42nd week of 2017 patent applcation highlights part 50 |
Patent application number | Title | Published |
20170300631 | METHOD TO ESTIMATE REAL NOISE EXPOSURE LEVELS - There is provided a method for determining a noise exposure level associated as the cause of an observed evolution of hearing acuity of an individual of known gender. The method comprises the following steps: 1) providing a first audiogram of the individual measured at age X and a second audiogram of the individual measured at age Y; 2) inputting the individual's gender, age X, and a time period equal to Y−X in a statistical hearing threshold levels evolution prediction formula; 3) calculating projected hearing loss audiograms specific to each of a plurality of possible noise level exposure values, using the prediction formula; 4) comparing a pattern of each calculated projected audiogram with a pattern the second audiogram; 5) selecting the projected audiogram that best fits the second audiogram; and 6) assuming that the noise exposure level value associated with the selected projected audiogram is the noise exposure value that caused the evolution of hearing acuity observed between the first and the second audiograms. There is also provided systems for performing the method and methods for providing services to clients or enabling users regarding determination of real ear noise exposure values. | 2017-10-19 |
20170300632 | MEDICAL HISTORY EXTRACTION USING STRING KERNELS AND SKIP GRAMS - Systems and methods for document analysis include identifying candidates in a corpus matching a requested expression. String kernel features are extracted for each candidate. Each candidate is classified according to the string kernel features using a machine learning model. A report is generated that identifies instances of the requested expression in the corpus that match a requested class. | 2017-10-19 |
20170300633 | ONLINE PROVISIONING FOR ELECTRONIC MEDICAL RECORDS - The disclosed embodiments relate to the design of a system that manages access rights for an EMR system. During operation, the system receives a request to provision access rights for a user of the EMR system. In response to the request, the system performs a mapping operation that checks the request against attributes of the user to determine the user's access rights in the EMR system. If the request generates an exception, the system presents the request to an analyst to handle the exception. If the request does not generate an exception, the system automatically approves the request. | 2017-10-19 |
20170300634 | SYSTEMS AND METHODS FOR MANAGING ELECTRONIC HEALTHCARE INFORMATION - This invention relates to systems and methods for managing electronic healthcare information on a highly scalable and customizable software and hardware architecture which emphasizes portable devices and minimal downtime during upgrades and scaling. This invention further relates to systems and methods for efficient access and customization of forms for electronically generating and managing patient information. In one aspect of the invention, an electronic health record system (EHR) of the present invention, which may also be referred to as an electronic medical record system (EMR), may be deployed and run on a plurality of servers over which the computing and/or storage load may be distributed in a non-centralized manner such that the overall system may remain up and operating even while being scaled, upgraded and/or otherwise modified. | 2017-10-19 |
20170300635 | IDENTIFICATION OF CODABLE SECTIONS IN MEDICAL DOCUMENTS - This disclosure describes systems, devices, and techniques for identifying sections of medical documents that are suitable for automated medical coding. In one example, a computer-implemented method includes receiving, by one or more processors, the medical document, wherein the medical document comprises a plurality of sections. The method also may include determining, by the one or more processors and via application of a classification model to each section of the plurality of sections, codability indicia for each section of the plurality of sections, wherein the codability indicia represents whether the respective section is suitable for automated medical coding. The method may include outputting, by the one or more processors, the respective codability indicia for each section of the plurality of sections. | 2017-10-19 |
20170300636 | CLINICALLY RELEVANT MEDICAL CONCEPT CLUSTERING - The present invention embodiments are directed to methods, systems, and computer programs for identifying relations, within at least one taxonomy, between taxonomy categories and concepts extracted from electronic content. The relations represent semantic similarities for the concepts. The concepts are clustered based on the identified relations within the at least one taxonomy. | 2017-10-19 |
20170300637 | Modification of Personalized Health Care Plans Based on Patient Adherence to Patient Actions - Mechanisms are provided for implementing a personalized patient care plan (PPCP) system. The PPCP system obtains personal and medical information about the patient and generates a patient registry record in a patient registry. The PPCP system generates a PPCP for the patient, comprising a sequence of goals for the patient, based on an analysis of the obtained personal and medical information. Each goal has an associated patient action to be performed by the patient. The PPCP system monitors performance of the goals to determine, for each goal, whether the associated patient action is performed by the patient. In response to determining that the patient did not perform an associated patient action, the PPCP system modifies a goal of the personalized patient care plan to replace the associated patient action with a replacement patient action that is more likely to be performed by the patient. | 2017-10-19 |
20170300638 | PERSONAL INFORMATION SYSTEM - Systems and methods realize the benefit of portable storage devices by taking advantage of PCs including an optical disk drive, optical disks, such as a CD or a DVD, and the Internet. An individual patient provides personal data to a healthcare service center. The healthcare service center can then create a portable optical disk for the patient to carry. The personal data written onto the portable optical disk is stored on a database management server database and is readable and updateable by the individual patient using his/her PC with an optical disk drive and connected to the Internet. The individual patient can choose to update his/her personal data on the portable optical disk and can receive a new portable optical disk that includes the update. The new portable optical disk containing the latest update is created and delivered to the patient by the database management server. | 2017-10-19 |
20170300639 | EVIDENCE ANALYSIS AND PRESENTATION TO INDICATE REASONS FOR MEMBERSHIP IN POPULATIONS - A method, a machine-readable storage medium and at least one processing device are provided for analyzing and tracking results of multiple conditions associated with a population criteria, which is evaluated for each entity of at least one entity. The at least one processing device performs analytics associated with the population criteria, which is evaluated for each entity. Results of the analyzing of the multiple conditions are selectively tracked by the at least one processing device. The at least one processing device presents the tracked results to indicate a status of the at least one entity with respect to the tracked analytics. | 2017-10-19 |
20170300640 | MANAGED SERVICE PROVIDER SYSTEM FOR COLLABORATIVE HEALTHCARE CREDENTIALING, COMPLIANCE, AND SCHEDULING ACROSS SHARED SUPPLIERS - A MSP platform provides contingent healthcare worker recruiting and shift assignation in a multilayered process of job order broadcasting, competency matching, proposals from healthcare agencies aka vendors, screening, compliance management, and onboard of each candidate. Each staff profile submitted has to go through multilayered review, approval, and orientation process. Additionally, each healthcare worker's calendar, credential, and compliance have to be managed across multiple employers to prevent scheduling conflict and compliance violations, and guaranteeing full visibility of all healthcare workers across the entire supply chain. MSPs (Managed Service Providers) have the ability to service a large number of facilities on whose behalf the MSPs generate job orders for contingent workforce, and manage fulfillment using suppliers (aka vendors) mapped to the facility being serviced. The supplier ecosystem is a cohesive block that may be shared across all MSPs, and several such MSP ecosystems should be allowed to coexist in the system. Suppliers can be tiered by geography allowing a large vendor network to track demand from one or more healthcare facilities across a single location or a group of vendor locations. Additionally, a facility that is part of an MSP should also be able to work directly with all suppliers either in conjunction with or independent of an MSP. Both long term assignments referred to as ‘Travel’ position, and on-demand shift assignments referred to as ‘Day-to-day’ position are serviceable under this centrally available software commonly referred to as ‘Software as a Service’. | 2017-10-19 |
20170300641 | INSTRUMENT MANAGEMENT SYSTEM - A system for customizing management of one or more instruments in a laboratory includes a user device, an interface module and an instrument module. The user device is adapted to receive inputs from a user and has a device processor for processing the received inputs and instrument data from the one or more instruments, as well as a device display for displaying instrument information. The interface module is communicatively coupled with the user device and the one or more instruments and configured to convert instrument data in a first format generated by an instrument processor to a second format for processing by the device processor. The instrument module is configured to cause the device processor to provide customised instrument information on the device display. A method of deploying a platform for integrated management of instruments is also disclosed. | 2017-10-19 |
20170300642 | PAYMENT BRIDGE - The invention is direct to a payment bridge system for a service provider and in particular a health care provider like a doctor or dentist. A practice management software is installed on the service provider's computer system for managing the service provider's business including managing patient or customer data, issuing invoices and handling payments. The system has a secure gateway network connecting with a secure network provider and a credit card processing system, connected to the secure network provider. A payment bridge installed on the service provider's computer system communicates with the practice management software and the secure gateway network to accept payments by credit card for invoices generated by the practice management system which are securely transmitted through the secure gateway network to the credit card processing system for approval and processing and updating the practice management software to reflect payment by credit card when the charge is accepted by the credit card processing system. All credit card data is encrypted prior to transmission to the credit card processor and no unencrypted credit card data is stored at the service provider's location. | 2017-10-19 |
20170300643 | SYSTEMS FOR FACILITATING USER ENGAGEMENT AND BEHAVIOR TO IMPROVE HEALTH OUTCOMES - Disclosed herein are systems, methods, and machine readable media for implementing a service for facilitating user engagement and behavior to improve health outcomes. In many populations associated with a shared health insurance plan or Health Maintenance Organization (HMO), members may become less healthy over time, or may remain at a suboptimal state of health. Individual members and the population as a whole may be nudged toward improved health outcomes with various types of interventions. Described herein are embodiments of systems and methods for associating appropriate interventions with populations who are likely to benefit from them, resulting in improved health outcomes for the group. | 2017-10-19 |
20170300644 | SURVEILLANCE INFORMATION SYSTEM TO FACILITATE DETECTION AND REVIEW OF POTENTIAL HIPAA VIOLATIONS - The disclosed embodiments relate to the design of a system that facilitates review of electronic healthcare records to identify potential Health Insurance Portability and Accountability Act (HIPAA) violations. During operation, the system obtains health-care-related data from electronic healthcare records for a population of patients from multiple data sources. The system then analyzes the obtained health-care-related data to generate cases-of-interest based on surveillance criteria associated with potential HIPAA violations, wherein each case-of-interest is related to a specific patient and a specific user who has accessed health-care-related data for the specific patient. Next, the system presents the cases-of-interest to an analyst through a user interface, and allows the analyst to indicate through the user interface whether each case-of-interest requires further investigation. | 2017-10-19 |
20170300645 | Computer-Assisted Abstraction for Reporting of Quality Measures - Methods and systems are disclosed for tracking quality measures in abstracted documents. Embodiments include, determining, based on the abstracted content, a quality measure category, obtaining a quality measure definition corresponding to a quality measure included in the determined quality measure category, determining, based on keywords corresponding to the criterion, whether a portion of the abstracted content satisfies a criterion, recording, in association with the criterion, a reference to the portion of the abstracted content that satisfies the criterion; and selectively generating, a report including the query corresponding to the criterion, a query response, and the portion of the abstracted content satisfying the criterion. | 2017-10-19 |
20170300646 | FORECASTING A PATIENT VITAL MEASUREMENT FOR HEALTHCARE ANALYTICS - What is disclosed is a system and method for forecasting and imputing an unknown vital measurement of a patient. Temporally successive patient vital measurements are received which comprise irregularly sampled observations {y | 2017-10-19 |
20170300647 | Health In Your Hands - The invention in this application is a decision-support system that utilizes single system design (SSD) and a proprietary algorithm to determine real change is for each individual patient. It pinpoints right medication and dosage for an individual patient, targets standards for functionality, called Activities of Daily Living (ADLs), and Quality of Life Indicators (QoLIs) to maximize personal health and satisfaction. Further, the system has as hallmarks a specific communication system, provision of coordination of services and a continuum of care for seamless delivery of treatment targeted to the needs of an individual patient and his/her care network. It incorporates data collected from genomic testing, patient entry, and automated devices. It is a safety-enhancing, cost-saving, time-saving system that will address placebo effect. It will utilize a variety of technologies to gather data with flexibility for patient needs. It will utilize machine learning for added safety enhancement. | 2017-10-19 |
20170300648 | METHOD AND SYSTEM FOR PATIENTS DATA COLLECTION AND ANALYSIS - A conversational and embodied Virtual Assistant (VA) with Decision Support (DS) capabilities that can simulate and improve upon information gathering sessions between clinicians, researchers, and patients. The system incorporates a conversational and embodied VA and a DS and deploys natural interaction enabled by natural language processing, automatic speech recognition, and an animation framework capable of rendering character animation performances through generated verbal and nonverbal behaviors, all supplemented by on-screen prompts. | 2017-10-19 |
20170300649 | Systems, Methods, User Interfaces and Analysis Tools for Supporting User-Definable Rules and Smart Rules and Smart Alerts Notification Engine - Computer implemented methods and systems operating on real-time data derived from a plurality of data sources for supporting user-definable rules and providing user notifications for providing user notifications and smart alarms. A user-interface configured to dynamically display a parameter and toggle between a tabular display and a graphical display is generated. At least one of a user-defined rule or a threshold value associated with the parameter from a user-interface element is received. A notification is provided to a user when the parameter satisfies the user-defined rule or exceeds the threshold value. | 2017-10-19 |
20170300650 | Wireless Physiology Monitor - The present invention provides a new non-invasive technique for organ, e.g., heart and lung, monitoring. In at least one embodiment of the invention, a subject is radiated with a non-harmful and relatively low power electromagnetic source diagnostic signal normally associated with a communications protocol such as, but not limited to a version of the IEEE 802.11(x) family of protocols in the 2.4, 3.6, or 5 GHz spectrum bands. After passing through the patient, a return signal is acquired from the patient and compared to the original source signal. The differences between the source and modified signals are then analyzed to monitor the heart, e.g., measure heart rate and detect defects within the heart, and the lung. For example, using Doppler Effect principles, heart rate and motion can be measured from the differences in frequency, phase, and/or wavelength between the source signal and the modified signal reflected back from the heart moving within the patient. | 2017-10-19 |
20170300651 | PLATFORM WHICH CORRELATES DATA FOR RECOMMENDATION - The present invention provides a system and method for connecting a plurality of health monitoring devices and comparing the real-time data gathered from these devices with patient historical data to automatically provide remedial actions to be taken by a particular patient. The system collects data from the plurality of connected devices and sends it to a network of the system for analysis and comparison with the user's historical data and other user's data that is stored in a plurality of databases. The system then computes output data based on the user's current health status in the form of a message alert recommending a remedial action for the individual user. The message may be sent to the user via a smartphone, tablet, desktop computer, and/or laptop computer. | 2017-10-19 |
20170300652 | SYSTEM AND METHOD FOR OBTAINING CONTEXUAL DATA ASSOCIATED WITH TEST RESULTS FROM HEALTH MONITORING DEVICES - The present invention provides a system and method for configurable patient queries based on the real-time results from a plurality of health monitoring devices. The results from the queries provide context to the real-time results of the health monitoring devices and are communicated back to an organizational network to inform future questions for that patient and the patient population in general. The system of the present invention provides context based on a set or sets of queries that may inform follow up questions. The context and queries may also be informed based on predetermined thresholds for a plurality of health monitoring devices communicating with the system over a network. | 2017-10-19 |
20170300653 | Event Reconstruction for a Medical Device - A device for graphically reconstructing information received from a medical device is provided. The device comprises an event processor configured to process information received from a medical device by receiving ECG recordings and determining at least one cardiac event based on the ECG recordings, receiving data corresponding to non-cardiac event(s), determining a time of occurrence or a time period associated with the cardiac event(s), determining times of occurrences and time periods associated with the non-cardiac event(s), correlating the time of occurrence or time period associated with the cardiac event(s) and the non-cardiac event(s), identifying one or more gaps in the ECG recordings, and reconstructing the ECG recordings during the one or more gaps based at least in part on the received non-cardiac data. The event processor is also configured to generate a graphical representation of the processed information based on the cardiac event(s) and non-cardiac event(s). | 2017-10-19 |
20170300654 | MOBILE MEDICINE COMMUNICATION PLATFORM AND METHODS AND USES THEREOF - Telemedicine systems and methods are described. In a telemedicine system operable to communicate with a remote operations center, communications can be transmitted/received using a transceiver having an antenna. The antenna can include first and second di-pole antenna elements, the first di-pole antenna element being vertically polarized and the second di-pole antenna element being horizontally polarized. A controller of the system can establish, using the transceiver, a telemedicine session with the operations center using a Transport Morphing Protocol (TMP), the TMP being an acknowledgement-based user datagram protocol. The controller can also mask one or more transient network degradations to increase resiliency of the telemedicine session. The telemedicine system can include a 2D and 3D carotid Doppler and transcranial Doppler and/or other diagnostic devices, and provides for real-time connectivity and communication between medical personnel in an emergency vehicle and a receiving hospital for immediate diagnosis and treatment to a patient in need. | 2017-10-19 |
20170300655 | APPARATUS AND METHODOLOGIES FOR PERSONAL HEALTH ANALYSIS - Apparatus and methodologies are provided for receiving and analyzing physical, behavioral, emotional, social, demographic and/or environmental information about an individual or a group to generate subscores indicative of the information, and utilizing the subscores to estimate or predict the overall wellness of the individual or group. More specifically, the present application relates to the use of physical, behavioral and environmental information about an individual or a group, at least some of the information being obtained and adapted from wearable devices, to measure, monitor and manage the individual's or group's health. | 2017-10-19 |
20170300656 | Evaluating Risk of a Patient Based on a Patient Registry and Performing Mitigating Actions Based on Risk - Mechanisms are provided for modifying a patient care plan or care provider workflow based on a patient risk assessment. The mechanisms analyze a patient medical record in a patient registry to identify at least one clinical measure for a corresponding patient and calculate a risk assessment value based on the at least one clinical measure value. The risk assessment value indicates a risk level for development of a medical condition or the occurrence of a medical event. The mechanisms select at least one of an action item or work flow to be performed to mitigate the risk level indicated by the risk assessment value based on the risk assessment value and a category of the risk assessment value. The mechanisms perform one or more operations for causing the action item to be performed or for performing the work flow. | 2017-10-19 |
20170300657 | Computerized Event Simulation Using Synthetic Populations - Systems, methods, and computer-readable media for simulating the course of an event are provided. A processing unit can receive attributes of a synthetic population and select a synthetic-population graph from a data library based at least in part on the attributes. The processing unit can receive data of an intervention designed to affect the course of the event. The processing unit can then simulate the course of the event in the synthetic-population graph to produce an estimate of the event, based at least in part on the intervention. The event can include an epidemic, and the intervention can include vaccination, facility closures, or medication, in some examples. In some examples, the data library can include a social-contact graph determined at least in part by a broker software module. | 2017-10-19 |
20170300658 | METHODOLOGIES LINKING PATTERNS FROM MULTI-MODALITY DATASETS - A method is disclosed to acquire imaging and non-imaging datasets from like objects. A linkage is found using a partial least squares (PLS) technique between imaging and non-imaging datasets. The linkage is then reduced to an expression of a single numerical assessment. The single numerical assessment is then used as an objective, quantified assessment of the differences and similarities between the objects. The data each dataset can be aspects of performance, physical characteristics, or measurements of appearance. | 2017-10-19 |
20170300659 | APPARATUS AND METHOD FOR MONITORING PATIENT USE OF MEDICATION - Certain aspects of the present disclosure provide a cloud-based platform for monitoring patient adherence to a medication regimen. A cloud-based platform to monitor and promote patient adherence, as described herein, may help enable various useful applications. | 2017-10-19 |
20170300660 | METHOD AND APPARATUS FOR TRACKING MOVEMENT OF AN OBJECT WITHIN A CONTAINER - Certain aspects of the present disclosure provide a platform for monitoring patient adherence to a medication regimen. Certain aspects of the present disclosure also proved various components that may help enable such a platform, such as a smart collar capable of detecting removal and/or insertion of objects from a container (such as a pill container). | 2017-10-19 |
20170300661 | METHOD OF ENHANCED DISTRIBUTION OF PHARMACEUTICALS IN LONG-TERM CARE FACILITIES - Methods of enhanced distribution of pharmaceuticals in long-term care facilities are provided. An embodiment of a method includes positioning two or more pharmaceutical storage and electronic dispensing machines each positioned in a different long-term care facility remote from a long-term care facility pharmacy group management server and in communication therewith, and long-term care facility pharmacy management computer programs associated with the long-term care facility pharmacy group management server to enhance use of the one or more of pharmaceutical storage and electronic dispensing machines. The long-term care facility management computer programs include a patient prescription receiver and a medication dispensing apparatus administrator and are configured and operable to transmit dispensing instructions to the one or more pharmaceutical storage and electronic dispensing machines when no drug conflicts exist to thereby initiate packaging and dispensing of one or more disposable patient dosing packages. | 2017-10-19 |
20170300662 | Personalized Health Care Plan Creation Based on Historical Analysis of Health Care Plan Performance - Mechanisms are provided for implementing a personalized patient care plan (PPCP) system. The PPCP system obtains personal and medical information about a patient of interest and generates a patient registry record in a patient registry based on the obtained personal and medical information. The patient registry comprises a plurality of patient registry records corresponding to a plurality of patients. The PPCP system performs a historical analysis of at least one patient registry record to identify elements of one or more personal care plans which were able to be successfully achieved by at least one corresponding patient. The PPCP system generates a personalized patient care plan for the patient of interest, comprising a sequence of patient actions to be performed by the patient of interest, based on an analysis of the obtained personal and medical information in the patient registry record and results of the historical analysis. | 2017-10-19 |
20170300663 | EQUIPMENT FOR PROVIDING A REHABILITATION EXERCISE - A user equipment providing a rehabilitation exercise to a patient, the exercise including playing a videogame. The user equipment includes a processor, a display, and a motion sensing input device. The processor is configured to run the videogame, the display to show a moving target, and the device to transduce a motion of the patient into a motion of a marker on the display. The processor is configured to: before the patient starts the exercise, select a target trajectory and a maximum target speed; and, during the exercise, adjust a current target speed based on the maximum speed and a distance between the target and the marker. The patient can perform rehabilitation by playing videogames that may be remotely controlled by a therapist and whose level of difficulty may be automatically adjusted based on the patient current condition. | 2017-10-19 |
20170300664 | MEDICAL REPORT GENERATION APPARATUS, METHOD FOR CONTROLLING MEDICAL REPORT GENERATION APPARATUS, MEDICAL IMAGE BROWSING APPARATUS, METHOD FOR CONTROLLING MEDICAL IMAGE BROWSING APPARATUS, MEDICAL REPORT GENERATION SYSTEM, AND NON-TRANSITORY COMPUTER READABLE MEDIUM - A medical report generation apparatus which generates a medical report including region information of a target region specified in a medical image includes one or more processors, an obtaining unit configured to obtain at least a representative image based on the medical image and group information indicating a group of the region information, and a display unit configured to update and display the representative image of the medical report such that the group is distinguishable in accordance with the group information obtained by the obtaining unit. | 2017-10-19 |
20170300665 | Method For Conducting Adaptive Clinical Trial With Drug Delivery Device - The method set out herein involves conducting adaptive clinical trial to develop parenteral therapeutic product with variable dose drug delivery devices. The method comprises using a variable dose drug delivery device to respond modifications during the adaptive clinical trial, wherein the variable dose drug delivery device is able to deliver more than one dose level and is for delivering fluid formulation. Other methods set out herein involve using a variable dose drug delivery device equipped with radio frequency identification (RFID) or near field communication (NFC) technology to improve patient adherence to drug administration in the adaptive clinical trial. | 2017-10-19 |
20170300666 | APPARATUS AND METHOD FOR IMPROVING CHEMICAL PROCESS EFFICIENCY AND PROMOTING SHARING OF CHEMISTRY INFORMATION - Apparatus and method for improving chemical process efficiency and promoting sharing of chemistry information for guiding and encouraging scientific researchers and institutions to develop and share more efficient chemical processes. Technical solution comprises: by means of execution and assessment analysis of relevant chemical processes of target compound or target compound system and provision of application program and website having social and electronic transaction functions installed on mobile device for scientific researchers on basis of Internet technology, sharing, transaction and assessment of relevant chemical processes of and chemistry information about compound can be disclosed are implemented, and users are guided and encouraged to share chemistry information and experience via electronic transaction system, developing more efficient chemical processes, reducing resource waste, promoting research and development efficiency, improving research and development efficiency of unknown innovative chemical processes and compounds. | 2017-10-19 |
20170300667 | SYSTEM AND METHOD FOR ELECTRONIC DISTRIBUTION OF SOFTWARE AND DATA - According to computerized methods of distributing software and data, software components may be distributed electronically for execution in controlled environments. Such a controlled environment may, for example, restrict the components' ability to communicate through a network to one or more specified hosts. When a component requests data, such as a stream of financial data, the request may specify a source of the data, and the request may be granted or denied by the distributor based on whether the specified source is an authorized source of the data and/or whether the requested data is available from an authorized source. | 2017-10-19 |
20170300668 | SYSTEM AND METHODS FOR PROVISIONING AND MONITORING LICENSING OF APPLICATIONS OR EXTENSIONS TO APPLICATIONS ON A MULTI-TENANT PLATFORM - Embodiments of the invention provide a mechanism for a multi-tenant platform operator (or a developer or publisher of an application or an extension to an existing platform application) to control the access and functionality available within the application or extension on an account specific basis, based on the subscription license terms applicable to each account/customer. Embodiments of the invention enable a more practical and efficient management of access controls and functionality for a relatively large customer base, where certain accounts, customers, or users may be entitled to a different or at least partially different set of rights and functionality | 2017-10-19 |
20170300669 | ENTERPRISE APPLICATION MANAGEMENT WITH ENROLLMENT TOKENS - Embodiments of the disclosure provide application management capabilities to enterprises. A computing device of a user, associated with the enterprise, receives an enrollment token signed with a certificate. The enrollment token includes an enterprise identifier associated with the enterprise. The computing device receives a package containing one or more applications. The package also includes an enterprise identifier. Installation and execution of one or more applications from the received package is accepted or rejected based on a comparison of the enterprise identifier from the enrollment token with the enterprise identifier from the received package or application. A web service provides validation services by monitoring the installation and execution of applications on the computing devices associated with the enterprise. | 2017-10-19 |
20170300670 | SYSTEMS AND METHODS FOR WATERMARKING SOFTWARE AND OTHER MEDIA - Systems and methods are disclosed for embedding information in software and/or other electronic content such that the information is difficult for an unauthorized party to detect, remove, insert, forge, and/or corrupt. The embedded information can be used to protect electronic content by identifying the content's source, thus enabling unauthorized copies or derivatives to be reliably traced, and thus facilitating effective legal recourse by the content owner. Systems and methods are also disclosed for protecting, detecting, removing, and decoding information embedded in electronic content, and for using the embedded information to protect software or other media from unauthorized analysis, attack, and/or modification. | 2017-10-19 |
20170300671 | AUTOMATICALLY MANAGING OPERATION ACROSS MULTIPLE PERSONAS IN ELECTRONIC DEVICE - Embodiments herein achieve a method for managing at least one operation in an electronic device. The method includes detecting, by a persona manager, at least one user-defined persona including a set of access permissions in the electronic device. Further, the method includes automatically creating, by the persona manager, one or more system-defined persona(s) including access permission to perform the at least one operation in the electronic device. The access permission associated with one or more system-defined persona(s) is dynamically defined based on the access permissions associated with the user-defined persona. Further, the method includes detecting, by the persona manager, an event in the user-defined persona based on the access permission of the user-defined persona. Furthermore, the method includes dynamically switching, by the persona manager, from the user-defined persona to the at least one system-defined persona. | 2017-10-19 |
20170300672 | FIELD CONTROL ANNOTATIONS BASED ON AUTHORIZATION OBJECTS - An application scaffold is generated based on an object model. The object model includes CDS objects and DCL objects. The CDS objects and the DCL objects are evaluated together with corresponding CDS annotations and DCL annotations. Based on the evaluation, a field control hub is generated. The field control hub evaluates the DCL annotations and determines, based on one or more authorization objects from the DCL annotations, field control data for a field from a number of fields of a UI. When a user requests the UI, the field of the UI is displayed in accordance with the determined field control data for a role of the user. | 2017-10-19 |
20170300673 | INFORMATION APPARATUS AND METHOD FOR AUTHORIZING USER OF AUGMENT REALITY APPARATUS - Embodiments herein provide a computer-implement method for authorizing an object and a user of an augment reality apparatus. The method includes detecting, by an information apparatus, the object pointed by the augment reality apparatus. Further, the method includes determining, by the information apparatus, an authorization level based on a user key and an object key, wherein the authorization level identifies a role of the user and information about the object to be published based on the role of the user. Further, the method includes causing, by the information apparatus, to display the information associated with the object based on the role of the user on the augment reality apparatus. | 2017-10-19 |
20170300674 | Transaction Medium - A transaction medium comprises a non-e-paper portion and a passive e-paper display portion to display a first expression of an authentication element in a secure representation. The first expression is related to a second expression of the authentication element, wherein a comparison of the first expression and the second expression determines authentication. | 2017-10-19 |
20170300675 | LOGIN INTERFACE SELECTION FOR COMPUTING ENVIRONMENT USER LOGIN - A device may provide a login process to authenticate users prior to admittance to a computing environment. The device may also enable users to adjust various the computing environment, e.g., the language selected for communicating with the user and the user interfaces to be presented to the user, and may store such adjustments in a secured user account. However, if the user account is inaccessible to the device during the login process, the device is unable to adapt the login process to apply the user's adjustments. Instead, the device may be configured to store users' adjustments (including language selection) outside of the user accounts, and to, upon identifying the user during the login process, present login interfaces specified in the user account. Additionally, users may select different login interfaces during login, and the device may retrieve these login interfaces for selection during future login processes for the same user. | 2017-10-19 |
20170300676 | METHOD AND DEVICE FOR REALIZING VERIFICATION CODE - A method and device for realizing a verification code are provided. In some embodiments, a character verification code is obtained and displayed when it is determined to perform identity verification. The character verification code has an incorrect character based on a priori knowledge. The user is prompted to input a correct character corresponding to the incorrect character in the character verification code. Verification information is received. It is determined that the verification is successful when the verification information corresponds to the correct character of the prior knowledge; otherwise, the verification failed. | 2017-10-19 |
20170300677 | Security Mode Prompt Method and Apparatus - A security mode prompt method and apparatus where the method includes when it is determined that a terminal is currently in a first security mode, acquiring prestored first security information; receiving first verification information entered by a user, and establishing a first correspondence between the first security information and the first verification information; displaying confusion information, the first security information, and the first verification information on a screen for the user to select; receiving a selection result of the user, and determining, according to the first correspondence, whether the selection result of the user meets a preset rule; and when the selection result of the user meets the preset rule, prompting the user that the terminal is in a second security mode. Using the present disclosure, security of a terminal can be improved. | 2017-10-19 |
20170300678 | METHOD AND APPARATUS FOR USING A BIOMETRIC TEMPLATE TO CONTROL ACCESS TO A USER CREDENTIAL FOR A SHARED WIRELESS COMMUNICATION DEVICE - Methods and apparatus for using a biometric template to control access to a user credential for a shared wireless communication device. One method includes receiving, from a mobile device, an authentication request. The authentication request includes a device credential associated with the mobile device. The method further includes receiving, from the mobile device, a request for a biometric template of a user. The method further includes determining, by reference to at least one of a group consisting of the device credential and an authorization database, that the mobile device is authorized to receive the biometric template of the user based on at least one attribute controlling a use of the biometric template. The method further includes, in response to determining that the mobile device is authorized to receive the biometric template of the user, conveying the biometric template of the user to the mobile device. | 2017-10-19 |
20170300679 | IDENTITY VERIFICATION - Certain embodiments of the invention generally relate to identity verification. A server may include at least one processor, and at least one memory including computer program code. The at least one memory and the computer program code may be configured to, with the at least one processor, cause the server at least to receive a data signal from a user computer for a user request to schedule an enrollment session with a remote live person, send a data signal to the user computer, capture a picture of the user via the webcam, perform a first verification, perform a second verification, perform a third verification, and perform a subsequent identity verification of the user. | 2017-10-19 |
20170300680 | BIOMETRIC ENROLMENT AUTHORISATION - A method of authorising enrolment of an RFID device including a biometric sensor may include separately sending the RFID device and an authorisation code associated with the RFID device to the user. The RFID device is configured such that, when the user presents the RFID device to an RFID terminal and inputs the authorisation code to the terminal, the RFID device will enter an enrolment mode during which the user is authorised to enrol their biometric data. | 2017-10-19 |
20170300681 | SYSTEM AND METHOD FOR USER ENROLLMENT IN A SECURE BIOMETRIC VERIFICATION SYSTEM - A computer-implemented method and system for verifying the identity of a user in an identity authentication and biometric verification system which includes collecting information from the user regarding the user's identity, which is then electronically authenticated. Upon authentication, personal information regarding the verified identity of the user is retrieved from a source database which is used to verify the identity of the user, via user interaction. Upon successful verification and authentication, biometric data regarding the user is electronically collected. | 2017-10-19 |
20170300682 | FINGERPRINT GESTURES - User authentication for a user device can leverage one or more fingerprint sensor regions capable of detecting and/or recognizing a user's fingerprints. The user can define a fingerprint gesture or sequence of fingerprint gestures as a passcode, with access to a protected function being conditional on the user performing the defined fingerprint gesture or sequence of fingerprint gestures. Different fingerprint gestures or fingerprint gesture sequences can invoke or authorize different functions of the device. Fingerprint gestures from two or more users in the same location or in different locations can be used to unlock a protected function of a device. | 2017-10-19 |
20170300683 | AUTHENTICATION SOURCE SELECTION - An example method is provided for a computing device to select an authentication source. The method may comprise receiving a request to authenticate a user account and determining multiple authentication sources that are capable of processing the request. The multiple authentication sources may be associated with respective performance indicators. The method may also comprise selecting a particular authentication source to process the request, wherein the particular authentication source is selected from the multiple authentication sources based on the performance indicators. The method may further comprise processing the request using the particular authentication source to authenticate the user account. | 2017-10-19 |
20170300684 | METHOD OF AUTHENTICATING A USER, CORRESPONDING TERMINALS AND AUTHENTICATION SYSTEM - A method of authenticating a user at a first terminal or a remote server connected to the first terminal, the authentication including inputting a code into the first terminal by the user and in comparing this code with a confidential personal code of the user, the confidential personal code comprising symbols to be input successively by the user into the first terminal, the method including transmitting from the first terminal to a second terminal belonging to the user a disordered series of symbols, a subset of which constitutes the confidential personal code, displaying on a screen of the second terminal the disordered series of symbols in a grid, called the second grid, each symbol of the series being contained in a box of the second grid, inputting by the user on the first terminal, the confidential personal code into a grid, called the first grid, at the corresponding locations of the symbols of the confidential personal code in the second grid, and verifying, at the first terminal or the remote server, that the series of symbols Input by the user is identical to the confidential personal code, so as to authenticate the user. | 2017-10-19 |
20170300685 | METHOD AND SYSTEM FOR VISUAL AUTHENTICATION - A method for visual authentication with a monitoring system. The method includes pre-provisioning the monitoring system with a reference visual authentication element, obtaining an image of a user-presented visual authentication element and generating a validation result by validating the user-presented visual authentication element against the reference visual authentication element. The method further includes, based on the validation result, making a determination that the user-presented visual authentication element matches the reference visual authentication element, and taking an action affiliated with the reference visual authentication element. | 2017-10-19 |
20170300686 | VISUAL STORYTELLING AUTHENTICATION - Method, system and media for authenticating a subject as a user. Embodiments generate visual stories specific to the user and for which the subject must select the corresponding images from among a plurality of decoy images. Gaze tracking can be used to determine which images the user has selected without allowing an observer to learn which images have been selected. Images for the visual story can be retrieved from the user's social networking profile, and corresponding text storied generated to indicate which images should be selected. Multiple security levels are possible by varying the number of story images and decoy images. | 2017-10-19 |
20170300687 | SYSTEMS, METHODS, AND APPARATUSES FOR CREDENTIAL HANDLING - An approach is described for securely and automatically handling credentials when used for accessing endpoints, and/or applications and resources on the endpoints, and more particularly accessing web endpoints and/or web applications and resources on the web endpoints. The approach involves selecting and injecting credentials at an endpoint by an accessor and/or protocol agent to log into the endpoint, running applications, or gaining access to resources on the endpoint, without full credential information traversing the accessor's machine. | 2017-10-19 |
20170300688 | System and Method for Detecting and Preventing Execution of Malicious Instructions within a Processor of a Computing Device - In one aspect of the embodiments, malicious instructions executed or to be executed by a processor in a computing device are identified and preventive action is taken in response to that detection, thereby preventing harm to the computing device and the user's data by the malicious instructions. In another aspect of the embodiments, a thread context monitor determines which thread are active within an operating system at any given time, which further enhances the ability to determine which thread contains malicious instructions. | 2017-10-19 |
20170300689 | ANONYMIZED APPLICATION SCANNING FOR MOBILE DEVICES - Disclosed are various approaches for integrating application scanning into a mobile enterprise computing management system. A management service can add a first command to a command queue associated with a client device, wherein the first command instructs the client device to provide a list of installed applications to the management service. The management service then receives a first request from the client device for the first command stored in the command queue and sends the first command to the client device. Later, the management service receives the list of installed applications from the client device. The management service can then add the list of installed applications to an aggregate listing of applications, wherein the aggregate listing of applications represents a list of client applications installed on one or more of a plurality of client devices. Subsequently, the management service sends to a scanning service a policy comprising an identifier of a prohibited client application, wherein the presence of the prohibited client application is prohibited on the client device. The management service also sends the aggregate listing of applications to the scanning service. The management service then receives a notification from the scanning service, the notification an indication that the prohibited client application is present in the aggregate listing of applications. In response, the management service adds a second command to the command queue, wherein the second command instructs the client device to determine whether the prohibited client application is installed on the client device and to perform a remedial action specified by the policy in response to a determination that the prohibited client application is installed on the client device. The management service then receives a second request from the client device for the second command stored in the command queue and sends the second command to the client device. | 2017-10-19 |
20170300690 | ENDPOINT MALWARE DETECTION USING AN EVENT GRAPH - A data recorder stores endpoint activity on an ongoing basis as sequences of events that causally relate computer objects such as processes and files, and patterns within this event graph can be used to detect the presence of malware on the endpoint. The underlying recording process may be dynamically adjusted in order to vary the amount and location of recording as the security state of the endpoint changes over time. | 2017-10-19 |
20170300691 | TECHNOLOGIES FOR SOFTWARE BASIC BLOCK SIMILARITY ANALYSIS - Technologies for analyzing software similarity include a computing device having access to a collection of sample software. The computing device identifies a number of code segments, such as basic blocks, within the software. The computing device normalizes each code segment by extracting the first data element of each computer instruction within the code segment. The first data element may be the first byte. The computing device calculates a probabilistic feature hash signature for each normalized codes segment. The computing device may filter out known-good code segments by comparing signatures with a probabilistic hash filter generated from a collection of known-good software. The computing device calculates a similarity value between each pair of unfiltered, normalized code segments. The computing device generates a graph including the normalized code segments and the similarity values. The computing device may cluster the graph using a force-based clustering algorithm. Other embodiments are described and claimed. | 2017-10-19 |
20170300692 | Hardware Hardened Advanced Threat Protection - Systems and methods for hardware hardened advanced threat protection are described. In some embodiments, an Information Handling System (IHS) may include a processor; and a Basic Input/Output System (BIOS) coupled to the processor, the BIOS having BIOS instructions stored thereon that, upon execution, cause the IHS to: launch an Extensible Firmware Interface (EFI) gateway module; and determine, using the EFI gateway module, whether the BIOS instructions include malware. | 2017-10-19 |
20170300693 | FOG-BASED DISTRIBUTED MALWARE DEFENSE - In one embodiment, a device in a network joins a fog-based malware defense cluster comprising one or more peer devices. The device and each peer device in the cluster are configured to execute a different set of local malware scanners. The device receives a file flagged as suspicious by a node in the network associated with the device. The device determines whether the local malware scanners of the device are able to scan the file. The device sends an assessment request to one or more of the peer devices in the malware defense cluster, in response to determining that the local malware scanners of the device are unable to scan the file. | 2017-10-19 |
20170300694 | SYSTEM AND METHOD FOR MAINTAINING SECURITY TAGS AND REFERENCE COUNTS FOR OBJECTS IN COMPUTER MEMORY - Described is a system and method for monitoring and enforcing information flow security in software systems. The system maintains security tags and reference counts for objects in computer memory. When an object or a portion of an object in the computer memory is being modified, the system arbitrarily performs operations of updating a security tag for the object being modified; updating reference counts for all objects that the portion of the object in the computer memory being modified pointed to immediately prior to modification; and updating reference counts for all objects that the portion of the object in the computer memory being modified points to immediately after the modification. Subsequently, the system examines the security tags and if the examination reveals a potential information flow security violation, a corrective action is performed. | 2017-10-19 |
20170300695 | ENCRYPTION AND DECRYPTION METHOD AND APPARATUS IN VIRTUALIZATION SYSTEM, AND SYSTEM - An encryption and decryption method in a virtualization system is disclosed. The virtualization system includes a VMM and an encryption and decryption virtual machine. The VMM includes a control module, the encryption and decryption virtual machine records a first association relationship between a hard disk image identifier and a key, the key includes an encryption key, and the virtualization system records a second association relationship between the hard disk image identifier and a hard disk image attribute. The control module in the VMM is configured to determine whether to-be-written data needs to be encrypted and forward the to-be-written data, which makes it easy to implement a function and reduces system complexity of the VMM. In addition, encryption or decryption is processed without occupying a resource in the VMM. | 2017-10-19 |
20170300696 | SOFTWARE VERIFICATION METHOD AND APPARATUS - A software verification method and apparatus are disclosed, applied to the cloud computing field and the communications field, and can be used to automatically verify whether an installation file of VNF software has been tampered with. The method includes: obtaining installation files of VNF software and signature files of the installation files, where the signature files of the installation files are used to store verification information of the installation files; verifying the installation files according to the signature files of the installation files; and determining, if the verification of the installation files succeeds, that the VNF software has not been tampered with. | 2017-10-19 |
20170300697 | ENFORCING SECURITY POLICIES FOR SOFTWARE CONTAINERS - In response to an attempt to install an instance of a container in a production environment, a set of security criteria associated with the container and features of the production environment are compared. Based on the comparison, a determination is made as to whether the features of the production environment satisfy the set of security criteria. | 2017-10-19 |
20170300698 | Distributed System for Discovery of Vulnerabilities in Applications Including Detecting and/or Filtering Out Vulnerability Duplicates - A vulnerability report evaluation system comprises a preprocessor that takes as its input a data record representing a vulnerability report and outputs a search record. The vulnerability report evaluation system further comprises a search engine and a searchable corpus comprising records of vulnerabilities, wherein the search engine is configured to use the outputted search record to search the corpus. The vulnerability report evaluation system can flag search result hits resulting from the searched search record as an indication that the submitted vulnerability report is a duplicate of an earlier vulnerability report or as a flag to trigger manual review, while providing efficient processing of vulnerability report data records. | 2017-10-19 |
20170300699 | System, Method and Apparatus to Visually Configure an Analysis of a Program - A method extracts views from an application program, where at least some extracted views include at least one view component, and presenting the extracted views to a user. In response to the user selecting a view component in a presented extracted view, the method presents a form to the user having a plurality of vulnerability types indicated for the selected view component and, for each vulnerability type, provides an ability for the user to set an indicator in the form as to indicate whether the view component is at least one of a source or a sink. The method further includes saving the form containing the user's input in conjunction with a user-provided label for the selected view component and a unique identification of the selected view component, and deriving an analysis policy configuration from the saved form that is formatted for use by a program security analyzer. | 2017-10-19 |
20170300700 | METHOD FOR CONTROLLING LOCK STATUS OF APPLICATION AND ELECTRONIC DEVICE SUPPORTING SAME - Provided are a method of controlling a lock status of an application and an electronic device supporting the method. The method includes receiving a first touch input on a first icon displayed on a screen, detecting a first duration for which the first touch input is maintained, and setting a lock status of an application corresponding to the first icon in response to the first duration being greater than or equal to a first threshold period. | 2017-10-19 |
20170300701 | SECURE AND COMPLIANT EXECUTION OF PROCESSES - At design time, a process designer may generate a workflow model of a process associated with in-memory database. The workflow model include tasks and authorization constraints. The authorization constraints are task based constraints, associated with the workflow model. The workflow model is translated into transition system format to generate a reachability graph including possible workflow execution paths. The reachability graph may be translated in a database query format to generate a monitor. At runtime, when a request is received from a process participant to execute a specific task in the workflow model, the monitor is able to enforce authorization constraints and authorization policies received at the runtime, and ensure secure and compliant execution of processes. | 2017-10-19 |
20170300702 | PRESERVING DATA PROTECTION AND ENABLING SECURE CONTENT AWARENESS IN QUERY SERVICES - Embodiments of the present disclosure include systems and methods for providing query service of secured contents. A data collection service collects data and security context associated with the data from a data source and stores the data with the security attributes in a datastore, where the security attributes are derived from the security context and used to determine access to the data so that access to the data is consistent with the security context. Upon receiving a query and a user context of a requester making the query of the datastore, a set of query results is obtained. Based on the user context and security attributes, it is determined whether the requestor has a proper right to access the query results. If the requestor has a proper right to access the query results, access to the query results is granted. | 2017-10-19 |
20170300703 | Securely Processing Range Predicates on Cloud Databases - Methods, systems, and computer program products for securely processing range predicates on cloud databases are provided herein. A computer-implemented method includes separately encrypting a set of plain text data using two or more encryption functions, thereby producing an encrypted domain comprising at least two distinct groups of encrypted data items; converting a range query over plain text data items into a query over at least one of the distinct groups of encrypted data items; and combining results from the query over the distinct groups of encrypted data items, thereby generating a final encrypted result to the range query. | 2017-10-19 |
20170300704 | System for Controlling Database Security and Access - Systems for controlling access to a database are provided. A system may include a computing platform that may receive a request to access a database from a computing device. A unique identifier of the computing device may be compared to pre-registered device identifiers to determine whether the computing device is authorized to access the database. If not, the computing platform may prevent the computing device from accessing the database. If the computing device is authorized to access the database, the system may receive credentials from a user associated with the computing device. The system may determine whether the credentials of the user match credentials of a user authorized to access the database. If not, the system may prevent the user from accessing the database. If the user authorized to access the database, the system may determine one or more types of data the user is authorized to access. | 2017-10-19 |
20170300705 | HYBRID APPROACH TO DATA GOVERNANCE - A cloud-based data governance system includes a processing unit, a network adapter, and memory for storing data and code. The network adapter establishes a connection with a remote data storage system associated with a remote file system over a wide-area network (WAN). The code includes and event collection interface, a data governance service, and an enforcement service. The event collection interface is configured to capture an event from the remote data storage system. The event is indicative of a file system operation executed on a data object of the remote file system. The data governance service is configured to receive the event from the event collection interface and to process the event to determine whether the file system operation conflicts with a governance policy of the data governance system. The enforcement service executes a set of remediation actions, if the file system operation does conflict with the governance policy. | 2017-10-19 |
20170300706 | HYBRID APPROACH TO DATA GOVERNANCE - A cloud-based data governance system includes a processing unit, a network adapter, and memory for storing data and code. The network adapter establishes a connection with a remote data storage system associated with a remote file system over a wide-area network (WAN). The code includes and event collection interface, a data governance service, and an enforcement service. The event collection interface is configured to capture an event from the remote data storage system. The event is indicative of a file system operation executed on a data object of the remote file system. The data governance service is configured to receive the event from the event collection interface and to process the event to determine whether the file system operation conflicts with a governance policy of the data governance system. The enforcement service executes a set of remediation actions, if the file system operation does conflict with the governance policy. | 2017-10-19 |
20170300707 | Method and Device for Accessing and Processing Image - A method and device for processing and accessing image are provided. The image processing method includes: one or more protected areas are determined in an original picture to be processed, image data of the one or more protected areas are protected by adding access rights, one or more independent sub-image data corresponding to the one or more protected areas are obtained, and then the one or more protected areas in the original picture are shielded to obtain main image data, the images in the protected areas being invisible in the shielded original picture; and the one or more obtained independent sub-image data and the obtained main image data are associatively stored. | 2017-10-19 |
20170300708 | METRICS AUTHORIZATION BASED ON A CERTIFICATE - In one implementation, a system can include a tenant engine to maintain a plurality of tenant profiles with access to a first set of metrics of a plurality of metrics based on authorization via a certificate, a metrics engine to maintain a plurality of metrics derived from instrumentation of a plurality of applications, and a report engine to provide the first set of metrics in response to a report request when the report request is from a user associated with a first tenant profile of the plurality of tenant profiles and the first tenant profile is authorized to access the first set of metrics based on the certificate associated with a private key used to sign a first application of the plurality of applications. | 2017-10-19 |
20170300709 | LIMITED-ACCESS FUNCTIONALITY ACCESSIBLE AT LOGIN SCREEN - Techniques and technologies for providing limited-access functionality accessible at a “login screen” (or “lock screen”) of a device are described. In at least some embodiments, a system includes a user interface operatively coupled to a processing component; and one or more instructions stored on a memory that, when executed by the processing component, are configured to: (a) generate a login portion displayed on the user interface, the login portion configured to receive at least one user access credential to determine whether to provide access to one or more authorized-access functionalities; and (b) generate a limited-access functionality access portion displayed on the user interface concurrently with the login portion, the limited-access functionality access portion configured to provide access to at least one limited-access functionality without requiring receipt of the at least one user access credential. | 2017-10-19 |
20170300710 | RETROACTIVE SHARED CONTENT ITEM LINKS - A content management system implementing methodologies providing retroactive shared content item links is disclosed. The content management system and methodologies allow a team administrator of a team to configure a team-wide shared link policy that determines whether non-team members can access content items associated with team accounts using shared links generated for the content items by team members. The team shared link policy has two settings. In a first setting, the content management system allows non-team members to use shared links generated by team members to access content items associated with team accounts. In a second setting, the content management system blocks access to the content items by non-team members. Shared links are retroactive in the sense they do not need to be regenerated after the team shared link policy has been changed from the second setting back to the first setting. | 2017-10-19 |
20170300711 | INFORMATION PROCESSING METHOD AND DEVICE AND COMPUTER-READABLE MEDIUM - Disclosed are an information processing method and device and a computer-readable medium. The method includes: communication data is acquired from a communication link; the communication data is analysed to acquire attribute information of the communication data and first information carried by the communication data; a target information prompting manner is selected from at least two information prompting manners based on the attribute information; and the first information carried by the communication data is prompted in the target information prompting manner, wherein when the first information is prompted in a first information prompting manner, the first information and source information are presented in a first display interface, and when the first information is prompted in a second information prompting manner, second information and the source information are presented in a second display interface, and the first information is presented when the second display interface receives particular operation. | 2017-10-19 |
20170300712 | FINE GRAIN SECURITY FOR ANALYTIC DATA SETS - The technology disclosed relates to assigning field level security to fields extracted from primary sources on a batch basis and compiled into analytical, read-only databases, for ultra-fast, ad-hoc data exploration and faceted navigation on integrated, heterogeneous data sets. The method includes assigning field level security to the extracted fields by combining user selectable inheritance of field level security from source fields that yield the extracted fields, with pinning of inheritance of field level security for the extracted fields to reference fields in the database sources wherein the reference fields are distinct from the extracted fields. The disclosed method also includes receiving additional fields as unsecured data sets, and assigning field level security to the additional fields, received by combining user selectable explicit specification of field level security for the received fields with pinning of inheritance of field level security for the received fields to reference fields in the database sources. | 2017-10-19 |
20170300713 | Method and System for Verifiable Searchable Symmetric Encryption - A method for verification of search results in an encrypted search process includes transmitting a search query including the encrypted keyword from a client to a server, and receiving a response to the search query and a first plurality of hash values from at least one hash tree from the server. The method further includes generating, a first message authentication code (MAC) based on the response, generating a first regenerated root node hash value using the first MAC, the first plurality of hash values, and a predetermined hash function, and generating an output message with the client indicating that the response is invalid in response to the first regenerated root node hash value not matching a predetermined first root node hash value stored in the memory of the client. | 2017-10-19 |
20170300714 | PREFIX SEARCH IN ENCRYPTED TEXT - A method enables prefix search of cloud stored encrypted files that are encrypted using an order preserving encryption (OPE) algorithm. The encrypted text prefix search method generates a minimum possible plaintext string and a maximum possible plaintext string of the same character length including the search term as the prefix. The minimum and maximum possible plaintext strings are encrypted using the same order preserving encryption algorithm for the encrypted text. The method determines from the minimum ciphertext and the maximum ciphertext a set of common leading digits. The set of common leading digits is used as an OPE encrypted prefix search term and provided to a cloud storage service to search in the cloud stored encrypted files for encrypted text matching the OPE encrypted prefix search term. | 2017-10-19 |
20170300715 | PATIENT DATA HUB - In one example, the patient data hub includes a housing, a first network interface disposed within the housing, a second network interface disposed within the housing, a first controller coupled to the first network interface and a second controller coupled to the second network interface. The first controller is configured to receive sensitive patient data via the first network interface and to transmit the sensitive patient data to the second controller. The second controller is configured to receive the sensitive patient data from the first controller, to secure the sensitive patient data according to a security standard to provide secured sensitive patient data, and to store the secured sensitive patient data in a data storage device. | 2017-10-19 |
20170300716 | SYSTEM AND METHOD FOR GENERATION, STORAGE, ADMINISTRATION AND USE OF ONE OR MORE DIGITAL SECRETS IN ASSOCIATION WITH A PORTABLE ELECTRONIC DEVICE - A system for generation, storage, administration and use of one or more digital secrets in association with a portable electronic device. The system comprises a highly secured memory that stores only one or more master keys; a keystore implemented in the portable electronic device outside of the highly secured memory; one or more cryptography applets implemented in the portable electronic device outside of the highly secured memory; and a highly trusted intermediary module (ThIM) implemented outside of the highly secured memory, the ThIM establishes and manages a highly trusted communication conduit between the highly secured memory, the keystore, the one or more cryptography applets, and at least one third party application, wherein the ThIM polls the portable electronic device, the highly secured memory, the keystore, the one or more cryptography applets to determine a trust score, initialization cost, and transaction cost for each component in the portable electronic device, the ThIM providing a trusted third party application acceptable interaction parameters based on the trust score, the initialization cost, and the transaction cost, the ThIM managing highly trusted communications between the trusted third party application and the highly secured memory in accordance with the acceptable interaction parameters. | 2017-10-19 |
20170300717 | MOBILE OBJECT AND ANTENNA AUTOMATIC ALIGNMENT METHOD AND SYSTEM THEREOF - An antenna automatic alignment method for a mobile object includes acquiring, in real time, current feature information of a plurality of antennas of the mobile object, and selecting one of the antennas to establish a communication link with a wireless terminal in accordance with the current feature information of the plurality of antennas. | 2017-10-19 |
20170300718 | IDENTIFYING ONLINE SYSTEM USERS INCLUDED IN A GROUP GENERATED BY A THIRD PARTY SYSTEM WITHOUT THE THIRD PARTY SYSTEM IDENTIFYING INDIVIDUAL USERS OF THE GROUP TO THE ONLINE SYSTEM - A third party system generates a group of users and a function that identifies users in the group as well as additional users not in the group when applied to user identifying information. The third party system transmits the function to an online system, which applies the function to user identifying information associated with various users of the online system. Applying the function to the user identifying information generates a set of users including users in the group and one or more additional users who are not in the group. The online system transmits information associated with users in the set and information identifying users in the set to the third party system, which determines obtained information associated with users of the group. In some embodiments, the information identifying users in the set is obfuscated user identifying information associated with the users in the set by the online system. | 2017-10-19 |
20170300719 | COMPUTER SECURITY FRAMEWORK AND HARDWARE LEVEL COMPUTER SECURITY IN AN OPERATING SYSTEM FRIENDLY MICROPROCESSOR ARCHITECTURE - A microprocessor computer system for secure/high assurance/safety critical computing includes a hardware subsystem having a plurality of cache controller and cache bank modules including cache bank and memory cell hardware permission bits for managing and controlling access to system resources. A computer security framework subsystem includes a hierarchy of access layers comprising top layers and lower layers. The permission bits provide hardware level computer security primitives for a computer operating system. The top layers are completely trusted and the lower layers are moderately trusted to completely untrusted. The top layers include a trusted operating system layer that executes management and control of the system resources and permission bits. The permission bits define limits for a hardware execution security mechanism for less trusted to completely untrusted software. Exceeding bounds of the security mechanism results in a hardware exception thereby blocking all attempts to access or modify resources outside the security mechanism. | 2017-10-19 |
20170300720 | SYSTEM FOR AND METHOD OF CRYPTOGRAPHIC PROVISIONING - A system for and method of securely provisioning a module with cryptographic parameters, such as cryptographic keys and key tables, is presented. Such modules may be used to enable encrypted communications between mobile phones to which they are coupled. The system and method prevent a malevolent individual involved in manufacturing the modules from compromising the security of the module. In particular, the modules are provisioned by an entity different from the manufacturer. | 2017-10-19 |
20170300721 | Authorization Control for an Anti-Theft Security System - Improved systems and techniques are disclosed for controlling the security states of anti-theft security systems such as product display assemblies using security fobs. According to an example embodiment, a manager security fob and another security fob that is to be authorized for use in controlling the security status of a product display assembly can interact with a system in accordance with a defined sequence to add the another security fob to an authorization list for the product display assembly. For example, the defined sequence can be a connection of the manager security fob with the system, followed by a disconnection of the manager security fob from the system, followed a connection of the another security fob with the system within a defined window. | 2017-10-19 |
20170300722 | REDUCED INK COVERAGE OF PRINTED ELECTRONIC DESIGNS BY ALTERNATIVE FILL PATTERNS COMPRISING RAY AND GRID PATTERNS - The present invention relates to an information carrier comprising an electrically non-conductive substrate with an electrically conductive layer arranged as a pattern which encodes information, wherein said pattern is formed from at least one input region, at least one connecting line and at least one contact area. The information carrier is inter alia characterized in that the sub areas of the at least one input region have an area coverage in a range of 20 to 80% and/or the at least one contact area has an area coverage in a range of 5 to 80%. In further aspects, the invention relates to a use of said information carrier and a method of manufacture. | 2017-10-19 |
20170300723 | RADIO-FREQUENCY IDENTIFICATION TRANSPONDER AND METHOD FOR SENDING A RADIO-FREQUENCY IDENTIFICATION MESSAGE - Embodiments provide a method for sending a message from an RFID transponder to a reader during a transmission frame using active load modulation, the method comprising. An encoded bit signal has a first logic level during first time segments within the transmission frame and a second logic level during second time segments within the transmission frame. The first time segments include an initial time segment of the transmission frame. A transmission signal is generated based on the encoded bit signal. The transmission signal is generated having a first phase depending on the first logic level during the first time segments, a second phase depending on the second logic level during the second time segments, and the second phase during a time interval preceding the transmission frame. | 2017-10-19 |
20170300724 | RADIO FREQUENCY IDENTIFICATION TAG APPLICATION AND ENCODING DEVICE - A radio frequency identification (RFID) encoding device can comprise an applicator, an RFID reader with an antenna, and a housing having a receptacle. The receptacle can be configured to receive a vial. The applicator can be configured to apply an RFID tag to the vial. The RFID reader can have at least one antenna. The antenna can be configured to communicate with the RFID tag. The device can be configured to communicate with a host computer. | 2017-10-19 |
20170300725 | ARRANGEMENT FOR DETERMINING THE PLUGGING POSITION OF A HOSE COUPLING ON A CONNECTION FIELD - An arrangement for determining a plugging position of a hose coupling on a connection field includes the connection field including a plurality of coupling sockets and a plurality of hose couplings in which each of the plurality of hose couplings is coupled to a corresponding one of the plurality of coupling sockets. The at least one hose coupling includes a receiving coil and each of the plurality of coupling sockets includes a transmitting coil. A data interface is disposed in communication with the receiving coil, and an evaluation unit is disposed in communication with the data interface. The receiving coil is configured to analyze an individual identifier retrievable at the transmitting coil during connection of the at least one hose coupling to one of the coupling sockets, and the identifier is transmitted via the data interface to the evaluation unit to determine the plugging position of the hose coupling. | 2017-10-19 |
20170300726 | AUTO-DIAGNOSTIC NFC READER - A self-diagnosing validation device includes an NFC reader having an RF signal range, an active diagnostic chip positioned within the RF signal range of the NFC reader, a memory, and a processing unit. The active diagnostic chip is configured to be selectively powered during a diagnostic procedure. The processing unit is configured to determine that the diagnostic procedure needs to be performed on the NFC reader and perform the diagnostic procedure. The diagnostic procedure includes activating the active diagnostic chip by supplying power to the active diagnostic chip, reading, using the NFC reader, any data being transmitted by the active diagnostic chip, determining whether any data was read by the NFC reader, and determining whether the NFC reader is functioning properly based at least in part of the determination whether any data was read by the NFC reader | 2017-10-19 |
20170300727 | ADD-ON DEVICE WITH CONFIGURABLE OPTICS FOR AN IMAGE SCANNER FOR SCANNING BARCODES - An add-on device for an image scanner for scanning barcodes is provided. The add-on device includes a housing mounted to the standard range lens front on an image scanner, and a lens holder. The lens holder has a first position for holding a first lens, a second position being an aperture, and a third position for holding a second lens. A high-density lens is mounted in the first position. An extended range lens is mounted in the third position. The lens holder is mounted in the housing and is transverse to the optical axis of the standard range lens of the image scanner. Further, the lens holder is movable within the housing in order to alternately position the high-density lens, the aperture, and the extended range lens to be in alignment with the optical axis of the standard range lens of the image scanner. | 2017-10-19 |
20170300728 | IMAGING BARCODE READER WITH COLOR-SEPARATED AIMER AND ILLUMINATOR - A scanner for machine-readable symbols, such as barcodes and two-dimensional matrix symbols, employs at least two different light frequencies (colors). The first frequency supports accurate aiming of the scanner at a symbol. The second frequency supports illumination of a machine-readable symbol so that the reflected illumination light can be read at the second frequency by the scanner's optical imaging element. Employing two different light frequencies enables both aiming and scanning to occur simultaneously, while the aiming process does not interfere with the scanning process. It enables the aiming frequency to be used for additional purposes, such as providing signaling to a user of the scanner. In an embodiment, two distinct light sources are used in the scanner to provide the different light frequencies. In an embodiment, various color filters are employed to separate and distinguish light frequencies. In an embodiment, signal processing may be employed to digitally distinguish multiple separate frequencies in light reflected from the symbol. | 2017-10-19 |
20170300729 | INDICIA-READER HAVING UNITARY-CONSTRUCTION - A hand-held indicia-reading device includes a housing and a cable having a unitary-construction. The indicia-reader has a head portion with an indicia-reading system including a printed circuit board. The entire handle portion of the reader is typically over-molded onto a host-connector cable. The host-connector cable includes a circuit board connector on one end and a connector for connecting to a host at an opposite end extending from a base portion of the handle. | 2017-10-19 |
20170300730 | SCANNING INSTRUMENT ACCESSORY - An accessory for holding a scanning instrument, comprising: a sleeve to receive the scanning instrument; a fastener coupled to the sleeve to releasably secure the scanning instrument in the sleeve; a coupling mechanism having a first end and a second end, the first end rotatably coupled to the sleeve such that the sleeve rotates about an axis defined by the first end, the second end rotatably coupled to the first end such that the first end and the sleeve rotate about an axis defined by the second end; and an extension pole coupled to the coupling mechanism at the second end. In one embodiment, the coupling mechanism further comprises a motion inducer configured to induce movement of the sleeve with respect to the coupling mechanism and the extension pole. | 2017-10-19 |