Abstract: There is provided a method for selectively protecting one of a plurality of methods of a class of an application written in an object-orientated language, in particular Java, wherein a protected application is created by adding a protection module to the application, analyzing a first method to be protected of a plurality of methods of a first class of the application and determining first parameters needed for executing the first method, generating first gate code depending on the determined first parameters, replacing the first code of the first method by said first gate code and storing the replaced first code such that it can be accessed by the protection module during execution of the protected application, wherein, when the first method is called during execution of the protected application, the first gate code collects first data based on the determined first parameters and transmits the collected first data to the protection module, the protection module accesses the stored first code and generates a

Abstract: The invention is directed to a system for use with a first device in communication with a second device. The system includes a storage medium that is connectable with the first device, a hardened, stand alone, web browser stored on the storage medium, and client authentication data. The web browser uses the client authentication data to facilitate secure communication between the first device and the second device, and the first device communicates with a third device that provides configuration data that includes one or more approved addresses.

Abstract: An encrypting method including encrypting a first data segment of encryption target data on the basis of first key information, generating second key information on the basis of the first data segment by using a predetermined algorithm, and encrypting a second data segment of the encryption target data, which is different from the first data segment, on the basis of the second key information.

Abstract: A resource monitoring method may include receiving a request to perform a read operation on an object at a first monitoring node of a plurality of monitoring nodes, and determining whether or not a copy of the object is present in a namespace associated with the first monitoring node. The namespace may include an overlay namespace and a local namespace. The local namespace may identify objects being monitored by the first monitoring node. The overlay namespace may include local viewpoints for other monitoring nodes of the plurality of monitoring nodes. Each local viewpoint may identify one or more objects that are monitored by a respective other monitoring node. The method may further include performing, by the first monitoring node, the read operation on the object if the copy of the object is determined as present in the namespace associated with the first monitoring node.

Abstract: A method of user-authenticated quantum key distribution according to the present invention shares a position having the same basis without making public basis information using previously shared secret keys and authenticates a quantum channel by confirming whether there is the same measured outcome at that position, in order to secure unconditional security of BB84 quantum key distribution (QKD) protocols vulnerable to man-in-the-middle attack.

Abstract: A method and apparatus are provided for controlling use of content protected with a digital rights management license which contains conditions for the use. When a request to use the content is received by a client agent controlling the use of the content, the conditions of use are checked. Within this check, a determination is made that the use of the content is conditional upon an obligation to perform a parental control operation on the content. A request for authorization to use the content is then transmitted from the controlling client agent to a parental control management module. After a parental control operation has been performed on the content by the parental control management module, the agent receives a result of the parental control operation. If the result is negative, a denial of use of the content is notified in response to the request to use the content.

Abstract: An external master portal system consisting of a standalone primary control interface referred to as a master portal which is network-connected to subordinate gateway controllers located at the peer connection points to the network, used to define and control the permitted transfer of data across a peer-to-peer network is disclosed. Further, control of the master portal can be provided to a third party whose data is only a part of broad range of data stored or used at any of the peer sites.

Abstract: A method begins by a module to generate a secure signature on an item by selecting a first key representation index of a set of key representation indexes, wherein a first mathematical encoding of a private key generates a first plurality of key shares as a first key representation. The method continues with the module determining whether a first plurality of signature contributions have been received in response to a signature request for the item based on the first key representation index, wherein one of a first set of dispersed storage (DS) units executes a first mathematical signature function using one of the first plurality of key shares on the item to produce a signature contribution of the first plurality of signature contributions and when the first plurality of signature contributions have been received, generating the secure signature on the item from the first plurality of signature contributions.

Abstract: Systems, methods, and computer readable media for encapsulating multiple Windows® based credential providers (CPs) within a single wrapping CP are described. In general, CP credentials and fields from two or more encapsulated or wrapped CPs may be enumerated and aggregated in such a way that the order of fields from each CP is preserved, fields that may be used only once are identified and appear only once, and fields are given a new unique field identifier. The union of all such fields (minus duplicates of any one-use-only fields) may be used to generate a mapping so that the wrapping CP and CP credential may “pass-through” calls from the operating system's logon interface to the correct wrapped CP and CP credential. The disclosed techniques may be used, for example, to provide single sign-on functionality where a plurality of sign-on credentials may be used (e.g., user name/password and smart card PIN).

Abstract: A method and system to detect an evasion attack are provided. The system may include a repository to store signature fragments that together constitute an attack signature, an interceptor to intercept a data packet associated with a network connection, a string-matching module to determine whether the payload of the data packet includes any of the stored signature fragments thereby identifying a match, a responder to perform a prevention action in response to the match, and a detector to detect that a size of the data packet is less than a size threshold. The system may further include a state machine to commence maintaining a state for the network connection in response to the detector determining that the size of the data packet is less than the size threshold.

Abstract: The consistency between an application output destination and a permitted user for an I/O device section is ensured when a user deploys an application for processing and outputting input data onto an entrance node. The entrance node includes an output destination/user table that manages correspondence between an application output destination and a user. The output destination/user table stores information about the output destination used for each user who uses the entrance node. An application deployment management function of a processing section in the entrance node determines whether application deployment can be accepted from a user. To do this, the application deployment management function specifies a user corresponding to the output destination for the application from the output destination/user table and verifies that the user is consistent with a user permitted for an I/O device in the I/O device section used by the application.

Abstract: The key distribution system comprises a terminal and a server which establish encrypted communication with each other by use of a common key cryptography using a communication secret key. To issue a new communication secret key, the terminal generates a secret value and encrypts it with a public key and sends the encrypted secret value to the server. The server decrypts the encrypted secret value with a private key paired with the public key. The server issues the new communication secret key, and encrypts it with a common key cryptography using the secret value, and sends the encrypted new communication secret key to the terminal. The terminal decrypts the encrypted new communication secret key with the secret value, thereby obtaining the new communication secret key. Thereafter, the terminal and the server use the new communication secret key.

Abstract: Provided are a computer program product, system, and method for selecting one of a plurality of scanner nodes to perform scan operations for an interface node receiving a file request. A list includes a plurality of scanner nodes in a network and for each scanner node a performance value. One of the scanner nodes in the list is selected based on the performance values of the scanner nodes and the file is transmitted to the selected scanner node to perform a scan operation with respect to the file. Indication is received from the selected scanner node performing the scan operation whether a subset of code in the file matches code in a definition set. The file request is processed to result in execution of the file request based on the indication of whether the subset of code in the file matches a definition in the definition set.

Abstract: Embodiments of the invention relate to partial authentication to access incremental information. An aspect of the invention concerns a method of authorizing access to information that comprises providing an initial segment of a password wherein the password includes password segments each associated with an incremental portion of the information. In response to the initial password segment satisfying an expected value, the method may authorize access to the information portion associated with the initial password segment. The method may authorize access to other information portions associated with subsequent segments of the password in response to the subsequent password segments satisfying respectively expected values.

Abstract: A system and associated method for minimizing network traffic in playing a media stream with a media module running in a client computer system. The media stream is stored in a media content server. A video file of the media stream is processed to generate an audio file corresponding to the video file, such that the media module downloads and plays the audio file when the media module is invisible on a computer screen of the client computer system. When the media module becomes visible, the media module switches back to downloading and playing the video file. A current location is tracked by a location sync file stored in the media content server to synchronize the video file and the audio file.

Abstract: A syndication system facilitates rights management services between media content owners and media hosting services that elect to participate in the syndication system and mutually elect to participate with each other. The syndication system utilizes a content recognition system to identify hosted media content and ownership rights associated with the hosted content. By applying melody recognition, the content recognition system can identify compositions embodied in hosted media content even when these compositions do not precisely match any known sound recording. Thus, the content recognition system is beneficially able to detect, for example, recorded cover performances and recorded live performances embodied in hosted media content. Once identified, ownership information is determined and the syndication system can facilitate rights management policies associated with the content such as monetizing or blocking the protected content.

Abstract: According to the present invention, a timeout caused by executing a virus scan is avoided. A computer system has a first computer, a second computer coupled to the first computer, and a storage system coupled to the first computer and the second computer. The first computer receives a request to write data, writes the requested data in the storage system, and sends a virus scan request of the written data to the second computer. The second computer receives the virus scan request from the first computer, reads the written data out of the storage system, and partially executes a virus scan of the read data. After the partial virus scan of the read data is finished, the first computer sends a response to the received write request. After the first computer sends the response, the second computer executes the remainder of the virus scan of the read data.

Abstract: A digital broadcast receiver and a booting method of the digital broadcast receiver are disclosed herein. A method of secure booting of a system in a digital broadcast receiver comprises aligning a plurality of interleaved portions to generate a digital signature, respectively, with an entire firmware image, generating a digital signature of each interleaved portion, selecting a specific interleaved portion, generating a first message digest to read a region of the selected interleaved portion in the entire firmware image and a second message digest from the digital signature of the selected interleaved portion and verifying the firmware image based on the first and second message digest and booting the system in the digital broadcast receiver.

Abstract: A Session Initiation Protocol Application Server for use within an IP Multimedia Subsystem. The Application Server comprises a receiving unit for receiving a Session Initiation Protocol message from a Serving Call Session Control Function, the Serving Call Session Control Function serving an IP Multimedia Subsystem user and the message containing within a message header an explicit identification of said user. A processing unit determines an action to be applied to said message and includes within a header of the message a role value defining a role of said user in respect of the action. A transmitter unit returns the message including the role value to said Serving Call Session Control Function.

Abstract: A content recognition system operates in conjunction with a media hosting service to identify hosted media content and ownership rights associated with the hosted content. By applying melody recognition, the content recognition system can identify compositions embodied in hosted media content even when these compositions do not precisely match any known sound recording. Thus, the content recognition system is beneficially able to detect, for example, recorded cover performances and recorded live performances embodied in hosted media content. Once identified, ownership information is determined and the media hosting service can carry out appropriate rights management policies associated with the content such as monetizing or blocking the protected content.