Abstract: The present disclosure describes a computer-implemented platform for managing electronic endorsable instruments and electronic endorser verification information in order to validate endorser identity. A computer system receives an endorsable electronic instrument and a mobile phone number associated with a targeted potential endorser. The endorsable electronic instrument and a verification information request are sent to the mobile phone number by sending a link to a web-based application via SMS/MMS message. The endorsed electronic instrument and corresponding verification information are received and are associated to validate the endorsed instrument.

Abstract: Systems and methods for performing decoupled authorization, whereby authorizing access permissions of a user to a resource is performed separate and independent from authorizing intent of the user to access the resource. Once both authorizations are successfully completed within a specified timeout interval, the access state of the resource is changed, thereby granting the user access to the resource. The decoupled authorizations are independently performed over different networks, in response to different triggers, or by leveraging different hardware. Access to the resource can therefore be provided prior to the user arriving before the resource, with little to no action by the user, and without comprising security as the resources will remain restricted or locked if the either of the user's intent or access permissions cannot be verified.

Abstract: A method includes receiving information about an identity of an individual. The method further includes analyzing, by an electronic device, the information. The method further includes verifying, by the electronic device, the identity of the individual. The verifying includes electronically analyzing one or more electronic communications associated with one or more websites. The method further includes electronically analyzing one or more electronic communications associated with one or more websites. The method further includes sending one or more communications that include permission to post services associated with the individual.

Abstract: A portable terminal has an authenticator for biometric authentication, and a TPM for storing biometric information of a user necessary when performing authentication processing with the authenticator and a secret key generated for the biometric information. At the time of initialization of an OS, the portable terminal transmits a request for a registration cancelation using a registration cancelation URL to a server in which registration information including a public key which is a pair with a secret key is registered. When an authentication request for the registration cancelation is received from the server, a signature is generated using the secret key extracted according to an authentication success in the biometric authentication of the authenticator using the biometric information read by the biometric information sensor, when the signature is successfully verified by being transmitted to the server, the registration cancelation of the registration information is performed in the server.

Abstract: According to an embodiment, an information processing apparatus includes processing circuitry. The processing circuitry is configured to detect writing on a first file and register, in a restriction target storage, file information on the first file and perform, when processing on a second file is requested and file information on the second file coincides with the file information stored in the restriction target storage, first restriction to restrict the processing on the second file.

Abstract: In one embodiment a device is described, the device including a memory operative to store an program, a storage operative to store a reference check value for at least one operation in the program, a processor operative to execute the program, including, determining a run-time check value upon execution of the at least one operation in the program, comparing the stored reference check value with the run-time check value, storing the run-time check value as a pre-branch run-time check value prior to entering a conditional branch of the program when the compared stored reference check value and the run-time check value are equal values, resetting the run-time check value of the executing program to the pre-branch run-time check value upon exiting the conditional branch of the program, wherein the reference check value, the run-time check value, and the pre-branch run-time check value are determined as a result of a single function. Related apparatus, methods and systems are also described.

Abstract: A system and method for dynamic security domain data protection through passive monitoring of data storage. The present invention may be implemented using data breakpoints to trigger invocation of the data flow analysis routines. A data breakpoint register may be associated with the memory location of each item of target data. Upon attempted access, a data breakpoint interrupt is triggered, which pauses execution and runs data flow analysis and security routines to determine the appropriate action. The present invention may be implemented using a virtual paging system having a memory management unit configured to generate a page fault upon any attempt to access target data. The virtual paging system may have a virtual page that contains target data and that page may be actively managed so that each attempted access to target data results in a page fault, which pauses execution and runs data flow analysis routines to determine appropriate action.

Abstract: Techniques for malware detection using clustering with malware source information are disclosed. In some embodiments, malware detection using clustering with malware source information includes generating a first cluster of source information associated with a first malware sample, in which the first malware sample was determined to be malware, and the first malware sample was determined to be downloaded from a first source; and determining that a second source is associated with malware based on the first cluster.

Abstract: Endpoints in a network environment include remote file systems mounted thereto that reference a file system generator that responds to file system commands with deception data. Requests to list the contents of a directory are intercepted, such as while a response is passed up through an IO stack. The response is modified to include references to deception files and directories that do not actually exist on the system hosting the file system generator. The number of the deception files and directories may be randomly selected. Requests to read deception files are answered by generating a file having a file type corresponding to the deception file. Deception files may be written back to the system by an attacker and then deleted.

Abstract: Automated malware signature generation is disclosed. Automated malware signature generation includes monitoring incoming unknown files for the presence of malware and analyzing the incoming unknown files based on both a plurality of classifiers of file behavior and a plurality of classifiers of file content. An incoming file is classified as having a particular malware classification based on the analyzing of incoming unknown files and a malware signature is generated for the incoming unknown file based on the particular malware classification. Access is provided to the malware signature.

Abstract: The present disclosure provides trusted kernel-based anti-attack data processors. One exemplary processor comprises: a trusted kernel exception vector table configured to provide a handling entry for kernel switching; a trusted kernel stack pointer register storing a trusted kernel stack pointer that points to a trusted kernel stack space; and a trusted zone in the trusted kernel stack space, the trusted zone including a program status register storing a flag bit of a starting kernel for the kernel switching, a program pointer, and a general register. When the data processor performs kernel switching from a non-trusted kernel to a trusted kernel, the trusted kernel locates the handling entry for the kernel switching and performs the switching. An underlying software protection mechanism can be provided for switching entries of a trusted kernel. Therefore, security during switching processes between a trusted kernel and a non-trusted kernel can be improved.

Abstract: A Root of Trust hardware hierarchy provides firmware security for motherboard and peripheral devices. Power is received at a computer system and, in response to the receipt of power, of a standby power rail of a motherboard of the computer system is energized, and a first microcontroller mounted on the motherboard authenticates first firmware associated with a baseboard management controller mounted on the motherboard and coupled to the first microcontroller. If the authentication of the first firmware is successful, the baseboard management controller is powered on, a central processing unit coupled to the first microcontroller is held in reset, and a standby power rail of a peripheral component card coupled to the motherboard is energized.

Abstract: A computerized method is disclosed for announcing that a failure of a trusted boot procedure has occurred. The method comprises performing, in a computing device (102), the steps of detecting a failure of a trusted boot procedure of the computing device (102), and, in response to the detecting, transmitting a trust failure message via a network (503). The trust failure message is generated, in the computing device (102), by utilizing a launch control policy of a trusted platform module (501) to integrate the trust status of the computing device (102) into the trust failure message, such that the computing device (102) remains in a trusted state.

Abstract: A method of checking the authenticity of the content of a non-volatile memory of an electronic device including a microcontroller and an embedded secure element includes starting the microcontroller with instructions stored in a first non-reprogrammable memory area associated with the microcontroller, starting the secure element, executing, with the secure element, a signature verification on the content of a second reprogrammable non-volatile memory area associated with the microcontroller, and if the signature is verified, using the secure element to send the first key to the microcontroller.

Abstract: An apparatus and methods are provided to defending device against attacks. When it is determined that a device is under attack, a determination is made as to whether a layout of objects within said at least one resource at said device is protecting said device against said attack. The determination is then transferred to a remote server together with a layout of the resource at the device. When it is determined that the layout of objects within the at least one resource at the device is not protecting the device against the attack, then the layout of the at least one resource is changed. Either the remote server or the device may determine whether to change the layout in response to the attack.

Abstract: A method for saving and/or restoring settings of an instrument for processing a sample or reagent is disclosed. The instrument comprises a control unit and an operating system. A storage medium is provided to the instrument. The storage medium comprises a script. The script restores data for restoring settings of the instrument. The script is encrypted and/or digitally signed. The method verifies an identity and/or integrity of the script and executes the script upon starting the instrument by the operating system with the storage medium when the identity and/or integrity of the script correspond to an identity and/or integrity of the instrument. The control unit provides an input menu for allowing a user to input a saving and/or restoring command. The instrument saves settings on the storage medium and/or restores settings of the instrument from the storage medium by the restoring data corresponding to the saving and/or restoring command.

Abstract: Techniques for detecting access to data classified as sensitive by plugin running on a computer system are described herein. A data event is generated that includes information about the access to the data classified as sensitive as a result of detecting the access to the data. The data event is then transmitted to a logging service over a network.

Abstract: Systems and methods are provided for sharing maps in a collaborative environment using classification-based access control. The generation of and dissemination of maps and/or data within such maps can be governed by classification-based access control, where a user's classification level can determine whether or not maps and/or data within those maps can be seen. In scenarios whether a plurality of users wishes to collaborate on the same map, the systems and methods provided herein generate multiple versions or views of the same map in accordance with different classification levels. In this way, users with different classification levels can nevertheless see the same map and engage in collaborations regarding the same map, while maintaining control of sensitive data.

Abstract: Inventive embodiments are directed to a system and methods that manage file access in an MVS file management system, which allows for the same name to be allocated to different files. When multiple files share the same name, the name of each file is modified in order to render those files unrecognizable to an operating system. Thereafter, one file may be purposefully provided with the “shared” name. When a computer process requests access to a file and specifies the shared name, the operating system locates the first instance of the shared name in the MVS file management system. As the other files are unrecognizable, the operating system locates the only instance of the shared name and the corresponding file that was purposefully provided with the shared name. The operating system provides the computer process with access to that particular file. The name shared by the unrecognizable files may be subsequently restored.

Abstract: The present invention provides a method of integrating existing strong encryption methods into the processing of a .ZIP file to provide a highly secure data container which provides flexibility in the use of symmetric and asymmetric encryption technology. The present invention adapts the well-established .ZIP file format to support higher levels of security and multiple methods of data encryption and key management, thereby producing a highly secure and flexible digital container for electronically storing and transferring confidential data.

Abstract: Collecting nodes receive data from multiple data sources via a communication structure. The data is processed to generate at least one meta data block reflecting information about objects of interest represented by the data content. The at least one meta data block is encrypted. The data is divided into data chunks of a respective predefined size, and encrypted. The encrypted data chunks and meta blocks are sent over the communication structure to fusion nodes, where, after decryption, meta data blocks are fused into a new meta data block if an object-of-interest criterion is fulfilled. The new meta data blocks are encrypted and sent over the communication structure. Data storage nodes store copies of the encrypted data chunks and meta data blocks in an information structure of block chains of encrypted meta data blocks organized in one chain per object of interest.

Abstract: A record of usage data is obtained, with the record sampled according to a sampling rate from a set of usage data records, with the record specifying a request to access a resource of a computing resource service provider, with the request indicating a set of permissions, and with the sampling rate being based at least in part on a criterion associated with the request. The record is aggregated, based at least in part on a permission of the set of permissions, with at least another record sampled according to the sampling rate from the set of usage data records to produce a set of aggregated usage records and at least a portion of the set of aggregated usage records is provided.

Abstract: Some methods may involve receiving, at a first node of the health network, encrypted sensor data from one or more sensors. The first node may be in a data communication path between the one or more sensors and other nodes of the health network. The method may involve decrypting, by the first node of the health network, only a portion of the encrypted sensor data, and transmitting the encrypted sensor data from the first node of the health network to a second node of the health network. The first node may be a gateway device. In some examples, the second node may be able to decrypt more of the encrypted sensor data than the first node.

Abstract: A method, a system, and a computer program product for contextually sharing content with at least one receiving participant during a video conference. The method includes identifying content to be shared by a sharing participant within a shared space of the video conference that is viewable by the at least one receiving participant. The method further includes determining at least one sharing parameter that defines participant access to view the content and determining sharing credentials for each receiving participant of the video conference. The method further includes comparing the at least one sharing parameter to the sharing credentials of each receiving participant to individually determine which receiving participants are authorized to view the content. The method further includes, in response to the comparison indicating that a receiving participant is not authorized to view the content, omitting or rendering the content unreadable within the shared space for the unauthorized receiving participant.

Abstract: The present disclosure describes use of two security processors for a mobile device. In some aspects, a first security processor device embodied in a security component of an apparatus receives a user input via an input device and transmits a security condition signal to a second security processor device embodied in a System on Chip (SoC) component of the apparatus, causing the SoC component to perform a security operation. In other aspects, the first security processor receives a signal via a sensor device sensing environmental conditions surrounding the apparatus and, in response, transmits a security condition signal to the second security processor, causing the SoC component to perform a security operation. The security operation is directly controlled, maintained, and implemented by the second security processor embodied in the SoC component.

Abstract: A media content pipeline architecture is described that enables media devices to efficiently receive, store, play, and stream media content. In general, a media content pipeline as described herein is configured to receive media content streams from one or more input sources, segment and store the media content streams into fixed-sized or variable-sized data buffers, encrypt the data stored in the buffers, and store the encrypted data in an in-memory buffer cache for further processing. The media content pipeline further may be configured to write the encrypted buffers stored in the in-memory buffer cache to a secondary storage device (e.g., a hard disk) in response to the occurrence of one or more defined operating conditions. The media content pipeline may enable a media device to efficiently receive and process media content data streams, write the media content data streams to storage, and stream the media content data to client devices.

Abstract: In an example embodiment, a secure display device that includes hardware that can be positioned between a personal computer or a central processing unit and a display, such as a flat panel display. Display data from the personal computer or the central processing unit to the flat panel display is transmitted through the security display device.

Abstract: Various switchable RFID devices are disclosed. These switchable RFID devices may include one or more RFID tags and one or more switches. Some of these one or more switches are optionally wireless. In various embodiments, the switchable RFID devices include cellular phones, security devices, identity devices, financial devices, remote controls, and the like. The switchable RFID devices are optionally disposed in a passport.

Abstract: Various switchable RFID devices are disclosed. These switchable RFID devices may include one or more RFID tags and one or more switches. Some of these one or more switches are optionally wireless. In various embodiments, the switchable RFID devices include cellular phones, security devices, identity devices, financial devices, remote controls, and the like. The switchable RFID devices are optionally disposed in a passport.

Abstract: One embodiment provides a wristband, including: a wristband material; an padding material; and at least two antennas, wherein the at least two antennas are located between the wristband material and the padding material; wherein the at least two antennas are located having a spacing between each of the at least two antennas with respect to another of the at least two antennas; wherein the wristband material, the padding material, and the at least two antennas are formed as a wearable wristband. Other aspects are described and claimed.

Abstract: A condition monitoring system includes a radio frequency transponder module including an RFID chip having a first memory, and an antenna; at least one sensor module that monitors data related to the condition of an item and includes a second memory for storing the monitored data; and a communication interface that couples the at least one sensor module to the RFID chip of the radio frequency transponder module so that the sensor module is operative to communicate with the RFID chip by way of the communication interface and the RFID chip first memory is operative to store data related to the item.

Abstract: Systems and methods for controlling at least one security device based on the behavior of at least one tag. The methods comprise: generating sensor data relating to movement by at least one sensor disposed in a first tag; analyzing the sensor data to determine if an item to which the first tag is coupled is being handled in an unusual, abnormal or nervous manner; determining if an enterprise system has lost communicative contact with the first tag coupled to the item that is being handled in an unusual, abnormal or nervous manner; and causing an operational state of the security device to change in response to the loss of the communicative contact between the enterprise system and the first tag.

Abstract: A code reader may include a housing, an image sensor, and a processing unit. The code reader may include a set of orientations. The housing may be configured to be adjustably oriented, such as rotated. The image sensor may be disposed within the housing, and configured to capture an image of a target area. The processing unit may be disposed within said housing, and be in communication with the image sensor. The processing unit may be configured to, in response to determining an orientation of the housing, select a function so that the code reader is configured to perform the function corresponding with the determined orientation.

Abstract: Eliminate or reduce the impact of disturbing light in printed information label recognition applications using single- and multi-shot external flashing coupled with intelligent processing. A shelf imager can acquire shelf images for printed information label localization and recognition. An external flashlight can provide at least one flashing condition/pose for shelf image acquisition in addition to lighting associated with the enclosed environment. A disturbing light region (DLR) detector can analyze all or a portion of the acquired shelf images for disturbing light to determine whether additional images need to be acquired using different flashing conditions provided by the single- or multi-shot external flashlight or whether full or portion of acquired images need to be analyzed by a printed information label locator and recognizer.

Abstract: Eliminate or reduce the impact of disturbing light in printed information label recognition applications using single- and multi-shot external flashing coupled with intelligent processing. A shelf imager can acquire shelf images for printed information label localization and recognition. An external flashlight can provide at least one flashing condition/pose for shelf image acquisition in addition to lighting associated with the enclosed environment. A disturbing light region (DLR) detector can analyze all or a portion of the acquired shelf images for disturbing light to determine whether additional images need to be acquired using different flashing conditions provided by the single- or multi-shot external flashlight or whether full or portion of acquired images need to be analyzed by a printed information label locator and recognizer.

Abstract: A management system includes a camera that shoots a code where item information related to a target item has been encoded, a reader that detects the code from an input image obtained by shooting the code, and read the item information from the code, a camera controller that acquires an item image representing the target item from the camera after the code is detected, and a storage that stores the item image acquired by the camera controller, associating the item image with the item information.

Abstract: The present disclosure relates to data readers including an improved imaging system that optimizes active and passive autofocus techniques for improving data reading functions. In an example, the data reader initially uses active autofocus techniques to focus a lens system based on a measurement reading by a rangefinder and acquire an image of an item in the field-of-view of the data reader. The data reader includes a decoding engine operable to decode an optical code of the item using the acquired image. If the decoding engine is unable to decode the optical code using the active autofocus technique, the data reader alternates to a passive autofocus technique to alter the focus settings of the lens system and reattempt the decoding process.

Abstract: A barcode reader may include an image sensor array, an optic system, an image buffer, and a plurality of pre-processing circuits implemented in hardware. The optic system may be configured to focus an image of a barcode onto the image sensor array. The plurality of pre-processing circuits may collectively implement a plurality of different image processing functions. Each pre-processing circuit may be configured to receive as input an image frame from the image sensor array or an image data record from the image buffer. The image data record may be derived from the image frame. Each pre-processing circuit may also be configured to perform an image processing function with respect to the image frame or the image data record, thereby generating a new image data record. A decoder may use at least one image data record to decode the barcode.

Abstract: A display device can include a cover substrate; a display module disposed on a rear surface of the cover substrate and configured to display an image; a heat dissipation film disposed on a rear surface of the display module; a hole disposed in the heat dissipation film; a flexible circuit board covering the hole in the heat dissipation film and configured to block light; and a fingerprint scanner mounted on the flexible circuit board, disposed in the hole of the heat dissipation film, and separated from the heat dissipation film by a space, in which the flexible circuit board covers the space between the heat dissipation film and the fingerprint scanner.

Abstract: A fingerprint identification device includes a substrate, at least two electrode areas, at least one dedicated sensing signal line, plural electrode selection switch groups, and plural signal lines. Each electrode area has plural electrodes. The signal lines are divided into plural first directional signal lines and plural second directional signal lines. The first directional signal lines are perpendicular to the second directional signal lines. The plural electrode selection switch groups sequentially or dynamically select at least one electrode as a sensing electrode block in each electrode area. The plural electrode selection switch groups configure the electrodes surrounding the sensing electrode block as at least two corresponding deflection electrode blocks. Each sensing electrode block is corresponding to at least two deflection electrode blocks. Each deflection electrode block has plural electrodes.

Abstract: Systems, methods and apparatus for configuring a fingerprint sensor to operate in a capacitive sensing mode and an ultrasonic sensing mode are disclosed. A fingerprint sensor may be configured to operate in a capacitive sensing mode by driving a sensing electrode using a controller. In some implementations, an object positioned on or near the sensing electrode may be detected using the fingerprint sensor in the capacitive sensing mode, and the controller can drive electrodes of the fingerprint sensor differently to configure the fingerprint sensor to operate in an ultrasonic sensing mode. In some implementations, an applications processor may be instructed to authenticate a fingerprint of the object from image data obtained when the fingerprint sensor is operating in the ultrasonic sensing mode. In some implementations, a display of a mobile device containing the fingerprint sensor may be unlocked, or the mobile device may be woken up when the fingerprint is authenticated.

Abstract: An optical fingerprint module includes: an optical fingerprint sensor, wherein the optical fingerprint sensor includes at least one pixel region where photosensitive pixels are disposed; each of the photosensitive pixels includes an optical fingerprint sensing device, a non-opaque region and an opaque region, wherein the optical fingerprint sensing device is disposed in the opaque region, and all the optical fingerprint devices are arranged in rows and columns; and at least one point-shaped backlight source, wherein each of the at least one pixel region corresponds to one of the at least one point-shaped backlight source; and the point shaped backlight source is disposed obliquely below the optical fingerprint sensing devices in an outermost row of the corresponding pixel region; in the pixel region, a largest square region whose center is closest to the corresponding point-shaped backlight source is selected, and optical fingerprint sensing devices are divided into different device groups, and optical finger

Abstract: A display device including a first substrate, a sensing element, a display switch element and a blocking structure is provided. The first substrate has a first top surface perpendicular to a first direction. The sensing element is disposed on the first substrate and includes an active layer having a channel region. A first distance is formed between a channel top surface of the channel region and the first top surface of the first substrate along the first direction. The display switch element is disposed on the first substrate and adjacent to the sensing element. The blocking structure is disposed on the sensing element. The blocking structure has a bottom surface and a first opening, the first opening corresponding to the channel region of the sensing element. A second distance, greater than the first distance, is formed between the bottom surface and the first top surface along the first direction.

Abstract: A method comprises: receiving, via a processor, an image depicting a tissue; quantifying, via the processor, the image based on: segmenting, via the processor, the image into a plurality of segments; identifying, via the processor, a plurality of histological elements in the segments; forming, via the processor, a network graph comprising a plurality of nodes, wherein the histological elements correspond to the nodes; measuring, via the processor, a feature of the network graph; performing, via the processor, a transformation on the image based on the feature; determining, via the processor, a non-parametric feature of the image based on the transformation; saving, via the processor, the non-parametric feature onto a database.

Abstract: A computer implemented image processing method is disclosed.

Abstract: A fingerprint recognition method includes determining a code corresponding to a query image based on features of blocks in the query image, obtaining information corresponding to the determined code from a lookup table, and verifying the query image based on the obtained information.

Abstract: An electronic device is provided. The electronic device includes a light emitting unit configured to alternately emit light having a preset pattern to an eye area of a user; an inputter configured to receive a plurality of images which capture an eye area of the user; and a processor configured to detect a user's gaze using a first image that is captured at the time of irradiating a preset first pattern and a second image that is captured at the time of irradiating a preset second pattern, and the processor detects a user's gaze by extracting reflection points of each of the first image and the second image and using remaining reflection points excluding reflection points at a same position from among the extracted reflection points.

Abstract: Systems, apparatuses, and methods may provide for technology to dynamically control a display in response to ocular characteristic measurements of at least one eye of a user.

Abstract: The present disclosure relates to a flat panel display with an optical image sensor embedded therein. The flat panel display includes a directional light unit. The directional light unit comprises a cover substrate with a surface area corresponding to the length and width; a first low refractive index layer attached to the lower surface of the cover substrate; a light-exiting element disposed to correspond to the display area, on the lower surface of the first low refractive index layer; a light-entering element disposed outside the display area at one side of the light-exiting element, on the lower surface of the first low refractive index layer; a second low refractive index layer disposed on the lower surfaces of the light-exiting element and light-entering element and attached to the upper surface of the display panel; and a light source disposed to face the light-entering element.

Abstract: An image processing device includes: an associating unit configured to associate information on an identification element used to identify a cell in imaged cell information with information on a non-identification element serving as an element of the cell which is not the identification element on the basis of the information on the identification element and information of the non-identification element; and a status determination unit configured to determine a cell status on the basis of the information on the identification element and the information on the non-identification element associated together by the linking unit.