Abstract: A toggle key blocking method for data security and an apparatus using the same. The toggle key blocking method for data security includes monitoring use of a toggle key on a host with which a keyboard is used, when use of a toggle key on the host is detected, generating details of occurrence of a toggle key event based on a time at which the toggle key event occurred; and blocking use of the toggle key on the host if the host satisfies a toggle key blocking condition based on the details of occurrence of the toggle key event.

Abstract: A processor is configured to identify a first impersonating message, transmitted over a Controller Area Network (CAN) bus by an attacking node connected to the bus, that appears to originate from a source other than the attacking node, to transmit via a transceiver, in response to identifying the first impersonating message, a stream of messages over the bus, until a defense message belonging to the stream collides with, and trumps, a second impersonating message from the attacking node, and to drive the attacking node, subsequently, into an error-passive state in which an ability of the attacking node to communicate over the bus is limited relative to before entering the error-passive state, by repeatedly retransmitting the defense message over the bus in sync with retransmissions of the second impersonating message by the attacking node, such that the defense message collides with, and trumps, multiple subsequent instances of the second impersonating message.

Abstract: The present system includes a computer-networked system that allows mobile subscribers, and others, to submit mobile applications to be analyzed for anomalous and malicious behavior using data acquired during the execution of the application within a highly instrumented and controlled environment for which the analysis relies on per-execution as well as comparative aggregate data across many such executions from one or more subscribers.

Abstract: A system and method may include a first unit configured to receive a stream of bytes, cause a second unit to execute the stream of bytes from a selected first offset, and monitor an execution of the stream of bytes by the second unit. A second unit may be configured to execute the stream of bytes from the selected offset. The first unit may be configured to determine, based on the execution of the stream of bytes, whether or not the stream of bytes includes a malware.

Abstract: Examples described herein include a computing device with a processing resource to execute beginning booting instructions of the computing device. The beginning booting instructions may include a first booting instruction. The computing device also includes an access line to access the first booting instruction, a measuring engine to duplicate the first booting instruction and to generate a first integrity value associated with the first booting instruction, and a measurement register to store the first integrity value. The measuring engine may be operationally screened from the processing resource and the measurement register may be inaccessible to the processing resource.

Abstract: A method includes analyzing a given application to determine one or more packages utilized by the given application, the one or more packages comprising a plurality of libraries, identifying a subset of the plurality of libraries utilized by the given application, determining one or more dependent libraries for each of the identified libraries in the subset, generating a given container for the given application, the given container comprising the identified libraries in the subset and the dependent libraries for each of the identified libraries, performing risk analysis for the given container including comparing a risk value calculated for the given container to a designated risk threshold, simulating one or more actions in the given container responsive to the risk value calculated for the given container exceeding the designated risk threshold, and determining whether to accept or reject the given container responsive to the risk analysis and simulated actions.

Abstract: A method for statically analyzing a web application program may include obtaining a control flow graph for the web application program. Each control flow graph node may correspond to a statement in the web application program. The method may further include obtaining a sanitizer sequence including one or more sanitizers followed by an output statement, obtaining a placeholder corresponding to the sanitizer sequence, and generating control flow paths including an output node that corresponds to the output statement. The method may further include generating documents for each control flow path. Each document may include a sanitized value corresponding to the output statement. The method may further include inserting the placeholder into each document at a location of the sanitized value, and reporting a potential cross-site scripting flaw when the sanitizer sequence is insufficient for the output context sequence of the sanitized value.

Abstract: Disclosed is an application program analysis apparatus comprising a first analyzer performing a dynamic analysis on an application program and extracting a method call graph, a model-view-controller (MVC) information extractor extracting MVC information from the method call graph, and a second analyzer generating an extended call graph by extending the method call graph based on the MVC information, the extended call graph being applied to an analysis of a source code of the application program. Using the application program analysis apparatus, it is made possible to analyze an application program using an MVC pattern, which has been difficult to analyze through the conventional static analysis, thereby complementing the security vulnerability of the static analysis.

Abstract: A dynamic risk management system for operating systems that provides monitoring, detection, assessment, and follow-up action to reduce the risk whenever it rises. The system enables an operating system to protect itself automatically in dynamic environments. The risk management system monitors a diverse set of attributes of the system which determines the security state of the system and is indicative of the risk the system is under. Based on a specification of risk levels for the various attributes and for their combinations, the risk management system determines whether one or more actions are required to alleviate the overall risk to the system.

Abstract: Reducing risk of data loss by automatically background scanning a data set to detect a plurality of candidate sensitive data items. For at least some of those candidate sensitive data items that are deemed not to concretely classified as sensitive, a dissolvable encryption is applied to the data item to at least temporarily protect the data item. When the user requests access to the data item, the system determines that the data item has been dissolvably encrypted and that the user is authorized to define the sensitivity of the data item. In response, the user is allowed to direct the system as to whether the data item is to be concretely encrypted (such as if the user was to confirm the data item as sensitive), or whether the dissolvable encryption of the data item is to be dissolved (such as if the user was to confirm the data item as not sensitive).

Abstract: Method for controlling mobile hard disk through mobile device is disclosed, in which, control software installed on a computer is used to detect whether APP control software exists in the same IP address segment with the computer, if exists, control software sends a key confirmation signal to APP control software, which accordingly sends back a feedback signal; when the feedback signal is to use an intelligent mobile device as a key of the mobile hard disk, control software generates a key signal and sends it to APP control software and a hidden sector of the mobile hard disk to save it therein. Through the process, the intelligent mobile device installed with APP control software may be used as the key of the mobile hard disk, then while using which, the key is needed instead of a password, thus the unnecessary loss may be prevented from the oblivion of the password.

Abstract: A computer implemented method for validating use of a computing resource by a requester software component including: validating a characteristic of the requester; generating a first transaction defining criteria for consumption of the resource by the requester, the first transaction being encrypted with a private key from a public key/private key pair and being added as part of a block of transactions to a blockchain data structure; generating a subsequent encrypted transaction corresponding to a request of the requester to consume the resource, the subsequent transaction referring to the first transaction, wherein the subsequent transaction is validated by a transaction miner computing component from a plurality of miners by authenticating the transaction using the public key and verifying compliance with the criteria defined in each transaction.

Abstract: A method for storing a data file of a client on a storage entity includes generating, by a proxy entity, a master encryption key; encrypting, by the client, the data file using the master encryption key to produce an encrypted file; computing a hash-tree for the encrypted file and using a top-hash of the hash-tree as a file identification (FID); and determining, by the proxy entity, whether the HD is already known to the storage entity. If the FID is not already known to the storage entity the method further includes computing, by the proxy entity, a top-hash of the encrypted file (PFID), and when the ownership of the data file has been proven, storing the FID being equal with the PFID at the client together with the hash value.

Abstract: A service proxy services as an application programming interface proxy to a service, which may involve data storage. When a request to store data is received by the service proxy, the service proxy encrypts the data and stores the data in encrypted form at the service. Similarly, when a request to retrieve data is received by the service proxy, the service proxy obtains encrypted data from the service and decrypts the data. The data may be encrypted using a key that is kept inaccessible to the service.

Abstract: A technique for controlling the reading of a digital object by a user device. The digital object is stored locally in the memory of the user device. The reading of the digital object is conditioned by receiving at least one datum broadcast by a transmitting device using a radio communication channel. An area for reading the digital object is thus located in the radio range of the transmitter device. Reading is blocked outside of this reading area.

Abstract: Methods and systems for data transfer include storing received data chunks in a staging database that is implemented within a browser sandbox. The stored data chunks into a single file. The single file is saved to a memory outside of the staging database.

Abstract: A method for controlling an application to access a memory includes: receiving a first access request provided by the application and having a first access key; verifying the first access key; generating a second access key for the application if the verification of the first access key is successful; storing the second access key and providing the second access key to the application; receiving a second access request provided by the application and having a target address and a second access key; identifying whether the target address is within a reference address space indicative of a preset storage location of the memory, and verifying the second access key; generating an access control command according to an identification result of whether the target address is within the reference address space and a verification result of the second access key received from the application so as to restrict or permit the application to access the memory.

Abstract: An encrypted data receiving unit (201) receives encrypted data which has been encrypted, in which a decryption condition to define a user attribute of a decryption-permission user who is permitted to decrypt the encrypted data is embedded. A data storage unit (202) stores the encrypted data received by the encrypted data receiving unit (201) in an encrypted state. A revocation processing unit (209) adds revocation information in which a user attribute of a revoked user who is no longer the decryption-permission user is indicated, to an embedded decryption condition that is embedded in the encrypted data, while the encrypted data remains in an encrypted state.

Abstract: Techniques are described for managing access to a repository system storing information (e.g., metadata) about objects (e.g., an application, a process, or a service) in a computing environment. The repository system can store a data structure (an “entity”) that includes information about an object. An entity can have an association with one or more collections of entities (“assets”) that classify a collection of entities. Access to perform actions (e.g., create, read, update, or delete) an entity can be managed based on an entitlement, which grants a right to access information in the entity and/or at least one asset having an association with the entity. The repository system can manage access to one or more entities based on rights implied by an entitlement to access one or more assets associated with those entities.

Abstract: In an example, a processing device of a datastore system may be configured to identify one or more grants of permission corresponding to one or more first objects, respectively, wherein the one or more first objects comprise only a subset of objects of a datastore, wherein the one or more grants of permission are by a user of the datastore; generate an access control entry for a second object of the objects using at least one of the identified grants of permission, wherein the second object is not exposed to the user; and in responsive to receipt of a query for data corresponding to the objects, determine whether to grant access to the data based on the generated access control entry.

Abstract: As information output device includes: a first output unit that outputs acquired information acquired by a sensor; and a second output unit that converts personal information included in the acquired information into attribute information from which identification of an individual is impossible, and outputs the attribute information.

Abstract: A member information management system stores data of second stage groups H and I and second stage groups J and K and data of members belonging to these second stage groups in a data protection area corresponding to each of a plurality of first stage groups A and B. The data of the second stage groups H, I, J, and K includes presentation data of a registration form of the second stage group and contents data for the second stage group. The member data includes specific data for specifying the second stage group H, I, J, or K. When a login operation of an administrator is successfully authenticated by administrator authentication information stored in an administrator protection area corresponding to the first stage groups A and B, browsing of predetermined data in all protection areas of the plurality of first stage groups A and B is permitted.

Abstract: The disclosure provides a method for protecting PIN code on Android platform, including: introducing, by Java layer, start event to C layer after invoked by upper layer; invoking, by C layer, Java layer via JNI to generate a password-storage-class-instance after receiving start event, and invoking Java layer after receiving a handle returned by Java layer to monitor input from user; storing, by Java layer, PIN code data into a instance memory when Java layer monitors PIN code data from user, updating storage location identification, and introducing encrypting event to C layer; introducing, by Java layer, confirming event to C layer when Java layer monitors confirmation information from user; accessing, by C layer, the instance via handle to encrypt the PIN code data when receiving encrypting event; and accessing, by C layer, the instance via handle to decrypt the encrypted data in instance memory to obtain PIN code.

Abstract: Systems, methods, and non-transitory computer-readable media can identify a post to be published via a social networking system. A privacy schedule for modifying a privacy setting associated with the post can be determined. A trigger to modify the privacy setting associated with the post can be detected. The privacy setting can be modified based on the privacy schedule when the trigger is detected.

Abstract: A method and system for automatically identifying and protecting privacy vulnerabilities in data streams includes indexing data values for each attribute of the data stream received by local virtual machines based on a schema of each data stream, classifying the data attributes of the plurality of data streams into known data types, integrating the local virtual machine indexes into a global index data structure for the data streams including single attribute data values, identifying privacy vulnerabilities in the data as attributes that are direct identifiers based on the attribute data values stored in the global index and combinations of attributes that are quasi-identifiers based on the low frequency of certain combinations of attribute data value pairs by computing the frequency based on the single attribute data values stored in the global index and providing privacy protection to the data streams by applying data transformations on the discovered direct identifiers and the quasi-identifiers.

Abstract: The present disclosure provides a security enhanced channel control system useable on a wireless device comprising a policy module including at least one processor and memory, the policy module configured to store, in the memory, one or more security policies and apply a compliance check to a first system layer and a second system layer; and a first policy base stored in the memory of the policy module, the first policy base being associated with a mandatory access control (“MAC”) base and defining one more security polices for access to a plurality of channels associated with the first and second system layers. The policy module cooperates with the first policy base to establish one or more access control rules that are applied to at least one of the plurality of channels to preclude an unauthorized application from accessing at least one of the channels.

Abstract: A system and method provided for verifying data integrity for large volumes of critical data using blockchain technology. An exemplary method includes storing data files in electronic storage; creating a hash values for of each of the files; and transmitting the hash values to a blockchain network in which one or more nodes in the blockchain network adds the first hash values as blocks to the blockchain. Moreover, an API is provided to monitor data operations performed on the data files and transmit metadata of any operations performed to a transaction log. In turn, hash values relating to the data operations are also created and transmitted to the blockchain network to be added as additional blocks in the blockchain, such that the blockchain can be used to verify the accuracy of the data files stored on the electronic storage.

Abstract: An improved waveguide is disclosed. The waveguide utilizes a luminescent material disposed within or around its perimeter to introduce additional light into the waveguide. For example, the waveguide may include a plurality of planar layers having different refractive indexes. A luminescent material may be disposed along the outer edge of these layers. When light from within the waveguide strikes the luminescent material, it emits light, thereby adding to the light in the waveguide. Not only does the luminescent material introduce more light into the waveguide, it also introduces more light sources, thereby making it more difficult to introduce a probe without blocking at least a portion of the light destined for the image sensor. The luminescent material may be a phosphor.

Abstract: An embodiment includes an apparatus comprising: an out-of-band cryptoprocessor coupled to secure non-volatile storage; and at least one storage medium having firmware instructions stored thereon for causing, during runtime and after an operating system for the apparatus has booted, the cryptoprocessor to (a) store a key within the secure non-volatile storage, (b) sign an object with the key, while the key is within the cryptoprocessor, to produce a signature, and (c) verify the signature. Other embodiments are described herein.

Abstract: A program execution device capable of protecting a program against unauthorized analysis and alteration is provided. The program execution device includes an execution unit, a first protection unit, and a second protection unit. The execution unit executes a first program and a second program, and is connected with an external device that is capable of controlling the execution. The first protection unit disconnects the execution unit from the external device while the execution unit is executing the first program. The second protection unit protects the first program while the execution unit is executing the second program.

Abstract: An on-the-fly package label printing system for a variety of packages containing a variety of products printed on each package of a web of successive packages a permanent record indicative of the product weight and product ingredients in the package. The system comprises a package handling device, a clock, and a printer system.

Abstract: An identifier made using a silicon film fragment. The silicon film has a varying optical index of refraction. The varying optical index of refraction reflects one or more spectral peaks when illuminated with light. The one or more spectral peaks includes a reference peak. The silicon film is fragmented to generate the silicon film fragment.

Abstract: A reading apparatus includes a control unit and an interface through which the control unit transmits an output request to an electronic tag and receives tag information output from the electronic tag in response to the output request. The control unit is configured to read the tag information received by the reception unit and extract an identifying code from the tag information, store the identifying code in association with a number corresponding to a total number of times tag information including the identifying code has been read by the controller in response to the output request, and output a stored identifying code or information associated with the stored identifying code if the number associated with the stored identifying code meets or exceeds a threshold value.

Abstract: Methods, computer program products and systems for providing video tracking. The method includes receiving a first signal from a radio frequency identification (RFID) tag. A location of the RFID tag is determined in response to the first signal. An image that includes the location of the RFID tag is recorded. The location of the RFID tag is marked on the image, resulting in a marked image.

Abstract: The purpose of the present invention is to provide a signal processing device that performs processing suitable for a signal processing device that transmits and receives signals without contact. A signal processing device is provided with a plurality of signal transmission/reception units, a plurality of signal processing units, and a signal distribution unit. The signal transmission/reception units can transmit and receive signals, without contact, between signal processing device-side signal transmission/reception units. Reception signals received by the signal transmission/reception units are inputted to the signal distribution unit. Output signals outputted by the signal processing units are inputted to the signal distribution unit. The signal distribution unit can output the reception signals to the signal processing units, and can output the output signals to the signal transmission/reception units.

Abstract: An Internet of Things (IoT) enabled multi signal diffusion integrated system smartly tracks assets in different environments, using a combination of Radio Frequency Identification (RFID), Wi-Fi and Bluetooth Low Energy (BLE) technologies. The system includes an electrical plug embedded with one smart tracking device, or XenGraft. XenGraft has two different modes known as battery mode and non battery mode. XenGraft comprises different modules which are BLE module, RFID module and Power Sensor module. Each of these modules perform functions like finding asset locations, scanning for RFID signals, or tracking the current operational status of the assets. In non battery mode XenGraft communicates information towards a remote system server by a proprietary hop-by-hop communication architecture, via any local Wi-Fi network, or via any traditional cellular communication networks.

Abstract: An RFID apparatus for communicating with at least one RFID transponder is provided that has an RFID transceiver for radiating and receiving RFID signals and a control unit that is configured to encode RFID information into the RFID signal in accordance with an RFID protocol or to read it from the RFID signal and in which a singulation process is implemented to give a command to only one respective RFID transponder. The singulation process in this respect checks a communication parameter of the RFID signal itself that is independent of RFID information encoded in the RFID signal.

Abstract: An electronic identification document is provided. The electronic identification document may include a carrier, an identification element, a microwave interaction structure configured to interact with microwave radiation, and an alteration element, wherein the alteration element may be part of or in contact with the microwave interaction structure and may be configured to alter, upon interaction of the interaction structure with microwaves, its state from an initial state to a permanent altered state, wherein the permanent altered state may differ from the initial state by a change of the alteration element in color, brightness, saturation, and/or transparency.

Abstract: An RFID portal is provided for placing at an access point associated with a temporary event. The access point is controlled by a security control. The portal has a portal body erectable on at least one side of a user pathway at the access point; and an RFID reader in the portal body for reading an RFID tag issued to, and worn by, an individual user for the event that has an encoded unique UserID readable by the RFID reader. The RFID reader is located in the portal body, so as to be physically proximate to a location of the user's body where the RFID tag is worn. The RFID reader is in communication with a server which has stored a list of valid UserIDs for the event. The RFID portal also has an indicator system for receiving notification from the server that the read UserID is a valid UserID for the event and generating an indication to the security control, such that the security control permits the user to proceed along the pathway.

Abstract: In an information code reader, an image is imaged by an imager. An information code contained in the image is quantified depending on light-dark levels thereof (tones, color depths, or luminance levels thereof), thereby providing cell information by this quantification. The obtained cell information is transmitted to from the information code reader to a server. In the server, based on the cell information received from the reader, the information code imaged by the imager is decoded. Decoded information is transmitted to the information code reader so that the reader is perform control based on the decoded results.

Abstract: A content code is defined containing user content, and a corresponding profile code defining user context information. The profile code may be scanned and stored temporarily in a user device or elsewhere. The user content can then be modified on the basis of the stored context information. In some cases the context code and profile code may be separate, so that a given profile code may be applied to diverse pieces of content, or may be combined. The stored context information may be undated or modified when particular events, such as re-scanning a code, occur. The codes may comprise binary codes, such that the profile code and the content code can be compared by a logical operation.

Abstract: An indicia reading terminal has a three-dimensional depth sensor, a two dimensional image sensor, an autofocus lens assembly, and a processor. The three dimensional depth sensor captures a depth image of a field of view and create a depth map from the depth image, the depth map having one or more surface distances. The two dimensional image sensor receives incident light and capture an image therefrom. The autofocusing lens assembly is positioned proximate to the two dimensional image sensor such that the incident light passes through the autofocusing lens before reaching the two dimensional image sensor. The processor is communicatively coupled to the two dimensional image sensor, the three dimensional depth sensor, and the autofocusing lens assembly.

Abstract: A fingerprint sensor comprises a substrate, a first sensing electrode over the substrate, a second sensing electrode spaced apart from the first sensing electrode over the substrate, a first conductive plate and a second conductive plate. The first sensing electrode is configured to detect a capacitance in response to a touch event on the fingerprint sensor, and to receive an input signal from a signal source. The second sensing electrode is configured to detect a capacitance in response to the touch event. The first conductive plate is configured to shield at least a portion of each of the first sensing electrode and the second sensing electrode from the substrate. The second conductive plate is disposed between the substrate and the second sensing electrode. The sensitivity of the fingerprint sensor is inversely proportional to the capacitance between the second sensing electrode and the second conductive plate.

Abstract: The present disclosure provides a fingerprint detection circuit and method. The circuit includes a fingerprint collecting module and a processing module. The fingerprint collecting module includes a plurality of collecting units, and each collecting unit has a regulation voltage and is configured to output a first voltage or a second voltage according to a capacitance value of one of ridge capacitors, a capacitance value of one of ridge capacitors and the regulation voltage. The processing module is configured to amplify the first and second voltages by a predetermined factor, to calculate a difference between the amplified first and second voltages, and to determine whether the difference is greater than or equal to the predetermined threshold. If no, the processing module adjusts at least one parameter, and configures the fingerprint detection circuit using at least one adjusted parameter.

Abstract: A method for detecting a finger at a fingerprint sensor includes detecting a presence of an object at a fingerprint sensor and, in response to detecting the presence of the object, acquiring image data for the object based on signals from the fingerprint sensor. The method further includes, for each subset of one or more subsets of the image data, calculating a magnitude value for a spatial frequency of the subset, and identifying the object as a finger based on comparing the magnitude value to a threshold.

Abstract: One or more techniques and/or systems are disclosed for a luminescent film that can be used with a biometric imager, which can be used to scan biometric markers, and/or to interact with the device. Upon contacting a device surface, an image of at least a portion of the touch object can be captured and used in conjunction with identification of the user and/or for input to the device. The systems or techniques, described herein, may be integrated into a portion of a device, and may comprise a luminescent layer, comprising quantum dots, that can emit photons upon contact, and an image capture component that can generate data indicative of an image of at least a portion of the touch object.

Abstract: A ridge flow based fingerprint image quality determination can be achieved independent of image resolution, can be processed in real-time and includes segmentation, such as fingertip segmentation, therefore providing image quality assessment for individual fingertips within a four finger flat, dual thumb, or whole hand image. A fingerprint quality module receives from one or more scan devices ridge-flow—containing imagery which can then be assessed for one or more of quality, handedness, historical information analysis and the assignment of bounding boxes.

Abstract: A method for detecting fingerprint spoof objects includes detecting a presence of the object at a fingerprint sensor and, in response to detecting the presence of the object, measuring a set of physical properties of the object based on one or more signals from a set of electrodes of the fingerprint sensor. The set of physical properties includes at least one of a subdermal compliance of the object and a surface adhesiveness of the object. The method further includes distinguishing the object as an actual finger or a spoof based on the one or more physical properties.

Abstract: An interference-free fingerprint identification device includes a TFT substrate, a TFT layer having plural TFTs, a sensing electrode layer having plural fingerprint sensing electrodes, a gate line layer having plural gate lines, a data line layer having plural data lines, and a first shielding layer. Each fingerprint sensing electrode corresponds to a plurality of the TFTs, and is connected to sources or drains of at least two corresponding TFTs. At least two gate lines are electrically connected to gates of a plurality of the TFTs corresponding to a fingerprint sensing electrode. Each data line is electrically connected to a source or drain of a TFT in a plurality of the TFTs corresponding to a fingerprint sensing electrode. The first shielding layer is electrically connected to a source or drain of a TFT in a plurality of the TFTs corresponding to each fingerprint sensing electrode.

Abstract: The invention is an optical fingerprint sensor with prism module, including a shell; an optical prism arranged in the shell, the optical prism comprising a collection surface, a basal plane, a mirror surface and an output surface, there being a first included angle provided between the mirror surface and the collection surface, a second included angle provided between the mirror surface and the basal plane, a third included angle provided between the output surface and the collection surface, and a fourth included angle provided between the output surface and the basal plane; and an image sensing unit combined with the shell, comprising multiple luminous elements arranged beneath the basal plane of the optical prism correspondingly, and an image receiver and a lens arranged corresponding to the output surface.