40th week of 2017 patent applcation highlights part 61 |
Patent application number | Title | Published |
20170286626 | MULTI-DIMENSIONAL TIMELINE SYSTEM FOR INTEGRATED TREATMENT VIEWING, PLANNING AND COORDINATION - A system and method of generating a clinical timeline user interface includes receiving a plurality of clinical information items associated with at least one relationship between a healthcare provider entity and a patient entity, each clinical information item having an associated time. The method also includes filtering the clinical information items according to a relationship, the relationship comprising an indicated healthcare provider entity and at least one indicated patient. The method further includes ordering the filtered clinical information items according to the associated time and generating a clinical timeline according to the ordered clinical information items. | 2017-10-05 |
20170286627 | ANALYSIS AND VERIFICATION OF MODELS DERIVED FROM CLINICAL TRIALS DATA EXTRACTED FROM A DATABASE - This disclosure describes frameworks and techniques directed to the analysis and verification of models extracted from a database. In some cases, the database can include an online database, such as clinicaltrials.gov administered by the United States National Institutes of Health. In particular, this disclosure describes implementations that utilize models derived from clinical trial data extracted from a database and analyzes the models. The analysis of the models can be used to verify the results of the clinical trials from which the models were derived. Additionally, the analysis of the models can identify a combination of models that can be used to predict health outcomes of one or more biological conditions for one or more populations. | 2017-10-05 |
20170286628 | METHOD FOR DETERMINING PATIENT-SPECIFIC BLOOD VESSEL INFORMATION - The present invention relates to a method for determining patient-specific blood vessel information. More specifically, the present invention relates to a method for determining patient-specific cardiovascular information by applying a simplified coronary circulation model thereto. Furthermore, the present invention relates to a method for determining a blood flow rate for branches of a blood vessel having originated from an artery of each patient. According to the present invention, the method for determining cardiovascular information by using a computer system comprises the steps of: receiving image data including a plurality of coronary arteries having originated from the aorta; processing the image data so as to generate a three-dimensional shape model of the plurality of coronary arteries; simulating a blood flow for the generated three-dimensional shape model of the plurality of coronary arteries; and determining a fractional flow reserve (FFR) of the respective coronary arteries with the blood flow simulation result. In the blood flow simulation step for the three-dimensional shape model of the plurality of coronary arteries, a computational fluid dynamics model is applied to the three-dimensional shape model of the coronary arteries, and a centralized parameter model to be combined with the computational fluid dynamics model uses a simplified coronary circulation model including coronary arteries, capillaries of the coronary arteries, and coronary veins. | 2017-10-05 |
20170286629 | METHOD FOR SIMULATING BRAIN STIMULATION, CORRESPONDING DEVICE AND COMPUTER PROGRAM - A method is provided for simulating a brain stimulation, delivering an estimation of a target spatial zone of stimulation. The method includes at least one iteration of the following acts: selection, from among at least two available values, of a value, referred to as a selected value, to be assigned to a pre-determined score; and identification, within an anatomo-clinical atlas belonging to a set of anatomo-clinical atlases, of a spatial zone capable of delivering a value close to said selected value to be assigned to said pre-determined score. The at least one iteration delivers a set of spatial zones. The method further includes a computation, as a function of the set of spatial zones, of at least one target spatial zone, capable of producing a given result representing at least one selected value. | 2017-10-05 |
20170286630 | DRUG REPOSITIONING METHODS FOR TARGETING BREAST TUMOR INITIATING CELLS - Disclosed are systems biology-based methods for repositioning known pharmaceutical compounds to new indications, through the identification of network-based signatures. In particular, the invention provides new and useful methods for selecting drugs or combinations of drugs (and preferably previously-approved drugs) for use in new therapeutic indications. Also disclosed are methods for identifying anti-breast tumor initiating cell (TIC)-based therapeutics from within populations of target compounds. In illustrative embodiments, the invention provides methods and computer programs for the repositioning of FDA-approved pharmaceutical compounds to new indications using network-based signature analysis coupled with conventional in vitro and in vivo testing of identified drug candidates. The invention also allows identification of drugs or drug combinations for treating unmet medical needs including, for example, “orphan” diseases. | 2017-10-05 |
20170286631 | TEXT ANALYTICS ON RELATIONAL MEDICAL DATA - A system can associate a life event and a medical condition for a particular patient by identifying the life event using text analysis for the patient's medical records. Medical data associated with the life event can be extracted, and it can be determined that the life event impacts other patients. The medical records for the other patients can then be analyzed, and the medical data relevant to the patient's life event can be extracted. Using the extracted medical data, a medical condition for the primary patient can be determined, and a relationship between the life event and the medical condition can be transmitted. | 2017-10-05 |
20170286632 | MEDICATION SCHEDULING AND ALERTS - Embodiments include method, systems and computer program products for providing medication-related feedback. Aspects include receiving medication information for a patient. Aspects also include receiving a biological, behavioral, or environmental output from a sensor. Aspects also include determining, based upon the biological, behavioral, or environmental output and the medication information for the patient, whether a medication dose is needed. Aspects also include, based on a determination that the medication dose is needed, generating an alert. | 2017-10-05 |
20170286633 | PROXIMITY FEEDBACK FOR MEDICINE IDENTIFICATION - Embodiments include method, systems and computer program products for proximity feedback for medication identification. Aspects include accessing, via a user device, a profile data for the user; reading, via the user device, identification data from an identification tag on an object; obtaining information associated with the identification data, wherein the information is associated with contents of the object; and providing a feedback to the user via the user device, the feedback is based upon the information and an interaction between the user of the user device and the object. | 2017-10-05 |
20170286634 | MEDICINE MANAGEMENT METHOD AND MEDICINE MANAGEMENT DEVICE - A medicine management method includes acquiring user information of medicine usage corresponding to at least one assigned medicine; acquiring user information of medicine using reactions; and displaying the user information of medicine usage with first time information corresponding to different time points of using the at least one assigned medicine and the user information of medicine using reactions with second time information corresponding to different time points of occurring medicine using reactions concurrently. | 2017-10-05 |
20170286635 | SYSTEM AND METHOD FOR ENABLING AUTOMATED ORDERING OF CUSTOM COMPOUNDED MEDICATIONS - A system for processing prescriptions of customized medications is provided including a memory storing a database of ingredients that may be used in custom compounded medications and drug interactions between the ingredients. The database may include patient information having identification of patients and their prescribed medications. The system further includes a processor configured to: receive a prescription request for a customized medication from a user for a selected patient; retrieve any existing prescribed medications for the selected patient; prompt the user to select ingredients of the customized medication; upon selection of all ingredients of the customized medication, access the database to compare each ingredient of the customized medication to any existing prescribed medications and their ingredients to identify any potential drug interactions; and when any potential drug interactions are identified, create an alert to inform the user of any potential drug interactions resulting from prescribing the customized medication. | 2017-10-05 |
20170286636 | VISUAL VERIFICATION OF MEDICATION PACKAGE - A system includes a database that stores information associated with a patient. The information includes information about at least one medication prescribed to the patient. The database stores at least one photograph of a package containing the medication. A control module in communication with the database receives an indication that a healthcare professional has selected the package containing the medication to be administered to the patient and displays the at least one photograph of the package containing the medication. The control module is configured to receive, from the healthcare professional, confirmation that the at least one photograph matches the package containing the medication as selected to be administered to the patient. | 2017-10-05 |
20170286637 | MEDICAL DEVICE UPDATE SYSTEM - A system and method for providing updates to medical devices is disclosed. In one example, the medical devices are configured to pull update files in response to the reception of an update message from a server. Once the update files are downloaded by a medical device, the update files can be installed. While the medical device pulls the update files, the medical device can continue with its normal operation. If desired, a user can select which medical devices should be updated, based on any desired factors, such as the physical location of the device, the model of the device, the type of device, and the way the device is being used. | 2017-10-05 |
20170286638 | SYSTEM AND METHOD FOR CAPTURING DOSE INFORMATION - A system for capture of dose delivery information is provided. The system includes a medication delivery device, a dose information capture device adapted to he attached to the medication delivery device, and a target element adapted to be attached to the medication delivery device. The target element comprises a magnet or ferrous element and the target element attaches to the medication delivery device on a dose delivery mechanism of the medication delivery device. The dose information capture device includes a magnetic position sensor adapted to detect a position of the target element. As an alternative to magnetic sensing, MEMS flow sensors, and the like may also be used. Exemplary systems preferably transmit dose information in real time to remote devices for further processing, | 2017-10-05 |
20170286639 | HEALTH TRACKING SYSTEM WITH VERIFICATION OF NUTRITION INFORMATION - A health tracking system includes a plurality of health tracking devices in communication with a host server. In one embodiment, a method of operating the system comprises: receiving data relating to consumables from user devices; storing the data as data records; grouping the data records into groups based on a description string of each; determining an individual score to associate to each data record; and applying an identifier to one of the data records in each group, the one of the data records comprising a one associated with a high score relative to the remaining ones of the data records in the group. | 2017-10-05 |
20170286640 | Personalized Health Care Plan Creation and Monitoring Based on Medical and Lifestyle Conditions - Mechanisms are provided for implementing a personalized patient care plan (PPCP) system. The PPCP system obtains demographic and medical information about the patient and automatically generates an initial patient care plan for the patient, comprising a sequence of goals for the patient, based on an analysis of the obtained demographic and medical information for the patient. The PPCP system obtains lifestyle information, characterizing a lifestyle of the patient, from a plurality of lifestyle information sources. The PPCP system modifies the initial patient care plan to include one or more patient actions specific to the patient based on the lifestyle information, thereby generating a personalized patient care plan. In addition, the PPCP system outputs the personalized patient care plan to a patient computing device. | 2017-10-05 |
20170286641 | SYSTEMS AND METHODS FOR FITNESS AND VIDEO GAMES - In some aspects, an application is provided that is adapted to execute on at least a first mobile device. The application is adapted to (a) track information regarding a user of the mobile device; (b) create an avatar based on the tracked information; and (c) employ the avatar to provide pre-emptive warnings to assist in avoidance of unwanted behavior by the user. Numerous other aspects are provided. | 2017-10-05 |
20170286642 | Digital Rights Management Progressive Control and Background Processing - Digital rights management progressive control and background processing techniques are described. In one or more implementations, a digital rights management module is embedded as part of the content. In one example, the digital rights management module is configured to monitor user interaction with items of the content and used traits collected from this monitoring to progressively control access to other items of the digital content. In another example, the digital rights management module is configured for execution in the background of a computing device, e.g., without rendering of a user interface or accepting user inputs. This background processing is used to monitor interaction of the user with the computing device that is independent of the content. This includes other content, applications, interaction with service providers (e.g., websites such as a social network), wearable devices, the computing device itself, and so forth. | 2017-10-05 |
20170286643 | Systems and Methods for Enabling Playback of Digital Content Using Electronic Tickets and Ticket Tokens Representing Grant of Access Rights - Systems and methods for accessing digital content using electronic tickets and ticket tokens in accordance with embodiments of the invention are disclosed. In one embodiment, a user device includes a processor, a network interface, and memory configured to store an electronic ticket, and a ticket token, and the processor is configured by an application to send a request for digital content, receive a ticket token from a merchant server, wherein the ticket token is generated by a DRM server and associated with an electronic ticket that enables playback of the requested digital content, send the ticket token to a DRM server, receive an electronic ticket that enables playback of requested digital content, request the digital content associated with the electronic ticket, and play back the requested digital content using the electronic ticket. | 2017-10-05 |
20170286644 | Protection Method and Device for Application Data - A protection method and device for application data are provided. The method includes: acquiring a data request sent by a monitored application, wherein the data request is used for requesting data in a first data source in which data needing protection is stored (S | 2017-10-05 |
20170286645 | INSTRUCTIONS AND LOGIC TO FORK PROCESSES OF SECURE ENCLAVES AND ESTABLISH CHILD ENCLAVES IN A SECURE ENCLAVE PAGE CACHE - Instructions and logic fork processes and establish child enclaves in a secure enclave page cache (EPC). Instructions specify addresses for secure storage allocated to enclaves of a parent and a child process to store secure enclave control structure (SECS) data, application data, code, etc. The processor includes an EPC to store enclave data of the parent and child processes. Embodiments of the parent may execute, or a system may execute an instruction to copy parent SECS to secure storage for the child, initialize a unique child ID and link to the parent's SECS/ID. Embodiments of the child may execute, or the system may execute an instruction to copy pages from the parent enclave to the enclave of the child where both have the same key, set an entry for EPC mapping to partial completion, and record a page state in the child enclave, if interrupted. Thus copying can be resumed. | 2017-10-05 |
20170286646 | Editing Watermarked Assets - A digital medium environment includes an asset processing application that performs editing of a watermarked asset. An improved asset editing method implemented by the asset processing application comprises receiving a watermarked asset, receiving edits to the watermarked asset, storing metadata corresponding to the edits together with an asset identification (ID), communicating the metadata and asset ID, applying edits using the metadata to an unwatermarked version of the asset retrieved using the asset ID, adding a watermark back to the edited asset, and providing the edited, watermarked asset. | 2017-10-05 |
20170286647 | WATERMARKING INPUT AND OUTPUT OF A WHITE-BOX IMPLEMENTATION - A method of mapping an input message to an output message by a keyed cryptographic encryption operation, wherein the keyed cryptographic encryption operation includes a first round, including: performing a substitution function on a first portion of the input message to produce an output, wherein the substitution function incorporates a portion of a cryptographic key; and performing a watermarking function on the output, wherein the watermarking function produces a watermark output when the first input portion has a specific predetermined value, wherein the watermark output uniquely identifies the keyed cryptographic encryption operation. | 2017-10-05 |
20170286648 | AUTHENTICATION SYSTEM AND METHOD - An object of the present invention is to provide an authentication system and method which can reduce a burden on a user while ensuring security by using a combination of a plurality of authentication methods. A method for authentication of the present invention comprises the steps of: obtaining a first authentication performance value for each transaction based on initial input information at a transaction; determining whether or not additional authentication is required for authentication of a person by comparing the first authentication performance value and the authentication performance threshold value required for authentication of a person; presenting, if the additional authentication is required, a plurality of authentication methods from which one authentication method or a combination of authentication methods can be selected so as to satisfy an additional authentication performance value obtained using the first authentication performance value and the authentication performance threshold value; and obtaining a second authentication performance value based on additional input information using the one or more authentication methods selected from the plurality of presented authentication methods, and determining whether to authenticate by comparing the additional authentication performance value and the second authentication performance value. | 2017-10-05 |
20170286649 | ELECTRONIC STORAGE SYSTEM - An electronic storage system is provided. The system includes a housing, securable units within the housing, a kiosk to assign securable units to users and to provide the users with access credentials for accessing assigned securable units, and user portals within the housing and separate from the kiosk. Each user portal permits access to one or more of the securable units in accordance with access credentials entered into the portal. Each user portal is also operable to allow users to transfer rentals of assigned securable devices to other electronic storage systems. The system also permits access to assigned securable devices in accordance with access credentials received via text or SMS messages or via applications executing on a computer, NFC device, or smart device, such as a smart phone or tablet. | 2017-10-05 |
20170286650 | TIERED CODE OBFUSCATION IN A DEVELOPMENT ENVIRONMENT - A method for viewing a plurality of encrypted code displayed within an integrated development environment with a pair of augmented reality (AR) glasses. A plurality of user login credentials submitted by a user utilizing the pair of AR glasses to access a plurality of encrypted code. The method may determine the user is authorized to access a portion of the plurality of encrypted code based on the received plurality of user login credentials. The method may further decrypt the portion based on determining the user is authorized to access the portion. The method may further include displaying the decrypted portion on a lens within the pair of AR glasses. | 2017-10-05 |
20170286651 | AUTHENTICATION - Robotic customer service agents are provided such that, when properly authenticated, they are operable to perform a customer service task. A contact center may dispatch a robot, an accessory for a customer-owned robot, or instructions to transform an unconfigured robot, such as a generic robot, into a configured robot operable to perform the task. If the robot, such as the base or entire robot, robot at the service location, an associated user, hardware addition, and/or software addition is authentic, then the robot may be operated in an authenticated mode. If non-authenticated, then the robot may operate in a non-authenticated mode, such as one consisting of one or more tasks or features being disabled. Additionally, authentication may be temporary (e.g., time restricted) or event restricted (e.g., as long as a result stays within a given range, the robot is being observed, etc.). | 2017-10-05 |
20170286652 | SECURITY MODEL FOR NETWORK INFORMATION SERVICE - Systems and methods for providing information security in a network environment are disclosed. The method includes initiating processing, invoked by a user, of at least one of a plurality of objects in a processing unit of a hardware layer, wherein the plurality of objects is hosted for a tenant. The method further includes determining that the processing of the at least one of the plurality of objects by the processing unit is authorized by the tenant based on a security map provided by the tenant and accessible by the processing unit within the hardware layer. The method further includes allowing the processing of the object based on a result of the determining. | 2017-10-05 |
20170286653 | IDENTITY RISK SCORE GENERATION AND IMPLEMENTATION - Embodiments are directed to providing an identity risk score as part of an authentication assertion, applying operating heuristics to determine an operating application's validity and to providing identity risk scores to requesting third parties. In one scenario, an authentication server receives from a cloud service portal various user credentials from a user. The user credentials identify a user to the authentication server. The authentication server verifies the user's identity using the received credentials and generates an identity risk score based on one or more identity factors. The identity factors indicate a likelihood that the user is a valid user. The authentication server encapsulates the generated identity risk score in an authentication assertion and sends the authentication assertion that includes the generated identity risk score to the cloud service portal. | 2017-10-05 |
20170286654 | SYSTEM AND METHOD FOR SMART WEAPON IMPLEMENTATION AND DEPLOYMENT - A weapon is equipped with processing capabilities and can include, inter alia, communication technology, geographic positioning systems, a camera, memory and the ability to enable or disable the weapon remotely. Through the application of various protocols (e.g., access, monitor, control, programming), a weapon can be designated for one or more authorized users, and will not operate when not being used by an authorized user. Other implementations include smart ammunition that can also be programmed for a specific user, or more preferably for a specific weapon, such that the weapon and/or the ammunition would not work without the other, and only by the registered authorized user of the same. | 2017-10-05 |
20170286655 | WEARABLE DEVICE, SYSTEM INCLUDING THE SAME, AND OPERATION METHODS THEREOF - A wearable device may include: an authentication unit suitable for authenticating a user by verifying user identification information of the user; a sensor suitable for detecting contact between the authenticated user and the wearable device; a wireless communication unit suitable for wirelessly provide link success information to an electronic device requiring user authentication; and a control unit suitable for controlling the wireless communication unit to provide the link success information to the electronic device during the contact after success of the authentication of the authentication unit. | 2017-10-05 |
20170286656 | SYSTEMS AND METHODS FOR PAIRED DEVICE AUTHENTICATION - A pair of remote computing devices for authenticating a user of one of the pair of remote computing devices is provided. The pair of remote computing devices includes a first computing device and a second computing device. The first computing device communicates with a host computing device and stores sample biometric data associated with the user. The first computing device receives an authentication request message for authenticating the user, processes the authentication request message, and transmits a biometric request message to the second computing device. The first computing device also receives captured biometric data from the second computing device, electronically compares the captured biometric data to the sample biometric data, and transmits an authentication response message to the host computing device based upon the comparison of the captured biometric data to the sample biometric data. The authentication response message indicates whether the captured biometric data matched the sample biometric data. | 2017-10-05 |
20170286657 | SECURE STORAGE OF FINGERPRINT RELATED ELEMENTS - The present disclosure relates to secure storage of a detailed set of elements relating to fingerprint features for a finger and to a method for authenticating a candidate fingerprint of a finger using said detailed set of elements, allowing for improved security and user convenience. | 2017-10-05 |
20170286658 | Biometric recognition system - A biometric recognition system for a hand held computing device incorporating an inertial measurement unit (IMU) comprising a plurality of accelerometers and at least one gyroscope is disclosed. A tremor analysis component is arranged to: obtain from the IMU, accelerometer signals indicating device translational acceleration along each of X, Y and Z axes as well as a gyroscope signal indicating rotational velocity about the Y axis during a measurement window. Each of the IMU signals is filtered to provide filtered frequency components for the signals during the measurement window. The accelerometer signals are combined to provide a combined filtered accelerometer magnitude signal for the measurement window. A spectral density estimation is provided for each of the combined filtered accelerometer magnitude signal and the filtered gyroscope signal. An irregularity is determined for each spectral density estimation; and based on the determined irregularities, the tremor analysis component attempts to authenticate a user of the device. | 2017-10-05 |
20170286659 | BIOMETRIC AUTHENTICATION - In an example biometric authentication system, a light beam generator may be configured to generate a light beam. The light beam may be projected to a retina of a user's eye and reflected from the retina. The reflected light beam may be directed, by an optical system, on to a holographic medium to form an input image. An image sensor may be configured to detect or sense the input image and further transmit the input image to an authenticator. The authenticator may be configured to compare the input image with a reference image and grant authentication for the user when the input image is determined to substantially match the reference image. | 2017-10-05 |
20170286660 | Method for Unlocking Screen by Using Fingerprint and Terminal - A method for unlocking a screen by using a fingerprint includes: sending, by a fingerprint sensor, a first notification to a control chip and concurrently sending a second notification to a display driver chip of a screen when detecting that a finger presses or touches a fingerprint recognition area; completing, by the display driver chip according to the second notification, preparation work before the screen is turned on; verifying, by the control chip according to the first notification, fingerprint information collected by the fingerprint sensor and pre-stored fingerprint information; and if the verification succeeds, unlocking the screen and turning on the screen. | 2017-10-05 |
20170286661 | BIOMETRICS FOR USER IDENTIFICATION IN MOBILE HEALTH SYSTEMS - A wearable device may include a sensor system capable of obtaining physiological from a user's body. Some wearable devices may include a substance delivery system. A sensor system of a wearable device may include at least one “bio-assurance sensor” capable of obtaining biometric data that may be used to identify a user. For example, the bio-assurance sensor may be used to ensure that the wearable device is not removed from the user's body and/or placed on or in another user's body. In some examples, the wearable device may be used with a second device, such as a smart phone, that includes at least one “authentication sensor,” such as a fingerprint sensor, that also may be used to identify a user. However, in some implementations the wearable device may include at least one authentication sensor. | 2017-10-05 |
20170286662 | INFORMATION DISPLAY DEVICE - The present invention provides an information display device which may simply display a defined information to improve the convenience. The information display device is able to read the member card having the member identification code, and access the member management server storing the plurality of information associated with the user, and display the plurality of information associated with the user. In the member management server, the plurality of information associated with the user is distinguished to be information not requiring to be authenticated and information requiring to be authenticated respectively and then is stored. The information display device acquires the information not requiring to be authenticated from the member management server according to the member identification code under the condition of reading the member card, and directly display the acquired information not requiring to be authenticated without being authenticated by the user. | 2017-10-05 |
20170286663 | SYSTEM AND METHOD EMPLOYING REDUCED TIME DEVICE PROCESSING - Methods and systems for facilitating a transaction are provided. A transaction involving an integrated circuit user device in contact with an access device is processed in less time, such that the user device can be removed at an earlier time. In embodiments, an access device provides an estimated value to a user device such that a cryptogram can be generated without waiting for a final value. Additionally, the access device can store user device data and then complete the transaction with the user device before authorizing the transaction, such that the user device can be removed without waiting for an authorization response. | 2017-10-05 |
20170286664 | DYNAMIC UPDATING OF PROCESS POLICIES - A system for changing policy information of a process is provided. When a process is to execute, the system stores policy information for the process in association with the process code. The system also creates a token for the process. The token provides evidence of the policy for the process and includes at least a reference to the stored policy information. The system provides the token to the process for use by the process as evidence of the policy for the process. When the process provides the token to a service provider, the service provider uses the reference to access the policy information for the process. While the process is executing, the system modifies the stored policy information. When the process subsequently provides the token to a service provider, the service provider uses the reference to access the modified policy information for the process. | 2017-10-05 |
20170286665 | DEVICES AND METHODS FOR FACILITATING SOFTWARE SIGNING BY MORE THAN ONE SIGNING AUTHORITY - Electronic devices are adapted to facilitate execution of software signed by more than one entity. According to one example, an electronic device can store software including a hash table segment. The hash table segment can include at least one hash entry, a first signature and first certificate chain from a first entity for the at least one hash entry, and a second signature and second certificate chain from a second entity for the at least one hash entry. The electronic device may validate the first and second signatures. If both the first and second signatures are validated, the electronic device can execute the software. Other aspects, embodiments, and features are also included. | 2017-10-05 |
20170286666 | SYSTEM AND METHOD FOR REPLACING COMMON IDENTIFYING DATA - A system and method for generating a unique identifier for a user. A processor hosted by the system transmits a prompt for user selection of a digital image and receives the selected digital image from the user. The received digital image is stored in a data storage device. The processor identifies a first code associated with the user. The processor embeds the first code into the digital image and generates a first modified digital image in response. The first modified digital image is also stored in the data storage device. The processor transmits the first modified digital image to the user over a data communications network. The modified digital image is then used as the unique identifier for the user. | 2017-10-05 |
20170286667 | Password Recovery - A password recovery technique for access to a system includes receiving a request from a first party to recover the first party's password to access the system, receiving a selection of a second party from the first party, sending a message to the second party requesting that the second party authorize the request to recover the first party's password, receiving authorization from the second party for the request to recover the first party's password, and resetting the first party's password responsive to receiving authorization from the second party.. | 2017-10-05 |
20170286668 | TECHNOLOGIES FOR MUTUAL APPLICATION ISOLATION WITH PROCESSOR-ENFORCED SECURE ENCLAVES - Technologies for mutual application isolation include a computing device having a processor with secure enclave support. The computing device loads an application image to a memory range within a predefined virtual address range and creates a secure enclave with the predefined virtual address range assigned to the secure enclave. The computing device validates control flow integrity of the secure enclave. To validate control flow integrity the computing device may validate that the memory pages of the secure enclave synchronously exit only to an allowed address. Additionally, to validate control flow integrity the computing device may validate an asynchronous exit point associated with an enclave entry instruction. After validating the control flow integrity, the computing device executes the secure enclave, which includes enforcing mutual isolation of the application image and the secure enclave using the secure enclave support of the processor. Other embodiments are described and claimed. | 2017-10-05 |
20170286669 | SYSTEMS AND METHODS FOR SECURING VIRTUAL MACHINE COMPUTING ENVIRONMENTS - Systems and methods are provided for securing data in virtual machine computing environments. A request is received for a security operation from a first virtual machine operating in a host operating system of a first device. In response to receiving the request, a first security module executes the security operation, the first security module implemented in a kernel of the host operating system. The result of the security operation is provided to the first virtual machine. | 2017-10-05 |
20170286670 | MALWARE DETECTION AND IDENTIFICATION USING DEVIATIONS IN ONE OR MORE OPERATING PARAMETERS - A method is provided for detecting malware, such as a virus or spyware. The method looks for deviations expected operating parameters instead of focusing solely on conventional malware signatures. The method includes monitoring current operating parameters for a computing system running one or more application, obtaining baseline operating parameters for the computing system running the one or more application in the absence of malware, identifying a deviation between the current operating parameters and the baseline operating parameters, and determining whether the identified deviation matches a deviation associated with a predetermined malware definition. | 2017-10-05 |
20170286671 | Detecting Malicious User Activity - Detecting malicious user activity is provided. A profile for a user that accesses a set of protected assets is generated based on static information representing an organizational view and associated attributes corresponding to the user and based on dynamic information representing observable actions made by the user. A plurality of analytics is applied on the profile corresponding to the user to generate an aggregate risk score for the user accessing the set of protected assets based on applying the plurality of analytics on the profile of the user. A malicious user activity alert is generated in response to the aggregate risk score for the user accessing the set of protected assets being greater than an alert threshold value. The malicious user activity alert is sent to an analyst for feedback. | 2017-10-05 |
20170286672 | System, Apparatus And Method For Filtering Memory Access Logging In A Processor - In one embodiment, a processor comprises: a first storage including a plurality of entries to store an address of a portion of a memory in which information has been modified; a second storage to store an identifier of a process for which information is to be stored into the first storage; and a first logic to identify a modification to a first portion of the memory and store a first address of the first portion of the memory in a first entry of the first storage, responsive to a determination that a current identifier of a current process corresponds to the identifier stored in the second storage. Other embodiments are described and claimed. | 2017-10-05 |
20170286673 | Malware-Resistant Application Control in Virtualized Environments - Described systems and methods enable enforcing application control remotely and automatically, on a relatively large number of client systems (e.g., a corporate network, a virtual desktop infrastructure system, etc.). An application control engine executes outside a virtual machine exposed on a client system, the application control engine configured to enforce application control within the virtual machine according to a set of control policies. When a policy indicates that a specific process is not allowable on the respective client system, the app control engine may prevent execution of the respective process. To assist in data gathering and/or other activities associated with application control, some embodiments temporarily drop a control agent into the controlled virtual machine. | 2017-10-05 |
20170286674 | Time Varying Address Space Layout Randomization - Embodiments include computing devices, apparatus, and methods implemented by the apparatus for time varying address space layout randomization. The apparatus may launch first plurality of versions of a system service and assign a random virtual address space layout to each of the first plurality of versions of the system service. The apparatus may receive a first request to execute the system service from a first application. The apparatus may randomly select a first version of the system service from the first plurality of versions of the system service, and execute the system service using data of the first version of the system service. | 2017-10-05 |
20170286675 | Fingerprinting Electronic Control Units For Vehicle Intrusion Detection - An anomaly-based intrusion detection system is presented for use in vehicle networks. The intrusion detection system measures and exploits the intervals of periodic in-vehicle messages for fingerprinting electronic control units. Fingerprints are then used for constructing a baseline of clock behaviors, for example with a Recursive Least Squares algorithm. Based on the baseline, the intrusion detection system uses cumulative sum to detect any abnormal shifts in the identification errors—a clear sign of an intrusion. This approach allows quick identification of in-vehicle network intrusions with low false positive rates. | 2017-10-05 |
20170286676 | METHOD OF MALWARE DETECTION AND SYSTEM THEREOF - There is provided a system and a computer-implemented method of detecting malware in real time in a live environment. The method comprises: monitoring one or more operations of at least one program concurrently running in the live environment, building at least one stateful model in accordance with the one or more operations, analyzing the at least one stateful model to identify one or more behaviors, and determining the presence of malware based on the identified one or more behaviors. | 2017-10-05 |
20170286677 | SYSTEMS AND METHODS FOR INFERENCE OF MALWARE LABELS IN A GRAPH DATABASE - Systems and methods are described which integrate file properties that in conventional systems has been considered weaker evidence of malware and analyzes the information to produce reliable results. Properties such as file paths, file names, source domains, IP protocol ASNs, section checksums, digital signatures that are not always present and not always reliable can be integrated into the classification process using a graph. A | 2017-10-05 |
20170286678 | Behavior Profiling for Malware Detection - Provided herein are systems and methods for behavior profiling of targets to determine malware presence. The method includes, in various embodiments, applying a domain specific language to a target, observing a set of temporal sequences and events of the target; determining presence of markers within the set of temporal sequences and events indicative of malware, and identifying the target as being associated with malware based on the markers. In some embodiments, a malware detection system is provided for creating a behavioral sandbox environment where a target is inspected for malware. The behavioral sandbox environment can include forensic collectors. Each of the collectors may be configured to apply a domain specific language to a target; observe a set of temporal sequences and events of the target; determine presence of markers within the set of temporal sequences and events indicative of malware; and detect malware presence based on the markers. | 2017-10-05 |
20170286679 | System, Apparatus And Method For Performing Secure Memory Training And Management In A Trusted Environment - In one embodiment, a system includes: a processor; a security processor to execute in a trusted executed environment (TEE), the security processor to execute memory reference code (MRC) stored in a secure storage of the TEE to train a memory coupled to the processor; and the memory coupled to the processor. Other embodiments are described and claimed. | 2017-10-05 |
20170286680 | ADAPTIVE SYSTEMS AND PROCEDURES FOR DEFENDING A PROCESSOR AGAINST TRANSIENT FAULT ATTACKS - Various features pertain to defending a smartphone processor or other device from a transient fault attack. In one example, the processor is equipped to detect transient faults using a fault detection system and to adaptively adjust a control parameter in response to the transient faults, where the control parameter controls a physical operation of the processor (such as by gating its clock signal) or a functional operation of the fault detection system (such as a particular Software Fault Sensor (SFS) employed to detect transient faults). In some examples, in response to each newly detected fault, the detection system is controlled to consume more processor time to become more aggressive in detecting additional faults. This serves to quickly escalate fault detection in response to an on-going attack to promptly detect the attack so that the device can be disabled to prevent loss of sensitive information, such as security keys or passcodes. | 2017-10-05 |
20170286681 | RESTRICTING REPROGRAMMING OF A REDIRECTED USB DEVICE - Reprogramming of a redirected USB device can be restricted to prevent the redirected USB device's firmware from being modified maliciously. A virtual bus driver can be configured to monitor USB request blocks (URBs) to identify whether an URB pertains to an attempt to alter the firmware of a redirected USB device. When an URB is identified as pertaining to an attempt to alter the firmware, the virtual bus driver can block the URB unless the URB is associated with an authorized user or application. In this way, only an authorized user or application will be allowed to modify the firmware of a redirected USB device thereby ensuring that a malicious user or application cannot modify the firmware in an improper manner | 2017-10-05 |
20170286682 | ELECTRONIC DEVICE AND PROTECTION METHOD - According to a first aspect of the present disclosure, an electronic device is provided, comprising: an attack detection unit arranged to detect one or more attacks on the electronic device; a countermeasure unit arranged to apply countermeasures against the attacks detected by the attack detection unit; a threat level determination unit arranged to determine a threat level corresponding to the attacks detected by the attack detection unit; wherein the countermeasure unit is further arranged to activate one or more specific ones of said countermeasures in dependence on the threat level determined by the threat level determination unit. According to a second aspect of the present disclosure, a corresponding method of protecting an electronic device is conceived. According to a third aspect of the present disclosure, a corresponding computer program product is provided. | 2017-10-05 |
20170286683 | SYSTEM AND METHODS THEREOF FOR IDENTIFICATION OF SUSPICIOUS SYSTEM PROCESSES - A computerized method for identification of suspicious processes executing on an end-point device communicatively connected to network, the network communicatively connected to a server, the method comprising receiving, by the server, a record of at least one process, initiated by and executing on by the end-point device. One or more parameters associated with the at least one process are identified. A first time pointer is identified corresponding to the identified one or more parameters, a first time pointer. A second time pointer at which a user associated with the end-point device initiated a user dependent process is identified. Whether the second time pointer occurred before the first time pointer is identified. It is determined whether the at least one process was initiated by the user based on identification of user dependent processes and corresponding attribution. An action is performed based on the above determination. | 2017-10-05 |
20170286684 | Method for Identifying and Removing Malicious Software - A method for identifying and removing malicious code uses a personal computing device that can communicate with a remote server. The remote server manages a blacklist and a whitelist. The blacklist is a list of programs that are known to contain malicious code. The whitelist is a list of programs that are known to be free of malicious code. The method begins when a scan request is received. The scan request is a command that directs the personal computing device to work with the remote server to perform a scan of a collection of files that will identify malicious code. The method then performs a sandboxed-evaluation process to identify files that are found to contain malicious code. The sandboxed-evaluation process is an isolated testing routine that runs program files to detect malicious code. Finally, the method executes a threat remediation process if malicious code is found. | 2017-10-05 |
20170286685 | METHOD AND SYSTEM FOR VERIFYING AUTHENTICITY OF AT LEAST PART OF AN EXECUTION ENVIRONMENT FOR EXECUTING A COMPUTER MODULE - A system for verifying authenticity of at least part of an execution environment for executing a computer program module. The system includes a processor and a storage for storing the computer program module and the execution environment. The computer program module is operative to cause the processor to process digital input data in dependence on a plurality of predetermined digital parameters. The system includes means for deriving at least part of one of the plurality of predetermined digital parameters from the at least part of the execution environment. | 2017-10-05 |
20170286686 | PROTECTION OF SECURED BOOT SECRETS FOR OPERATING SYSTEM REBOOT - Protecting secured boot secrets while starting an operating system. Embodiments include starting a first operating system using a trusted computing base, protecting a portion of the system memory to prevent access to the portion of the system memory by the first operating system, and storing secured boot secrets in the protected portion of the system memory. Based at least on identifying that a second operating system is to be started to replace the first operating system, embodiments include configuring one or more memory data structures, including code of the second operating system, in the protected portion of the system memory. The protected portion of the system memory is unprotected, while mitigating attacks on the portion of system memory, and processor state is set to execute the code of the second operating system. The second operating system starts using the secured boot secrets stored in the portion of the system memory. | 2017-10-05 |
20170286687 | PROTECTION OF DATA STORED IN A VOLATILE MEMORY - A method of detecting a cold-boot attack includes transferring, into a first volatile memory of an integrated circuit, a pattern stored in a non-volatile memory of the integrated circuit. Power to the non-volatile memory is periodically interrupted and an indication of a number of errors in the non-volatile memory is generated. The indication of the number of errors is compared to one or more thresholds. An occurrence of a cold-boot attack is detected based on the comparison. The pattern may be reloaded into the first volatile memory before each power interruption. The pattern may be selected so that the number of errors varies according to the integrated circuit temperature. | 2017-10-05 |
20170286688 | PRECISION-TUNED RUNTIME MONITORING - Preliminary program analysis of an executable may be performed. A security vulnerability level of a portion of the executable may be determined based on the preliminary program analysis. The security vulnerability level of the portion may be compared to a security vulnerability threshold. The precision of runtime monitoring of the portion may be tuned based on the comparison. | 2017-10-05 |
20170286689 | DETECTING VULNERABILITIES IN MANAGED CLIENT DEVICES - Various examples relate to detecting vulnerabilities in managed client devices. In some examples, a system determines whether a vulnerability scan of a computing device is required to be performed. The system installs a vulnerability detection component in the computing device in response to determining that the vulnerability scan is required to be performed. The system requests the vulnerability detection component to perform the vulnerability scan of the computing device. The system transmits a result of the vulnerability scan to a remote management service for the computing device. | 2017-10-05 |
20170286690 | Automatic Generation of Data-Centric Attack Graphs - Generating an attack graph is provided. A set of sensitive data corresponding to a regulated service is identified. A set of components corresponding to the regulated service that are authorized to perform activities associated with sensitive data is scanned for. Vulnerability and risk metrics corresponding to each component in the set of components of the regulated service is identified. The attack graph that includes nodes representing components in the set of components of the regulated service and edges between nodes representing relationships between related components in the set of components is generated based on the vulnerability and risk metrics corresponding to each component in the set of components. | 2017-10-05 |
20170286691 | Pattern generation, IDS signature conversion, and fault detection - Fault injection methods and apparatus are disclosed. An example method includes interjecting a pattern with fault-inducing sub-fields, where the pattern is an expression including a literal string and a wildcard character class, and using the expression to form a subsequent expression that can be used by a target system to detect and trigger on the network at least one transaction that matches the expression. | 2017-10-05 |
20170286692 | VULNERABILITY FINDING DEVICE, VULNERABILITY FINDING METHOD, AND VULNERABILITY FINDING PROGRAM - A vulnerability finding device has a vulnerability extracting unit, a normalization processing unit, and a matching unit. The vulnerability extracting unit extracts a first program code corresponding to a vulnerable part of software. The normalization processing unit performs normalization of a parameter included in the first program code extracted by the vulnerability extracting unit and a second program code of software to be inspected for a vulnerable part. The matching unit performs matching between the first program code after the normalization and the second program code after the normalization, and detects a program code, which is a program code that is the same as or similar to the first program code, from the second program code. | 2017-10-05 |
20170286693 | SECURITY ANALYSIS USING RELATIONAL ABSTRACTION OF DATA STRUCTURES - Analyzing program code can include detecting an instance of a container within the program code using a processor, selecting a model container correlated with the container using the processor, and creating an instance of the model container within memory using the processor. A data-flow of the program code can be tracked through the instance of the model container instead of the instance of the container. | 2017-10-05 |
20170286694 | METHOD AND APPARATUS FOR PERFORMING PROTECTED WALK BASED SHADOW PAGING - PWSP method includes storing a multiple level page tables structure in second stage page tables (S2). The method includes: when an S2 entry is marked with a writable attribute: (i) permitting an operating system (OS) to write to S1, (ii) blocking an MMU from reading the S1 for translation, and (iii) in response, verifying the S1 for translation and changing the marking of the S2 entry to read-only attribute, enabling the MMU to subsequently read the S1. The method includes: when the S2 entry is marked with the read-only attribute: (i) permitting the OS to read the S1 for translating from a virtual address to an intermediate physical address, (ii) blocking the OS from writing to the S1, and (iii) in response to blocking the OS, updating the S1 and changing the marking of the S2 entry to the device memory attribute, enabling the OS to write to the S1. | 2017-10-05 |
20170286695 | Methods for Improving Performance and Security in a Cloud Computing System - Methods in a cloud object store facilitate strong data encryption, customer-management of object (encryption) keys, reductions in latency, globally-distributed object storage, and handling of streamed uploads. A method for encrypting objects stored in a cloud includes encrypting each object with a unique encryption (object) key. The plaintext object keys are generated in advance of uploads. The plaintext object keys can be stored in an object database in the cloud. Alternatively, the plaintext object keys can be provided to a customer's HSM, encrypted, and returned to the cloud, such that encrypted object keys, encrypted by the customer, are stored in the cloud. The cloud can alternatively encrypt the customer's object keys with a master key for the customer, which is then encrypted by the customer's HSM before being stored in the cloud. Proxies are also deployed for efficiently communicating with customer security modules. | 2017-10-05 |
20170286696 | Systems for Improving Performance and Security in a Cloud Computing System - Methods in a cloud object store facilitate strong data encryption, customer-management of object (encryption) keys, reductions in latency, globally-distributed object storage, and handling of streamed uploads. A method for encrypting objects stored in a cloud includes encrypting each object with a unique encryption (object) key. The plaintext object keys are generated in advance of uploads. The plaintext object keys can be stored in an object database in the cloud. Alternatively, the plaintext object keys can be provided to a customer's HSM, encrypted, and returned to the cloud, such that encrypted object keys, encrypted by the customer, are stored in the cloud. The cloud can alternatively encrypt the customer's object keys with a master key for the customer, which is then encrypted by the customer's HSM before being stored in the cloud. Proxies are also deployed for efficiently communicating with customer security modules. | 2017-10-05 |
20170286697 | Systems and Methods for Proxying Encryption Key Communications Between a Cloud Storage System and a Customer Security Module - Methods in a cloud object store facilitate strong data encryption, customer-management of object (encryption) keys, reductions in latency, globally-distributed object storage, and handling of streamed uploads. A method for encrypting objects stored in a cloud includes encrypting each object with a unique encryption (object) key. The plaintext object keys are generated in advance of uploads. The plaintext object keys can be stored in an object database in the cloud. Alternatively, the plaintext object keys can be provided to a customer's HSM, encrypted, and returned to the cloud, such that encrypted object keys, encrypted by the customer, are stored in the cloud. The cloud can alternatively encrypt the customer's object keys with a master key for the customer, which is then encrypted by the customer's HSM before being stored in the cloud. Proxies are also deployed for efficiently communicating with customer security modules. | 2017-10-05 |
20170286698 | Systems and Methods for Uploading Streamed Objects to a Cloud Storage System - Methods in a cloud object store facilitate strong data encryption, customer-management of object (encryption) keys, reductions in latency, globally-distributed object storage, and handling of streamed uploads. A method for encrypting objects stored in a cloud includes encrypting each object with a unique encryption (object) key. The plaintext object keys are generated in advance of uploads. The plaintext object keys can be stored in an object database in the cloud. Alternatively, the plaintext object keys can be provided to a customer's HSM, encrypted, and returned to the cloud, such that encrypted object keys, encrypted by the customer, are stored in the cloud. The cloud can alternatively encrypt the customer's object keys with a master key for the customer, which is then encrypted by the customer's HSM before being stored in the cloud. Proxies are also deployed for efficiently communicating with customer security modules. | 2017-10-05 |
20170286699 | METHODS AND SYSTEMS FOR ENFORCING, BY A KERNEL DRIVER, A USAGE RESTRICTION ASSOCIATED WITH ENCRYPTED DATA - A method of providing a restricted set of application programming interfaces includes decrypting, by a secure object information reader executing on a computing device, an encrypted data object using information associated with the encrypted data object to generate a decrypted data object, the information received from an access control management system. The method includes intercepting, by a kernel driver executing on the computing device, from a process executing on the computing device, a request to access the decrypted data object. The method includes identifying, by the kernel driver, using the information associated with the encrypted data object, a usage requirement restricting a set of operations available to the process in accessing the decrypted data object. The method includes providing, by the kernel driver, to the process, a restricted set of application programming interfaces with which to interact with the decrypted data object, as permitted by the restricted set of operations. | 2017-10-05 |
20170286700 | SYSTEMS AND METHODS FOR ANALYZING, ASSESSING AND CONTROLLING TRUST AND AUTHENTICATION IN APPLICATIONS AND DEVICES - Systems and methods for receiving a request to analyze trust of a client system and perform actions based on a client trust profile. A trust rating server device receives a request from a client computing device to analyze the trust on the device. The request identifies at least one credential or certificate installed on the device for example. The credential or certificate is obtained and analyzed to identify key information that relates to trust, such as level of encryption, country or entity of origin, duration of credential, certifying authority, etc. A rating is established using the key information and compared to a profile or other metric. One or more credentials or certifications may be blocked, disabled, enabled or removed based on a user's profile. Trust credentials are continuously monitored on the device for changes, and new credentials are blocked that do not meet thresholds established in the user's profile. | 2017-10-05 |
20170286701 | SECURE DRIVER PLATFORM - Techniques described herein enable the implementation of a secure driver framework. In one example, a method includes managing an unsecure operating system execution environment comprising a first user mode and a first kernel mode. The method can also include managing a secure execution environment comprising a second user mode and a second kernel mode, and executing a secure driver within the second user mode of the secure execution environment in response to a system call from an unsecure driver in the first kernel mode or the first user mode, wherein the secure driver enables the unsecure driver to communicate with a secure device. Furthermore, the method can include providing one or more system services of the second kernel mode to the secure driver. | 2017-10-05 |
20170286702 | SECURED FILE SHARING SYSTEM - One embodiment provides a file sharing system. During operation, the system identifies a data file to be sent to a second device of a second user and generates a plurality of coded fragments from the data file based on a generator matrix of erasure encoding. An individual coded fragment does not include plaintext data. The system generates a plurality of sub-files, each of which comprises one or more coded fragments, of the data file. The system attaches a first sub-file to an electronic communication destined to the second device, uploads a second sub-file to a cloud provider, and embeds a link, which may expire and is protected based on a verification code, associated with the uploaded second sub-file into the electronic communication. The system sends the electronic communication to the second device and the verification code in a text message to a cell phone of the second user. | 2017-10-05 |
20170286703 | CONTENT FILE ACQUISITION AND DISTRIBUTION SYSTEM - A system including: a content file acquisition module executing on and enabling a computer processor to: receive, from a first personal electronic device, a content file and a unique identifier, where the unique identifier uniquely identifies a geographic location of a physical object; generate a virtual property that corresponds with the unique identifier; associate the content file with the virtual property based on the unique identifier; receive, from a second client portable electronic device, a request for content files associated with the virtual property; receive, from a location services module of the second personal electronic device, geographic location information of the second personal electronic device; determine that the second client portable electronic device is within a predetermined distance from the physical object based on the geographic location information; and provide, upon the determination, the content file associated with the virtual property to the second client portable electronic device. | 2017-10-05 |
20170286704 | Unlocking Electronic Notepads for Writing - Systems, apparatuses and methods may provide for detecting an identifier communication from a writing implement and transitioning a previously modified interior page of an electronic notepad from a locked state to an unlocked state if the identifier communication corresponds to one or more stored identifiers. Moreover, a plurality of additional interior pages of the electronic notepad may be maintained in the locked state while the previously modified interior page is in the unlocked state. | 2017-10-05 |
20170286705 | TPM 2.0 PLATFORM HIERARCHY AUTHENTICATION AFTER UEFI POST - A method of accessing a trusted platform module in a computing device is disclosed. The method includes storing a platform authorization key in a memory of the computing device that includes the trusted platform module. The platform authorization key includes permitting access to the trusted platform module. The method includes obtaining a digital signature in response to the computing device requesting access to the trusted platform module. The digital signature is generated using at least a command for configuring the trusted platform module. The method includes verifying the digital signature and allowing retrieval of the platform authorization key from the memory of the computing device in order to access the trusted platform module in response to the digital signature is verified, and denying retrieval of the platform authorization key otherwise. | 2017-10-05 |
20170286706 | SYSTEM, METHOD, APPARATUS, AND COMPUTER PROGRAM PRODUCT FOR ACTIVATING A SOFTWARE FUNCTIONALITY ON AN APPLIANCE - A system, method, apparatus, and computer program product for activating a software functionality on an appliance are disclosed. A method may include receiving, via a keyboard interface operatively coupled with the appliance, a code for activating a software functionality on the appliance. The software functionality may be in a non-actuatable state. The method may further include verifying that the code is a valid code for activating the software functionality. The method may additionally include activating the software functionality such that the software functionality is in an actuatable state in response to verifying that the code is a valid code for activating the software functionality. The software functionality may remain in the non-actuatable state if an invalid code is received. | 2017-10-05 |
20170286707 | UNIFIED FILE AND OBJECT STORAGE ARCHITECTURE FOR CLUSTERED FILE SYSTEMS - A processor may identify a first directory in the UFO storage system. The first directory may include one or more subdirectories in one or more levels under the first directory. The one or more subdirectories may include a second directory that has includes one or more objects. The first directory may be associated with a first inode, and the second directory may be associated with a second inode. The processor may perform a stat call on the second directory to determine metadata attributes for the one or more objects that are stored in the second directory. The metadata attributes for the one or more objects may be stored in the second inode. The processor may add the metadata attributes for the one or more objects to the first inode. | 2017-10-05 |
20170286708 | SECURITY - A robotic customer service agent (“robot”) is provided to a service location. The robot may present a number of security concerns that, whether realized or not, present barriers to acceptance. A robot is provided that is determined to be in compliance with a security criteria. The security criteria may be related to software (e.g., running anti-virus software), hardware (e.g., an added camera is secure), communication (e.g., no unexpected communications), or other aspect. Should the robot be in compliance, it may operate in a secure mode, such as to perform or access more sensitive information. If the robot is not in compliance, the robot is operated in a non-secure mode, such as to block data transmissions, information capturing, or other process or operation that may present a security risk. | 2017-10-05 |
20170286709 | ENCRYPTION KEY MANAGEMENT FOR FILE SYSTEM - In an approach to encryption key management, a computing device, responsive to a key storage condition, stores, in a cache memory, a first e/d key. The computing device receives a request to read a first file. The computing device, responsive to the request, accesses the first file, with the accessing of the first file including: accessing, from the cache memory, the first e/d key, decrypting the first file using the first e/d key and a second e/d key, and accessing the decrypted version of the first file. | 2017-10-05 |
20170286710 | DISTRIBUTED CLOUD STORAGE - One embodiment provides a storage management system. During operation, the system identifies a data file of a user. The system obtains an encrypted client registry from a primary cloud provider in a plurality of cloud providers that provide cloud storage to the user and retrieves a key associated with a device of the user by decrypting the encrypted client registry using a hash of a password associated with the user. The system obtains credentials of the plurality of cloud providers by decrypting a locally stored cloud configuration using the key and generates a plurality of coded fragments from the data file based on a generator matrix of erasure encoding. The number of coded fragments is determined based on a number of the cloud providers associated with the user. The system selects a respective coded fragment for uploading to a corresponding cloud provider in the plurality of cloud providers. | 2017-10-05 |
20170286711 | SYSTEMS AND METHODS FOR PROVIDING INFORMATION RIGHTS MANAGEMENT OFFLINE FILE FACILITY - Systems and methods for providing secure offline file access utilizing information rights management (IRM) are provided herein. In some embodiments, the method may comprise storing one or more IRM-protected documents in a secure local storage on a user device; storing one or more consumption licenses associated with the one or more IRM-protected documents in the secure local storage on the user device, wherein the one or more consumption licenses is required to access one or more IRM-protected documents; detecting a loss of network connectivity on the user device; writing the one or more consumption licenses to an IRM location in memory on the user device; receiving a request to open a document of the one or more IRM-protected documents; reading the consumption license from the IRM location in memory; and enabling access to the requested IRM-protected document based on the consumption license. | 2017-10-05 |
20170286712 | Methods and Systems for User Authentication in a Computer System Using Multi-Component Log-Ins, Including Image-Based Log-Ins - In computer-based user authentication, a user may establish or enhance security for a component of a multi-component password by performing a security operation on a selected component of the password. The security operation may comprise encrypting the selected component. The password may be an image-based password and security operation may be encrypting information related to positions of at least one target location on a verification image. | 2017-10-05 |
20170286713 | ENCRYPTION KEY EFFECTIVE DATE - The system may comprise receiving a data element, and receiving an encryption key and an associated encryption key identifier from an encryption keystore database. The system may further comprise transmitting the data element to an encryption module for encryption using the encryption key to form an encrypted data element. The system may also comprise receiving the encrypted data element from the encryption module and concatenating the encryption key identifier with the encrypted data element to form a protected data field entry. | 2017-10-05 |
20170286714 | DATABASE ENCRYPTION TO PROVIDE WRITE PROTECTION - An online computer system including a database uses an encrypted table that allows for write protection its contents. Middleware logic operating on the system acts as an interface for access to the database, so that any business logic on the system accesses the database through simple procedural calls to the middleware rather than directly to the database itself. The middleware logic abstracts logic that helps implement write protection with the encrypted table. Data to be encrypted that has been traditionally written to other tables is migrated to the encrypted table, where the data encrypted using an authenticated encryption with additional data (AEAD) algorithm. To implement AEAD, the original table, column, and primary key indicating where the data would have otherwise been stored are together used as additional authenticated data (AAD). This tuple of information is also stored in the encrypted table. | 2017-10-05 |
20170286715 | PREVENTION OF SHOULDER SURFING - In accordance with the teachings of the present disclosure, a method is provided for reducing the chances of shoulder surfing. The method may include determining an approximate angle of orientation of a mobile device and selecting one of first or second input key layouts, based upon the approximate angle of orientation. The first input key layout may be a standard layout of alphanumeric characters and the second input key layout may be a disordered layout of the alphanumeric characters. The method may also include displaying the selected one of the first or second input key layouts at a graphical user interface of the mobile device and receiving an input of sensitive information at the graphical user interface. | 2017-10-05 |
20170286716 | DATA PROCESSING SYSTEMS AND METHODS FOR IMPLEMENTING AUDIT SCHEDULES FOR PRIVACY CAMPAIGNS - Data processing systems and methods for retrieving data regarding a plurality of data privacy campaigns and for using that data to assess a relative risk associated with the data privacy campaign. In various embodiments, the system may be adapted to: (1) display one or more visual summaries of one or more data flow diagrams that visually depicts key features of the data flow, such as whether data is confidential and/or encrypted; (2) allow for multiple users to be assigned responsibility for populating different respective questions that are required to define the data flow; (3) automatically assess and display a relative risk associated with each campaign; and (4) automatically set, monitor, and facilitate the timely completion of an audit schedule for each campaign. | 2017-10-05 |
20170286717 | METHOD AND SYSTEM FOR MANAGING PERSONAL INFORMATION WITHIN INDEPENDENT COMPUTER SYSTEMS AND DIGITAL NETWORKS - A system and method for reliably and securely recording and storing all attributes of personal identification, for the identification and authorization of individual identity as well as attributes relating to it and personal data including but not limited to individual's physical description, bank details, travel history, etc. (the “Personally Identifiable Information “PII”). PII can be difficult to manage in networks where correlation between data sources is required. Thus, in some embodiments, the system combines a distributed database to create a framework for a robust security. The system manages the distributed database to associate transactions, or actions, using data, digital signatures, and/or cryptographic keys, which can be unique to an individual. | 2017-10-05 |
20170286718 | Approximate Privacy Indexing for Search Queries on Online Social Networks - In one embodiment, a method includes receiving, from a client system of a first user, a request to post content to the online social network, identifying a plurality of second users, wherein each second user is associated with a privacy setting, and wherein a percentage of the identified second users have a privacy setting likely to make the content posted by the first user accessible to the second user, determining, for each identified second user, whether the content posted by the first user is accessible to the second user, and sending, to one or more client systems of one or more of the second users, respectively, instructions for presenting the content posted by the first user, wherein the content is sent to second users determined to be able to access the content and is not sent to second users determined to be not able to access the content. | 2017-10-05 |
20170286719 | Tailored Protection of Personally Identifiable Information - Methods, systems, and products protect personally identifiable information. Many websites acquire the personally identifiable information without a user's knowledge or permission. Here, though, the user may control what personally identifiable information is shared with any website. For example, the personally identifiable information may be read from a header of a packet and compared to a requirement associated with a domain name. | 2017-10-05 |
20170286720 | SECURE DEVICE CHAMBER - For a secure device chamber, the device chamber is disposed in a chassis and includes a device port. A door latches to obstruct access to the device chamber. A logic circuit receives an uninterrupted power supply from a computer, stores a device access value, and unlatches the door in response to activation of a chamber eject button and a device access value not being a device secure mode. | 2017-10-05 |
20170286721 | METHODS AND APPARATUS TO INITIALIZE ENCLAVES ON TARGET PROCESSORS - Methods, apparatus, systems and articles of manufacture are disclosed to initialize enclaves on target processors. An example apparatus includes an image file retriever to retrieve configuration parameters associated with an enclave file, and an address space manager to calculate a minimum virtual address space value for an enclave image layout based on the configuration parameters, and generate an optimized enclave image layout to allow enclave image execution on unknown target processor types by multiplying the minimum address space value with a virtual address factor to determine an optimized virtual address space value for the optimized enclave image layout. | 2017-10-05 |
20170286722 | METHOD FOR CONTROLLING AN ELECTRONIC DEVICE AND AN ELECTRONIC DEVICE - A method, electronic device, and a program product are disclosed. The method may include providing an electronic device formable to at least one form state. The method may include determining the form state of the electronic device. The method may include determining a security level corresponding to the form state. The method may include operating the electronic device in the security level. The electronic device and program product may include similar features. | 2017-10-05 |
20170286723 | Keyboard For Strong Password Input - The present invention discloses a keyboard and method for inputting strong passwords. The method uses a set of numeric password keys on a keyboard for typing an easy-to-remember numeric password that is converted to a strong password through a key-mapping system. The key-mapping system comprises five 10-mode switches built in the keyboard for configuring a combination of strong password characters that is mapped to the numeric password keys when the switch modes are set. By using such a keyboard, an actual strong password is entered when typing a nominal numeric password through the mapped numeric password keys on the keyboard. The exemplary keyboards for embodying the invention include different types of physical keyboards and on-screen keyboards. | 2017-10-05 |
20170286724 | PHYSICAL BARRIER TO INHIBIT A PENETRATION ATTACK - An apparatus that includes a substrate and a first plurality of circuit components mounted on the substrate, which is associated with a protected area. The apparatus includes a connector formed on the substrate to at least partially circumscribe the protected area and a second plurality of circuit components mounted on the substrate to at least partially circumscribe the connector to form a security barrier to physically inhibit a penetration attack into the protected area. | 2017-10-05 |
20170286725 | PENETRATION DETECTION BOUNDARY HAVING A HEAT SINK - An apparatus includes a substrate and an integrated circuit that is mounted to the substrate. The substrate includes a penetration detection boundary to detect a penetration attack and a heat sink to dissipate thermal energy for the integrated circuit. The boundary includes metal layers and penetration detection traces. The ground traces are coupled together to form the heat sink. | 2017-10-05 |