Abstract: A method is provided for facilitating an integrated circuit design layout. The method includes receiving a netlist including a plurality of subnets. For each subnet, the method also includes obtaining a Steiner net length value and related net delays in a signal path for a metal wiring layer using timings of all involved circuits of the subnet, and determining whether the net delay is smaller than a predefined value. On a negative outcome of the determination, a wire delay is ascertained for the named metal wiring layer based on a maximum buffer distance retrieved from a cycle reach table, and determining whether the ascertained wire delay is below the related net delay. On a positive outcome of the second determination, a next increased metal wire width is selected and a metal wire based wire delay for the named metal wiring layer including a buffer is ascertained.

Abstract: Defect information obtained from a test wafer is received. The test wafer was fabricated according to an Integrated. Circuit (IC) design layout. A plurality of first regions of interest (ROIs) is received based on the defect information. The first ROIs each correspond to a region of the IC design layout where a wafer defect has occurred. A frequency domain analysis is performed for the first ROIs. A wafer defect probability is forecast for the IC design layout based at least in part on the frequency domain analysis.

Abstract: Disclosed are a method and a device for signal period stretch and ultra-fast serial-to-parallel/parallel-to-serial conversion, which relate to the technical field of analysis and measurement control. The method is to change a propagation velocity of a target signal or displacement-reflecting the target signal, so as to extend or compress the period of the signal. Displacement-reflection is to generate a Doppler shift through interaction of the displacement of a reflecting plate with the target signal, so as to achieve period stretch; for a signal transmitted through a medium, the propagation velocity of the target signal is changed by changing the property of the medium, so as to achieve period stretch; for a signal ascribed to an electron flow, the movement velocity of the electron beam is changed through a varying acceleration field, so as to achieve period stretch.

Abstract: A communication section receives a connection request from a game controller to connect the game controller with an information processing apparatus. A registered user information holding section holds biometric information of a user registered in the information processing apparatus. A biometric authentication portion compares biometric information of a user included in a taken image with biometric information held in the registered user information holding section to determine whether the imaged user is a user registered in the information processing apparatus. After the imaged user is found to be a user registered in the information processing apparatus, a login controller executes login processing of the user, or to be more specific, stores information for identifying a device included in the taken image and information for identifying the user into a login user storage portion by relating these items of information with each other.

Abstract: A computer-implemented method for processing and/or analyzing nucleic acid sequencing data comprises receiving a first data input and a second data input. The first data input comprises untargeted sequencing data generated from a first nucleic acid sample obtained from a subject. The second data input comprises target-specific sequencing data generated from a second nucleic acid sample obtained from the subject. Next, with the aid of a computer processor, the first data input and the second data input are combined to produce a combined data set. Next, an output derived from the combined data set is generated. The output is indicative of the presence or absence of one or more polymorphisms of the first nucleic acid sample and/or the second nucleic acid sample.

Abstract: Methods and systems for identifying a quantitation cycle (Cq) for a PCR reaction that includes fitting a line having a plurality of line segments to data points associated with a PCR amplification reaction. The data points include a cycle value associated with a PCR cycle and a product value associated with a PCR product. A baseline is identified and reaction segment associated with an exponential region of the PCR reaction is also identified. The reaction segment includes a subset of the plurality of line segments having a slope not less than a steepness criterion. A reaction line is fit to the data points associated with the reaction segment. The Cq is identified by calculating the cycle value for a data point defining the intersection of the baseline and reaction line.

Abstract: Medical patient monitoring devices that have the capability of detecting the physical proximity of a clinician are disclosed. The medical patient monitoring devices may be configured to perform a first selected action when the presence of a clinician is detected in a first detection area, and to perform a second selected action when the presence of the clinician is detected in a second detection area. The medical patient monitoring devices may be configured to determine whether a clinician is present in a detection area based on the strength of a signal from a clinician token, and based on a signal strength adjustment value associated with the clinician token. When the presence of a clinician is detected in a detection area, the medical patient monitoring devices may be configured to perform a predetermined action that is determined from a remote database communicatively coupled thereto.

Abstract: A medical data point of care device is configured to collect, access, store, and distribute patient medical data. The device is particularly suited for use in a mobile environment and may be particularly useful in an urgent care mobile environment, such as a battlefield or disaster area. In such environments, data transmission services may be intermittent and the bandwidth of such services may be low. The device is configured to adjust the flow of data transmission from a point of care location to a remote location so as to maximize or otherwise increase the likelihood of successful transmission of the data. The device is further configured to collect data from both a care provider and a medical device.

Abstract: Disclosed is a cloud-based resource and information tracking system for medical patients and healthcare providers. The cloud-based software system integrates all or many sources of patient medical and health information, updates the information in near real-time, and makes the data available to member(s) of the patient's healthcare team securely.

Abstract: Embodiments of the invention provide systems and methods to provide safe, secure and accurate point-to-point delivery of prescription and non-prescription drugs in the long-term home care or ambulatory care environment. More specifically, embodiments of the present invention provide for a low-cost, easy-to-use system comprised of a secure drug dispensing unit and medication enclosure combined with wireless connectivity and software based on smart mobile phone technology. Such systems and methods, referred to herein as a Secure, Control, and Enhance Medication Adherence (SCEMA) system, can mitigate the aforementioned risks associated with the use of prescription and non-prescription drugs. These risks can be significantly reduced for the elderly in the homecare environment, as well as the general public, without disrupting, or a significantly increasing the cost, to the existing prescription and non-prescription drug distribution infrastructure.

Abstract: A utility, typically in the form of a software application, allows an author to record digital media, generate and associate and/or embed unique copyright data with the media, store the media and copyright data locally and remotely, and receive an electronic receipt containing the generated unique copyright data, providing verifiable copyright protection for original works of authorship. Typically, the software application can generate copyright information during the creation of the media. This copyright information can include, for example, a generated unique copyright identifier, author's information such as name and address, device identifier provided by the device as available, device type, and the like. Embodiments of the present invention enhances the author's ability to record media such as video and images by ensuring a verifiable and unique copyright identifier is included with the digital content.

Abstract: A novel code signing system, computer readable media, and method are provided. The code signing method includes receiving a code signing request from a requestor in order to gain access to one or more specific application programming interfaces (APIs). A digital signature is provided to the requestor. The digital signature indicates authorization by a code signing authority for code of the requestor to access the one or more specific APIs. In one example, the digital signature is provided by the code signing authority or a delegate thereof. In another example, the code signing request may include one or more of the following: code, an application, a hash of an application, an abridged version of the application, a transformed version of an application, a command, a command argument, and a library.

Abstract: A mobile device may perform authentication with an authenticating entity. The mobile device may comprise a plurality of sensors and a processor. The processor may be configured to: receive an authentication request from the authenticating entity requesting authentication information; and determine if the authentication request satisfies predefined user privacy preferences. If so, the processor may be configured to: retrieve the authentication information from at least one sensor to form a trust vector in response to the authentication request and to command transmission of the trust vector to the authenticating entity for authentication.

Abstract: One embodiment provides a method, including: utilizing at least one processor to execute computer code that performs the steps of: receiving motion sensor information from a plurality of sensors on a wearable device; identifying, based on the motion sensor information, a motion pattern corresponding to an activity of a user; comparing the motion pattern to a plurality of stored motion patterns; determining, based on the comparing, if the motion pattern matches one of the stored motion patterns that is identified as a motion pattern of a sensitive activity; and modifying, whether the motion pattern matches one of the stored motion pattern identified as a motion pattern of a sensitive activity. Other aspects are described and claimed.

Abstract: Devices, systems, and methods of detecting user identity, differentiating between users of a computerized service, and detecting a possible attacker. A log-in process or a user-authentication process, is augmented or enriched by one or more incidental tasks, which force the user to perform additional on-screen interactions or input-unit interactions, which in turn enrich and augment the pool of user interactions from which the system extracts one or more user-specific features. The extracted user-specific features are used as part of the user authentication process, and are further used to differentiate among users.

Abstract: Aspects of the subject disclosure may include, for example, generating a digital certificate responsive to an authentication of a user according to a dynamic biometric process, associating the digital certificate with a transaction record for the transaction, storing information associated with authentication conditions of the dynamic biometric process, receiving an access request associated with the transaction, and providing access to the transaction record, the information associated with the authentication conditions of the dynamic biometric process or a combination thereof responsive to the access request, where granting of the access is according to transmitting an access acknowledgement to equipment of the user, or obtaining another authentication to allow permission to access or a combination thereof. Other embodiments are disclosed.

Abstract: A storage device capable of fingerprint identification includes a first storage, a first controller and a second storage. The first storage is configured to store a registered fingerprint. The first controller is configured to compare the registered fingerprint with an input fingerprint, wherein the input fingerprint is obtained in response to a touch event. The second storage is configured to store a data. The data is, in response to a fingerprint comparison result, selectively allowed to be accessible or prohibited from being accessible to a host.

Abstract: An image forming apparatus configured to communicate with an authentication apparatus through a network, the image forming apparatus including: an acquisition unit configured to acquire a user ID through the network; a transmission unit configured, when the user ID is acquired by the acquisition unit, to transmit an authentication request including a user ID to the authentication apparatus through the network; and a control unit configured to allow the user to log in to the image forming apparatus according to an authentication result in response to the transmitted authentication request.

Abstract: The present technology provides dynamic security code systems and method for their creation and use. The systems include a base layer including a first pattern and a sublimating compound layer including a plurality of materials selectively covering the base layer. In some embodiments, each of the plurality of materials is configured to sublimate at respective sublimation rates. The system further includes a shielding layer configured to shield the base layer and the sublimating compound layer to form a security code. The shielding layer can be configured to control a diffusion rate of the plurality of materials through the shielding layer such that the security code is changed.

Abstract: The invention discloses a password input method based on a two-stage conversion. The method specifically includes providing password symbols and randomly providing password-proxy symbols, and building a two-sage association between the password symbols and the password-proxy symbols.

Abstract: A system and method to cause an obfuscated non-functional device to transition to a starting functional state using a specified number of cycles are disclosed.

Abstract: Methods are disclosed for identity key management in networked application execution. In one embodiment, an identifier request is transmitted from a client system to a server system, in which an identity key value in the identifier request is blank. Upon detecting the blank identity key value at the server system, the server system operates to generate a new identity key value and an identifier for the new identity key value. The new identity key value and the identifier for the new identity key value are transmitted from the server system to the client system. The new identity key value is stored in a local store of the client system. The local store of the client system is secured by a passcode and persists data through power cycling of the client system. The identifier is used to track execution of a networked application in an anonymous execution mode.

Abstract: A password recovery technique for access to a system includes receiving a request from a first party to recover the first party's password to access the system, receiving a selection of a second party from the first party, sending a message to the second party requesting that the second party authorize the request to recover the first party's password, receiving authorization from the second party for the request to recover the first party's password, and resetting the first party's password responsive to receiving authorization from the second party.

Abstract: Discrete events that take place with respect to a hard disk drive or other I/O device or port are indicated to logic that implements Self-Monitoring Analysis and Reporting Technology (SMART) or similar technology. These events are communicated to SMART as event data. Examples of such discrete events include power on, power off, spindle start, and spindle stop, positioning of the actuator, and the time at which such events occur. SMART then compiles event data to create compiled activity data. Compiled activity data represents summary statistical information that is created by considering some or all of the event data. Examples of compiled activity data include the Time Powered On and Power Cycle Count. Collection logic then writes the compiled activity data to a memory medium. An analyst can then read data from log file(s).

Abstract: This disclosure provides techniques for pooling and searching network security events reported by multiple sources. As information representing a security event is received from one source, it is searched against a central or distributed database representing events reported from multiple, diverse sources (e.g., different client networks). Either the search or correlated results can be filtered and/or routed according at least one characteristic associated with the networks, for example, to limit correlation to events reported by what are presumed to be similarly situated networks. The disclosed techniques facilitate faster identification of high-relevancy security event information, and thereby help facilitate faster threat identification and mitigation. Various techniques can be implemented as standalone software (e.g., for use by a private network) or for a central pooling and/or query service. This disclosure also provides different examples of actions that can be taken in response to search results.

Abstract: Aspects of the disclosure include a threat detecting apparatus. The threat detecting apparatus can include an interface circuit, an opcode detector, and a pattern analyzer. The interface circuit is configured to receive a data stream. The opcode detector can be configured to identify an opcode sequence embedded in the data stream based on a first model graph that includes a plurality of interconnected token nodes. Each token node is representative of an occurrence or a non-occurrence of a token. The pattern analyzer may be configured to identify an opcode signature embedded in the identified opcode sequence based on a second model graph, and to output a signal indicative of the successful identification of the opcode signature. The second model graph can include a plurality of interconnected opcode nodes, and each opcode node can be representative of an occurrence or a non-occurrence of a predetermined combination of one or more opcodes.

Abstract: Embodiments of the presently disclosed invention provide a method and system for providing self-protecting code. In particular, embodiments provide security modules that may be embedded in a plurality of apps installed on one or more devices. In one embodiment, a central app security system is provided that facilitates the deployment and management of the formation of apps embedded with the security module. With the help of the embedded security modules, the plurality of apps, which may be referred hereinafter as a “secured formation” of apps, perform automated and dynamic scans of other apps within the same formation to ensure the integrity of each app is maintained. Each app in the secured formation may also detect viruses, malware, spyware, and other malicious software contained in the secured formation and perform curative operations in response. In this manner, the apps in any given secured formation collectively ensure that sensitive user information is protected.

Abstract: A computer-implemented method for selectively applying malware signatures may include (1) receiving a time-sensitive malware signature at a receiving time to apply to a computing environment, (2) identifying a first target object observed within the computing environment at a first observation time, (3) deactivating the time-sensitive malware signature with respect to the first target object based on a difference between the receiving time and the first observation time, (4) observing a second target object within the computing environment subject to malware scans, the second target object being observed within the computing environment at a second observation time that is later than the first observation time, and (5) activating the time-sensitive malware signature with respect to the second target object based on a difference between the receiving time and the second observation time. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method is provided in one example embodiment that includes receiving in an external handler an event notification associated with an event in a virtual partition. A thread in the process in the virtual partition that caused the event can be parked. Other threads and processes may be allowed to resume while a security handler evaluates the event for potential threats. A helper agent within the virtual partition may be instructed to execute a task, such as collecting and assembling event context within the virtual partition, and results based on the task can be returned to the external handler. A policy action can be taken based on the results returned by the helper agent, which may include, for example, instructing the helper agent to terminate the process that caused the event.

Abstract: An anti-malware application detects, stops, and quarantines ransomware. The anti-malware application monitors threads executing on a computing device and detects behaviors that conform to a predefined set of behaviors indicative of ransomware. Responsive to detecting these behaviors, indicators are stored to a log in a storage device. Each of the indicators in the log is associated with respective scores. A running score for each thread is generated by combining the respective scores of the indicators in the log. Responsive to determining that the running score exceeds a predefined threshold score, execution of the thread is terminated. The source ransomware file is then identified and quarantined.

Abstract: Techniques for performing static and dynamic analysis on a mobile device application are disclosed. Static analysis is performed on a mobile device application using a static analysis engine. A static analysis report is generated. Dynamic analysis of the application is performed using a dynamic analysis engine. The dynamic analysis performed is customized based on results of the static analysis. A determination of whether the application is malicious is made based at least on the dynamic analysis.

Abstract: It is difficult to prevent virus infection, information leakage or the like for example when a user carelessly manipulates a file. An electronic file manipulating section that obtains an instruction about manipulation of an electronic file; a remote manipulation section that establishes a communication path enabling remote manipulation with an execution environment in which manipulation of the electronic file is to be executed, and transmits an execution instruction to instruct the execution environment to execute manipulation of the electronic file thereon to the execution environment via the communication path enabling remote manipulation; and an electronic file transmitting section that transmits the electronic file to the execution environment in response to the instruction are included.

Abstract: A Unified Extensible Firmware Interface protocol installer utilizes and modifies a list of global unique identifiers corresponding to Unified Extensible Firmware Interface protocols to determine whether to install a UEFI protocol.

Abstract: Provided is a technique to enhance security of a computer in a multi-OS operating environment. A memory image of a primary OS is in an active state, and a memory image of a secondary OS is in a non-active state. When switching is performed from the primary OS to the secondary OS, a runtime image is created, and a digest P is calculated and encrypted (C). When switching is performed from the secondary OS to the primary OS, a digest of the stopped runtime image is calculated. Only when comparison between the decrypted digest P and the calculated digest shows agreement, is switching of the primary OS allowed.

Abstract: A trusted kernel starting method and apparatus are provided. The method includes: starting a security boot module boot loader; invoking the boot loader to measure, according to a first security algorithm, whether a platform configuration register (PCR) partition is trusted; if the PCR partition is trusted, invoking the boot loader to read kernel code into a memory, and invoking the boot loader to measure, according to a first complete algorithm and a kernel code standard measurement value prestored in the PCR partition, whether the kernel code is trusted; initializing, if the kernel code is trusted, the kernel code to trigger an initialized kernel to measure, according to a second complete algorithm, whether the boot loader is trusted; and starting the kernel if the boot loader is trusted. Kernel starting security is improved.

Abstract: Disclosed are various embodiments for detecting unknown software vulnerabilities and system compromises. In a first implementation, a monitoring service records an indication of which portions of an imported software package are invoked by a service during a learning period. After the learning period, the monitoring service determines that a different portion of the imported software package is invoked by the service. The portion is different than those invoked by the service during the learning period. An action is then performed in response to determining that the different portion of the imported software package is invoked by the service.

Abstract: A request to a scan a software image for specified criteria is received, the software image comprising layers stored in a first data store. Metadata in a second data store, different from the first data store, is searched through to obtain information corresponding to the software image. A first set of the layers that matches the specified criteria is determined, based at least in part on the information. The first set of layers is marked as un-referenceable. Asynchronous to fulfillment of the request, a second set of layers of the layers to be deleted is determined, based at least in part on the metadata, the second set of layers including layers marked as un-referenceable, and the second set of layers is deleted.

Abstract: The disclosed computer-implemented method for protecting backed-up data from ransomware attacks may include (1) determining that a backup system periodically backs up at least one file stored at a computing device to a remote storage system by storing a copy of the file at the remote storage system, (2) identifying one or more characteristics of the file backed up by the backup system, (3) storing a tripwire file with the one or more characteristics at the computing device, (4) determining that the file stored at the computing device has likely been encrypted by ransomware executing on the computing device by detecting that the tripwire file has been modified, (5) performing an action that prevents the backup system from replacing the copy of the file at the remote storage system with a copy of the encrypted file. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Techniques are described for communicating encoded data using start code emulation prevention. The described techniques include obtaining at least one partially encrypted packet, identifying at least one portion of the packet that is unencrypted, and determining that the identified unencrypted portion(s) emulates a start code. Start code emulation prevention data or emulation prevention bytes (EPBs) may be inserted into only the encrypted portion of the packet. The modified packet may be communicated to another device/storage, along with an indication of which portion(s) of the packet are unencrypted. Upon receiving the packet and indication, the receiving device may identify and remove the EPBs in the identified unencrypted portion(s) of the packet, and decrypt the packet to recover the data. In some aspects, upon identifying the indication, the receiving device may only search for EPBs in the unencrypted portion(s) of the packet, thus yielding a more efficient start code emulation prevention process.

Abstract: The present disclosure involves systems and computer implemented methods for protecting portions of electronic documents. An example method includes receiving a request for access to an electronic file having sections, at least one section encrypted using a first key based on a first password. A second key is generated in response to receiving a second password, wherein the second key is generated based on the second password. The second key is compared to the first key. If the second key is identical to the first key, the least one section of the electronic file encrypted using the first key is decrypted using the second key. The electronic file is then presented such that the section(s) previously encrypted using the first cryptographic key is made visible. If the second key is not identical to the first, the electronic file is presented with the encrypted section(s) obscured.

Abstract: Example embodiments of the systems and methods of multidimensional encrypted data transfer disclosed herein also introduce novel and unobvious methods to store and access information. In example embodiments of the systems and methods of multidimensional encrypted data transfer disclosed herein, a multidimensional data structure is developed. For example, at least one additional dimension is added to a 2D data structure. Data may be encoded within multiple facets. Example embodiments of the multidimensional encoding include non-limiting examples of stacking or providing images or tiles in a very short period of time and moving a 3-dimensional object in space. In one example application, a number of distinct 2D data structures are presented over a time period in a .gif file.

Abstract: An application of a mobile device may be granted access to sensitive or private information. The mobile device may be configured to monitor the application's use of any sensitive data obtained by the application. The mobile device may include, with the sensitive data, taint propagation data configured to enable the mobile device to detect that application's use of the cloaked sensitive data. As a result of detecting the application use of the sensitive data, trust information corresponding to the applications use of the cloaked sensitive data may be provided a service provider. The service provider may be configured to determine a trust level of the application and perform remedial operations based at least in part on the determined trust level.

Abstract: This application relates to a key rolling process for a file system of a computing device. The key rolling process allows for files to be transparently re-encrypted in a background process while still allowing applications to access files being re-encrypted. During re-encryption, a portion of the file is decrypted using a current key for the file and re-encrypted using a new key for the file. During re-encryption, the portion of the file can be relocated to another location in memory. Metadata associated with the file can be updated to include information pertaining to the location of the re-encrypted portion. The metadata can also be updated include information pertaining to how much of the file has been re-encrypted with the new key and how much of the file remains encrypted with the current key.

Abstract: The program controls access to data objects stored on a tangible device of a computer system within an enterprise. A user request to access a data object identifies a user role by looking up the user identification in an enterprise directory. The program determines whether the role of the user is permitted access to a system and also determines a risk score representing a risk of dissemination of the requested data object. The program compares the risk score of the requested data object to a pre-configured threshold value of the requested data object and controls access to the requested data object, based on the role of the user, and the risk score associated with the risk of disseminating the requested data object.

Abstract: Content packs are provided for identifying a plurality of authorized web-based resources, wherein a web browser is configured to prevent access to web-based resources not identified by content packs installed in the web browser. Accordingly one or more of content packs are selected and installed in the web browser, and one or more featured resources are identified from a plurality of authorized web-based resources provided by the installed content packs. An account access page provided by the web browser is automatically configured with one or more access links corresponding to the one or more featured resources, with each featured resource providing a web-based entry point to one or more web-based resources made available by the installed one or more content packs.

Abstract: Techniques for restricting access to a storage volume attached to a data processing system are described. In one embodiment, a storage management and access control logic in the data processing system can receive a message indicating the attachment of a storage volume. The logic can apply access restrictions to the storage volume by creating an association between a restricted resource class and the storage volume to limit programmatic access to the storage volume. An evaluation of the storage volume can be requested and based on the result of the evaluation the access restrictions can be removed or retained on the storage volume.

Abstract: In some implementations, a computer-implemented method and system for enrolling customers into a digital identification program may include obtaining, from a digital identification database, customer information that describes a customer, providing to the customer device an access code for activation, receiving a request from the customer device for the digital identification, where the request includes the access code and customer information that describes the customer, providing a request for secure information that describes the customer from a secure information database, receiving the secure information that describes the customer stored in the secure information database, generating the digital identification for the customer based on the secure information and the customer information, and providing the digital identification to the customer device.

Abstract: In an approach to masking data in a software application associated with a mobile computing device, one or more computer processors receive a request to display data in a software application on a mobile computing device. The one or more computer processors determine whether one or more masking rules apply to the data, where determining whether one or more masking rules apply to the data is performed by an instrumentation of application binary of the software application. In response to determining that one or more masking rules apply to the data, the one or more computer processors mask, based on the one or more masking rules, the data, where masking is performed by the instrumentation of application binary of the software application.

Abstract: Disclosed are various examples for multi-party authentication and authentication. In one example, a user who forgets a password can gain access to secured data stored by a managed device by way of an authorization by one or more other users. This access can be granted even if the managed device is in an off-line mode or if a management server cannot be reached. In another example, access to secured data can depend upon authorization by a minimum quantity of other users. The authorization can involve an explicit approval or disapproval. Alternatively, the authorization can correspond to the presence of the minimum quantity of other users within a threshold proximity of the user who desires access.

Abstract: This disclosure provides for a system, method, and machine-readable medium for performing dynamic runtime field-level access control using a hierarchical permission context structure. The hierarchical permission context structure includes various levels of roles, where each role is assigned one or more permissions. The one or more permissions assigned to the one or more roles indicate the amount of control a given user has over data displayable in an electronic document. The electronic document includes one or more fields having corresponding records in one or more databases. A record includes metadata about the data for a corresponding field. When an electronic document is requested, the fields of the electronic document are generated from the data stored in their corresponding records. An evaluation is performed that determines whether the user requesting the electronic document is authorized to view the data for one or more of the fields based on their corresponding metadata.