Abstract: Devices and methods of access control are provided. A device includes a processor, an input interface coupled to the processor, and a memory coupled to the processor. The device may be configured to receive a first input via a first input interface and determine whether the first input includes valid first authentication data, invalid authentication data, or duress authentication data. Based on the determination, if the first input includes valid authentication data, allow access. If the first input includes invalid authentication data, disallow access. If the first input includes duress authentication data, allow access when a second input received via a second input interface includes valid second authentication data. Example inputs include iris scan input, retinal scan input, fingerprint scan input, handprint input, palm print input, facial recognition input, alphanumeric input, touchscreen gesture input, breathalyzer sample input, facial or hand gesture input, or voice input, among others.

Abstract: A method for providing a service by an electronic device according to various embodiments may comprise the steps of: obtaining biometric information of a user; determining at least one service associated with the biometric information out of a plurality of services that the electronic device supports; and providing the determined at least one service.

Abstract: Provided is a user authentication method and apparatus that obtains first environmental information indicating an environmental condition in which an input image of a user is captured, extracts a first feature vector from the input image, selects a second feature vector including second environmental information that matches the first environmental information from enrolled feature vectors in an enrollment database (DB), and authenticates the user based on the first feature vector and the second feature vector.

Abstract: A prism member of an authentication apparatus includes a living body contact surface configured to be in contact with the living body, and an imaging surface opposed to the living body contact surface and formed at a position generally parallel therewith. The prism member includes a reflection surface in contact with the living body contact surface and the imaging surface, to totally reflect light reflected from the former surface toward the latter surface. The reflection surface is at angle such that (i) light through the living body contact surface into the prism member does not reach to the reflection surface, and (ii) light from an inside of the prism member is totally reflected at the living body contact surface in an optical path running from the imaging surface and reaching the living body contact surface by way of the reflection surface. A first imaging unit captures a living-body reflected light.

Abstract: A station device in a biometric pre-identification system uses identity to perform one or more actions. Identities are determined (such as via a backend) using biometric information. A biometric pre-identification device obtains biometric information and/or a digital representation thereof from a person approaching the station device. The biometric pre-identification device transmits such to the station device, facilitating the station to begin and/or perform various actions. The station device begins or performs the actions using the identity determined based on the biometric information before the person arrives at the station device.

Abstract: According to an embodiment of the present invention, there is provided an input processing system including: an information storage device; and an information processing device, in which the information storage device includes: an input information storage unit configured to store information for performing input processing and identification information so that both of the information corresponds to each other; an identification information receiving unit configured to receive the identification information from the information processing device; an information transmitting unit configured to transmit, to the information processing device, the information for performing input processing stored to correspond to the identification information received by the identification information receiving unit; an identification information storage unit configured to store the identification information; an identification information transmitting unit configured to transmit the identification information to the informati

Abstract: An image processing apparatus, if a login application (login app) is enabled, performs setting of an authentication function (authentication transmission) of a transmission application (transmission app). The image processing apparatus performs an ON or OFF setting of the authentication function (authentication transmission) which has a handover function for receiving authentication information, used for authentication by another application, that is handed over from the other application and using the handed over authentication information. The image processing apparatus, in accordance with the login app being enabled, by setting the authentication transmission of the transmission app to ON, enables handover by the handover function of authentication information used by the login app to the transmission app.

Abstract: A computerized system and method is described for classifying objects as malicious by processing the objects in a virtual environment and monitoring behaviors during processing by one or more monitors, where the monitoring is conducted in an electronic device that is different than the electronic device within which an analysis of attributes of the objects is conducted beforehand. The monitors may monitor and record selected sets of process operations and capture associated process parameters, which describe the context in which the process operations were performed. By recording the context of process operations, the system and method described herein improves the intelligence of classifications and consequently reduces the likelihood of incorrectly identifying objects as malware or vice versa.

Abstract: A log processing job executing on a log producing computing system is initiated for processing log data associated with the log producing computing system. Log entries are determined to be available for processing. At least one instance of a Log Extractor Factory, Reader, and Transformation component are instantiated for reading and transforming the log data. Read log data is transformed into a common semantic format as transformed log data and transmitted in real-time to a Streaming Component for storage in an Enterprise Threat Detection (ETD) System. A recovery point is stored with a recovery timestamp indicating a next log entry in the log data to process.

Abstract: An enterprise threat detection (ETD) pattern is executed against received log event data from one or more computing systems. Using the ETD pattern, an event threshold is determined to have been exceeded. Entities associated with an alert created based on the exceeded threshold are determined and, at runtime, a severity value is calculated for each determined entity associated with the alert. A selection is received of a determined entity on which to perform mitigation action activities. Mitigation action activities associated with the determined entity are written into an activity record data record. A mitigation action activity is closed on the determined entity and a determination performed that all mitigation action activities associated with all entities related to the created alert have been closed. The created alert is closed.

Abstract: Systems and methods for multi-tiered sandbox based network threat detection are provided. According to one embodiment, a file is received by a computer system. The file is caused to exhibit a first set of behaviors by processing the file within a virtualization application based environment of the computer system. The virtualization application based environment is created based on an application to which the file pertains. The file is further caused to exhibit a second set of behaviors by processing the file within a container based environment of the computer system. Differences, if any, between the first set of behaviors and the second set of behaviors. Finally, the file is classified as malicious when the differences are greater than a predefined or configurable threshold.

Abstract: Approaches for monitoring a host operating system. A threat model is stored and maintained. The threat model identifies for any process executing on a host operating system how trustworthy the process should be deemed based on a pattern of observed behavior. The execution of the process and those processes in a monitoring circle relationship thereto are monitored. The monitoring circle relationship includes a parent process, any process in communication with a member of monitoring circle relationship, and any process instantiated by a present member of monitoring circle relationship. Observed process behavior is correlated with the threat model. Upon determining that a particular process has behaved in a manner inconsistent with a pattern of allowable behavior identified by the threat model for that process, a responsive action is taken.

Abstract: There is a computer program product and computer system that includes program instructions programmed to identify, in a software-defined environment, a security container describing a workload and a set of resources required by the workload, the security container including self-describing sub-containers having associated metadata describing content of a respectively corresponding sub-container; determine, for the workload, a set of resource-divisible portions of the workload including a compute-resource portion; generate a plurality of sub-containers within the security container, a sub-container within the plurality of sub-containers being a self-describing sub-container having associated metadata describing the content of the sub-container representing only one resource-divisible portion, the sub-container being an operating system sub-container; and responsive to identifying a security event while processing the workload, adjust a security mechanism associated with the security container.

Abstract: A system for performing code security scan includes a non-transitory computer readable medium and a processor. The non-transitory computer readable medium stores a plurality of identifiers each identifying a software security analysis tool of one of several categories, including SAST, DAST and OSA tools. The processor receives an identification of code to be scanned. The processor selects at least two identifiers from the plurality of identifiers. The at least two identifiers identify at least two select software security analysis tools for execution on the identified code. The processor receives an execution result from each select software security analysis tool after performing execution on the identified code. The processor aggregates the execution result from each select software security analysis tool. A user interface displays an aggregation of the execution result from each select software security analysis tool.

Abstract: Disclosed herein is a computer implemented method for receiving code distributed by a base station at a target device via a network, the distribution being made to one or more destination devices including the target device via one or more distribution servers arranged between the base station and the one or more devices on the network, wherein the base station maintains a first blockchain data structure storing one or more blocks and having a state determined by a most recently committed block in the first blockchain.

Abstract: A vulnerability finding device has a vulnerability extracting unit, a normalization processing unit, and a matching unit. The vulnerability extracting unit extracts a first program code corresponding to a vulnerable part of software. The normalization processing unit performs normalization of a parameter included in the first program code extracted by the vulnerability extracting unit and a second program code of software to be inspected for a vulnerable part. The matching unit performs matching between the first program code after the normalization and the second program code after the normalization, and detects a program code, which is a program code that is the same as or similar to the first program code, from the second program code.

Abstract: An example computer-implemented method of preventing exploitation of software vulnerabilities includes determining that a software container is susceptible to a vulnerability, determining one or more soft spots required to exploit the vulnerability, and analyzing runtime behavior of the software container to determine if the software container uses the one or more soft spots. The method includes automatically applying a security policy that prevents the software container from using the one or more soft spots based on the analyzing indicating that the software container does not use the one or more soft spots at runtime.

Abstract: Methods and systems are disclosed for penetration testing of a network node by a penetration testing system to determine vulnerability of network nodes to macro-based attacks. A reconnaissance agent runs in a network node to prompt user responses to macro warnings upon detecting file openings by macro-supporting software applications of files not containing auto-executing macros, and the responses are used for determining vulnerability.

Abstract: A method, apparatus and product for firmware verification. The method comprises obtaining a list of libraries utilized by a firmware. The method comprises determining a set of vulnerabilities of the firmware by identifying vulnerabilities corresponding to each library of the list of libraries. The method further comprises determining a set of remedial actions for the set of vulnerabilities, the set of remedial actions including an offline remedial action and an online remedial action. The method further comprises determining for the set of vulnerabilities a combination of remedial actions based on estimated costs and estimated runtime overheads of the set of remedial actions. The method further comprises providing an output based on the combination of remedial actions.

Abstract: One implementation of a method for providing backup storage services for encrypted data includes receiving signatures of convergently encrypted portions of data from client computers, determining whether the encrypted portions are already present on a backup storage, and obtaining only the needed portions. Users unassociated with a particular user account are denied access to information backed up in that account. The backup storage also stores password protected key files holding signatures of the unencrypted portions of data. One implementation of a system includes a memory, a single-instance storage circuit, a user account management circuit, and a signature index. The memory holds a user-account database and backup copies of convergently encrypted portions of data. The single-instance storage circuit uses the signature index to prevent duplicative backup copies. The user account management circuit responds to download requests after authenticating the user information associated with the requested data.

Abstract: The invention relates to a method for storing data, wherein the method, in order to store a file (101), comprises: —automatic generation (602) of a distribution schedule (416); —performance (604) of an error correction method, which is specified in the distribution schedule, for generating file fragments from the file by a user computer system; —sending (606) of an authorisation enquiry (420) for storing the file fragments in the memory services (SD2, SD4-SD6) identified in the distribution schedule from the user computer system to a file management server via a network; —in response to reception of the authorisation enquiry by the file management server, requesting (608, 424) of an authorisation token by the file management server from each of the memory services identified in the distribution schedule and forwarding (610) of the authorisation token (428) obtained in response to the request to the user computer system by the file management server; and —storage (612) of the generated file fragments in the st

Abstract: Systems and methods for copy and decrypt support for encrypted virtual machines are disclosed. An example method may include receiving, at a source host machine hosting a virtual machine (VM), a request to migrate the VM to a destination host machine, identifying a first page of memory of the VM on the source host machine for migration, write-protecting the first page, the first page of memory encrypted with a VM-specific encryption key, allocating a second page, executing a copy-and-reencrypt command using the first page and the second page as parameters for the copy-and-reencrypt command, the copy-and-reencrypt command to output the second page comprising contents of the first page re-encrypted with a migration key, and transmitting contents of the second page to the destination host machine.

Abstract: Security system for protecting a vehicle electronic system by selectively intervening in the communications path in order to prevent the arrival of malicious messages at ECUs, in particular at the safety critical ECUs. The security system includes a filter which prevents illegal messages sent by any system or device communicating over a vehicle communications bus from reaching their destination. The filter may, at its discretion according to preconfigured rules, send messages as is, block messages, change the content of the messages, request authentication or limit the rate such messages can be delivered, by buffering the messages and sending them only in preconfigured intervals.

Abstract: A method and system for tracking and managing additive manufacturing of products includes formalizing a digital contract between a registered product owner and a registered additive manufacturing vendor. The digital contract includes an identification of a design file of the product, an identification of each registered additive manufacturing printer owned by the registered vendor, and an authorized quantity of products to be manufactured. The method further includes providing an access to the design file to the registered vendor upon formalization of the digital contract, and recording a print transaction data received from each registered printer. The print transaction data includes a quantity of products manufactured by the registered printer. The method further includes terminating the digital contract by revoking the access to the design file when the manufactured quantity equals the authorized quantity or upon violation of the digital contract.

Abstract: The present invention relates to a software handling device and a server system. The software handling device comprises a processor and a transceiver, wherein the transceiver is configured to transmit varies requests and to receive varies verifications and encryption keys to and from a server system. The server system comprises an authentication server, a licensing server and a software application server, wherein the server system is configured to receive varies requests and to transmit varies verifications and encryption keys from and to a software handling device. Furthermore, the present invention also relates to corresponding methods, a computer program, and a computer program product.

Abstract: Controlling device security includes obtaining a set of device activity data indicating current device activity on a device and a set of user activity data indicating a current activity state of one or more legitimate users of the device. It is determined whether the indicated current activity state of the users indicates that a legitimate user is in an active state on the device, or that none of the legitimate users is in an active state on the device. A statistical fit of the indicated current device activity on the device, with the indicated current activity state of the one or more legitimate users, is determined, by a comparison with at least one of the models that are generated via supervised learning. A security alert action may be initiated, based on a result of the determination of the statistical fit indicating a compromised state of the device.

Abstract: A messaging system for providing messaging service between or among user accounts includes a message database server. The message database server includes an account module to maintain user accounts and an upload module to receive message data from a user communication device associated with a user account. The message data may include a message and a share list that authorizes identified user accounts in which the message is to be shared. A single instance storage module may store the message as a single instance. A share module may share the message with the identified user accounts and delete the message at a predetermined time as specified in the share list.

Abstract: To identify whether a content item is prohibited, a content management system can generate a content item fingerprint for the content item and then compare the generated content item fingerprint to a blacklist of content item fingerprints for prohibited content items. If the generated content item fingerprint matches any of the content item fingerprints included in the blacklist, the content management system can determine that the content item is prohibited. The content management system can deny requests to share prohibited content items and/or requests to assign prohibited content items to a user account on the content management system. The content management system can generate the content item fingerprint using the content item as input in a fingerprinting algorithm that was used to generate the content item fingerprints on the blacklist.

Abstract: Certain embodiments of the present disclosure relate to systems and methods that control access to system resources, such as interfaces, access rights to events, query systems, and other suitable system resources. Further, certain embodiments of the present disclosure relate to a collision detection technique that is implemented to control which and/or a number of queue positions within a queue that are processed. In some implementations, a collision may be detected when two or more users request the same access right within a defined time period.

Abstract: Systems and methods are provided executing jobs immediately upon receipt of a notification. The systems and methods may include receiving, at a cloud compute service, a notification that a sensitive file comprising sensitive data has been received at a file receipt location, the sensitive file being sent by a client device; generating, by the cloud compute service, a container instance in response to the notification; retrieving, by the container instance, the sensitive file from the file receipt location; generating, by the container instance, a stripped file by stripping the sensitive data from the sensitive file based on a configuration file; transmitting, by the container instance, the stripped file to a storage location; deleting the sensitive file and associated file pointers from the file receipt location; and terminating the container instance, wherein terminating the container instance comprises deleting files comprising sensitive data and associated file pointers.

Abstract: Disclosed are systems, methods, and non-transitory computer-readable storage media for providing content management features in a messaging service. A content management system is configured to receive an update to a rule in a data loss prevention (DLP) policy, to identify, based on a log of DLP violations, one or more content items for updating content management permissions, and to update the content management permissions for the one or more content items based on the update to the rule.

Abstract: Private, personal, secret, or otherwise sensitive data is masked or redacted in response to receiving an event signal indicative of an occurrence, if any, of at least one of a number of defined events associated with the set of data. The data to mask is detected by matching it to one or more defined patterns and then validating it, in the case of the data being a financial account or credit card account number, by using a validation process, such as the Luhn algorithm. Among others, the defined event may be a transmission of the data between a host computer system and a terminal emulator, an entry of the data into a host screen, or an export of a set of host screen data to an external application by an end user computer system.

Abstract: Location and other status information may be communicated between Proximity Service (ProSe) users. A ProSe function may retrieve a ProSe WTRU's location data from SLP and provide it to a monitoring WTRU via a ProSe discovery procedure or EPC-level ProSe discovery procedure. A ProSe function may retrieve a ProSe WTRU's location data from a ProSe WTRU and provide it to monitoring WTRUs via a ProSe discovery procedure. A ProSe WTRU may broadcast its location and/or other status information in a discovery message. A ProSe function may encrypt the location and/or other status information for encryption before broadcast. A ProSe WTRU may send its location and/or other status information via a user plane to another ProSe WTRU or ProSe group. A ProSe function may verify whether a WTRU is permitted to disclose and/or process information (e.g., location information) and may indicate to a WTRU whether to disclose information, e.g., before the information is disclosed, and/or whether to process the information.

Abstract: Encrypting and decrypting sensitive files on a network device. In one embodiment, a method may include determining that a file stored on a network device is a sensitive file, encrypting the sensitive file, sending, to an authentication server, an encryption key, initializing, at the network device, a Software Guard Extension (SGX) enclave, loading, into the SGX enclave, a retrieval application, receiving, at the retrieval application, an attestation from the authentication server that the retrieval application is authentic, receiving, at the retrieval application, the encryption key from the authentication server, receiving, at the retrieval application, a user request to decrypt the encrypted sensitive file, authenticating, at the retrieval application, the user request, decrypting, at the network device, the particular encrypted sensitive file, and providing the sensitive file to the user.

Abstract: An accessibility service protection application for hiding content of a first application from an accessibility service of a second application on a mobile computing device is described. The accessibility service protection application determines the first application currently active in foreground of the mobile computing device. The accessibility service protection application configures a transparent activity to hide content associated with the first application from the accessibility service of the second application. The accessibility service protection application launches the transparent activity on top of the first application, such that the transparent activity protects the content associated with the first application from the accessibility service of the second application.

Abstract: A system-on-chip (SoC) includes a host CPU on a CPU fabric, the host CPU including multiple processor cores, each associated with multiple security attributes. The SoC includes a secure asset on a network-on-chip and a security co-processor. The security co-processor includes circuitry to detect requests from the processor cores targeting the secure asset and security function processing requests, to determine, based on associated security attributes, whether the core or function is authorized to access the secure asset, to allow the request to be issued, if the core or function is so authorized, and to prevent its issuance, if not. The determination may be dependent on a signal from the CPU fabric indicating whether the host CPU can modify its security attributes or they are locked down. The security co-processor may have the highest security level and may be the only master on the SoC that can access the secure asset.

Abstract: An information handling system includes a processor and a baseboard management controller (BMC). The BMC receives a secure copy protocol (SCP) file including configuration information for the processor, determines whether the BMC is in a lockdown mode in response to receiving the SCP file, and applies the configuration information to change a configuration of the processor in response to determining that the information handling system is not in the lockdown mode.

Abstract: An industrial control system module and methods are described for self-destruction or the destruction and/or erasure of sensitive data within the industrial control system module upon an indication of an unauthorized module access event. In an implementation, a secure industrial control system module includes a circuit board including electrical circuitry; a sealed encasement that houses the circuit board, where the sealed encasement includes a housing having a first housing side and a second housing side, where the housing is configured to house the circuit board when the first housing side and the second housing side are coupled together; and a first sensor component integrated with the sealed encasement, where the first sensor component is communicably coupled to the circuit board and electrical circuitry and is configured to provide an indication of an unauthorized access event.

Abstract: An example method includes estimating whether a collision occurred between a plurality of wide band response signals, the wide band response signals being responsive to a first interrogation signal transmitted by a first reader; when the collision is estimated to have occurred and the first reader received a first response from a particular tag, transmitting, by the first reader, a second interrogation signal, the second interrogation signal initiating a communication session between the reader and the particular tag; and transmitting, by the first reader, an acknowledgement packet to cause the tag to refrain from responding to a command during the communication session; and a second reader to refrain from interrogating the particular tag during the communication session.

Abstract: A system and method for managing a population of RFID tags. In various aspects, an RFID reader implements one or more RFID protocols to execute a read cycle that defines a series of actions for the RFID reader to perform. The read cycle may begin by the RFID reader broadcasting a query to deselected RFID tags to generate a list of deselected tag identifiers. The read cycle then causes the RFID reader to broadcast a query to selected RFID tags to track selected RFID tags. Finally, the read cycle causes the RFID reader to broadcast a selection command that includes the list of deselected tag identifiers.

Abstract: For emphasizing equipment based on an equipment tag, a processor receives a given equipment reference code for a given equipment instance. The processor further identifies one or more equipment tags in the image. Each equipment tag corresponds to a unique equipment reference code. The processor identifies a given equipment tag corresponding to the given equipment reference code in the image. In addition, the processor emphasizes the given equipment instance in the image presented on the display.

Abstract: Disclosed is a method for carrying out an inventory of a plurality of biological product containers, each container and/or each package including containers being provided with an identification label including a wireless communication chip. The method includes the steps of: providing a device including a gantry defining a direction of travel; providing a receptacle able to be moved, the receptacle carrying the plurality of containers; moving the receptacle in order to cross the gantry in the direction of travel; and reading the wireless communication chip of each container and/or package during the movement of the receptacle.

Abstract: A method and apparatus for calibrating a client computing device for decoding symbols includes an imaging assembly for capturing images of a symbol of known size and density. Each image, or set of images, is captured using a different setting or value of a parameter of the imaging assembly of the client computing device. Each image, or set of images, is decoded, and the fastest decode-time determines the default settings/values for the parameters.

Abstract: An information reading device may include a transparent placement member, a first illumination part, a second illumination part, a first optical system structured to read information on the medium, a second optical system structured to read another information on the medium, a housing formed with a medium insertion port and in which the placement member, the first illumination part, the second illumination part, the first optical system and the second optical system are accommodated, and a semi-light shielding member having a semi-light shielding part which transmits light of a part of a wavelength region and blocks lights of other wavelength regions and covers at least an upper side of the medium insertion port. A transmittance curve indicating a relationship between transmittance of light and a wavelength of the semi-light shielding part is a curve having a peak within a wavelength region of visible light.

Abstract: A method and apparatus for capturing images of symbols and decoding symbols based on the distance of the target from the reader. The distance of the symbol from the reader causes the controller to switch between different parameters, imaging assemblies, decode modules and/or decode approaches in order to decode different symbology types.

Abstract: A method of scanning an object may include determining that an object is proximately positioned relative to a scanning volume of a presentation scanner in response to receiving at least one object presence signal prior to scanning a code indicia positioned on the object. At least one object sensory indicator device may be activated in response to determining that the object is proximately positioned relative to the scanning volume so as to indicate that the object is proximate to the scanning volume to a user. A second level of detection and location feedback may be provided for code indicia within the scanning volume.

Abstract: A two-dimensional code generation request is received by a server from a two-dimensional code display client. Static, two-dimensional code information and a random feature value are generated by the server. The generated static, two-dimensional code information and the random feature value are sent by the server to the two-dimensional code display client to display a combinational, two-dimensional code on the two-dimensional code display client. A two-dimensional code verification request sent by a two-dimensional code scanning client is received by the server. A two-dimensional code scanning status value is sent by the server to the two-dimensional code scanning client.

Abstract: A detection apparatus (10) is provided having a plurality of optoelectronic sensors (20) that are arranged in different positions and orientations to record respective image information of different sides of an object (14) and having an evaluation unit (22) to process the image information. In this respect, the evaluation unit (22) is configured to recognize views of a respective side of the object (14) in the image information and to arrange the views in a plane such that the original arrangement on the object (14) can be restored.

Abstract: Techniques to improve detection and security of images, including formation and detection of matrix-based images. Some techniques include logic to process image data, generate one or more colorspaces associated with that data, and perform colorspace conversions based on the generated colorspace. The logic may be further configured to generate an image based on the colorspace conversions, including but not limited to a matrix bar code. The logic may be further configured to apply one or both of an ultraviolet layer and an infrared layer to the image, e.g. matrix barcode, generated from the colorspace conversion(s). Other embodiments are described and claimed.

Abstract: Systems and methods for custom functional patterns for optical barcodes are provided. In example embodiments, image data of an image is received from a user device. A candidate shape feature of the image is extracted from the image data. A determination is made that the shape feature satisfies a shape feature rule. In response to the candidate shape feature satisfying the shape feature rule, a custom graphic in the image is identified by comparing the candidate shape feature with a reference shape feature of the custom graphic. In response to identifying the custom graphic, data encoded in a portion of the image is decoded.