is stored on an external surface of the housing and a second identifier value (202B, 222B, 242B, 262B, 282B, 306B) is stored within the memory. A digital signature (210, 256, 296) generated in response to the first and second identifier values and in response to a private key (208, 254, 288) is stored on the storage device. Thereafter, the first identifier value is retrieved from the external surface of the housing and the second identifier value is retrieved from the memory. The storage device is authenticated using the retrieved first and second identifier values, the digital signature and a public key (228, 274, 312).

Abstract: A low-profile card reader, including: a carriage; a single support arm including a first end statically mounted to the carriage, a second end, free from the carriage, a body tapering from the second end toward the first end, wherein the body is free from the carriage, such that the support arm freely deflects along a support arm length relative to the carriage, and a set of strengthening channels extending along the support arm length; and a magnetic reading head statically connected to the second end of the support arm.

Abstract: Methods and apparatus relating to processing a low-energy data packet are provided. A method includes receiving, using a receiver in a portable wireless device, a low-energy data packet from a low-energy tag. The portable wireless device is stationary. The low-energy data packet includes data identifying the low-energy tag. The method can also include determining at least an approximate distance between the low-energy tag and the portable wireless device. The method can also include transmitting, via an intermediate wireless device and to a central device, the data identifying the low-energy tag, the data identifying the at least approximate distance, or both.

Abstract: A method, system and apparatus for pairing authorized NFC enabled RFID devices with an intended object or product. The method, system and apparatus can include a primary RFID with a radio frequency identification chip, a coil antenna, a bridge and a substrate; an association of the at least primary RFID device with an object; an integration of a material into one of the at least primary RFID device and the object that provides the RFID device with a predetermined resonant frequency; and the detuning of one or more secondary communication devices located proximate the RFID device.

Abstract: Provided are a method and a device for performing spatial positioning on an electronic tag, 3D signature and human-computer interaction. The method for performing spatial positioning on an electronic tag includes: arranging at least three sets of three-dimensionally distributed array antennas on an electronic device, each set of array antennas including multiple antenna array elements extending in one dimension; turning on an electronic tag reader to generate a radio frequency electromagnetic field when spatial positioning is performed on an electronic tag; acquiring induced voltage generated on each antenna array element in each set of array antennas when it is sensed that there is an electronic tag in the radio frequency electromagnetic field; and determining spatial position information of the electronic tag according to the induced voltage.

Abstract: This invention is for tracking at least one plant. A method of this invention comprises: putting at least one seed or at least one stem in a corresponding at least one pot; positioning a corresponding at least one RFID tag with respect to the seed or stem in a manner, wherein the RFID tag comprises a strap; packaging a harvested material into a packaged product and attaching the RFID tag from the potted plant, or a product RFID tag that is associated with the plurality of tags to the packaged product; confirming a request for authorization by a RFID buy card; and after confirming ID information, transferring at least one product.