Abstract: Method for adjusting a layout used in making an integrated circuit includes one or more interconnects in the layout that are susceptible to dielectric breakdown are selected. One or more selected interconnects are adjusted to increase via to wire spacing with respect to at least one via and one wire of the one or more selected interconnects. Preferably, the selecting analyzes signal patterns of interconnects, and estimates the stress ratio based on state probability of routed signal nets in the layout. An annotated layout is provided that describes distances by which one or more via or wire segment edges are to be shifted. Adjustments can include thinning and shifting of wire segments, and rotation of vias.

Abstract: A method includes generating a plurality of multiple patterning decompositions associated with a layout of an integrated circuit. Each of the plurality of multiple patterning decompositions includes a first pattern associated with a first mask, a second pattern associated with a second mask, the first mask and the second mask being two masks of a multiple patterning mask set, a width value associated with at least one of the first pattern or the second pattern, and a first spacing value between the first pattern and the second pattern. A file is generated comprising a plurality of dielectric constant values associated with the plurality of multiple patterning decompositions that are based on the width values and the first spacing values.

Abstract: A method for fabricating a circuit comprises identifying a target on the circuit with a transitional sensitivity, determining a test pattern that stresses the target, generating a verification model at the hierarchy of the target, creating a pattern and translating the pattern into a verification assertion, running the verification with the translated pattern, determining whether the verification assertion is a possible verification assertion following the running of the verification, obtaining a state of source latches and pin inputs responsive to determining that the formal verification assertion is a possible verification assertion following the running of the formal verification, translating the formal verification assertion into a coverage event, running a simulation with the coverage event, determining whether the coverage event occurred, and creating a manufacturing test responsive to determining that the coverage event occurred.

Abstract: The present invention provides methods and computational tools based, at least in part, on computer simulations that identify macromolecule binding regions and aggregation prone regions of a protein. Substitutions may then be made in these aggregation prone regions to engineer proteins with enhanced stability and/or a reduced propensity for aggregation. Similarly, substitutions may then be made in these macromolecule binding regions to engineer proteins with altered binding affinity for the macromolecule.

Abstract: A context-aware method and system for facilitating the delivery of healthcare to patients within a clinical environment monitored by real-time locating apparatus including auto-ID patient tags where patients having tags are located within the environment in real time by the apparatus are provided. The system includes a plurality of self-service units where one or more of the units is configured to store a plurality of auto-ID patient tags and where the one or more of the units includes a dispensing mechanism to dispense stored tags. The system further includes a control computer subsystem coupled to the at least one of the units and including at least one user interface. The subsystem still further includes a processor operable to execute software instructions and a memory operable to store software instructions accessible by the processor.

Abstract: A patient communication device for advanced patient communication and methods for making and using same. According to one embodiment, a patient communication device comprises a selection input mechanism for generating a message on a display, the message reflecting a patient request and an urgency level associated with the patient request. The selection input mechanism includes one or more of a button, keyboard and a touch screen. Further, the patient communication device includes a transmitter for transmitting the message to a central processing server and a status indicator on the display, the status indicator representing a transmission status associated with the message.

Abstract: The digital command prompting device and computer system for dementia patients is an aide to help all people, but especially those who have special needs particularly individuals who have diminished or diminishing function of their brain because of dementia. The device is predominately mobile but can also be stationary and can be programmed by receiving and selecting pre-set commands to operate and assist a user with their daily living standards or needs and interacts with a central data base computer system having administrative and carer internet web page interfaces. The device may be used within the home environment, outdoor environment or a restricted environment, e.g. aged care facility, hospital, preschool or school.

Abstract: A dental treatment planning system includes an input form to receive one or more dental patient inputs; and an engine adapted to receive the dental patient data from the input form and validating the dental patient data in a predetermined sequence.

Abstract: A pharmaceutical order verification system and method for an automated pharmacy system is disclosed. A computerized line control application controls a dispensing line, facilitates automated dispensing of drugs into vials, and collects and records data for dispensed drug as well as each verification step performed by a pharmacist. In an example embodiment, pharmacist verification occurs in connection with replenishing the drugs in automated tablet counters and in connection with verifying a specified percentage of orders for each automated tablet counter. During the replenishment process, the pharmacist verifies that a replenishment canister has been loaded with the correct drug in the appropriate dosage and strength. During the order verification step, a pharmacist verifies the contents of vial matches the prescription order data.

Abstract: In some embodiments, surgical data structure is accessed that includes a plurality of nodes (relating to a plurality of discrete procedural states for a surgical procedure and being associated with procedural metadata) connected by a plurality of edges. Each edge can be associated with a procedural action causing a state transition. A new node can be generated based on an identification of a new procedural state. A first and second node from the plurality of nodes can be identified, to which the new node is to be connected. Edges can be generated to connect the new node to the first and second nodes.

Abstract: A method of DRM protection for an image or a series of images or a succession of video frames, comprises: generating a reversible transform; applying the reversible transform to a source image; compressing the transformed image into a bitstream; and supplying the bitstream to a recipient for consumption. At the recipient the bitstream is decompressed and sent to the image display hardware with the transform still in place. A key is used to generate the inverse transform at the recipient and the inverse transform is then carried out in the image display hardware. An additional transform may be applied to the image following the inverse transform to offset pixels from an average value. Thus the source image itself is never exposed at the recipient although the image can be correctly viewed.

Abstract: Systems and methods for controlling access to digital works are described herein, e.g., including receiving a request for a digital work from a requestor; retrieving the digital work from a repository; incorporating a digital signature throughout the digital work specific to a device, wherein the incorporated digital signature includes information identifying the device having the ability to access to the digital work; providing the identified device with a device key associated with the device; encrypting the digital work, wherein the digital work is decryptable using the device key and the identified device; and providing the requestor with the encrypted digital work.

Abstract: A novel code signing system, computer readable media, and method are provided. The code signing method includes receiving a code signing request from a requestor in order to gain access to one or more specific application programming interfaces (APIs). A digital signature is provided to the requestor. The digital signature indicates authorization by a code signing authority for code of the requestor to access the one or more specific APIs. In one example, the digital signature is provided by the code signing authority or a delegate thereof. In another example, the code signing request may include one or more of the following: code, an application, a hash of an application, an abridged version of the application, a transformed version of an application, a command, a command argument, and a library.

Abstract: According to one embodiment, a method for borrowing licenses. The method may include retrieving a license file associated with a software program from a data storage device, whereby the license file includes a plurality of borrowing information. The method may also include recording a plurality of usage information to the data storage device based on a plurality of user interactions with the software program. The method may further include updating the plurality of borrowing information within the retrieved license file using the recorded plurality of usage information. The method may also include revoking the retrieved license file based on the updated plurality of borrowing information expiring.

Abstract: A method, system and computer program product for enforcing licensing terms when distributing content via a container image running in a container. Upon receiving a request for a service from the container by the isolation code, where the isolation code limits, accounts and isolates resource usage of process groups, the commerce code application programming interfaces (APIs) of the isolation code read a key of the container. The key contains licensing terms applied to the component(s) (e.g., applications) of the container. The commerce code APIs will then confirm that the container is in compliance with those licensing terms. If the container is in compliance with the licensing terms, the container will be allowed to execute. Otherwise, the container will be prevented from executing. In this manner, the commerce code APIs can enforce the licensing terms, including restrictions and enforcement of payment to the licensor upon distributing content in the container.

Abstract: A client device for media playback includes a user-installable media client application which implements the client-side of a digital rights management (DRM) system. The client device employs secure boot and verifies the user-installed application. The application is hardened against reverse engineering, and it utilizes a special API provided by the client device to tie into the secure boot, bridging the gap between the secure boot and the client-side of the DRM system contained within the application.

Abstract: A method is provided including: detecting, by an electronic device, at least one signal that is generated while a predetermined content is displayed on a display; identifying a security-related object associated with the content based on the signal; comparing, by the electronic device, information relating to the object with specified security setting information; and releasing a restriction on access to a resource based on an outcome of the comparison.

Abstract: A barcode reader and a barcode reading system having an age verification capability are disclosed. The barcode reader may capture a barcode pattern on an identification (ID) card of an individual presented within a field of view of the barcode reader, extract date of birth information from the barcode, and verify an age of the individual. The barcode reader may provide an approve signal if it is verified that the age of the individual is greater than a high threshold or a deny signal if it is verified that the age is less than a low threshold. The low threshold is distinct from the high threshold. The age may be verified by a host computer. The barcode reader may extract a product ID and send the product ID to the host computer. The host computer may then prompt age verification operation if the product is an age-restricted product.

Abstract: Systems and methods for providing information security in a network environment are disclosed. The method includes initiating processing, invoked by a user, of at least one of a plurality of objects in a processing unit of a hardware layer, wherein the plurality of objects is hosted for a tenant. The method further includes determining that the processing of the at least one of the plurality of objects by the processing unit is authorized by the tenant based on a security map provided by the tenant and accessible by the processing unit within the hardware layer. The method further includes allowing the processing of the object based on a result of the determining.

Abstract: An access key for a device having a fingerprint activated lock includes an electrically conductive member having surface features formed on a surface thereof that can he recognized by the fingerprint activated lock as a unique fingerprint. A second electrically conductive member is electrically coupled to the first electrically conductive member. The second electrically conductive member is electrically coupled to the body of a user such that the sensor recognizes the first electrically conductive member as a fingerprint. The second electrically conductive member is preferably a ring, stylus or gripping portion upon which the first electrically conductive member is mounted. The electrically conductive member is preferably constructed from a capacitive elastomer such as an electrically conductive silicone. The access key functions as a synthetic fingerprint to limit access to a system to a possessor of the key.

Abstract: An electronic device and an information processing method are disclosed in the disclosure. The electronic device comprises: a wearable apparatus capable of forming a ring or an approximate ring, which is able to surround a first cylinder; a first sensor arranged at least partly in the wearable apparatus and towards an interior of the ring or the approximate ring, and configured to detect first biometric information of at least part of a wearer's body surrounded by the wearable apparatus if the wearable apparatus is worn on the part of the wearer's body; a first processor arranged in the wearable apparatus, and configured to determine whether the first biometric information matches first preset biometric information to obtain a determination result and to perform security processing corresponding to the determination result based on the determination result.

Abstract: A taken-image display unit displays a taken image on a display. By use of face identification data held in a registered user information holding section, a face authentication unit detects a face image of a registered user existing in a taken image. A face frame processing unit displays a face frame on the display for the detected registered user. If, when the face frame is being displayed, the face authentication unit detects by use of the face identification data held in the user information holding section that the face image of the registered user is included in the face frame, a login processing unit lets this user log in.

Abstract: Token detection at a single computing platform may be linked with a user identification to unlock content and/or effectuate modifications in virtual space instances presented via multiple computing platforms, in accordance with one or more implementations. Exemplary implementations may enhance consistency in a user's experiences of a virtual space across multiple computing platforms.

Abstract: A method of providing an additional safety mechanism comprising enabling a setting up of a transaction using a mobile device, between a recipient and a provider, the transaction to be completed face-to-face, providing a wearable device, capable of connecting to the mobile device of the recipient and the mobile device of the provider, the wearable device used to identify an owner of the wearable device as the indicated provider. The method further comprising using the connection between the wearable device and the recipient mobile device to provide an authentication of the recipient to the provider.

Abstract: A system for accessing a system with a touch sensitive interface is provided. The system may be configured for determining a first location and first touch pressure of the first input, determining a second location and a second touch pressure of the second input, and a first time between the first input and the second input. The system may also comprise determining a third location and a third touch pressure of the third input, and a second time between the second input and the third input. The system may further comprise determining a total time for the inputs and comparing the inputs to a unique touch pattern.

Abstract: Embodiments described herein relate to a device operable to process input for a picture password for proof of knowledge. In some embodiments, the device includes a display, an input subsystem, processor(s), and memory containing instructions executable by the processor(s) such that the device is operative to display, on the display of the device, an image for the picture password proof of knowledge. The image is associated with an overlaid grid comprising a plurality of elements, and each element corresponds to a distinct area of the image. The device is further operative to, determine an offset to be used and, in response to receiving an input via the input subsystem at a first location of the display, highlight an element of the overlaid grid at a second location on the first image on the display. The second location is offset from the first location by the offset.

Abstract: System and method for detecting a domain generation algorithm (DGA), comprising: performing processing associated with clustering, utilizing a name-based features clustering module accessing information from an electronic database of NX domain information, the randomly generated domain names based on the similarity in the make-up of the randomly generated domain names; performing processing associated with clustering, utilizing a graph clustering module, the randomly generated domain names based on the groups of assets that queried the randomly generated domain names; performing processing associated with determining, utilizing a daily clustering correlation module and a temporal clustering correlation module, which clustered randomly generated domain names are highly correlated in daily use and in time; and performing processing associated with determining the DGA that generated the clustered randomly generated domain names.

Abstract: The disclosed embodiments include a method for retroactively analyzing original input content to detect malicious content in a computer system, in which the original input content has been previously processed to generate modified input content and prevented from being received by an intended recipient. The method includes accessing the original input content or a characteristic associated with the original input content, and analyzing it based on a malware detection algorithm to determine whether the original input content includes suspected malicious content, wherein the malware detection algorithm includes at least one update of a signature or behavioral characteristic that was not included in the malware detection algorithm when the modified input content was generated. When it is determined that the original input content includes suspected malicious content, the method includes analyzing the modified input content to determine whether the modified input content includes the suspected malicious content.

Abstract: The execution of a process within a virtual machine (VM) may be monitored, and when a trigger event occurs, additional monitoring is initiated, including storing behavior data describing the real-time events taking place inside the VM. This behavior data may then be compared to information about the expected behavior of that type of process in order to determine whether malware has compromised the VM. The trigger event may be analyzed in relation to a set of heuristics, and based on the analysis, a data collection process may be initiated wherein the data comprises information about events occurring in the first virtual machine.

Abstract: A security device may receive actual behavior information associated with an object. The actual behavior information may identify a first set of behaviors associated with executing the object in a live environment. The security device may determine test behavior information associated with the object. The test behavior information may identify a second set of behaviors associated with testing the object in a test environment. The security device may compare the first set of behaviors and the second set of behaviors to determine a difference between the first set of behaviors and the second set of behaviors. The security device may identify whether the object is an evasive malicious object based on the difference between the first set of behaviors and the second set of behaviors. The security device may provide an indication of whether the object is an evasive malicious object.

Abstract: In one embodiment, a system comprises: a processor including at least one core to execute instructions; a plurality of sensors, including a first sensor to determine location information regarding a location of the system; and a security engine to apply a security policy to the system. In this embodiment, the security engine includes a policy logic to determine one of a plurality of security policies to apply based at least in part on the location information, where the location information indicates a location different than locations associated with the plurality of security policies. Other embodiments are described and claimed.

Abstract: An image processing apparatus and control method are provided. An image processing apparatus including: a storage configured to store data which is divided into a plurality of units of code; a random access memory (RAM) configured to be loaded with the data; a central processing unit (CPU) configured to execute the data; and a storage controller configured to read a requested unit of code from the storage in response to receiving a request from the CPU for the unit of code to be currently executed, and load the read unit of code to the RAM so that the unit of code can be processed by the CPU, wherein the storage controller performs validation with regard to the unit of code when reading the unit of code from the storage, and loads the unit of code, when the validation passes, to the RAM.

Abstract: In one embodiment, a device receives a classifier tracking request from a coordinator device that specifies a classifier verification time period. During the classifier verification time period, the device classifies a set of network traffic that includes traffic observed by the device and attack traffic specified by the coordinator device. The device generates classification results based on the classified set of network traffic and provides the classification results to the coordinator device.

Abstract: Methods, systems, and computer program products are provided that address issues related to data privacy by enabling users to elect various levels of data sharing. A user of a user device is enabled to indicate their comfort level with sharing, transmitting, or otherwise exposing individual activity records (data entities) with respect to various activity categories. The exposure of activity records may be controlled with respect to on-device and off-device components. Furthermore, privacy profiles may be automatically generated for the user, and the privacy profiles may be automatically activated in corresponding situations.

Abstract: In one embodiment, a computer-implemented method groups two or more servers in a share group. The method then tracks how many rights to use a particular hardware module type are owned and in use by each of the servers. If a first one of the servers needs to activate an inactive one of the particular hardware module type, but does not own an unused right to use the particular hardware module type, the method then i) requests a second one of the servers to inactivate one of its hardware modules, thereby freeing a right to use the particular hardware module type, and ii) claims the freed right of the second server for use by the first server. Other embodiments are also disclosed.

Abstract: A document security tool includes a memory and a processor. The processor receives a first command from a first user to save a document and in response: encrypts a username, email address, and job code of the first user to produce an encrypted file, merges the encrypted file with the document, and saves the document. The processor also receives a second command to access the document and in response: determines a second user who issued the command, determines a username, email address, and job code of the second user, extracts the username, email address, and job code of the first user from the document, and grants the second user access to the document if one or more of the username, email address, and job code of the second user matches one or more of the username, email address, and job code of the first user.

Abstract: Systems, methods, and computer-readable storage media are provided for securely storing and accessing content within a public cloud. A processor manufacturer provides processors having secure enclave capability to a cloud provider. The provider makes available a listing of processor identifiers (CPUIDs) for processors available for storing content and having secure enclave capability. A content owner provides CPUIDs for desired processors from the listing to the manufacturer which provides the content owner with a processor-specific public code encryption key (CEK) for encrypting content to be stored on each processor identified. Each processor is constructed such that content encrypted with the public CEK may only be decrypted within a secure enclave thereof. The content owner encrypts the desired content with the public CEK and returns the encrypted content and the CPUID for the appropriate processor to the cloud provider. The cloud provider then stores the encrypted content on the particular processor.

Abstract: Nested namespaces for selective content sharing are provided. In a content management system, content is stored for a plurality of users. The content includes a plurality of content items and a plurality of folders arranged in a plurality of hierarchies. A plurality of root namespaces is established. Each root namespace is rooted to a root folder of an account. A first namespace rooted to a first folder selected from the plurality of folders is established. First permissions are maintained for the first namespace, granting access to a first set of users. A request to share a second folder is received. The second folder is a child of the first folder in a particular hierarchy. A second namespace rooted to the second folder is established. Second permissions are maintained for the second namespace, granting access to a second set of users.

Abstract: Facilities are provided herein for unmasking content presented on a display of a computing device. An unmask rule for unmasking the content on the display is determined based on confidentiality level of the content and includes an unmasking parameter indicating an extent to which a masked version of the content is to be physically shielded to unmask the content. A mask is selected and applied to the content in displaying the content on the display. The mask is selected based on the determined unmask rule to convey the unmasking parameter to a user. A shielding level indicating an extent to which the user has physically shielded the masked content on the display is detected and it is determined whether the detected shielding level satisfies the unmasking parameter. If so, the content is temporarily unmasked on the display.

Abstract: A method for providing access to objects associated with a particular client in a cloud storage system is disclosed. The method includes the steps of establishing a connection with a user, providing a client namespace associated with the client to the user, where the client namespace represents objects stored on the cloud storage system and objects stored on a private storage system apart from the cloud storage system, receiving a request from the user to access an object stored on the private storage system, and providing information to the user to facilitate access to the object stored on the private storage system by said user. Other systems and methods are also disclosed. Important advantages of the present invention are facilitated by separating the logic for user access (control plane) from the actual storage (Storage plane). Private file system access can still be managed from the cloud, while keeping the client data private.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for a row-level security. One of the methods includes receiving a request for one or more objects. The method includes determining that a type of the one or more requested objects is associated with an object representative of instance level security. The method includes determining access is authorized to at least some of the one or more objects. Determining access includes obtaining a first access statement associated with the type of the one or more objects, obtaining a second access statement associated with the object representative of instance level security, combining at least the first access statement and the second access statement into a third access statement, and obtaining one or more objects using the third access statement. The method also includes providing the authorized subset of objects to the user.

Abstract: Various systems and methods for managing user information on mobile devices are described herein. A selection of user information is received from a user operating a user device. A privacy setting for the selection of user information is received from the user, the privacy setting to permit or deny access to the user information to a third-party application. The selection of user information and the privacy setting is transmitted from the user device to a receiving device, where the receiving device is configured to enforce the privacy setting for the third-party application executing on the receiving device.

Abstract: A system and method to exchange data among applications are disclosed. A request for information that includes private information is received from a user application. A respective indicator for each private information field within the requested information is determined. A protected set of information is provided to the user application. The protected set of information comprises the requested information with the respective indicator replacing the private information in each private information field of the requested information. At least one indicator is received from the user application. The original data corresponding to the received at least one indicator is determined.

Abstract: Subscriber (user) data is encrypted and stored in a service provider cloud in a manner such that the service provider is unable to decrypt and, as a consequence, to view, access or copy the data. Only the user knows a user-specific secret (e.g., a password) that is the basis of the encryption. The techniques herein enable the user to share his or her data, privately or publicly, without exposing the user-specific secret with anyone or any entity (such as the service provider).

Abstract: Embodiments of the present application relate to a method, apparatus, and system for managing confidential information. The method includes accessing stored target information comprising a public part and a confidential part, wherein an identifier corresponds to the confidential part of the target information, outputting the public part of the target information and the corresponding identifier, wherein the public part of the target information comprises at least first address information, receiving location information and a to-be-recognized identifier, wherein the location information is associated with a current location of a mobile terminal, determining whether the location information is consistent with the first address information, and in the event that the location information is consistent with the first address information, sending the confidential part of the target information associated with the to-be-recognized identifier to the mobile terminal.

Abstract: A formal verification approach verifies data access and data propagation paths in a circuit design by proving the unreachability of path cover properties of the circuit design. A security path verification system receives an original circuit model of a circuit design, along with parameters identifying a first location within the circuit design that is a source of tainted data and a second location within the circuit design that is coupled to the first location. The security path verification system also receives a selection of portions of the circuit design to be excluded from the verification analysis. Using an abstracted version of the exclude portions, the security verification system generates a second circuit model of the circuit design for use in determining whether the tainted data can reach the second location from the first location within the circuit design.

Abstract: A provisioning system can separately and independently provision different components for different purposes on a computing platform, and enforce component-specific purposes associated with the use of the individual provisioned components during operation of the platform. Some versions of the provisioning subsystem may operate on a virtualized mobile computing device and networked devices under control of the computing device. In some embodiments, the provisioning subsystem can enforce a desired “purpose” of a provisioned component while simultaneously denying a corresponding “anti-purpose.

Abstract: Methods and devices for providing a private page are provided. A method includes operations of entering a security mode based on a user input; extracting the private page that corresponds to the security mode; and providing both the private page and a normal page that is provided during a normal mode, wherein the private page includes at least one object that is selected by a user so as to be provided during the security mode. A device includes a user input configured to receive a user input; a controller configured to enter a security mode based on the received user input, and extracting a private page that corresponds to the security mode; and a display configured to provide both the private page and a normal page that is provided during a normal mode, wherein the private page comprises at least one object that is selected by a user so as to be provided during the security mode.

Abstract: A MMIC (microwave monolithic integrated circuit) based FET mixer and method for the same is provided. In particular, adjacent transistors, such as FETs (field effect transistors) share terminals reducing physical layout separation and interconnections. A smaller die size is realized with the improved system geometry herein provided.

Abstract: A card reader may include an IC contact block; an insertion port; an insertion posture detection mechanism; a tip end detection mechanism; a pulling-out prevention mechanism structured to prevent pulling-out of a card inserted in an inside of the card reader when it is detected that the card is inserted into the insertion port in a correct posture based on a detected result of the insertion posture detection mechanism and, when it is detected that the tip end face of the card in the inserting direction has been inserted to the predetermined position based on a detected result of the tip end detection mechanism; and a pushing-out mechanism structured to push out the card inserted into the inside of the card reader in an ejecting direction of the card which is an opposite direction of the inserting direction.