Abstract: A system for creating a patient-specific instrument model for chondral graft plugging comprises a bone model generator for producing a bone/cartilage model of an articular region of a bone from images thereof. A defect geometry identifier identifies a graft geometry from a defect region of said bone/cartilage model. A donor locator locates an autograft at a donor site or identifies an allograft from a database, using said bone/cartilage model and the graft geometry. A patient-specific instrument model generator creates a model of a graft-plugging patient-specific instrument from said bone/cartilage model, and the graft geometry, the graft-plugging patient-specific instrument model comprising a bone/cartilage interface surface shaped as a function of the bone/cartilage model for the at least one graft-plugging patient-specific instrument to be selectively positioned on the bone/cartilage to pose the autograft or the allograft at the defect region.

Abstract: A system for mental health clinical application includes a virtual reality (VR) headset, a physiological sensor device and a computer device. The computer device is used to perform an illness test on a user by establishing a virtual 3D environment via the VR headset according to test data provided by the computer device. The computer device receives, from the physiological sensor device, a physiological signal of the user in response to the illness test to analyze an illness condition of the user.

Abstract: Laboratory testing plays a significant and growing role in the delivery of medical services. Fresh analysis of past test results has led to discovery of previously unknown correlations between statistical properties of analyte values and parameters such as age, sex, and region. Observed values in patient populations have also newly been discovered to show both secular and regular periodic variations over time. Embodiments of the invention may use information about these correlations to improve quality control and other statistical analysis of patient samples by applying adjusted reference ranges to quality control methodologies, and providing a quality control grade for patient samples based on the adjusted reference ranges.

Abstract: Methods and apparatus are disclosed to label radiology images are disclosed. An example apparatus, includes: means for obtaining user input identifying a vertebra on a spinal image; means for generating first annotations on the spinal image based on: 1) the user input; 2) connected regions on the spinal image; and 3) a number of viewable vertebrae on the spinal image; means for generating second annotations on the spinal image based on: 1) the error; 2) second connected regions on the spinal image; and 3) the number of viewable vertebrae on the spinal image, the second connected regions on the spinal image being determined based on second contextual-information features that account for the error; means for displaying the spinal image including the second annotations; means for validating the second annotations in association with the spinal image; and means for storing the second annotations in association with the spinal image.

Abstract: A method of optimizing healthcare services consumption according to the invention includes the steps of assessing the healthcare situation of an employer providing healthcare benefits to a population, identifying a first group of patients from the population likely to generate expensive healthcare claims based on data representing past claims, periodically determining whether patients in the first group have satisfied certain predetermined healthcare requirements, identifying a first group of providers who provide high quality, cost efficient healthcare services based on the practice patterns of the providers, prompting patients who have not satisfied the predetermined healthcare requirements to obtain services from providers in the first group, and responding to healthcare requests from patients by determining whether the requesting patient is seeking services from a provider in the first group, and, if not, urging the patient to obtain such services from a provider in the first group.

Abstract: The present invention relates to a computerized system for and method of providing precision healthcare services such as consultation, education, assessment, diagnosis, intervention, or treatment at a distance via encrypted real-time image and audio presence where the healthcare professional's assessment, diagnosis, and intervention activities are informed by patient feedback, smart objects, and artificial intelligence and patient outcomes are optimized through recursive system feedback. The present invention is unlimited with regard to the type of patient entity or healthcare professional entity.

Abstract: A method for at least one of characterizing, diagnosing and treating a neurological health issue in at least a subject, the method comprising: receiving an aggregate set of biological samples from a population of subjects; generating at least one of a microbiome composition dataset and a microbiome functional diversity dataset for the population of subjects; generating a characterization of the neurological health issue based upon features extracted from at least one of the microbiome composition dataset and the microbiome functional diversity dataset; based upon the characterization, generating a therapy model configured to correct the neurological health issue; and at an output device associated with the subject, promoting a therapy to the subject based upon the characterization and the therapy model.

Abstract: A mechanical teleoperated device for remote manipulation includes a slave unit having a number of slave links interconnected by a plurality of slave joints; an end-effector connected to the slave unit; a master unit having a corresponding number of master links interconnected by a plurality of master joints; and a handle connected to a distal end of the master unit. The device further includes first device arranged to kinematically connect the slave unit with the master unit, second device arranged to kinematically connect the end-effector with the handle, and a mechanical constraint device configured to ensure that one master link of the master unit is guided along its longitudinal axis so that the corresponding slave link of the slave unit always translates along a virtual axis parallel to the longitudinal axis of the guided master link in the vicinity of the remote manipulation when the mechanical teleoperated device is operated.

Abstract: The method and system determine and report measures of adherence of patients to prescription medication regimens based upon fill gaps in the prescription history of the patients. The measure of adherence may be the proportion of days covered by the medication. The method and system may receive or access information relating to a patient's medical history, including past prescription medication fills. Fills of both the prescription medication and other medications that may substitute for the prescription medication may be considered in determining patient adherence levels. Upon determining the patient's level of adherence, the system and method may generate a report including the adherence information and associated information, such as a home pharmacy location. The report may include an indication of whether new-to-therapy information should be presented to a patient based on patient adherence levels.

Abstract: Apparatus adapting to ambient environment and internal self-diagnostics operating within acceptance criteria, sustaining prescription medications within specifications, which in addition to conventional quality parameters include apparatus specific parameters, such as: combined weight of medication inside a container, and length of container. A control algorithm executed by apparatus sustaining operation within acceptance criteria. Apparatus including conveyor transport system configurable for vertical distribution of prescription medications between pharmacy and authorized user. Vertical configuration provides support for pharmacy to serve multi-story facility, such as a hospital. Automatic dispensing ensures high productivity and quality as only verified specification medications are dispensed to authorized customers.

Abstract: A system and method for automatically calculating an accurate recommended dosage for hormone replacement therapy and automating the life cycle of a patient's treatment over time. The system and method can automatically acquire relevant patient parameters and apply a consistent formulaic approach to help reduce incorrect dosage determinations. A pellet insertion size may be determined and documented based on a calculated dosage, and an insertion side and lot numbers may be tracked and managed. In addition, corresponding revenues may be tracked and profitability may be reported for hormone replacement therapy practices.

Abstract: Systems for managing personalized access to shared online objects. A user accesses a server in a cloud-based environment, wherein the server is interfaced with storage devices that store one or more content objects. The server receives communications packets comprising at least one session attribute, wherein receiving the one or more communications packets is responsive, either directly or indirectly, to an act of the user to invoke a new content access session. The session attribute is used to generate personalized workspace properties that are based on explicitly-provided information or based on inferences that pertain to the invoked content access session. Access to content objects is personalized using explicit or inferred workspace session properties. Personalization includes any aspects of branding preferences, working group colleagues, roles, privileges, friends, etc. Personalization can be based on personalized workspace properties that are inferred based on rules or combinations of data.

Abstract: Described herein are systems and methods for securing transmission of content from a smart card in a host television receiver to a client television receiver. The smart card can receive the encrypted content stream from the television service provider, decrypt the content stream with the global network key, identify the client television receiver as the destination of the content stream, generate a unique key specific to the content stream, encrypt the unique key with a local key known to the client television receiver, encrypt the content stream with the unique key, and transmit the encrypted content stream along with the encrypted unique key to the client television receiver. The client television receiver can then receive the encrypted content stream and the encrypted unique key, decrypt the unique key, decrypt the content stream with the unique key, and transmit the content stream to a display device of the client television receiver.

Abstract: A computer implemented method, program product, and system for managing software licenses is presented. A licensing management logic executes an initial reconciliation run for an initial system. The licensing management logic detects a change to an initial subunit to create a changed subunit, and executes an impact analysis for the changed subunit. The licensing management logic identifies a subunit reconciliation section from the initial reconciliation run, and executes a subunit reconciliation run for the changed subunit to create a changed subunit reconciliation report. The licensing management logic replaces the initial subunit reconciliation report with the changed subunit reconciliation report to create an updated reconciliation report for a changed system.

Abstract: A node, of a network of nodes with access to a distributed ledger, receives a request to verify the user has consented to a current version of terms (i.e., current terms) associated with a program. The node obtains, using the distributed ledger, historical consent data indicating a version of the terms to which the user has previously provided consent. The node performs a first verification procedure to determine the user has not consented to the current terms, provides an indication to a user device that the user has not consented to the current terms, and receives, from the user device, a message indicating an acceptance of the current terms. The node performs additional verification procedures to determine that the user is who consented to the current terms and updates the distributed ledger to include a record indicating that the user consented to the current terms.

Abstract: An example method for verifying identity information includes: receiving image information transmitted and rendered by a client; extracting feature information from the image information; matching the feature information with the feature determination information collected in advance; the feature determination information having associated identity information; determining whether the client fits with the identity information when the match is successful. The example embodiment of the present disclosure identifies a user on the basis of the uniqueness of the image information rendered by different client environments and clients, ensuring the accuracy of identification of user identity information, meanwhile avoiding the problem that the user identity information cannot be identified due to the shutdown of Cookie by clients, and raising the success rate of identification of identity information.

Abstract: Method, media, and system for authentication of a claimant as a claimed identity. Embodiments break the authentication process into two steps. In the first step, a registrant establishes an identity profile by presenting identity documents and authentication points that can later be used to verify that they are the person who established the identity profile. Subsequently, when a claimant claims the identity in the identity profile, an identity score and an authentication score can be calculated based on the identity profile and the information provided by the claimant. The authentication score measures how likely it is that the claimant is the same person who established the identity profile. The identity score measures how likely it is that the registrant is who they are claiming to be. The identity score and the authentication score can then be combined to determine the likelihood that the claimant actually corresponds to the claimed identity.

Abstract: An information processing apparatus includes: a radio communication unit configured to start emission of radio waves for performing radio communication with a radio tag, and obtain specific information from the radio tag, at least after a time point at which a user in a predetermined range is detected by a detecting unit; a first authentication unit configured to execute first authentication for the radio tag, based on the specific information obtained by the radio communication unit; a second authentication unit configured to execute second authentication for a user included in an image acquired by an imaging unit, based on feature information of the image; and an apparatus authentication unit configured to authorize the user to use the information processing apparatus, if a user of the radio tag authenticated by the first authentication is the same as the user authenticated by the second authentication.

Abstract: Wearable electronic device technology is disclosed. In an example, a wearable electronic device can include a handling portion that facilitates donning the wearable electronic device on a user. The wearable electronic device can also include a user authentication sensor associated with the handling portion and configured to sense a biometric characteristic of the user while the user is donning the wearable electronic device. In addition, the wearable electronic device can include a security module to determine whether the sensed biometric characteristic indicates an authorized user of the wearable electronic device.

Abstract: Methods and systems for creating a verifiable digital identity are provided. The method includes verifying a device belongs to a user. The method also includes tying the device to a private key. The method also includes obtaining a first user-generated item comprising an identifiable feature. The method also includes digitally signing the first user-generated item to generate a secure digital artifact. The method also includes uploading the secure digital artifact and the first user-generated item to an auditable chain of a public ledger. The method also includes verifying a digital identity of the user by auditing the auditable chain. The method also includes obtaining a second user-generated item generated comprising the identifiable feature. The method also includes comparing the first and second user-generated items. The method also includes uploading the second user-generated item to the public ledger when the comparing is within a threshold.

Abstract: The technology described herein detects a first device associated with a user that is within a detectable range of a second device. The system requests authentication information. In response to receiving the authentication information, a token generator associated with the user can generate a secure token. The secure token can be sent to the server. Once the secure token is verified, the user is granted access to one or more services.

Abstract: A computing device with a graphical authentication interface in which the device displays a base image and authenticates a user when a pre-selected element in a secondary image overlying the base image is aligned with a pre-selected element in the base image.

Abstract: Systems and methods for authenticating a user to access a public terminal are described. Disclosed embodiments may include reading, using the physical credential reader, a user identifier from the physical credential device. Disclosed embodiments may also include transmitting the public terminal identifier and the user identifier to a secure server. Further, disclosed embodiments may include receiving, after completing the transmission, a unique code from the secure server. Disclose embodiments may additionally include displaying the unique code on the display device. Disclosed embodiments may include receiving, after displaying the unique code, an authentication message from the secure server. Disclosed embodiments may further include, responsive to receiving the authentication message, authorizing the user to use a terminal command at the public terminal.

Abstract: A system is provided for facilitating multi-party authentication. During operation, the system receives, via a communication module, an operation request from a primary user. The system then sends an authentication request to the authentication assistance user and receives a response from the authentication assistance user. Subsequently, the system allows or denies the operation request based on the response received from the authentication assistance user.

Abstract: Techniques for a resource management advice service are provided. In some examples, resource management advice and/or instructions may be provided for use with mobile devices, mobile applications, cloud applications, and/or other web-based applications. For example a mobile client may request to perform one or more resource management operations associated with a service provider. Based at least in part on the requested operation and/or the particular service provider, advice and/or instructions for managing the resource may be provided.

Abstract: The disclosure relates to a digital identity system including an enrolment module executing on a processor configured to receive a data item from an enrolling device and to create in persistent electronic storage a digital profile comprising the data item. The system also includes a credential creation module executing on a processor configured to generate a credential from a random sequence, to associate the credential with the digital profile in a database, and to transmit the credential to the enrolling device. The system further includes a publication module executing on a processor configured, in response to later presentation of the credential to the digital identity system, to publish the digital profile by storing a version of the digital profile in a memory location accessible to a device presenting the credential.

Abstract: An example system includes a processor to receive personal data including passwords and personal information associated with a user. The processor is to also compute patterns for the passwords based on the personal data. The processor is to further receive a plurality of characters for a proposed password. The processor is to also detect that the proposed password is unsecure based on the personal data and the computed patterns. The processor is to generate a secure password in real-time based on the personal data and the proposed password.

Abstract: Examples relate to dynamically adjusting a model for a security operations center (“SOC”). As such, the examples disclosed herein enable constructing a customer storage model over a set of time periods for a customer based on a set of resources of the SOC, a storage distribution model received from the customer related to expected usage of the set of resources, and a threat landscape for the customer. The customer storage model may be revised for a second time period based on actual storage use of the customer during a first time period, and a projection of an amount of data to be consumed in the second time period based on the threat landscape. Allocation of the resources in the SOC may be revised for the second time period based on the revision to the customer storage model.

Abstract: Techniques for protecting against unauthorized technique support calls are disclosed. In one embodiment, the techniques may be realized as a system for protecting against unauthorized technique support calls including one or more computer processors. The one or more computer processors may be configured to register a client security application installed on a client device. The client security application may be associated with a mobile device. The client device may be separate from the mobile device. The one or more computer processors may further be configured to receive a notification to start monitoring the client device. The one or more computer processors may further be configured to monitor activities of the client device. The one or more computer processors may further be configured to alert a user of the client device for security risks associated with the activities.

Abstract: The present invention relates to a process analysis apparatus for analyzing a process executed in an information processing unit and extracting encryption logic such as an encryption function or a decryption function used in the process.

Abstract: An approach is provided for controlling a task to perform a change ticket. The task is correlated with user(s) authorized to initiate execution of command(s) to perform the task and with an authorized location. A requestor is determined to be in the authorized location by receiving verification from physical access control system(s). The requestor is determined to be logged into a first computer system at the authorized location and to have utilized the first computer system to request execution of one of the command(s). The requestor is determined to be remotely logged into a second computer system via the first computer system. The requestor is determined to be one of the authorized user(s) correlated with the task. Based in part on determining the requestor is one of the authorized user(s) subsequent to determining the requestor is remotely logged into the second computer system, the requested command is executed.

Abstract: A system and method for message analysis, including: receiving, by a control service, a first modification request to modify a file system of a computing device, wherein the computing device is operating in a read-only state; identifying, by the control service, a request parameter associated with the first modification request; determining, by the control service, that the request parameter satisfies a permission criteria to perform the first modification request; provisioning, by the control service, the computing device to operate in a read/write state in response to determining that the permission criteria has been satisfied, wherein the first modification request is executed to modify the file system while the computing device is operating in the read/write state; and, upon a determination that the first modification request has successfully completed, provisioning, by the control service, the computing device to operate in the read-only state.

Abstract: A method for statically analyzing a web application program may include obtaining a control flow graph for the web application program. Each control flow graph node may correspond to a statement in the web application program. The method may further include obtaining a sanitizer sequence including one or more sanitizers followed by an output statement, obtaining a placeholder corresponding to the sanitizer sequence, and generating control flow paths including an output node that corresponds to the output statement. The method may further include generating documents for each control flow path. Each document may include a sanitized value corresponding to the output statement. The method may further include inserting the placeholder into each document at a location of the sanitized value, and reporting a potential cross-site scripting flaw when the sanitizer sequence is insufficient for the output context sequence of the sanitized value.

Abstract: A system and method for processing electronic devices to determine removal of customer personal information (CPI). An electronic device is connected to a test device. A number of electronic devices including the electronic device are received for determining that the CPI is removed from a number of sources. The number of electronic devices include a number of makes and models of electronic devices. A determination of whether CPI is included on the electronic device is made. An identification of the electronic device is recorded in response to determining that CPI is included on the electronic device. The CPI is cleared form the electronic device in response to determining that the CPI is included on the electronic device. The identification of the electronic devices and metadata is reported in response to determining the CPI was included on the electronic device.

Abstract: Production data is managed to avoid leakage of sensitive data. One or more of a number of techniques can be employed to discover sensitive data amongst production data. In one instance, data specified about production data in a production application, for example by way of an attribute, can be used to identify sensitive data. Sensitive production data can subsequently be masked to conceal sensitive data from view. Furthermore, metadata regarding sensitive data can be maintained.

Abstract: A method is described for operating a computer system comprising a computer and a display unit, wherein a reference pattern is formed based on input value fed into the computer, wherein image signals for the display unit are generated based on the input value, wherein the image signals fed to the display unit are detected, wherein the detected image signals are subjected to a pattern recognition to provide a recognized pattern, and wherein the recognized pattern is compared with the reference pattern.

Abstract: As disclosed herein a method, executed by a computer, includes receiving, from an augmented reality device, a pairing request, negotiating with the augmented reality device to generate a new encryption key and a mapping plan for presenting optically readable codes, that correspond to one or more images, on a touch sensitive display device. The method further includes presenting, on the touch sensitive display device, the optically readable codes, and receiving a user selection from the touch sensitive display device. The optical codes are overlayed by the wearers of an augmented reality system with an un-encrypted or otherwise modified form of the optical code. A computer system, and a computer program product corresponding to the above method are also disclosed herein.

Abstract: A real-time experience management method, system, and mobile device include checking in a person with an associated mobile device at a site comprising a wireless infrastructure, location tracking, and sensors; communicating data associated with the person to a cloud service; receiving personalization information about the person from the cloud service; monitoring and updating an experience associated with the person at the site during a duration the person is at the site; and communicating data associated with the experience to the cloud service.

Abstract: A computer-implemented method may include (1) generating or receiving, at a computing device, display data defining a display layout and one or more fields; (2) providing, on a display screen of the computing device and by processing the display data, a display that initially obscures an item of information in a secure field without obscuring an entirety of the display; (3) detecting, using at least a camera of the computing device, a change in orientation of a user relative to the computing device; and (4) in response to the change in orientation, causing the display to show the item of information in the secure field, and after causing the display to show the item, (i) detecting an expiration of a predetermined time limit, and (ii) in response to detecting the expiration, causing the display to again obscure the item in the secure field without obscuring the entirety of the display.

Abstract: Systems and methods for data sharing and transaction processing for high security documents are disclosed. According to one embodiment, a method may include (1) at least one computer processor verifying that a sender of a document is authorized to send the document; (2) the at least one computer processor verifying that a receiver of the document is authorized to receive the document; (3) the at least one computer processor identifying at least one restriction to associate with the document; and (4) the at least one computer processor associating the at least one restriction with the document.

Abstract: In certain embodiments, an information obfuscation service may be incorporated directly into the main applications processor of a portable computing device such that the applications processor and its relevant storage peripherals may be securely shared via a virtualization firmware module, avoiding the use of specialized hardware or major modifications of the operating system. The virtualizing and obfuscating storage firmware module may enable a much higher level of assurance in information-at-rest protection while using only the memory protection and privilege mode facilities inherent in common portable device applications microprocessors. The virtualizing and obfuscating storage firmware may interpose storage accesses originating from the operating system. This interposition may be performed seamlessly, without explicit knowledge of the operating system.

Abstract: A server includes a triple processor with instructions executed by a processor to receive an input document, read and store document restrictions for the input document, specify a first triple permutation, and produce for each triple in the input document a record of the triple in accordance with the first triple permutation and the position of the triple in the document. The server also includes a query processor with instructions executed by a processor to receive a query, match components of the query to triples in a triple repository to form initial triples, remove triples from the initial triples in accordance with document restrictions associated with the triples to form final triples, and return the final triples.

Abstract: Some embodiments of the present invention include an apparatus for securing data and include a processor, and one or more stored sequences of instructions which, when executed by the processor, cause the processor to set a data download threshold, encrypt data to be downloaded by a user based on detecting size of the data violating the download threshold such that the user receives encrypted downloaded data, and manage a decryption key used to decrypt the encrypted downloaded data. The decryption key may be deconstructed into “N” key fragments and may be reconstructed using “K” key fragments where “N” is equal to “2K?1”.

Abstract: In one embodiment, a system comprises a processor to, in response to a determination that a write command is suspect, identify a logical address associated with the write command; and send a checkpoint command identifying the logical address to a storage device to preserve data stored in the storage device at a physical address associated with the logical address.

Abstract: An embodiment of the invention may include a method, computer program product, and system for securing data. The embodiment may include receiving, by a management program, identification of a selected cryptographic security module. The selected cryptographic security module is graphically selected by an authorized operator via a graphic user interface. The selected cryptographic security module contains unique individual symbols that contain references to functions and is selected from a plurality of mutually exclusive cryptographic security modules. Based on the received identification of the selected cryptographic security module, the embodiment may include generating, by the management program, a global configuration file. The embodiment may include transmitting, by the management program, a notification to an agent program on a client computer.

Abstract: A method begins by a processing module of a dispersed storage network (DSN) generating a signed registry information packet, dispersed storage error encoding the signed registry information packet to produce a set of encoded registry information slices, and generating a set of signed encoded registry information slice packets for storage in storage units of the DSN. The method continues with the processing module retrieving a decode threshold number of signed encoded registry information slice packets. For each of the decode threshold number of signed encoded registry information slice packets, the method continues with the processing module recovering an encoded registry information slice.

Abstract: The disclosed technology includes techniques for secure access to data associated with an organization and includes providing a user device access to a user interface that is configurable by a user of the user device to execute function requests. Upon receipt of a function request, a router can randomly select an available computer from a computer cluster to execute the function. The computer can access a predetermined portion of the organization's data, generate an output by executing the requested function based on the predetermined portion of the organization's data, and transmit the output to the user device.

Abstract: Systems and methods for privacy breach notification and protection enabled by the Internet of Things (IoT) are provided. Some embodiments establish a passive early warning privacy-breach detection from laser beam scan capability on a mobile device and IoT device when a particular owned object (or set of owned objects) has been laser scanned. Sensor information (e.g., laser beam sensing transparent adhesive tape, automotive cameras and proximity sensors) can be used to create notifications that allow a user to take action or to have peace of mind relating to particular activities such as to avoid fees and fines, to recover lost objects, to confirm known events, and to trigger activity.

Abstract: Minimizing data security risks may be provided. A number and type of confidential data in a computing environment may be determined to generate a metric for the type of confidential data in the computing environment. The metric of the type of confidential data may be compared to a predetermined metric for the type. Responsive to determining the metric for the type of confidential data exceeding a predetermined metric for the type, an action may be performed to prevent more entries of the type of confidential data in the computing environment.

Abstract: A computing system includes: a control unit configured to: obtain an information release setting for a raw user information, the raw user information including an information attribute; determine an information format for the information attribute of the raw user information; determine a privacy notion based on the information release setting; generate perturbed user information from the information attribute based on the privacy notion, wherein the information format for the raw user information is preserved in the perturbed user information; and a communication unit, coupled to the control unit, configured to transmit the perturbed user information.