Patent application number | Description | Published |
20100054600 | Tagging Images With Labels - An image to be shared with other users based on input from a first user is received. A second user is identified from a tag of the image, and information is provided, based at least in part on the tag, to one or both of the first user and the second user. Additionally, after editing of an image a determination can be made as to whether a region of the image having an associated tag has been affected by the editing. The tag associated with the region is altered if the region has been affected by the editing, otherwise the tag associated with the region is left unaltered. Furthermore, the tag can include a first portion storing data identifying a region of the image to which the tag corresponds, and a second portion storing data identifying a person shown in the region. | 03-04-2010 |
20100054601 | Image Tagging User Interface - A global tag for an image is received identifies one or more objects in the image, and a region-specific tag for the image identifies one or more objects in a region of the image. The global tag and the region-specific tag are stored with the image. Displayed, along with the image, is an identifier for each of the one or more objects identified in the global tag, and an identifier for each of the one or more objects identified in the region-specific tag. Different users are able to maintain different names for the same person, allowing the same tag of the image to be used as the basis for displaying the image with different names for the different users. Additionally, the tags can be used as a basis for generating a credits list of people that are included in a compilation of images. | 03-04-2010 |
20110067087 | ORGANIZING DOCUMENTS THROUGH UTILIZATION OF PEOPLE TAGS - A method disclosed herein includes the acts of receiving a document that has a people tag assigned thereto, wherein the people tag comprises first data that is indicative of an identity of a first individual that corresponds to the document, and wherein the people tag is assigned to the document by an assignor, and accessing contact data pertaining to a second individual, wherein the contact data comprises second data that is indicative of identities of contacts of the second individual, wherein the second data comprises data that is indicative of the identity of the first individual. The method also includes comparing the contact data with the first data, and displaying the document on a computer screen in conjunction with text that identifies the first individual to the third individual, wherein the text indicates a name of the first individual as assigned to the first individual by the second individual. | 03-17-2011 |
20130195375 | TAGGING IMAGES WITH LABELS - An image to be shared with other users based on input from a first user is received. A second user is identified from a tag of the image, and information is provided, based at least in part on the tag, to one or both of the first user and the second user. Additionally, after editing of an image a determination can be made as to whether a region of the image having an associated tag has been affected by the editing. The tag associated with the region is altered if the region has been affected by the editing, otherwise the tag associated with the region is left unaltered. Furthermore, the tag can include a first portion storing data identifying a region of the image to which the tag corresponds, and a second portion storing data identifying a person shown in the region. | 08-01-2013 |
20150016691 | Image Tagging User Interface - An image having a region tagged by a first user is obtained. The tag can include a first label of a person in the region, and the label can be used by the first user to identify the person in the region. Then, a second label of the person is determined. In implementations, the second label is used by a second user to identify the person in the region. The image is then displayed with the second label when displaying the image for the second user. | 01-15-2015 |
Patent application number | Description | Published |
20110231786 | Medical Information Generation and Recordation Methods and Apparatus - Computer-implemented medical information recording methods are described. According to one aspect, a computer-implemented medical information recording method includes displaying a graphical user interface including a graphical representation of the human anatomy, accessing user inputs interacting with the graphical representation of the human anatomy, and generating an electronic record comprising data pertaining to the health of the patient using the user inputs interacting with the graphical representation of the human anatomy. | 09-22-2011 |
20130246097 | Medical Information Systems and Medical Data Processing Methods - Medical information systems and medical data processing methods are described. According to one aspect, a medical information system includes a communications interface which is configured to receive patient treatment data from a plurality of medical providers and which regards medical treatment provided by the medical providers with respect to a plurality of patients; and storage circuitry storing the patient treatment data for the plurality of patients of the plurality of the medical providers in a database. | 09-19-2013 |
20140310016 | Medical Treatment Methods - Medical treatment methods are described. According to one aspect, a medical treatment method includes obtaining data values for a plurality of patient characteristics of a subject patient to be treated for a medical condition, using the data values of the patient characteristics of the subject patient, searching treatment results of a plurality previous patients which were treated for the medical condition using a plurality of different treatment options, and using the searching, providing information to medical personnel regarding the treatment results of the previous patients which were treated for the medical condition for each of the treatment options, the information being usable to assist the medical personnel with treatment of the subject patient for the medical condition. | 10-16-2014 |
Patent application number | Description | Published |
20120150577 | MEETING LIFECYCLE MANAGEMENT - A meeting lifecycle management service manages various aspects of a meeting lifecycle. An indication of a newly scheduled meeting is received at the meeting lifecycle management service, and information related to the meeting is managed, via the meeting lifecycle management service, prior to the meeting, during the meeting, and after the meeting. | 06-14-2012 |
20120150863 | BOOKMARKING OF MEETING CONTEXT - Architecture that facilitates the ability to trigger the capture and storing of meeting state (or context) by way of a single user interaction (a “one-click” operation), referred to herein as a bookmark operation, and then to store and access the state for subsequent use. The state is captured relative to a point of reference, such as time, user, keywords, and reference to a document, for example. Thus, all state elements such as meeting activities, participants, and content (e.g., audio, video, images, text, documents, etc.). The bookmark assigned to the state at a particular reference can be selected to rehydrate all the state elements captured and associated with that bookmark (e.g., getting back to the point in the meeting to perceive a relevant portion of a document, part of the meeting video, or other recorded feed), as well as all other allowed state elements. | 06-14-2012 |
20120159347 | MEETING-SPECIFIC STATE INDICATORS - A state client is configured to allow a user to specify a meeting-specific state, such as that the user is running late for a meeting, checked in to the meeting, or unable to attend the meeting. A state service stores data identifying the user's meeting-specific state. The state service also responds to requests for the state of the user. In one implementation, when such a request is received, the state service determines whether the user is an invitee to the same meeting as the user requesting the state. If not, the state service returns a general-purpose state indicator for the user. If both users are invitees to the same meeting, the state service returns the meeting-specific state indicator, which may then be displayed by a state client. | 06-21-2012 |
Patent application number | Description | Published |
20130262421 | CHECKSUM AND HASHING OPERATIONS RESILIENT TO MALICIOUS INPUT DATA - A resilient hashing system leverages a fast, non-cryptographic hash/checksum function that has good diffusion properties while remaining reasonably efficient on modern central processing units (CPUs). The hash function uses random secret data so that hash keys for particular data are difficult to predict. Due to its internal structure, well-chosen random secret data is difficult for an attacker to counter without having access to the direct output of the hash function. At every stage of the block function, there are at least two operations that can be performed in parallel, increasing performance on modern superscalar CPUs. Thus, the resilient hashing system provides a hash table and checksum that can be used in Internet-facing or other vulnerable sources of input data to manage performance in the face of malicious attacks. | 10-03-2013 |
20140059680 | LOCAL SECURE SERVICE PARTITIONS FOR OPERATING SYSTEM SECURITY - Systems and methods provide multiple partitions hosted on an isolation technology such as a hypervisor where at least one of the partitions, a local secure service partition (LSSP), provides security services to other partitions. The service partitions (LSSPs) host those high assurance services that require strict security isolation, where the service can be shared across partitions and accessed even when the user is not connected to a network. The LSSP also can certify the results of any computation using a key signed by a TPM attestation identity key (AIK), or other key held securely by the hypervisor or a service partition. The LSSPs may be configured to provide trusted audit logs, trusted security scans, trusted cryptographic services, trusted compilation and testing, trusted logon services, and the like. | 02-27-2014 |
Patent application number | Description | Published |
20100211802 | Storage Volume Protection Supporting Legacy Systems - A storage volume is encrypted using a particular encryption technique, the storage volume including an access application and one or more cover files. The access application can be executed by a computing device having an operating system lacking support for the particular encryption technique, and allows the computing device to access data on the storage volume encrypted using the particular encryption technique. | 08-19-2010 |
20100212002 | CONSTRAINING A LOGIN TO A SUBSET OF ACCESS RIGHTS - This document describes tools that constrain a login to a subset of access rights. In one embodiment, the tools generate a constrained password by executing a cryptographic algorithm on a user ID, general password, and one or more desired constraints. The constrained password is used in place of the general password to gain access rights that are a subset of the access rights that would be granted if the general password were used instead. | 08-19-2010 |
20110022856 | Key Protectors Based On Public Keys - In accordance with one or more aspects, a key protector for a storage volume is created by generating an intermediate key and protecting, based at least in part on a public/private key pair, the intermediate key. A volume master key for encrypting and decrypting one or more volume encryption keys that are used to encrypt the storage volume can be encrypted in different manners, including being encrypted based at least in part on the intermediate key. A key protector for the storage volume is stored that includes both the encrypted volume master key and information indicating how to obtain the intermediate key. Subsequently, the key protector can be accessed and, based at least in part on a private key of the entity associated with the key protector, the intermediate key can be decrypted. The intermediate key can then be used to decrypt the volume master key. | 01-27-2011 |
20110302398 | KEY PROTECTORS BASED ON ONLINE KEYS - An online key stored by a remote service is generated or otherwise obtained, and a storage media (as it applies to the storage of data on a physical or virtual storage media) master key for encrypting and decrypting a physical or virtual storage media or encrypting and decrypting one or more storage media encryption keys that are used to encrypt a physical or virtual storage media is encrypted based at least in part on the online key. A key protector for the storage media is stored, the key protector including the encrypted master key. The key protector can be subsequently accessed, and the online key obtained from the remote service. The master key is decrypted based on the online key, allowing the one or more storage media encryption keys that are used to decrypt the storage media to be decrypted. | 12-08-2011 |
20120179735 | SCALABLE RANDOM NUMBER GENERATION - In embodiments of scalable random number generation, a system includes one or more entropy pools that combine entropy data, which is derived from entropy sources based on event data. A root pseudo-random number generator (PRNG) maintains a seeded entropy state that is reseeded by the entropy pools, and a seed version identifier updates to indicate a current seed version of the root PRNG. Processor PRNGs are instantiated one each per logical processor in a kernel of the system, where each processor PRNG maintains a PRNG entropy state that is reseeded from the root PRNG, and a processor PRNG generates a random number from a respective PRNG entropy state when invoked. | 07-12-2012 |
20120257759 | ONE-TIME RECOVERY CREDENTIALS FOR ENCRYPTED DATA ACCESS - A key recovery request for a device is received at a key recovery service and a particular one-time recovery credential in a sequence of multiple one-time recovery credentials is identified. In the sequence of multiple one-time recovery credentials, previous one-time recovery credentials in the sequence are indeterminable given subsequent one-time recovery credentials in the sequence. A recovery key associated with the device is also identified. The particular one-time recovery credential in the sequence is generated based on the recovery key, and is returned in response to the key recovery request. The particular one-time recovery credential can then be used by the device to decrypt encrypted data stored on a storage media of the device. | 10-11-2012 |
20130167205 | CONSTRAINING A LOGIN TO A SUBSET OF ACCESS RIGHTS - This document describes tools that constrain a login to a subset of access rights. In one embodiment, the tools generate a constrained password by executing a cryptographic algorithm on a user ID, general password, and one or more desired constraints. The constrained password is used in place of the general password to gain access rights that are a subset of the access rights that would be granted if the general password were used instead. | 06-27-2013 |
20140108814 | CRYPTOGRAPHIC KEY MANAGEMENT - Cryptographic key management techniques are described. In one or more implementations, an access control rule is read that includes a Boolean expression having a plurality of atoms. The cryptographic keys that corresponds each of the plurality of atoms in the access control rule are requested. One or more cryptographic operations are then performed on data using one or more of the cryptographic keys. | 04-17-2014 |
20150078550 | SECURITY PROCESSING UNIT WITH CONFIGURABLE ACCESS CONTROL - A security processing unit is configured to manage cryptographic keys. In some instances, the security processing unit may comprise a co-processing unit that includes memory, one or more processors, and other components to perform operations in a secure environment. A component that is external to the security processing unit may communicate with the security processing unit to generate a cryptographic key, manage access to a cryptographic key, encrypt/decrypt data with a cryptographic key, or otherwise utilize a cryptographic key. The external component may comprise a central processing unit, an application, and/or any other hardware or software component that is located outside the security processing unit. | 03-19-2015 |
20150082048 | KEYING INFRASTRUCTURE - A keying infrastructure may generate and/or manage cryptographic keys. The cryptographic keys may include identity keys, encryption keys, and a variety of other types of keys. The cryptographic keys may be derived or created with a key derivation function (KDF) or other one-way function. The cryptographic keys may include keys that are accessible to a boot loader, keys that are accessible to particular components of a Trusted Execution Environment (TrEE), and so on. In some examples, a key may be derived from a preceding key in a sequence of keys. The preceding key may be deleted when the key is derived. | 03-19-2015 |
20150270956 | Rapid Data Protection for Storage Devices - A computing device uses a data encryption and decryption system that includes a trusted runtime and an inline cryptographic processor. The trusted runtime provides a trusted execution environment, and the inline cryptographic processor provides decryption and encryption of data in-line with storage device read and write operations. When a portion (e.g., partition) of a storage device is defined, the trusted runtime generates an encryption key and provides the encryption key to the inline cryptographic processor, which uses the encryption key to encrypt data written to the portion and decrypt data read from the portion. Access to the portion can be subsequently protected by associating the key with authentication credentials of a user or other entity. The trusted runtime protects the encryption key based on an authentication key associated with the authentication credentials, allowing subsequent access to the encryption key only in response to the proper authentication credentials being provided. | 09-24-2015 |
20150318986 | Secure Transport of Encrypted Virtual Machines with Continuous Owner Access - Managing encrypted datasets is illustrated. A method includes obtaining a first decryption key. The first decryption key is configured to be used to decrypt an encrypted dataset that has been encrypted using a first encryption mechanism. The first encryption mechanism is associated with the first decryption key that can be used to decrypt the dataset. The method further includes encrypting the first decryption key with a second encryption mechanism. The method further includes encrypting the first decryption key with a third encryption mechanism. The method further includes creating a package including at least the first decryption key encrypted with the second encryption method and the first decryption key encrypted with the third encryption method. The method further includes signing the package with a guardian signature and signing the package with a signature created from the first decryption key. | 11-05-2015 |
20150319160 | Secure Management of Operations on Protected Virtual Machines - Deploying an encrypted entity on a trusted entity is illustrated herein. A method includes, at a trusted entity, wherein the trusted entity is trusted by an authority as a result of providing a verifiable indication of certain characteristics of the trusted entity meeting certain requirements, receiving an encrypted entity from an untrusted entity. The untrusted entity is not trusted by the authority. At the trusted entity, a trust credential from the authority is used to obtain a key from a key distribution service. The key distribution service is trusted by the authority. The key is used to decrypt the encrypted entity to allow the encrypted entity to be deployed at the trusted entity. | 11-05-2015 |
Patent application number | Description | Published |
20080256616 | UNIFIED AUTHENTICATION FOR WEB METHOD PLATFORMS - An authentication mechanism is provided for a web method platform that allows homogeneous access for different types of clients according to a bootstrapping procedure utilized to establish the session. Different clients can be assigned different levels of trust based in part on the bootstrapping procedure and/or information provided during the procedure. The bootstrapping procedure can produce a token that is used by the clients in subsequent requests to provide previous authentication or state information to the platform. The token can comprise a shared secret used to ensure integrity of communications in some cases, and the token can be opaque to the client. Tokens can expire and require a client to re-bootstrap to provide higher levels of authentication protection, and tokens can be shared among a plurality of application servers to facilitate effective handling of requests in a farmed environment. | 10-16-2008 |
20100002873 | Cipher For Disk Encryption - Encryption is provided with additional diffusion components to construct a block cipher with a large and variable block size. The cipher incorporates an encryption system or algorithm such that the cipher is at least as secure as the encryption system or algorithm. Additional components of the cipher provide improved diffusion. This combination ensures that the cipher is at least as strong as the encryption algorithm, and at the same time it provides additional security properties due to its improved diffusion. | 01-07-2010 |
20100208898 | MANAGING GROUP KEYS - In an example, one or more cryptographic keys may be associated with a group. Any member of the group may use the key to encrypt and decrypt information, thereby allowing members of the group to share encrypted information. Domain controllers (DCs) maintain copies of the group's keys. The DCs may synchronize with each other, so that each DC may have a copy of the group's keys. Keys may have expiration dates, and any client connected to a DC may generate a new key when a key is nearing expiration. The various clients may create new keys at differing amounts of time before expiration on various DCs. DCs that store keys early thus may have time to propagate the newly-created keys through synchronization before other DCs are requested to store keys created by other clients. In this way, the creation of an excessive number of new keys may be avoided. | 08-19-2010 |
20100306525 | EFFICIENT DISTRIBUTION OF COMPUTATION IN KEY AGREEMENT - In Transport Layer Security (TLS) or other communication protocols, the load on the server may be lowered by reducing the number of expensive decryption operations that the server has to perform. When a client contacts a server, the client sends the server the client's public key. The server chooses a secret value, encrypts the value with the client's public key, and sends the encrypted value to the client. When the client decrypts the secret, the server and client share a secret value, which may be used to derive an encryption key for further messages. In many key agreement schemes, the client chooses and encrypts the secret value, and the server recovers the value with an expensive decryption operation. By instead having the server choose the value and send it to the client, an expensive decryption operation is redistributed from the server to the client, thereby freeing server resources. | 12-02-2010 |
Patent application number | Description | Published |
20090099004 | CONTINUOUS PRODUCTION OF CARBON NANOMATERIALS USING A HIGH TEMPERATURE INDUCTIVELY COUPLED PLASMA - High-power inductively coupled plasma technology is used for thermal cracking and vaporization of continuously fed carbonaceous materials into elemental carbon, for reaction with separate and continuously fed metal catalysts inside a gas-phase high-temperature reactor system operating at or slightly below atmospheric pressures. In one particularly preferred embodiment, in-flight growth of carbon nanomaterials is initiated, continued, and controlled at high flow rates, enabling continuous collection and product removal via gas/solid filtration and separation methods, and/or liquid spray filtration and solid collection methods suitable for producing industrial-scale production quantities. In another embodiment, the reaction chamber and/or filtration/separation media include non-catalytic or catalytic metals to simultaneously or separately induce on-substrate synthesis and growth of carbon nanomaterials. The on-substrate grown carbon nanomaterials are produced in secondary chambers that are selectively isolated for periodic removal of the product. | 04-16-2009 |
20100025225 | CONTINUOUS PRODUCTION OF CARBON NANOMATERIALS USING A HIGH TEMPERATURE INDUCTIVELY COUPLED PLASMA - High-power inductively coupled plasma technology is used for thermal cracking and vaporization of continuously fed carbonaceous materials into elemental carbon, for reaction with separate and continuously fed metal catalysts inside a gas-phase high-temperature reactor system operating at or slightly below atmospheric pressures. In one particularly preferred embodiment, in-flight growth of carbon nanomaterials is initiated, continued, and controlled at high flow rates, enabling continuous collection and product removal via gas/solid filtration and separation methods, and/or liquid spray filtration and solid collection methods suitable for producing industrial-scale production quantities. In another embodiment, the reaction chamber and/or filtration/separation media include non-catalytic or catalytic metals to simultaneously or separately induce on-substrate synthesis and growth of carbon nanomaterials. The on-substrate grown carbon nanomaterials are produced in secondary chambers that are selectively isolated for periodic removal of the product. | 02-04-2010 |