Abstract: A method for runtime self-protection of an application program includes, before running the application program, identifying input and output points in runtime code (24) of the program. The input points are instrumented so as to cause the program to sense and cache potentially malicious inputs to the program. The output points are instrumented so as to cause the program to detect outputs from the program corresponding to the cached inputs. While running the application program, upon detecting, at an instrumented output point, an output corresponding to a cached input, a vulnerability of a target of the output to the cached input is evaluated. A protective action is invoked upon determining that the output is potentially vulnerable to the cached input.

Abstract: The invention is a method for managing a secure element that comprises an operating system and a software application including an executable part which is tied to the operating system through a plurality of links. The method comprises the following steps: on receipt of an un-map command, recording in a memory area of the secure element a description of said links using an intermediate language, replacing the operating system by a new operating system by keeping said memory area unchanged, on receipt of a re-map command by the secure element, restoring a new set of links between the executable part and the new operating system by using the description.

Abstract: Embodiments include computing devices and methods implemented by computing devices for using programmable hardware security counters for detecting malicious behavior. Various embodiments may include tracking the value of hardware instruction pointers, such as pointers tracking the memory address of each executing instruction. The computing device may identify a start and end of contiguous instruction segments using the tracked instruction pointer. For example, the computing device may analyze changes in value of the instruction pointer to detect “jumps” or large changes in the memory address of executing instructions. Based, at least in part, on the identified instruction segments, the computing device may determine whether the instruction segments represent malicious behavior. If the instruction segments represent malicious behavior, the computing device may terminate the requesting software application.

Abstract: The present disclosure is directed at systems and methods for detecting ransomware infection in filesystems. These systems and methods may enable a computer user to detect a ransomware infection within a filesystem utilizing a snapshot image-based backup. According to some embodiments, the disclosed systems and methods analyze metadata describing the contents of an examined filesystem embodied in a Master File Table (MFT). Also according to some embodiments, the disclosed systems and methods compute an entropy associated with an extracted sample of files to distinguish between infected and uninfected file systems. Relative to other techniques, the disclosed systems/methods can decrease the time and/or computational resources required to detect ransomware, while also decreasing false positives and false negatives.

Abstract: Described herein are hardware monitors arranged to detect illegal firmware instructions in a firmware binary image using a hardware design and one or more formal assertions. The hardware monitors include monitor and detection logic configured to detect when an instantiation of the hardware design has started and/or stopped execution of the firmware and to detect when the instantiation of the hardware design has decoded an illegal firmware instruction. The hardware monitors also include assertion evaluation logic configured to determine whether the firmware binary image comprises an illegal firmware instruction by evaluating one or more assertions that assert that if a stop of firmware execution has been detected, that a decode of an illegal firmware instruction has (or has not) been detected.

Abstract: Techniques for mitigating attacks on an application operating in a trusted execution environment of a computing device are provided. An example method according to these techniques includes monitoring performance of the trusted application operating in the trusted execution environment of the computing device, determining whether an undesired behavior of the trusted application has occurred more than or equal to a threshold number of times, and executing a delayed restart process for the trusted application.

Abstract: Systems and arrangements for integrating two or more overlapping requirements from different assessments are presented. In some examples, determining whether requirements are considered overlapping may include identifying a plurality of aspects of each requirement and comparing the aspects to aspects of other requirements to determine whether at least a threshold number of aspects are the same. Upon identifying two or more overlapping requirements, the system may integrate the two or more overlapping requirements into an integrated requirement. A unique identifier may be generated for the integrated requirement and associated with the integrated requirement. Data may be received responsive to a request for data for an integrated requirement and the system may associate the received data with the integrated requirement and may map the received data to the two or more requirements integrated into the integrated requirement.

Abstract: The presenting invention relates to techniques for implementing a secure operating environment for the execution of applications on a computing devices (e.g., a mobile phone). In The secure operating environment may provide a trusted environment with dedicated computing resources to manage security and integrity of processing and data for the applications. The applications may be provided with a variety of security services and/or functions to meet different levels of security demanded by an application. The secure operating environment may include a security engine that enumerates and/or determines the security capabilities of the secure operating environment and the computing device, e.g., the hardware, the software, and/or the firmware of the computing device. The security engine may provide security services desired by applications by choosing from the security capabilities that are supported by the secure operating environment and the computing device.

Abstract: Disclosed is a network entity configured to receive a package access (PA) message associated with signaling for consuming a media package from a sending entity, verify, in response to a request for changing media data in the media package, whether the media data is changeable based on a flag in the PA message, change the media data and update the PA message when the media data is changeable, and transmit the changed media data and the updated PA message to a receiving entity.

Abstract: Techniques are described for video redaction. In one aspect, techniques include receiving a video for redaction; analyzing the video to generate an appearance model for the video, providing a user interface (UI) allowing a user to modify the appearance model, and responsive to a user selecting an object from the appearance model, extending and completing a trajectory of the selected object with enhanced marking based on the user input.

Abstract: A functional library can secure data gathering devices of a personal computing device on behalf of a secure application program to provide a more secure computing session during which sensitive data gathering activities are performed using any of those data gathering devices. The functional library, when incorporated within a personal computing device, creates a secure personal computing device on which to execute application programs such as mobile banking applications. The secure functional library acquires exclusive access to one or more of a predetermined plurality of the data gathering devices on behalf of a calling secure software application. Exclusive access is achieved by gaining access to each of the predetermined set and then locking that access throughout either the entire computing session, or at least until the execution of sensitive data gathering activities being performed during that computing session have been completed.

Abstract: Various examples are directed to systems and methods for table privilege management. A database management system (DBMS) may receive a first client request describing a first database operation on a first record from a first table of a database. The DBMS may determine that a user associated with the first client request lacks privileges to perform the first database operation on record fields in a first column of the table. The DBMS may generate a modified first database operation that does not perform the first operation on a first record field of the first record that is in the first column and may execute the modified first database operation at the database.

Abstract: A method and associated system. Before allowing a user to use a secured resource, a first security check may be performed with respect to the user and/or the secured resource to determine whether a first security condition is satisfied. In response to a first security condition being satisfied, allowing the user to use the secured resource. In response to failing to satisfy the at least one first security condition, performing a second security check on the user with a second security condition. In response to passing a second security condition, allowing the user to use the secured resource. The first security condition may include a dynamic evaluation of at least one available data point to calculate a projected security risk of the user using the secured resource and the level of complexity of the second security condition may be set based on the calculated projected security risk.

Abstract: A method for automatically encrypting files is disclosed. In some cases, the method may be performed by computer hardware comprising one or more processors. The method can include detecting access to a first file, which may be stored in a primary storage system. Further, the method can include determining whether the access comprises a write access. In response to determining that the access comprises a write access, the method can include accessing file metadata associated with the first file and accessing a set of encryption rules. In addition, the method can include determining whether the file metadata satisfies the set of encryption rules. In response to determining that the file metadata satisfies the set of encryption rules, the method can include encrypting the first file to obtain a first encrypted file and modifying an extension of the first encrypted file to include an encryption extension.

Abstract: Computer-implemented systems and methods are described for configuring a plurality of privacy properties for a plurality of virtual objects associated with a first user and a virtual environment being accessed using a device associated with the first user, triggering for display, in the virtual environment, the plurality of virtual objects to the first user accessing the virtual environment, determining whether at least one virtual object is associated with a privacy setting corresponding to the first user. In response to determining that a second user is attempting to access the one virtual object, a visual modification may be applied to the object based on a privacy setting. The method may also include triggering for display, the visual modification of the at least one virtual object, to the second user while continuing to trigger display of the at least one virtual object without the visual modification to the first user.

Abstract: A computer-implemented security system and method provides signature pathway authentication and identification. The system and method include establishing a user-defined cognitive signature pathway through multiple graphical zones of a graphical user interface. The signature pathway enables authorized user access to an otherwise secured location. Subsequent entries of the signature pathway entered via the graphical user interface are then validated. For all valid entries of the signature pathway, user access is allowed to the secured location.

Abstract: A method for execution by a storage unit of a dispersed storage network includes receiving an access request from a requestor. An access anomaly of the access request is detected, and the access request is queued for processing in response. An anomaly detection indicator is issued to a plurality of other storage units. A secondary authentication process is initiated with the requestor, and a secondary authentication response from the requestor. The access request is processed when the secondary authentication response is favorable.

Abstract: A backup or storage management system is provided that can secure data within a primary storage environment that stores data in an unsecured format. The storage management system can automatically analyze data received for backup from the primary storage environment and determine whether the data includes information that has been identified as sensitive and/or information that is determined within a threshold degree of probability to be sensitive. The storage management system can then modify the storage of the data that includes sensitive information at the primary storage environment, thereby enabling the data to be secured within the unsecured, or partially secured, primary storage environment. Advantageously, in certain embodiments, by securing data with sensitive information within an unsecured storage environment, embodiments disclosed herein can reduce the occurrences of a data breach or data leak.

Abstract: Systems and methods are described that are configured to obtain tracking data corresponding to a plurality of users accessing a virtual reality environment. The tracking data may include information associated with a plurality of movements performed by a first user in a physical environment. The systems and methods may be configured to modify display data associated with the plurality of movements, in response to determining that the information is private, and provide, in the virtual environment, the modified display data to a second user in the plurality of users, while displaying unmodified display data to the first user.

Abstract: The invention is a method for restoring to a factory state a secure element which is embedded in a first device and which comprises a set of data. The method comprises the steps of: classifying data of the set in three independent categories, retrieving from a second device a first entity configured to provide factory value of data of the first category, restoring all current data of the first category (C1) by factory value, retrieving from a third device a second entity configured to provide factory value of data of the second category, restoring factory value of data of the second category.

Abstract: A method for storing a first data object includes: decomposing the first data object into a first fragment associated with a first original record locator and a second fragment associated with a second original record locator; obfuscating the first original record locator to generate a first obfuscated record locator and the second original record locator to generate a second obfuscated record locator; encrypting the first fragment using a first encryption key and the second fragment using a second encryption key; and storing, to at least a first of a plurality of storage locations, the first encrypted fragment with the corresponding first obfuscated record locator and the second encrypted fragment with the second obfuscated record locator.

Abstract: For relationship-based image modification, a processor determines a relationship level for a requester of an image of a plurality of images. The processor further modifies the image based on the relationship level.

Abstract: Techniques for multiple message retrieval for secure electronic communication are described. The techniques, for instance, utilize a server and computing devices employing a private information retrieval scheme to allow a receiving device to locate multiple electronic communications on a server, request delivery of the multiple electronic communications without the server being aware of which electronic communication are requested, and receive the electronic communications without the server being aware of which electronic communications were sent. For example, the server may utilize an efficient electronic communication storage structure for storing and retrieving multiple electronic communications.

Abstract: A method for disabling counterfeit cartridge operation is provided. The method includes detecting a cartridge in a blade enclosure. The method includes checking authentication credentials of the cartridge. The method includes determining the cartridge to be counterfeit. The method includes disabling the cartridge in response to determining the cartridge to be counterfeit.

Abstract: Provided are systems, methods, and apparatus for protecting an integrated circuit against invasive attacks and various forms of tampering. A defensive mechanism is an active physical security shield that includes an array of traces at a high metal of the integrated circuit, covering a high percentage of the surface area of that layer, and a collection of digital logic components that drive signals across the traces. The driving of the signals across the traces is done in an active manner such that a short, open, or stuck-at fault on any of the traces is detected within a very short period of time. The active security system is connected to or in communication with an alert response mechanism, such that a fault detected by the security system results in a signal being sent to the alert response mechanism.

Abstract: The present disclosure is directed to a flexible counter system for memory protection. In general, a counter system for supporting memory protection operations in a device may be made more efficient utilizing flexible counter structures. A device may comprise a processing module and a memory module. A flexible counter system in the memory module may comprise at least one data line including a plurality of counters. The bit-size of the counters may be reduced and/or varied from existing implementations through an overflow counter that may account for smaller counters entering an overflow state. Counters that utilize the overflow counter may be identified using a bit indicator. In at least one embodiment selectors corresponding to each of the plurality of counters may be able to map particular memory locations to particular counters.

Abstract: A security apparatus that can detect unauthorized alterations of physical arrangement of a computing system or unauthorized movements of a computing system through the use of acoustic signals is designed. Modules of a computing system including the security apparatus are able to generate acoustic measurements from received returned acoustic signals. Also, the modules are able to derive baseline acoustic measurements based on stored acoustic profiles. If, for any module of the computing system, its generated acoustic measurements do not substantially match its baseline acoustic measurements, the mismatch may indicate that there is an unauthorized alteration of physical arrangement of the computing system or an unauthorized movement of the computing system. Thus, the security apparatus in the module may take actions to prevent access to the sensitive data stored in the module.

Abstract: Tamper-proof electronic packages and fabrication methods are provided including an enclosure enclosing, at least in part, at least one electronic component within a secure volume, a two-phase dielectric fluid within the secure volume, and a tamper-respondent detector. The tamper-respondent detector monitors, at least in part, temperature and pressure of the two-phase dielectric fluid. In operation, the two-phase dielectric fluid deviates from an established saturation line of the two-phase dielectric fluid within the secure volume with an intrusion event into the secure volume, and the tamper-respondent detector detects, from the monitoring of the temperature and pressure of the two-phase dielectric fluid, the deviation from the established saturation line, and thereby occurrence of the intrusion event.

Abstract: According to an embodiment of the present disclosure, an electronic device for transmitting data comprises a memory storing the data, a processor, and a coil. The processor may perform controls to detect a data receiving device configured to detect a magnetic field corresponding to the data and apply a voltage or a current corresponding to the data to the coil in response to the detection of the data receiving device.

Abstract: A system, exhibiting a communication station for communicating with a number of radio tags in a time slot communication process, in which a number of time slots per time slot cycle in a repeating sequence are available for communication, and each time slot is characterized by a distinct time slot symbol, wherein the communication station is designed to send out a synchronization data signal exhibiting the time slot symbol for the currently present time slot, and wherein a radio tag is designed for changing from a sleep state into an active state at a wakeup instant, and for receiving the synchronization data signal in the active state and, if the received time slot symbol indicates a time slot intended for it, for defining a new wakeup instant corresponding to the next appearance of the time slot intended for it in a time slot cycle that follows the currently present time slot cycle.

Abstract: A system includes a first computing device having a first non-transitory machine-readable storage medium, first communication circuitry, and at least one first processor in communication with the first non-transitory machine-readable storage medium and the first communication circuitry. The at least one first processor is configured to execute instructions stored in the first non-transitory machine-readable storage medium to cause the first communication circuitry to receive a first signal from a first transmission medium, calculate a first authentication value for an object based on data included in the first signal, and cause the first communication circuitry to transmit a second signal to the first transmission medium. The second signal identifies whether the object is authentic based, at least in part, on the first authentication value.

Abstract: A representation of variations in elevation of friction ridges in a friction ridge pattern of a subject may be generated. A sequence of images captured over a time period may be obtained. Individual images in the sequence of images may indicate areas of engagement between an imaging surface and the friction ridge pattern of the subject when the individual images are captured. Temporal information may be obtained for the individual images. The temporal information for the individual images may be used to aggregate the individual images in the sequence of images into an aggregated representation of the friction ridge pattern. The aggregation may be accomplished such that the aggregated representation depicts the areas of engagement of the friction ridge pattern with the imaging surface at different elevations of the friction ridge pattern.

Abstract: Provided is a fingerprint identification method and the method includes the follows. Source fingerprint data for fingerprint identification is acquired. Fingerprint data to be processed, whose fingerprint data value in a preset threshold range, is extracted from the source fingerprint data. A feature amplifying process is performed on the fingerprint data to be processed and fingerprint data obtained through the amplifying process is repaired to obtain target fingerprint data. Fingerprint simulation data is generated according to the target fingerprint data and the fingerprint simulation data is matched with pre-stored fingerprint verification data. The source fingerprint data is determined to be identified successfully, when the fingerprint simulation data matches the pre-stored fingerprint verification data successfully. A terminal is also provided.

Abstract: Microelectromechanical (MEMS) devices and associated methods are disclosed. Piezoelectric MEMS transducers (PMUTs) suitable for integration with complementary metal oxide semiconductor (CMOS) integrated circuit (IC), as well as PMUT arrays having high fill factor for fingerprint sensing, are described.

Abstract: The present disclosure relates to a fingerprint sensor having a capture surface for capturing characteristic features of the surface of a finger of an operator and an associated analyzing unit, where the analyzing unit and the fingerprint sensor are designed to capture a movement of the characteristic features of the finger across the capture surface; and the analyzing unit is furthermore designed to detect a rotation movement of the finger and to associate a parameter of the rotation movement to a change of a control parameter, as long as the axis of rotation defined by the rotation movement intersects the capture surface.

Abstract: A fingerprint sensing device includes a substrate; a plurality of pixels arranged in a grid of rows and columns, each pixel having an active thermal sensing element therein; a first metal layer forming first addressing lines for addressing the active thermal sensing elements; a second metal layer above the first metal layer and forming second addressing lines for addressing the active thermal sensing elements; an electrically conductive ESD protection layer; and an insulating layer disposed between the ESD protection layer and the active thermal sensing elements. The ESD protection layer is electrically connected to a bias potential. The ESD protection layer is disposed in a pattern such that it partially overlaps each pixel, the ESD protection layer at least partially overlapping the active thermal sensing element of each pixel.

Abstract: Provided is a method for monitoring a manufacturing process of an agricultural product. The method utilizes hyperspectral imaging and comprises scanning at least one region along a sample of agricultural product using at least one light source of a single or different wavelengths; generating hyperspectral images from the at least one region; determining a spectral fingerprint for the sample of agricultural product from the hyperspectral images; and comparing the spectral fingerprint so obtained to a spectral fingerprint database containing a plurality of fingerprints obtained at various points of the manufacturing process, using a computer processor, to determine which point in the manufacturing process the sample has progressed to.

Abstract: A fingerprint identification method is provided. The fingerprint identification method includes following steps: obtaining an object image and storing a plurality of pixel data of the object image in a first color model format, where the pixel data include a plurality of first pixel values; converting the pixel data into a second color model format and obtaining a plurality of second pixel values based on the converted pixel data and a first gain value; calculating a plurality of third pixel values based on the first pixel values and the second pixel values; calculating a first standard deviation based on the third pixel values; and determining whether the first standard deviation being greater than a first preset threshold value, if the first standard deviation being greater than the first preset threshold value, recognizing the object image as a fingerprint image of a true finger.

Abstract: Systems and methods acquire and/or generate multiple different images of the same biometric identity, identify specific instances of biometric features in each of the different images, and merge the identified specific instances of biometric features into a data record that provides a digital representation of the biometric identity. Examples of biometric identities include fingerprints, handprints, palm prints, and thumbprints. In one embodiment, a counter is associated with each specific instance of a biometric feature found in the multiple images. Specific instances of biometric features found most frequently have high counts and are indicative of true identifications; those with low counts are indicative of false identifications. A threshold distinguishes between true and false identifications. Those specific instances with counts below the threshold are excluded when the digital representation of the biometric identity is generated.

Abstract: A method and a mobile terminal for controlling unlocking include the following. The number of feature points in a current feature point set of a finger is acquired. X rows of sensing electrodes are added to the current sensing electrode set to update the current sensing electrode set. The finger is scanned according to sensing electrodes in the current sensing electrode set updated to obtain fingerprint data. A fingerprint image is generated based on the fingerprint data. Feature points are extracted from the fingerprint image and the current feature point set is updated based on the feature points extracted. The terminal is unlocked when the number of the feature points in the current feature point set is greater than or equal to the first preset threshold and the current feature point set is matched.

Abstract: A method for controlling unlocking includes the following operations. A reference feature point set of a finger of a user is acquired by scanning the finger through a fingerprint recognition sensor. A matching process is performed between the reference feature point set and at least one template feature point of a pre-stored fingerprint template feature point set in descending order of matching priority of the at least one template feature point. The terminal is unlocked based on the number of template feature points successfully matched with the reference feature point set.

Abstract: A method and a user terminal are provided for fingerprint unlocking. The method includes: receiving a partial fingerprint image during a process of pressing a fingerprint recognition sensor of a user terminal where the partial fingerprint image corresponds to part of fingerprints of a finger, matching the partial fingerprint image during the process of receiving the partial fingerprint image, and unlocking a user terminal when the partial fingerprint image is matched. The receiving includes: receiving N fingerprint region images by scanning from N directions, N being an integer larger than 1; calculating the clarity of each of the N fingerprint region images; and selecting one of the N fingerprint region images as the partial fingerprint image, the clarity of the one of the N fingerprint region images being larger than a first preset threshold.

Abstract: An electronic device, a face recognition and tracking method and a three-dimensional display method are provided. The electronic device includes: a pick-up device configured to shoot a face image of a user; a frontal face image acquisition module configured to acquire a frontal face image of the user via the pick-up device; and a face tracking module configured to perform a comparison operation on the face image shot by the pick-up device and the frontal face image, and determine a moving distance of the face of the user along a direction in a plane perpendicular to a central optical axis of the pick-up device, wherein the comparison operation includes a comparison between a ratio of an area of a specific part to an area of an entire face for the face image shot by the pick-up device, and the ratio for the frontal face image.

Abstract: A system and method for capturing a player's likeness on an in game model at runtime including geometry and texture.

Abstract: Systems and arrangements for performing biometric facial recognition in order to provide access to a device and/or process one or more events are provided. In some examples, one or more images of a user may be received by an entity and pre-processed to obtain a mean pixel value and variance of each image. These values may be stored in association with the image and/or identifying information associated with the user. Upon receiving a request to access a device, the device may capture an image of the user requesting access. The captured image may be processed similarly to the pre-stored images to determine a mean pixel value and variance. The system may compare the determined mean pixel value and variance for the pre-stored images to the captured image to obtain a similarity score. If the similarity score is at or above a predetermined threshold value, the images may be considered a match.

Abstract: Systems, devices, media, and methods are presented for modeling facial representations using image segmentation with a client device. The systems and methods receive an image depicting a face, detect at least a portion of the face within the image, and identify a set of facial features within the portion of the face. The systems and methods generate a descriptor function representing the set of facial features, fit object functions of the descriptor function, identify an identification probability for each facial feature, and assign an identification to each facial feature.

Abstract: A notification device includes a difference calculation section adapted to calculate differences between index values of a plurality of indexes, which are calculated by analyzing an exercise of a user using an inertial sensor, and are related to an athletic ability of the user, and target values set to the respective indexes, an index selection section adapted to select some of the indexes based on the differences with respect to the respective indexes, and an output section adapted to output the some of the indexes selected.

Abstract: A path and/or orientation of object approaching an athlete is tracked using two or more cameras. At least two sets of video images of the object are obtained using at least two different cameras having different positions. Motion regions within video images are identified, and candidate locations in 2D space of the object is/are identified within the motion region(s). Based thereon, a probable location in 3D space of the identifiable portion is identified, for each of a plurality of instants during which the object was approaching. A piecewise 3D trajectory of at least the identifiable portion of the object is approximated from the probable locations in 3D space of the object for multiple instants during which the object was approaching the athlete. A graphical representation of the 3D trajectory of the object is incorporated into at least one of the sets of video images.

Abstract: The present disclosure relates to a method and a device for identifying a gesture. The method includes: determining a depth of each pixel in each of a plurality of images to be processed, in which the plurality of images to be processed are separately collected by the plurality of cameras, and the depth is configured to at least partially represent a distance between an actual object point corresponding to each pixel and the mobile apparatus; determining a target region of each of the images to be processed according to the depth; and determining a gesture of a target user according to image information of the target regions.

Abstract: When detecting object areas, it is possible to appropriately evaluate each detection area regardless of the overlapping relationship and positional relationship between detection areas. A human body detection apparatus obtains an image captured by an imaging unit, detects, as detection areas, predetermined object areas from the captured image, and evaluates an evaluation target detection area by comparing, among the detection areas, the evaluation target detection area and other detection areas.