Abstract: Healthcare providers can utilize ePrescribing applications to prescribe electronic prescriptions to patients which will be accessible to patients via a cloud platform. A patient can determine how he or she would like to fill such prescriptions. A patient can search for and select a pharmacy to electronically send a prescription to, or alternatively can choose to receive a scannable copy of the prescription at his or her mobile device for presentation at a pharmacy location. In the latter event, a patient can utilize his or her electronic device to display a scannable code which a pharmacy can scan to access prescription information.

Abstract: A critical access override list may be generated dynamically based on patient profile information for a single patient or a group of patients. A single patient or group of patients is initially identified. Patient profile information for the patient or group of patients is accessed. The patient profile information is analyzed, and medications are selected for critical access override. The selected medications are added to a critical access override list available to a medication dispensing apparatus to provide quicker access to the medications for emergency situation purposes via critical access override dispensing in which fewer steps are performed than normal medication dispensing events.

Abstract: A computer configured to monitor medical device data for presentation on a user interface. The computer comprises a processing circuit and a network interface circuit configured to provide communications over a network. The processing circuit is configured to receive at configurable time intervals a medical device status message from a medical device over the network; set a device last connection time, comprising a date and time that a most recent status message was received over the network by the computer from the medical device; receive input from a user interface in communication with the computer to retrieve pump information; calculate a delta between the device last connection time and a date and time the processing circuit received the input from the user interface; compare the delta with a device connection threshold value; and display a warning on the user interface if the delta is greater than the threshold value.

Abstract: The present application discloses a method for recognizing a picture, device, and apparatus. The method comprises: acquiring a to-be-recognized picture from an Internet-based on-line database; extracting characteristics from the to-be-recognized picture and a previously acquired copy-righted picture, to obtain the characteristics of the to-be-recognized picture and the copy-righted picture; comparing the extracted characteristics of the to-be-recognized picture and the copy-righted picture; and determining the to-be-recognized pictures as a suspected pirated picture based on the comparison result. According to the technical solutions provided by the embodiments of the present application, suspected pirated pictures can be accurately and quickly recognized, with no need of manual screening, thereby greatly reducing the labor cost, and increasing the recognition efficiency for suspected pirated pictures.

Abstract: A verification system, includes: an arithmetic/logic unit (“ALU”) to perform one or more mathematical operations and compare selected variables; a register to hold a value from a comparison of selected variables performed by the ALU; an instruction decoder to provide read and write commands to memory; an address bus to provide an address to memory for a read or write operation; and a data bus to provide or access data for a write or read operation to or from memory, wherein the ALU generates and provides a recipient identifier to a target computational device, the recipient identifier being related to an identity of the target computational device and/or a target device human operator, and write the recipient identifier to memory in response to a write command issued by the instruction decoder and, as a part of a transaction, the ALU receives, from a user computational device of a first user, the recipient identifier and a credential of the first user and/or user computational device, compares each of the rec

Abstract: One or more communication interfaces of a first application may be scanned. In response to the scanning, it may be determined that at least a first component of the first application is subject to public access from any application. One or more public access features associated with the first component may be removed, wherein the first component is no longer subject to public access from any application. A first module may be added to the first application to control access to data to or from the first component via one or more security rules.

Abstract: A method includes: after receiving an operation instruction of a first user, generating, by a first device, connection information according to the operation instruction, and providing the connection information to a second device near the first device, so that the second device obtains a first identifier through calculation according to a first information portion of the connection information by using a preset algorithm; receiving a first message that is sent by the second device according to the connection information, where the first message carries the first identifier; determining whether the first identifier matches a second identifier of the first device, where the second identifier is equal to or corresponds to a result that is generated through calculation according to the first information portion; if the first identifier matches the second identifier, sending a second message to the second device; and establishing a wireless connection to the second device.

Abstract: The invention provides a computer-implemented authentication method comprising the step of enabling a user to input an identifier (e.g. a PIN) into an electronic device having a screen and a keypad operable within a keypad zone of the screen; by operating at least one key of the keypad via an image of at least part of a scrambled keypad which is displayed at least partially within the keypad zone. The user's operation of the keypad key via the image generates an encoded version of the user's intended input. In one sense the invention can be perceived as superimposing a non-functional image of a scrambled keyboard over an underlying, functional keypad. The image may be any type of electronic image, and may include a video image. The invention is particularly suited for use with, but not limited to, mobile phones, tablet computer, PCs etc. It can be implemented in any system wherein a user's identity must be verified before access is granted to a controlled resource.

Abstract: The image forming apparatus is an authorization device that gives authority to use of the image forming apparatus. To the host user, the authority to use of the image forming apparatus is given. The image forming apparatus evaluates depth of a relationship between a host user and a guest user different from the host user, on a service used by a plurality of users. Based on the evaluation results, the image forming apparatus gives the authority to use of the image forming apparatus to the guest user. This makes it possible to provide an authorization device capable of improving convenience while securing security.

Abstract: A method of enabling continuous user authentication, comprising: setting up an authentication server to provide authentication data to an enterprise server in parallel to a remote user session with the enterprise server, when the user is using a touch screen device; extracting samples from a user's behavior, to build a library of user specific parameters; and tracking user behavior to authenticate the user, the tracking comprises initial identification of a user of the touch screen device when starting a session with the enterprise server and continuous authentication of the user during the session with the enterprise server.

Abstract: A system, apparatus, method, and machine readable medium are described for performing client risk assessment for authentication. For example, one embodiment of an apparatus comprises: a client risk assessment agent to perform an assessment of client configuration data to determine a risk level associated with a client device; and an authentication engine to performing authentication for a particular transaction in accordance with the risk level.

Abstract: A vehicle computing platform may receive driver sensor data indicating whether a driver seat in a vehicle is occupied. The vehicle computing platform may determine, based on the driver sensor data, an identity of a driver of the vehicle. The vehicle computing platform may receive passenger sensor data indicating whether a passenger seat in the vehicle is occupied. The vehicle computing platform may, based on the passenger sensor data indicating that the passenger seat in the vehicle is occupied, obscure information on a screen of the vehicle.

Abstract: A wearable device having one or more processors configured to receive one or more signals representative of biometric parameter(s) and sensed presence of a user. The one or more processors configured to compare the biometric parameter to a stored user parameter for authentication of the user. Upon authentication, the one or more processors switch from a locked mode to an unlocked mode to enable communication.

Abstract: Disclosed are a dongle apparatus and a method of controlling the same. The dongle apparatus includes a fastener that combines or separates the dongle apparatus with or from a home appliance, a power supply that receives at least one of a plurality of ranges of power from the home appliance, a power converter that converts the power into available power, a locker that locks the fastener so that the fastener does not separate from the home appliance or unlocks the fastener to separate therefrom, and a controller that receives the available power and controls the locker to lock or unlock the fastener.

Abstract: A computer system, method, and computer readable product are provided for managing passwords using steganography. In various embodiments, a computing system provides a password manager that a user provides a password to. The user then selects a service for which credentials will be generated or stored, and an image on the user's device that will be used to steganographically store the credentials. The computing system then generates a steganographic image that includes the credentials and stores that image with the other images on the user's device.

Abstract: The present invention provides a method and apparatus for restricting batch requests for a service, facilitating restriction on requesting the service in batch and contributing to overcome some deficiencies in the prior art. The method comprises: receiving, by a server, service request information sent by a terminal (S11); sending, by the server, a calculation problem to the terminal, the question requiring a larger amount of computing recourses of the terminal than that of the server (S12); receiving, by the server, a calculation result of the calculation question from the terminal (S13), and verifying the calculation result (S14), and if the calculation result is correct, providing the service to the terminal (S15), otherwise, rejecting to provide the service to the terminal (S16).

Abstract: An information handling system has a secure data storage partition allocation. Access to the secure storage partition is limited to a set of authorized functions authorized to access the secure storage partition. The authorization of a function may be determined by a unique identification corresponding to the function or a reverse trace.

Abstract: The invention relates to a method for allowing a configuration change of an Intelligent Electronic Device (IED) of a power system, wherein the configuration change affects an operation of the IED. The method comprises receiving a request at the IED for the configuration change, wherein the request comprises a configuration change signal. The configuration change signal is received at the IED in response to establishing a connection between an I/O module of the IED and a signalling component. The method further comprises verifying the request automatically by the IED, wherein verifying the request comprises detecting a predetermined signal pattern at the I/O module upon receiving the configuration change signal, wherein the predetermined signal pattern is stored in a memory associated with the IED. In addition, the method comprises enabling the configuration change in response to successful verification of the request by the IED.

Abstract: A malicious code analysis device and method used on an external device connected via a USB cable. The malicious code analysis method includes connecting a malicious code analysis device to an analysis target terminal, on which malicious code is to be executed, from outside the analysis target terminal via a USB cable, multi-booting the analysis target terminal based on multiple Operating System (OS) image files stored in the malicious code analysis device; providing user input to the analysis target terminal so that malicious code is incapable of recognizing that a current environment is an analysis environment, and analyzing, by the malicious code analysis device, the malicious code in consideration of both data modified by the malicious code, among pieces of data corresponding to the multiple OS image files, and the user input.

Abstract: A trusted component commences a debugging session, based on determining that debugging of a virtual machine is to be initiated. The commencing of the debugging session includes generating encryption information to be provided to a client for which debugging is to be performed. The encryption information includes a key that is encrypted and to be used to encrypt a debug request to debug the virtual machine. The trusted component obtains an encrypted debug request indicating one or more operations to be performed to debug the virtual machine. The one or more operations are performed by the trusted component to obtain debugging results for the virtual machine.

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to identify regions of code to be monitored, probe and lock code pages that include the identified regions of code, and remap the code pages as execute only. The code pages can be remapped as execute only in an alternate extended page table view.

Abstract: One variation of a method for detecting a cyber attack includes: recording representations of network events occurring on a network over a period of time to a network accounting log; writing metadata values of network events in the accounting log to a compressed log file; in response to receipt of a new threat intelligence representing a newly-identified security threat identified after the period of time, querying the compressed log file for a set of metadata values of a threat element defined in the new threat intelligence; in response to detecting the set of metadata values of the threat element in the compressed log file, querying the network accounting log for a set of threat elements defined in the new threat intelligence; and in response to detecting the set of threat elements in the network accounting log, issuing an alert to respond to the newly-identified security threat on the network.

Abstract: A terminal device for securely displaying information is provided. The terminal device includes a monitoring module configured to monitor a distance between the terminal device and a designated device, a determining module configured to determine whether the distance is less than a preset distance, and a displaying module configured to display the information if the determining module determines that the distance is less than the present distance.

Abstract: According to one embodiment, an apparatus comprises a first analysis engine and a second analysis engine. The first analysis engine analyzes an object to determine if the object is malicious. The second analysis engine is configured to (i) receive results of the analysis of the object from the first analysis engine and (ii) analyze, based at least in part on the analysis by the first analysis engine, whether the object is malicious in accordance with a predictive model. Responsive to the first analysis engine and the second analysis engine differing in determinations as to whether the object is malicious, information associated with an analysis of the object by at least one of the first analysis engine and the second analysis engine is uploaded for determining whether an update of the predictive model is to occur. An update of the predictive model is subsequently received by the classification engine.

Abstract: Described is a language-based system for detecting function calls. The system detects missing authorization and authentication functionality in computer software source code via typechecking. New classes of software vulnerability in the computer software source code are detected.

Abstract: The disclosed computer-implemented method for trichotomous malware classification may include (1) identifying a sample potentially representing malware, (2) selecting a machine learning model trained on a set of samples to distinguish between malware samples and benign samples, (3) analyzing the sample using a plurality of stochastically altered versions of the machine learning model to produce a plurality of classification results, (4) calculating a variance of the plurality of classification results, and (5) classifying the sample based at least in part on the variance of the plurality of classification results. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Methods and systems for identifying malicious applications and, more particularly, to identifying web shell applications. Embodiments described herein rely on machine learning tools to analyze static and dynamic features of a suspected file to determine whether the file is a web shell application.

Abstract: Mounting a filesystem for media. The method includes detecting that media has been connected to a computing device. The method further includes causing a filesystem for the media to be mounted to a virtual machine. The virtual machine is coupled to a server. The method further includes causing file data from the media organized by the filesystem to be served from the server to the computing device.

Abstract: In accordance with codes of applications, it is determined whether the applications access predetermined privacy information due to permission, a first label is assigned to an application that is determined to make an access, and a second label to an application that is determined not to make an access. The score of each word is calculated such that a high score is set to a word that is included in the text of the description of the application, to which the first label is assigned, more often than in the text of the description of the application, to which the second label is assigned, and a predetermined number of words at the top with regard to the score is extracted. The application whose text of the description includes the extracted word is classified as an application that refers to the permission.

Abstract: In an embodiment, a system on a chip includes: a single core to execute a legacy instruction set, the single core configured to enter a system management mode (SMM) to provide a trusted execution environment to perform at least one secure operation; and a memory controller coupled to the single core, the memory controller to interface with a system memory, where a portion of the system memory comprises a secure memory for the SMM, and the single core is to authenticate and execute a boot firmware, and pass control to the SMM to obtain a key pair from a protected storage and store the key pair in the secure memory. Other embodiments are described and claimed.

Abstract: Computer-implemented systems and methods are disclosed herein for use within secure multi-party computation. A system and method are used for storing an operation preference and a cryptographic preference. A data set is stored based on the operation preference and the cryptographic preference. A determination is made that processing the query involves performing an allowable operation on the data set based on the operation preference.

Abstract: A method and system provides access control for sensitive data. An access control system defines a plurality of access policies for gaining access to the sensitive data. Each access policy includes a plurality of rules that indicate whether or not a client machine can gain access to an initial access secret under the policy. If a client machine requests access to the sensitive data, the access control system checks to see if the client machine satisfies the rules of the access policy. If the characteristics of the client machine satisfy the rules of the access policy, then the access control system provides a ticket to the client machine and instructs the client machine to write the ticket to a client machine information database. If the client machine writes the ticket to the client machine information database, then the access control system provides an initial access secret to the client machine.

Abstract: Systems and methods for receiving a request to analyze trust of a client system and perform actions based on a client trust profile. A trust rating server device receives a request from a client computing device to analyze the trust on the device. The request identifies at least one credential or certificate installed on the device for example. The credential or certificate is obtained and analyzed to identify key information that relates to trust, such as level of encryption, country or entity of origin, duration of credential, certifying authority, etc. A rating is established using the key information and compared to a profile or other metric. One or more credentials or certifications may be blocked, disabled, enabled or removed based on a user's profile. Trust credentials are continuously monitored on the device for changes, and new credentials are blocked that do not meet thresholds established in the user's profile.

Abstract: According to an example, a performance of a predetermined action with regard to a data may be prevented. In the method, a first system call pertaining to the data may be intercepted and suspended. A determination may be made as to whether a second system call that is to be executed following execution of the first system call will result in performance of a predetermined action with regard to the data. In addition, an operation may be implemented on the first system call to prevent the performance of the predetermined action with regard to the data.

Abstract: A system includes a computing device and a storage device storing computer instructions that are executable by the computing device. The computer instructions cause the computing device to detect a request to render content in a first display of a primary user device. The computer instructions further cause the computing device to determine whether the primary user device satisfies a compliance rule indicating whether the first display of the primary user device is authorized to render the content. In response to determining that the primary user device fails to satisfy the compliance rule, the computer instructions cause the computing device to prevent the content from being rendered in the first display of the primary user device and cause the content to be rendered in a second display of a secondary user device.

Abstract: A method and system for performing an operation on protected sensitive data. A processor of a data processing system receives, from a computing system: (i) the protected sensitive data, (ii) an identification of an operation that accesses and utilizes the protected sensitive data during performance of the operation, and (iii) a request to perform the operation, wherein the computing system is external to the data processing system. The processor de-protects the received protected sensitive data, which generates unprotected sensitive data from the protected sensitive data. The processor performs the operation, which includes accessing and utilizing the unprotected sensitive data and generating a result. After the operation is performed, the processor re-protects the unprotected sensitive data, which restores the protected sensitive data. The processor sends the result to the computing system.

Abstract: The present invention relates to a system and method for managing proxy device assignment in a wireless communication network where proxy devices operate as relay devices forwarding signals from a resource restricted device to a destination device. The method comprises dividing an identifier space of the resource restricted device into at least two parts, and assigning at least one of the at least two parts of the identifier space to at least one proxy device of the wireless communication network wherein the proxy device assigned to a first part of the identifier space is responsible for the resource restricted device transmitting a signal comprising an identifier falling within the first part of the identifier space.

Abstract: An electronic device and an method of operating an electronic device according to various example embodiments include: acquiring one of a plurality of pieces of identification information which are already registered; setting one of a plurality of function sets which are already registered based on the acquired identification information; and allowing access based on the set function set.

Abstract: Provided is a process including: obtaining criteria to select plain-text values in a lower-trust database; selecting, based on the criteria, a first plain-text value; in response, determining a first reference value; storing the first plain-text value in a higher-trust database in a second entry identified by the first reference value; storing the first reference value in the first entry of the lower-trust database; selecting another instance of the first plain-text value stored requested to be stored in a third entry in the lower-trust database; and in response, storing the first reference value in the third entry.

Abstract: Aspects of the present disclosure are directed to methods and systems for protecting sensitive data in a hosted service system. The system includes a host system and the host system includes a key management system (KMS) and a metadata service system (MSS). The KMS and the MSS are communicatively coupled to each other. The system further includes a database management system (DBMS) having a database, a query pre-parser, and a results handler. The query pre-parser and the results handler are communicatively coupled to the KMS and the MSS, and the system also includes a processing application adapted to process at least some data received from a tenant system.

Abstract: An apparatus, method, and computer readable medium for management of infinite data streams. The apparatus includes a memory that stores streaming data with a data set and a processor operably connected to the memory. The processor transforms the data set to a second data set. To transform the data set, the processor determines whether a difference level exceeds a threshold, and transforms the data set by adding a noise when the difference level exceeds the threshold. When the difference level does not exceed the threshold, the processor determines whether a retroactive count is greater than a threshold, transforms the data set by adding a second noise when the retroactive count is greater than the threshold, and transforms the data set by adding a third noise when the retroactive count is not greater than the threshold. The processor transmits the second data set to a data processing system for further processing.

Abstract: The disclosed computer-implemented method for protecting personally identifiable information during electronic data exchanges may include (i) receiving, from a computing device, an authentication token for a proposed electronic data exchange, (ii) preventing the user's personally identifiable information from entering the proposed electronic data exchange by identifying the user using the anonymized identifier rather than using the user's personally identifiable information, (iii) authenticating the user identified in the data exchange information, and (iv) in response to authenticating the user, authorizing completion of the proposed electronic data exchange. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Systems and method for alerting a user device based on a proposed anonymization of a contribution to a conversation thread via one or several location-based anonymization rules are disclosed herein. The system can include a user device that can have location-determining features that can determine a physical location of the user device; a network interface that can exchange data with a server via a communication network; and an I/O subsystem that can convert electrical signals to user-interpretable outputs in a user interface. The system can include a server that can: receive a contribution from the user device; determine an anonymization level for applying to the contribution; identify a potential identifier in the content of the contribution; anonymize the potential identifier according to the determined anonymization level; and generate and provide an alert to the user device.

Abstract: A method for detecting a modification to stored data includes continuously creating a point-in-time copy of a storage level logical unit, the point-in-time copy comprising a volume copy of the storage level logical unit and a signature of the storage level logical unit, comparing at least a portion of the point-in-time copy with a previous copy of the storage level logical unit, and monitoring, based on the comparing, changes on certain logical blocks of the stored data, using the signature of the storage level logical unit.

Abstract: A Hardware-Embedded Delay Physical Unclonable Function (“HELP PUF”) leverages entropy by monitoring path stability and measuring path delays from core logic macros. Reliability and security enhancing techniques for the HELP PUF reduce bit flip errors during regeneration of the bitstring across environmental variations and improve cryptographic strength along with the corresponding difficulty of carrying out model building attacks. A voltage-based enrollment process screens unstable paths on normally synthesized (glitchy) functional units and reduces bit flip errors by carrying out enrollment at multiple supply voltages controlled using on-chip voltage regulators.

Abstract: In a transient storage device (TSD) with multiple authentication silos, a host computing device connected to the TSD is configured by the TSD to discover and act upon various types of authentication information in the silos. One or more logical combinations of authentication silos are switched to the authenticated state to grant access to an associated storage area. A particular ordering of authentication silos may be required to achieve a valid combination of authenticated silos. Ordering may be suggested by configuration information in the TSD. Ordering may also be based upon whether or not user input is required for authenticating a given authentication silo, the environment of use of the TSD, or a hierarchy from most trusted to least trusted authentication silo. With this information, the host proceeds with the most efficient authentication sequence leading to a grant of access to the storage area.

Abstract: In order to easily prepare a medical diagnostic analysis of a patient, a barcode scanning device (100) is configured for determining a physiological quantity of the patient. The barcode scanning device (100) comprises a light receiving unit (108) configured for receiving light (219) reflected from a surface to be sensed of the patient, and a signal processing unit (218) configured for determining the physiological quantity of the patient based on the received light (219).

Abstract: A metallurgical vessel (2) having an outer surface (2a) and an identification tag (1, 1?, 1?) on the outer surface (2a). The tag has a carrier matrix (11) formed of an electrically and thermally insulating material. At least two passive transponders (3, 3a, 3b) are embedded in the carrier matrix (11). Within a metallurgical plant, a reading station (4) for tracking the path of the metallurgical vessel (2) is arranged at a tracking position. An antenna (5) of the reading station (4) initiates activation of the passive transponders (3, 3a, 3b), provided that the metallurgical vessel (2) is in a sensing range of the reading station (4). A reading unit (6) of the reading station (4) reads out the activated passive transponders (3, 3a, 3b) and transmits the result to an evaluating unit (7) of the reading station (4). The evaluating unit (7) determines which and/or how many of the passive transponders (3, 3a, 3b) were actually activated.

Abstract: The embodiments herein measure the tag to noise ratio (TNR) for a tag on an item (e.g., a package) to determine a location of the item in a warehouse. In one embodiment, the TNR is derived by comparing a measured performance parameter for a tag of interest to the combined measured performance parameters for other tags measured by the same reader or for the same tag when measured by a different RFID reader. The higher the TNR, the greater likelihood the tag is within an area assigned to the reader. In another embodiment, the TNR is derived from comparing the signal strength of a tag as measured by multiple RFID readers. In another example, respective TNR values for a plurality of tags detected by a reader can be compared to determine which tag is being carried by an associate.

Abstract: In aspects of determining blocked wireless communication between devices, a mobile device wirelessly communicates with a wireless device. The mobile device can receive partial data or no data from the wireless device responsive to the wireless communication. The mobile device activates sensors to obtain sensor data based on receiving the partial or no data from the wireless device. The mobile device can then determine whether an object is positioned or located between the mobile device and the wireless device based on the sensor data, and determine that the object is likely blocking the wireless communication based on the object being positioned or located between the devices. The mobile device can then display a notification that the wireless communication is being blocked based on the determination that the object is likely blocking the wireless communication.