Abstract: Provided is a method for the secure, computer-aided execution of program instructions of an application, including the following method steps. The method includes a step of switching on a learning mode of an execution environment. The method includes a further step of performing the application in the execution environment while the learning mode is switched on, wherein program instructions of the application are performed for a selected predetermined application scenario and the execution environment assigns a first application scenario-specific validity information to the performed program instructions. The method includes a step of switching on a working mode of the execution environment, wherein, in the working mode, the execution environment checks the first validity information of the program instructions, and wherein the execution environment executes the program instructions as a function of their validity information.

Abstract: Technologies for authenticating a user of a computing device based on an authentication context state includes generating context state outputs indicative of various context states of a mobile computing device based on sensor data generated by sensors of the mobile computing device. An authentication manager of the computing device implements an authentication state machine to authenticate a user of the computing device. The authentication state machine includes a number of authentication states, and each authentication state includes one or more transitions to another authentication state. Each of the transitions is dependent upon a context state output. The computing device may also include a device security manager, which implements a security state machine that includes a number of security states. Transition between security states is dependent upon the present authentication state of the user. The device security manager may implement a different security function in each security state.

Abstract: A user, particularly a user with a visual impairment, enters a security code or PIN via a touchscreen using different levels of pressure for predetermined count times. The ability to enter the entire PIN without lifting the user's finger or stylus from the touchscreen helps to prevent the user's PIN from being compromised by a bystander. A haptic feedback device may be used to aid the user to count out the correct number for each of the digits of the PIN without visual or audio feedback that may be intercepted by another party.

Abstract: A risk analysis apparatus and method are provided. According to one embodiment of the present disclosure, the risk analysis apparatus includes: at least one processor configured to: a risk factor collector configured to collect risk factors related to one or more authentication processes for authentication of a user of a client device in an authentication system; a risk analyzer configured to calculate a current risk score for the user based on the collected risk factors and calculate a total risk score based on a risk score history of the user and the current risk score based on the one or more authentication processes being successful; and an additional authentication requester configured to determine whether additional authentication of the user is required based on the current risk score and the total risk score and, request the client device for the additional authentication of the user based on the additional authentication being required.

Abstract: An image processing apparatus communicates with a user's mobile terminal that includes an authentication module for biometric authentication. When the image processing apparatus receives verification data enabling use of a service provision system, the authentication module is identified as an authentication module to perform biometric authentication. The image processing apparatus then causes the authentication module to perform authentication processing of the user.

Abstract: Systems, methods, and processor-readable media are disclosed to adaptively secure access operations with respect to electronic resources. A request from an endpoint device may be detected, and adaptive authentication may be initiated. Identifiers for the endpoint device may be generated or retrieved. An access-right indicator may be identified to facilitate determination of whether particularized access for electronic resources is to be granted. Initiation of access events by the endpoint device may be detected. Sensor-based data that is based on a first set of sensors capturing phenomena at the endpoint device may be received. A particularized specification of recognized patterns mapped to the access-right indicator may be adaptively developed. A nonconformance of additional data with respect to the particularized specification may be detected.

Abstract: An electronic device and a method for improving iris recognition for providing access to the electronic device. The electronic device includes an iris scanner, an ambient light sensor, a memory and a processor. The memory includes computer program code for providing access control to the electronic device to a user by iris recognition of the user's iris. The processor causes the electronic device to prompt the user to provide iris samples of the user's iris to the iris scanner in a particular lighting condition measured by the ambient light sensor in occurrence of at least one of first event and second event. The first event occurs if the processor determines a missing information associated with an iris sample in the particular lighting condition in the electronic device. The second event occurs if the processor detects an unsuccessful iris recognition attempt for accessing the electronic device in the particular lighting condition.

Abstract: Techniques are provided for limiting access to a feature in an application. Certain application features, such as access controlled features, are not generally accessible to all users of an integration cloud service system. When a user makes a request to access an access controlled feature, the system can determine whether user information satisfies the requirements to access a requested access controlled feature. If the user satisfies the requirements for the requested access controlled feature, an access key can be dynamically generated based on the user information.

Abstract: A system and method for authentication are provided. The system for authentication according to one embodiment of the present disclosure includes: a service server configured to: receive a first authentication request message from an authentication server and convert a random number included in the first authentication request message into an optical code; a first user terminal configured to receive the optical code from the service server and display the optical code; and a second user terminal configured to: recognize the random number by capturing an image of the displayed optical code in response to receiving a second authentication request message from the service server and authenticate a user by using the random number, the second authentication request message, and biometric information of the user.

Abstract: An unlocking method and an electronic device are provided. The electronic device stores a predetermined color sequence. The unlocking method is adapted for an electronic device having a display interface. The method includes: defining a plurality of blocks on the display interface; randomly allocating a plurality of colors to be displayed to the blocks; receiving locations of a plurality of tapping operations to generate a color sequence according to the colors displayed on the blocks which are tapped; comparing the color sequence with the predetermined color sequence; unlocking the electronic device if the color sequence is the same as the predetermined color sequence.

Abstract: An image processing apparatus, if a login application (login app) is enabled, performs setting of an authentication function (authentication transmission) of a transmission application (transmission app). The image processing apparatus performs an ON or OFF setting of the authentication function (authentication transmission) which has a handover function for receiving authentication information, used for authentication by another application, that is handed over from the other application and using the handed over authentication information. The image processing apparatus, in accordance with the login app being enabled, by setting the authentication transmission of the transmission app to ON, enables handover by the handover function of authentication information used by the login app to the transmission app.

Abstract: A system and method of authentication is provided that uses the spatiotemporal context of a user which has been measured using third party monitoring systems. Spatiotemporal data obtained from third party systems such as CCTV networks, microphone networks, UAV networks, CAV networks, ATM networks or the like is used to determine a unique spatiotemporal fingerprint for an individual. That is, the unique identifier is not derived from a device carried by the individual. This fingerprint can then be used to verify a user and detect abnormal and unexpected behaviour.

Abstract: Various embodiments are generally directed to techniques for control flow protection with minimal performance overhead, such as by utilizing one or more micro-architectural optimizations to implement a shadow stack (SS) to verify a return address before returning from a function call, for instance. Some embodiments are particularly directed to a computing platform, such as an internet of things (IoT) platform, that overlaps or parallelizes one or more SS access operations with one or more data stack (DS) access operations.

Abstract: Techniques for tenant management of virtualized computing resources are described. Virtualized computing resources are allocated to a tenant who is allowed to request access to the allocated virtualized computing resources. A request is received for launch of a virtual machine instance based on the allocated virtualized computing resources. In response to the request, a secure enclave is instantiated and information is obtained that is indicative of the host computing environment and the secure enclave. The information is sent to the tenant, and an indication is received from the tenant to launch the virtual machine based on an independent attestation by the tenant based on the sent information. The virtual machine is launched in response to the indication.

Abstract: A threat detection method includes storing path information of an existing file in a first storage in response to a start of an application, determining, in response to detection of an event of access to a first file, whether or not path information of the first file is stored in the first storage, storing the path information of the first file in a second storage when the path of the first file is not stored in the first storage, obtaining first threat information of a parent process of a first process in response to an event of generation of the first process, determining a threat level of the first process in accordance with both the first threat information and a result of determination of whether path information of a second file as a generation source of the first process is stored in the second storage.

Abstract: An anomaly detection method includes, obtaining information indicating a parent-child relationship of a process, specifying a first name of a first parent process of the process and a second name of a second parent process of the first parent process on the basis of the information, determining whether each of the first name of the first parent process and the second name of the second parent process includes specific name, and outputting anomaly information in accordance with a result of the determining.

Abstract: A method of real-time data security of a communications bus, the method comprising the steps of: reading at least an early portion of a message being transmitted over a communications bus, determining whether the message is suspicious, according to at least one rule applied on the read early portion of the message, and upon determining that the message is suspicious, corrupting at least a part of the message.

Abstract: A non-transitory computer-readable storage medium storing a program that causes a computer to execute processing, the processing including acquiring a first integrity level of a first process from an operating system at a first timing, acquiring a second integrity level of the first process from the operating system at a second timing after the first timing, comparing the second integrity level with the first integrity level, and outputting an alert that notifies a malware attack upon a determination that the second integrity level is higher than the first integrity level.

Abstract: An information handling system (IHS) may implement techniques to detect a power-on event, to determine whether an authorized cryptographic erase operation of a storage device that implements cryptographic erasure is pending and, during an initialization sequence, to send to the device in response to determining that no such operation is pending, a command to disable cryptographic erasure on the device. The command may set an indicator on the device that, when set, disables cryptographic erasure. In response to determining that an authorized cryptographic erase operation is pending, the IHS may refrain from sending the command to disable cryptographic erasure on the device, and may send a command to cause the pending operation to be performed. In response to receiving an indication of completion of the pending operation, the IHS may clear an indicator that an authorized cryptographic erase operation is pending and initiate a power-on or reboot event.

Abstract: Techniques for providing and maintaining protection of firmware routines that form part of a chain of trust through successive processing environments. An apparatus may include a first processor component (550); a volatile storage (562) coupled to the first processor component; an enclave component to, in a pre-OS operating environment, generate a secure enclave within a portion of the volatile storage to restrict access to a secured firmware loaded into the secure enclave; a first firmware driver (646) to, in the pre-OS operating environment, provide a first API to enable unsecured firmware to call a support routine of the secured firmware from outside the secure enclave; and a second firmware driver (647) to, in an OS operating environment that replaces the pre-OS operating environment, provide a second API to enable an OS of the OS operating environment to call the support routine from outside the secure enclave.

Abstract: Methods and systems may provide for technology to receive, by a computing device, privacy information, a unique identifier (ID) and one or more digital signatures associated with the privacy information and the unique ID. Additionally, the technology may store the unique ID and the digital signature(s) to a record of an authentication log on the computing device and delete the privacy information from the computing device. In one example, the technology conducts a public key authentication of the digital signature(s).

Abstract: A flash memory system for encrypting and storing data in a non-volatile flash memory associated with a host system. The device includes flash memory, encryption engine, random number generator, cryptographic hash engine, key store, static random-access memory to interface with the host system, and associated control circuitry. When powered on, the device determines if a valid encryption key is held in the key store. If a valid key is held, a program flag is set when encrypted data in the flash memory is ready to be decrypted and stored in the static random access memory for use by the host system, or when data originating from the host system and stored in the static random access memory is ready to be encrypted by the engine and programmed into the flash memory. The device can be embedded in any host system wherein data is encrypted while at rest in memory.

Abstract: Techniques are described for communicating encoded data using start code emulation prevention. The described techniques include obtaining at least one partially encrypted packet, identifying at least one portion of the packet that is unencrypted, and determining that the identified unencrypted portion(s) emulates a start code. Start code emulation prevention data or emulation prevention bytes (EPBs) may be inserted into only the encrypted portion of the packet. The modified packet may be communicated to another device/storage, along with an indication of which portion(s) of the packet are unencrypted. Upon receiving the packet and indication, the receiving device may identify and remove the EPBs in the identified unencrypted portion(s) of the packet, and decrypt the packet to recover the data. In some aspects, upon identifying the indication, the receiving device may only search for EPBs in the unencrypted portion(s) of the packet, thus yielding a more efficient start code emulation prevention process.

Abstract: A system for generating at least one policy includes a static permission database containing a plurality of static permission records identifying access permissions for at least one credential holder to at least one resource, a policy database, and a processor to analyze the plurality of static permission records to generate the at least one policy, wherein an outcome of execution of the at least one policy corresponds to the plurality of static permission records.

Abstract: Aspects of the embodiments are directed to an augmented reality Completely Automated Public Turing test to tell Computers and Humans Apart (“captcha”). Upon determining that a user, operating a user device, is attempting to access a website, a host server can cause a camera on the user device to activate and begin streaming and image feed to the host device across a network. The host device can determine an appropriate augmentation to the image feed that is germane to the context and/or environment of what is being displayed in the image feed. The augmentation can be displayed to the user on a display of the user device. The augmentation can also include a prompt instructing the user how to interact with the augmentation. The host server can determine whether to grant the user access based on the user's interaction with the augmentation.

Abstract: Systems and methods provide for data management and governance to enforce proper usage of combined data formed from different pieces of data. Data governance metadata identifying authentication states for the individual pieces of data are combined to tag the combined data with new data governance metadata indicating the cumulative authentication states. Similarly, data governance metadata identifying standard contractual considerations for the individual pieces of data are combined to tag the combined data with new data governance metadata indicating the cumulative standard contractual considerations. An extent to which the combined data can be used to identify and/or contact a person is determined, and data governance metadata is tagged to the combined data identifying the extent to which the data can be used to identify and/or contact the person.

Abstract: A security management system includes a controlled device to execute a security management method. The controlled device includes a wireless module and a processing module. The processing module communicates with a main controlling device through the wireless module for pairing. When the main controlling device is successfully paired to the controlled device, the processing module executes a security mode. In the security mode, a user directly operates the controlled device. When the controlled device is not successfully paired to the main controlling device, the controlled device cannot execute the security mode, and the controlled device cannot be operated. Therefore, the user only needs to ensure that the main controlling device is nearby; even if the user is at a position distanced from the controlled device, the controlled device may not be operated by others.

Abstract: A privacy compliance measurement system, according to particular embodiments, is configured to determine compliance with one or more privacy compliance requirements by an organization or sub-group of the organization. In various embodiments, the system is configured to determine a privacy maturity rating for each of a plurality of sub-groups within an organization. In some embodiments, the privacy maturity rating is based at least in part on: (1) a frequency of risks or issues identified with Privacy Impact Assessments (PIAs) performed or completed by the one or sub-groups; (2) a relative training level of members of the sub-groups with regard to privacy related matters; (3) a breadth and amount of personal data collected by the sub-groups; and/or (4) etc. In various embodiments, the system is configured to automatically modify one or more privacy campaigns based on the determined privacy maturity ratings.

Abstract: In various embodiments, a data subject request fulfillment system may be adapted to prioritize the processing of data subject access requests based on metadata of the data subject access request. For example, the system may be adapted for: (1) in response to receiving a data subject access request, obtaining metadata regarding the data subject; (2) using the metadata to determine whether a priority of the data subject access request should be adjusted based on the obtained metadata; and (3) in response to determining that the priority of the data subject access request should be adjusted based on the obtained metadata, adjusting the priority of the data subject access request.

Abstract: In particular embodiments, in response a data subject submitting a request to delete their personal data from an organization's systems, the system may: (1) automatically determine where the data subject's personal data is stored; and (2) in response to determining the location of the data (which may be on multiple computing systems), automatically facilitate the deletion of the data subject's personal data from the various systems (e.g., by automatically assigning a plurality of tasks to delete data across multiple business systems to effectively delete the data subject's personal data from the systems).

Abstract: Various Data Subject Access Request (DSAR) processing systems are adapted for presenting a first webform on a first website, the first webform being adapted to receive DSAR's and to route the requests to a first designated individual for processing; presenting a second webform on a second website, the second webform being adapted to receive DSAR's and to route the requests to a second designated individual for processing; receiving, via the first webform, a first DSAR; at least partially in response to the receiving the first DSAR, automatically routing the first DSAR to the first designated individual for handling; receiving, via the second webform, a second DSAR; at least partially in response to the receiving the second DSAR, automatically routing the second DSAR to the second designated individual for handling; and communicating a status of both the first DSAR and the second DSAR via a single user interface.

Abstract: In an aspect, an apparatus obtains at least a first input value and a second input value from a sender device. The apparatus performs a computational operation between portions of the first input value and portions of the second input value to obtain a plurality of partial results of the computational operation. The apparatus applies a hash function to each of the plurality of partial results of the computational operation to obtain a hash of a final result of the computational operation between the first input value and the second input value. The apparatus obtains the final result of the computational operation from the sender device. The apparatus verifies that the final result of the computational operation from the sender device is correct based on the hash of the final result of the computational operation.

Abstract: A system, to persist state in a dynamic electronic form, may include a communications module to receive a request to certify a template associated with an electronic form, an attribute detector to determine that the template is associated with a restore state attribute and a certification module. The certification module may be configured to selectively grant the request to certify the template based on the restore state attribute.

Abstract: A device can be used for detecting faults. A shift register is suitable for shifting, in tempo with a clock, a binary signal alternating between two logic levels, in successive cells of the shift register. A first logic circuit is suitable for comparing values contained in at least one pair of cells of the register.

Abstract: A process for placing a circuit array on a sheet having adhesive during a pick and place operation in which a vacuum is used during its placement to minimize air bubbles between the adhesive layer and the circuit array.

Abstract: Upon accepting a start-up request or logout request of a login application, an information processing apparatus according to this embodiment controls to display a blank screen that does not input to a display unit or ignore input via a UI screen displayed on the display unit before the login application is started up or logout processing is completed.

Abstract: A system includes an intellectual property circuit; a general purpose input/output circuit coupled to the intellectual property circuit via a data path; and a switch coupled to the data path. The switch is activatable via a switch enable signal propagated on a switch enable path having a first end coupled to the intellectual property circuit and a second end coupled to the general purpose input/output circuit. The system further includes a secure link circuit coupled between the intellectual property circuit and the general purpose input/output circuit along the switch enable path. The secure link circuit is sensitive to security statuses of the intellectual property circuit and the general purpose input/output circuit, the secure link circuit being configured to admit propagation of the switch enable signal on the switch enable path in response to the intellectual property circuit and the general purpose input/output circuit having identical security statuses.

Abstract: A contact type card reader may include a card conveying passage, a card conveying mechanism, a contact block having a contact spring structured to contact the external connection terminal of the card; a guide mechanism; a block urging member, a first stopper; and a second stopper. The guide mechanism may guide the contact block to a standby position, a communication position, and a card eject position. At the standby position and the card eject position, the contact block may be disposed on a first direction side relative to where the contact block is disposed at the communication position. The contact block may include a block-shaped spring holder; a turning; and a stopper urging member.

Abstract: A terminal for magnetic secure transmission (MST) includes a body including a magnetic head and a coil member wound around the magnetic head, and an electromagnetic wave shielding structure disposed around the magnetic head and being formed of a magnetic material.

Abstract: Disclosed is a method of radio frequency identification communication (RFID) between an avionics system and an RFID reader. The method includes connecting to a wireless RFID tag in the avionics system with the RFID reader while proximate to but not touching the RFID tag. The RFID reader receives, via wireless communication from the RFID tag, system data at the RFID reader comprising one or more of prognostic data and diagnostic health data associated with the avionics system. The RFID reader then displays, on a graphic user interface, the system data such that the system data is user-selectable for identification of one or more avionics system errors. The RFID reader synchronizes, via a communications interface on the RFID reader, the system data with a maintenance server.

Abstract: The system in at least one embodiment provides a tamper evident specimen sample lock that in a further embodiment includes an embedded storage medium. They system and method in at least one embodiment allows for efficiently and securely creating, maintaining, identifying, tracking, and controlling inventories (either prospective or retrospective) of biological and chemical sample containers and their contents, while eliminating potential loss and degradation associated with handling the samples. The system in at least one embodiment provides a sample container tray or cryogenic box having one or more integrated RFID readers within an associated smart lid that sense RFIDs associated with the individual samples thereby eliminating the need to remove, visually inspect, and/or handle the samples.

Abstract: The present invention provides a method and system for verifying and tracking identification information. In an embodiment of the invention, a system for delivering security solutions is provided that includes at least one of the following: a radio frequency (RF) identification device, an identification mechanism (e.g., a card, sticker), and an RF reader.

Abstract: A pedestal for an Electronic Article Surveillance (“EAS”) system. The pedestal comprising: a frame; at least one antenna disposed in or coupled to the frame; and a rotatable member directly coupled to the frame so as to mechanically support the pedestal in a vertical position when in use and configured to allow the frame to transition from the vertical position to an angled position when a force is applied to the frame by an external object.

Abstract: A method for tracking an item that includes the steps of (a) providing an item having a solid polymer material; (b) irradiating the item to create a spatial pattern of optical modifications in the polymer material, wherein the spatial pattern of optical modifications includes a code that indicates information; and (c) detecting the pattern of optical modifications, thereby determining the information.

Abstract: Disclosed are systems and methods for detecting a finger touch and/or finger press. A method includes: detecting presence of a finger on a fingerprint sensor; causing the fingerprint sensor to take measurements using multiple successive frames of the fingerprint sensor; for each measurement, computing a metric associated with the measurement at a given frame corresponding to the measurement; at a first particular frame, determining that the finger has settled on the fingerprint sensor, wherein determining that the finger has settled comprises determining that the metric at the first particular frame exceeds a settled value threshold; and, based on determining that the finger has settled, determining that a finger touch has occurred. A finger press can be further determined by monitoring whether the metric passes a press threshold.

Abstract: A system comprises a memory operable to store first light intensity information for a first pixel of an image that includes a dairy livestock, and second light intensity information for a second pixel of the image. The system further comprises a processor communicatively coupled to the memory and operable to determine that a difference between the first light intensity information and the second light intensity information exceeds a threshold, and discard one of the first pixel or the second pixel from the image.

Abstract: The present disclosure provides feature data processing methods and devices. One exemplary feature data processing method comprises: classifying features into an important feature set and an auxiliary feature set according to information attribute values of the features; converting features in the auxiliary feature set to hash features; and combining the hash features with features in the important feature set, and setting the combined features as fingerprint features. Training and prediction of to-be-processed data can be performed based on the fingerprint features. With the embodiments of the present disclosure, training dimensions can be more controllable and the amount training data amount can be reduced. Therefore, the efficiency of data processing can be improved.

Abstract: In one embodiment of the invention, a method to image a probe array is described that includes focusing on a plurality of fiducials on a surface of an array. The method utilizes obtaining the best z position of the fiducials and using a surface fitting algorithm to produce a surface fit profile. One or more surface non-flatness parameters can be adjusted to improve the flatness image of the array surface to be imaged.

Abstract: An information processing apparatus includes first and second acquisition units and first and second search units. The first acquisition unit acquires a first feature amount from a search source image including a search object. The first search unit searches for the search object from a plurality of video images based on the first feature amount acquired by the first acquisition unit. The second acquisition unit acquires a second feature amount from the search object searched by the first search unit. The second feature amount is different from the first feature amount. The second search unit searches, based on the second feature amount acquired by the second acquisition unit, the search object from a video image, among the plurality of video images, in which the search object is not searched by at least the first search unit.

Abstract: In an image processing apparatus, a face detection unit detects a face area from an input image, and an image processing unit extracts a high luminance area from the face area to generate a correction amount of the high luminance area and corrects the high luminance area using the correction amount. Then, in a case where a plurality of face areas is detected, the image processing unit adjusts the correction amount based on feature information of the plurality of face areas.