Abstract: A technique is described for protecting file data from malicious programs, in particularly, by decrypting data that has been maliciously encrypted by software such as ransomware. The described technique generates a copy of a first block of a plurality of files stored on a computing device, and also intercepts request(s) from a process executing on the computing device to obtain certain types of random data and system entropy, which are recorded. When the system detects that the plurality of files have been encrypted by a malicious program, the described system determines a cryptographic key determined based on the generated copies of the first blocks of the plurality of files and on the recorded random data, and uses that key to decrypt the plurality of files.

Abstract: In the embodiments described herein, a malicious code detection module identifies potentially malicious instructions in volatile memory of a computing device before the instructions are executed. The malicious code detection module identifies an executable file, such as an .exe file, in memory, validates one or more components of the executable file against the same file stored in non-volatile storage, and issues an alert if the validation fails.

Abstract: Embodiments of the present application disclose a method and apparatus for removing a root-privileged virus, and an electronic device. The method comprises: detecting, according to a preset virus database, whether a smart device has a file with a characteristic of a root-privileged virus; obtaining a system root privilege when a file with the characteristic of the root-privileged virus is detected; terminating all processes corresponding to all the detected files with the characteristic of the root-privileged virus; recovering system startup items to a status before the intrusion of the root-privileged virus; and deleting all the detected files with the characteristic of the root-privileged virus. Compared with the prior art, the embodiments of the present application enable root-privileged viruses to be killed more thoroughly.

Abstract: Techniques and devices for secure persistent software updates are described. Through use of these techniques and devices, events that can prevent a software update from occurring can be detected and operations that enable the software update to occur can be performed. The techniques are capable of ensuring a computing device is using a latest software and that persistent software updates continue, despite any efforts to compromise the computing device.

Abstract: A local environment verification method, performed by a server of a computer network, includes injecting, into a linear communication orbit, a bundle of information items regarding deployment of a respective local environment verification framework at each of a first subset of nodes in the computer network. The bundle of information items is distributed to a respective node of the first subset of nodes through the linear communication orbit, and used to establish the respective local environment verification framework at the respective node of the first subset of nodes. The respective node of the first subset of nodes is configured to perform a set of local environment verifications using the respective local environment verification framework. The method further includes injecting, into the linear communication orbit, a query message to collect respective local results of the set of local environment verifications from the first subset of nodes.

Abstract: A method and an information handling system (IHS) for authenticating unified extensible firmware interface (UEFI) images in an IHS. The method includes receiving, by a processor of the IHS, a request to authenticate an image. The method also includes determining a type of the image and retrieving, from an entry within a UEFI signature database, a certificate utilized to sign the image. The method further includes determining a verification entry of a verification database of the HIS that corresponds to the entry of the UEFI signature database and identifying, from the verification entry, a particular type of image which the certificate may be used to authenticate. The method further includes determining whether the type of the image is the particular type. In response to determining the type of the image is the particular type, the method includes authenticating the image using the certificate.

Abstract: A system for determining a vulnerability of source code includes a processor; and non-transitory computer readable media that includes instruction code that causes the processor to receive source code and a selection of one or more code analyzers for detecting vulnerability issues in the source code. The processor executes the one or more code analyzer to generate initial vulnerability data. The initial vulnerability data specifies one or more vulnerable code sections in the source code. The processor communicates the initial vulnerability data to a vulnerability analyzing engine. The vulnerability analyzing engine is configured to identify one or more code sections of the one or more code sections of the initial vulnerability data that correspond to false positives.

Abstract: In representative embodiments, a system and method to recommend improvements to regulatory compliance is illustrated. Regulations are mapped to attributes of cryptographic key materials. Individual cryptographic key material has an associated security reliance score that is calculated based on attributes of associated with the cryptographic key material. The system identifies an improvement goal related to regulatory compliance and evaluates a selected cross-section of key material, their associated scores and regulatory compliance. Based on the evaluation, the system creates an exemplary model having attributes to use as the basis of improvement. This model is then used to calculate improvement potential for a selected cross-section of scores. Based on the improvement potential, the system can then automatically initiate action(s) to improve scores or present options for action(s) to a user for selection and initiation.

Abstract: A data input method and apparatus, and user equipment are provided. The method includes: when it is determined that an operation of a user on the user equipment UE is not performed in a preset display area, deliver an event corresponding to the operation to a first operating environment for processing, where the preset display area runs in a second operating environment of the UE, and the second operating environment has a higher security level than the first operating environment. This can better improve security of an event generated when the user operates a program that runs in a Normal World of the user equipment, and can directly operate an event that runs in the Normal World.

Abstract: An apparatus and method is provided in which, in a setting of making user names case-insensitive, if a plurality of user names determined to be identical to a user name that is requested to log in is registered in an authentication database, log-in using the user name is not accepted.

Abstract: An example technique involves sending, from a user device associated with a particular user, a request for a confirmation message setting. The request may include an indication of an identity of the particular user. The example technique involves determining that an operation included in a predetermined set of operations has been cued. The example technique involves receiving a response comprising an indication of a confirmation message setting for the cued operation prior to performing the cued operation. The confirmation message setting may be based on data generated responsive to the sent request. The confirmation message setting for the cued operation may include an indication of whether or not to output a confirmation message. The example technique involves determining, based on the received response, whether to prompt the particular user via a user interface of the user device for a response to a confirmation message prior to performing the cued operation.

Abstract: Systems and methods are disclosed for providing secure access to a data storage device. A user may provide tap inputs, such as taps or knocks, on an enclosure of the data storage device. The data storage device may determine whether the tap inputs are valid and may allow access to the data storage device (e.g., to non-volatile memory of the data storage device) when the tap inputs are valid.

Abstract: A system for providing a multi-tenant data protection application includes a server shared by all tenants for access to the provided multi-tenant data protection application. The system further includes business logic for managing tenants of the multi-tenant data protection application, tenant resource allocation and isolation of tenant operating environments. The system additionally includes a database server for creating, managing and maintaining databases, including a master database used to store configuration and monitoring data which is used for tenant management and monitoring, and a plurality of private tenant databases, each used to store tenant-specific configuration, tenant-specific data and associated tenant resources. The system includes one or more data protection engines configured to store a copy of protected data at tenant redundant data stores.

Abstract: A method for wirelessly connecting devices performed in a wireless connection system implemented with a computer includes: providing a list of devices capable of remote access with a user account of a user; connecting devices based on the list of devices capable of remote access; automatically updating a list of folders in the connected devices and a list of files included in the folders; and integrally managing files included in the connected devices.

Abstract: Provided is a process including: obtaining, with a network controls engine, network traffic, wherein: the network traffic is sent across the network between source computing devices and destination computing devices; at least one of the source or destination computing devices are on a network carrying the network traffic; and the network has a plurality of computing devices causing the network traffic and which are assigned addresses on the network; applying, with the network controls engine, a plurality of rules to the network traffic to identify rules with criteria satisfied by the network traffic; and causing, with the network controls engine, one or more actions prescribed by one or more identified rules with criteria satisfied by the network traffic.

Abstract: A document management apparatus includes a memory that stores document data in which confidential information is concealed, and a display controller that, in searching the document data according to an input search condition, displays a location where the confidential information is concealed in the document data when the document data stored in the memory and including the confidential data included in the input search condition is displayed as a search result.

Abstract: A document management apparatus includes a first memory that stores a first search index generated for confidential information included in document data, a second memory that stores a second search index generated for non-confidential information other than the confidential information, a third memory that stores the document data including the confidential information concealed therewithin, and a controller that searches the document data by switching between the first search index and the second search index depending on a right of a user, and outputs a search result.

Abstract: A system and method for obtaining permissions to exchange privacy related information across jurisdictional boundaries. The system allows a data-subject to see who is using their data and how many times it is exchanged. The system may also assist data-subjects with blocking current use of their data and automatically preventing their data-set from being exchanged. Similarly, the system may allow data-subjects to offer their data for sale to data-users. This can be in multiple forms including the ability to offer their data to businesses as they stroll by.

Abstract: In this disclosure, various issues related to data (information) privacy are addressed. For example, in an example embodiment, privacy and confidentiality of data is maintained while being consumed by a third party entity. As described herein, an entity may be able to perform secure and trustworthy operations, such as various computations and algorithmic functions for example, on private data without having direct access to the data, thereby protecting the data.

Abstract: A method and related system obtains consent from an individual for computer-aided delivery of compliance information. Initially, a computer-readable data storage device is provided to the individual. The device stores the compliance information and computer-executable instructions. By inserting the device into a computer, the instructions are executed and the individual is prompted by the computer to consent to the computer-aided delivery of additional compliance information. Once consent is indicated, it is communicated from the individual's computer to another computer such as a server over, for example, a modern connection. Having secured the individual's consent, the additional compliance information can be delivered to the individual's computer as, for example, a file attachment to an email message.

Abstract: New tokenization tables are derived at intervals in order to increase the security of tokenized data that is transferred between two endpoints. Generation of the new tokenization tables is based on previous tokenization tables, which advantageously allows the generation process to be performed locally at the two endpoints independently of an external tokenization table provider. New tokenization tables can periodically be distributed to the endpoints as a new starting point for derivation.

Abstract: Disclosed are methods, systems and one or more computer readable mediums for storing data securely in a database. In one aspect, transaction data received from a user completing a form is encrypted using a transaction key provided by a record key management server which is administered by a customer of a form hosting entity. An encrypted transaction key is also generated by the record key management server, wherein a record indicative of the encrypted transaction data and the encrypted transaction key is stored in a database administered by the form hosting entity. Data at rest stored in the database, including the record, is encrypted by a database key management server using a database key.

Abstract: A computer-implemented technique is described herein for removing sensitive content from documents in a manner that preserves the usefulness of the documents for subsequent analysis. For instance, the technique obscures sensitive content in the documents, while retaining meaningful information in the documents for subsequent processing by a machine-learning engine or other machine-implemented analysis mechanisms. According to one illustrative aspect, the technique removes sensitive content from documents using a modification strategy that is chosen based on one or more selection factors. One selection factor pertains to the nature of the processing that is to be performed on the documents after they have been anonymized.

Abstract: This description relates to secure, efficient, confidential, and/or outsourced blockchain networks, which can enable a group of mutually distrusting participants to securely share state and then agree on a linear history of operations on that shared state.

Abstract: Data use restrictions are linked with a data value for a data instance, such as in a data type implementation. The data use restrictions can be compared with a purpose associated with an operation request, such as an operation request from a software application, to determine whether the operation is permitted or prohibited. The data use restrictions can be automatically propagated to derivative data. Log entries can be generated for operations involving the data. The data use restrictions can include a data subject identifier and a data identifier, which may be used to locate related data and data associated with a particular data subject.

Abstract: The present invention provides a thermal hardware-based data security device that is capable of physically, hardware-wise, and permanently erasing data stored in a memory and of enabling a storage device to be reused, and a method thereof. The thermal hardware-based data security device includes: a memory chip capable of storing data; a heater module which supplies heat to permanently erase the data stored in a memory cell within the memory chip; and a switch module which short-circuits the heater module between a power supply unit and a ground when switched on, and thus, controls the heater module to be operated.

Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for remotely initiating lost mode on a computing device. A request that lost mode be initiated can include a message and contact information provided by the requesting user. Once authenticated, a command to initiate lost mode is sent to the lost device. Initiating lost mode includes locking the lost device and suppressing select functionality. The message and contact information are displayed and the lost device is enabled to contact the requesting user using the contact information. The lost device can also collect and transmit location data to the requesting user. The location data can be presented on a map indicating the lost devices location and the time the lost device was at the location. The location data can be scheduled to be resent to the user based on numerous factors such as a set schedule, rules or heuristic.

Abstract: The present invention provides a system and accompanying method for recognizing orientation of an object placed on an interactive surface. The system includes an interactive surface, a processor operatively linked to the interactive surface, an array of sensors operatively linked to the processor, and an object that has multiple external sides. Each of the external sides is visually marked with an indicator. Once the object is placed on the interactive surface, the array of sensors detects an identification value of the external side that is in touch with the interactive surface and transmits the identification value to the processor, and the processor derives the orientation of the object based on the identification value.

Abstract: A method and system for facilitating cost effective, reliable, system redundant, self-driving vehicles involves the employment of specialized lane marking components that permit unprecedented sensor feedback, and in particular, a system and method that enables accurate lane marking recognition despite adverse weather conditions, which presently pose problems experienced by self-driving systems that rely upon vision based camera systems.

Abstract: The invention relates to a radio frequency based control system for preventing occupational hazards, comprising a communication network that connects one or more workers with one or more managers via the Internet or a mobile network, and one or more servers and databases connected to that communication network, further comprising: a plurality of RF tags attached to objects or tools used by workers during their work activity, said tags comprising means for data transmission through radio frequency; and one or more portable mobile terminals, configured for being equipped by workers and for receiving data transmitted by the RF tags, said mobile terminals comprising Internet connectivity and/or mobile network connectivity; and one or more management devices connected to the Internet and/or to a mobile network for receiving transmitted data by mobile terminals and/or recorded or analysed by the servers.

Abstract: In one aspect of the present disclosure, a method is disclosed. The method involves: a reader detecting an eye-mountable device within a wireless communication range of the reader, wherein the eye-mountable device includes a transparent material having a concave mounting surface configured to be removably mounted on a corneal surface; wirelessly retrieving from the detected eye-mountable device a first set of data; using the retrieved first set of data to determine that a condition has been satisfied; and responsive to using the retrieved first set of data to determine that the condition has been satisfied, retrieving from the detected eye-mountable device a second set of data.

Abstract: The system and process described herein will utilize an application configured in an image capturing system such as a handheld terminal to detect and mark a plurality of barcodes in the field of view of the terminal and show the details to the operator. The application will guide the operator through text and/or voice to configure the terminal to read the intended barcode labels. For reading multiple barcodes on an object, the application will provide various barcode sequencing configurations support. The application may suggest sequencing criteria based on past configuration options.

Abstract: An image based code reader comprises an image sensor. The image sensor is configured to acquire an image of a code. Additionally, the image based code reader includes a lens configured to project an image scene including the code onto the image sensor, the lens comprising a variable optical power that controls a focus distance of the image based code reader. The image based code reader further includes a processor operatively coupled to the image sensor and the lens. The processor is configured to acquire the image of the code using only pixels located within a region of interest of the sensor, and a size of the region of interest is selected based on the focus distance of the reader.

Abstract: An optical code is readable by a generally used reading device, and optically readable as an information code that can appropriately prevent abuse due to duplication. In this optical code, data is recorded with a pattern of a plurality of light-color modules having high visible light reflectance and a plurality of dark-color modules having visible light reflectance lower than light-color modules. At least either the light-color modules or the dark-color modules are configured to include a first module and a second module having reflectances different from each other for invisible light of a predetermined wavelength. Thus, data is recorded as a readable pattern of modules, the pattern being differently observed between when irradiated with visible light and when irradiated with the invisible light of a predetermined length.

Abstract: A method in a data capture device of dynamically capturing indicia includes: responsive to initiation of a capture session, receiving a quantity indicator defining an expected number of the indicia to be captured during the capture session; capturing an indicium from a set of indicia and storing a string decoded from the indicium in a capture session buffer; responsive to storing the string, determining whether a number of strings in the capture session buffer matches the expected number defined by the quantity indicator; when the number of strings in the capture session buffer does not match the expected number, repeating (i) the capturing and the storing for a further indicium from the set of indicia, and (ii) the determining; and when the number of strings in the capture session buffer matches the expected number, generating a session termination signal to terminate the capture session.

Abstract: A method of reading an optical code (20) is provided that has a plurality of code words, wherein image data having the optical code (20) are recorded and evaluated to read out the code words, and wherein it is determined by a test process whether the code is read correctly. In this respect, a code word at at least one position of the code (20) is replaced with a code word known for this position in a pre-correction and the test process is carried out after the pre-correction.

Abstract: An image recognition device, an image recognition method and an image recognition unit are capable of performing touch recognition high in accuracy. The image recognition device includes a measurement point determination section adapted to determine a fingertip from an image obtained by a camera, a pattern display section adapted to make a projector display a first pattern having a first linear pattern varying in luminance with a first pitch along a direction parallel to an epipolar line passing through the fingertip, and a second linear pattern varying in luminance with a second pitch along a direction parallel to the epipolar line, and a position detection section adapted to perform touch recognition based on a variation of the first pattern from the image including the first pattern.

Abstract: A hybrid capacitive and optical fingerprint sensor system includes: capacitive sensor electrodes; an optical image sensor having a plurality of image sensor pixels; light conditioning elements, configured to condition light from a sensing region of the hybrid capacitive and optical fingerprint sensor for detection by the optical image sensor; and a processing system having one or more controllers, configured to operate the capacitive sensor electrodes in a low-power mode of operation for the hybrid capacitive and optical fingerprint sensor, and to operate the optical image sensor to acquire an image from the sensing region of the hybrid capacitive and optical fingerprint sensor.

Abstract: A display panel including a display function layer displaying an image in a display area, a cover member including a first face and a second face disposed on an opposite side of the first face and faces the display panel, and a fingerprint sensor including a plurality of first detection electrodes disposed in a sensor base and configured to detect unevenness of an object brought into contact with or approaching the first face of the cover member, a shield electrode disposed to face the plurality of first detection electrodes and configured to suppress a change in capacitance between the first detection electrodes and the shield electrode, and switching elements disposed in correspondence with the first detection electrodes, the fingerprint sensor being arranged between the cover member and the display panel and arranged to overlap with the display area when viewed in a direction perpendicular to the first face are included.

Abstract: An optics-based fingerprint sensor may include a first photodiode, a first metal shield structure that is formed on the first photodiode and includes a first opening, a first color filter structure that is formed on the first metal shield structure and including a second opening exposing the first opening, a second photodiode that is spaced apart from the first photodiode by a predetermined distance, a first nano-optical filter structure that is formed on the second photodiode, and a first band limit filter structure that is formed on the nano-optical filter structure.

Abstract: A fingerprint identification system includes: a fingerprint sensing circuit having a power supply terminal and a floating ground terminal, used for generating a first signal; and a signal generation circuit having a first output terminal and a second output terminal, wherein the first output terminal is coupled to the power supply terminal, and the second output terminal is coupled to the floating ground terminal, the signal generation circuit is used for generating a floating power signal to the power supply terminal according to the first signal, and for generating a floating ground signal to the floating ground terminal according to the first signal, wherein the floating power signal has a floating power amplitude, and the floating ground signal has a floating ground amplitude; and wherein the signal generation circuit has a breakdown voltage, and both the floating power amplitude and the floating ground amplitude are greater than the breakdown voltage.

Abstract: Embodiments of the present application provide a method for determining optical sensing correction parameters, a biological feature detection apparatus and an electronic terminal. The method includes: determining a light intensity of this group of optical signals according to output data generated by a plurality of optical sensing units once under irradiation of the same group of optical signals to determine light intensities of a plurality of groups of optical signals; and determining optical sensing correction parameters of the plurality of optical sensing units according to the output data generated by the plurality of optical sensing units once under irradiation of each group of optical signals and the light intensities of the plurality of groups of optical signals.

Abstract: The invention particularly relates to a multispectral imaging apparatus which is used in forensic medicine, forensic science and criminal fields for the detection, data and image retrieval, recording, scaling and sharing of fingerprints and/or palm prints left at the crime scene; which can be integrated into cameras, video cameras, mobile phones and portable mobile imaging systems allowing non-contact multispectral imaging at different wavelengths.

Abstract: An authentication apparatus includes a prism of an approximately quadrangle-frustum shape. The prism of the approximately quadrangle-frustum shape is arranged so that a first surface, which is corresponding to a larger side of two parallel sides of the approximately quadrangle-frustum shape, is a placing surface side for a finger. The apparatus includes a first imaging unit arranged below a second surface parallel to the first surface. The first imaging unit images an image of the finger transmitted through the second surface. The apparatus includes a light source that radiates light to at least one side surface of a first set of side surfaces, out of two sets of side surfaces of the approximately quadrangle-frustum shape that face each other. The apparatus includes a second imaging unit that images the image of the finger transmitted through a second set of side surfaces, out of the two sets of side surfaces.

Abstract: The invention relates to a flexible electronic card comprising: a card body (1) comprising an upper surface (11) and a lower surface (12); at least one cavity (13, 13?) formed in the card body emerging from the upper surface; a fingerprint module (2) configured to acquire a fingerprint of a user, the fingerprint module being housed in the cavity (13) and flush with the upper surface of the card body; the fingerprint module (2) comprising a flexible substrate (22) comprising an active part (21), designated capture part, flush with the upper surface of the card body and a microcontroller (23) arranged below the substrate.

Abstract: A fingerprint module, which relates to the field of biometric identification. The fingerprint module includes a cover plate (1), a sensor package (2), a circuit board (4), a support frame (3) and an adhesive (5); the cover plate (1) is provided with an ink layer (11) at a lower surface thereof, the sensor package (2) is located below the ink layer (11), a lower surface of the ink layer (11) is covered with the adhesive (5), and the cover plate (1) is fixedly connected with the sensor package (2) via the adhesive (5) below the ink layer (11); the sensor package (2) is fixed over the circuit board (4), and the support frame (3) is arranged on the circuit board (4) at both side; gaps between said constituent parts are filled with the adhesive (5).

Abstract: A method for iris recognition performed by related products includes the following. An iris recognition assembly of the terminal device acquires a first iris image. Thereafter, a processor removes a target eyelash image from the first iris image according to an eyelash image template stored in a memory to obtain a second iris image, and utilizes the second iris image to carry out iris recognition.

Abstract: A system for identifying ponding water located on a field from image data is described. In an approach, an image of an agricultural field is analyzed using a classifier that has been trained based on the spectral bands of labeled image pixels to identify a probability for each pixel within the image that the pixel corresponds to water. A flow simulation is performed to determine regions of the field that are likely to pool water after rainfall based on precipitation data, elevation data, and soil property data of the field. A graph of vertices representing the pixels and edges representing connections between neighboring pixels is generated. The probability of each pixel within the graph being ponding water is set based on the probability pixel being water, the likelihood that water will pool in the area represented by the pixel, the probability of neighboring pixels being ponding water, and a cropland mask that identifies which pixels correspond to cropland.

Abstract: A fingerprint identification apparatus, a method for fabricating a cover and a terminal device are provided. A plurality of optical channels are arranged in the body of the cover, such that the light reflected by an object to be identified is as much as possible linearly transmitted to the photosensitive region in the image identification chip and the intensity of the light received by the image identification chip is maximized. This is favorable to form a clear image, and thus the precision of fingerprint identification of the fingerprint identification apparatus is improved. In addition, in the fingerprint identification apparatus, under the condition of satisfying the signal penetration rate, the cover may be as thick as possible, to further enhance the strength and reliability of the cover.

Abstract: A dermal image information processing device includes a memory; and a hardware component that reads data from the memory and performs: acquiring dermal image information showing ridge lines in a papillary layer; detecting an singular region caused by a surgical operation in the dermal image; determining a type of the surgical operation that is a cause of generation of the singular region; generating a repaired image showing ridge lines in a papillary layer prior to the surgical operation, based on the type of the surgical operation; and collating the repaired image with a pre-registered dermal image.