Abstract: A computer-readable recording medium which records a remote control program for allowing data on a network protected by a gateway device to be transferred to an external device by external remote-control operations; a portable terminal device; and a gateway device. The terminal device transmits to the gateway device an access ticket issue request. The gateway device generates key information and transmits to the terminal device an access ticket including the key information. The terminal device transfers to a data acquisition device a data acquisition instruction including the acquired access ticket. The acquisition device transmits to the gateway device a data request including the key information. When the key information added to the access ticket and the key information included in the data request are the same, the gateway device transfers the data request to a data server device. The server device transfers the data to the acquisition device.

Abstract: A method comprises, in a network comprising VPN gateway devices configured only for plaintext data communication, configuring a policy server with a security policy including DO NOT ENCRYPT statements temporarily overriding PERMIT statements defining which packets should be encrypted; selecting one sub-group of the VPN gateway devices in which tunnel-less encryption is not configured; configuring of the VPN gateway devices in the sub-group for tunnel-less encryption by: configuring each device in a passive mode of operation in which the device is configured to receive either encrypted packets or plaintext packets matching encryption policy; configuring local DO NOT ENCRYPT statements matching traffic that is currently being converted to ciphertext; removing, from the access control list of the policy server, DO NOT ENCRYPT statements referring to protected LAN CIDR blocks behind the VPN gateway devices in the selected sub-group; configuring the sub-group to send encrypted packets by removing, from each of the

Abstract: An electronic information management device includes: an associating unit that associates electronic information with first access right information with respect to each user, the electronic information being associated with an associated site so that the electronic information is stored at the associated site, the associating unit further associating the associated site with second access right information with respect to each user; a receiving unit that receives a request for access to the electronic information from a user; a determining unit that, when the receiving unit receives a request for access to the electronic information, determines the sum of the first access right information and the second access right information, and, based on the sum of the access right information, determines whether to allow the user to access the electronic information; and an access controlling unit that controls access to the electronic information in accordance with the determination result of the determining unit.

Abstract: A method for transmitting messages via a time-controlled communication system (ZK) between a number of IP cores is provided. Each IP core has an information-processing subsystem (IVS) and a network controller (NK). Each NK has at least two interfaces, one for the ZK and a one for the IVS, wherein a distinction is drawn between privileged and non-privileged messages of the ZK, and where the transmission parameters relating to the ZK of a port of the NK, such as the periodically recurring transmission time of a message and the maximum transmission duration after each transmission time, can be set by a privileged message via the ZK or directly by a privileged entity. Each NK intending to transmit a message starts to transmit the message autonomously exactly at the time of the next set transmission time and interrupts the transmission process no later than the assigned maximum transmission duration has elapsed.

Abstract: An image forming apparatus capable of flexibly setting a security policy for a modified file. A client terminal generates a print job added with a new security policy for a second file generated from a first file, and delivers the print job added with the new security policy to the image forming apparatus. The image forming apparatus generates intermediate data based on the print job delivered from the client terminal, and causes a second policy server to register the security policy. The second policy server registers the security policy, while items of the security policy being appropriately assigned to the first and second policy servers. The second policy server generates an encryption key. The image forming apparatus encrypts the intermediate data using the encryption key, and stores the encrypted intermediate data.

Abstract: This specification describes technologies relating to imparting cryptographic information in network communications.

Abstract: A number of wireless networks are established by a network device, each wireless network having an identifier. Requests are received from client devices to establish wireless network sessions via the wireless networks using the identifiers. Network privileges of the client devices are segmented into discrete security interfaces based on the identifier used to establish each wireless network session.

Abstract: A method of protecting a broadcast frame, the method comprising broadcasting a beacon and a maintenance beacon frame (MBF) from an access point (AP) to a plurality of terminals during a maintenance beacon waiting period (MBWP); and broadcasting broadcast management frames (BMFs) from the AP to the plurality of terminals during a broadcast management frame waiting period (BMFWP), wherein the MBF comprises a BMFs message integrity code (MIC) field including a BMFs MIC calculated from concatenated BMFs to be sent in a current beacon interval.

Abstract: An information processing system is supplied capable of holding a security; and transferring an output authority which is had by a transfer source portability terminal to a transfer destination portability terminal.

Abstract: A portable server has an antenna and radio communicating portion having a receivable distance of several m to several tens of m and an authentication antenna and authentication radio communicating portion having a receivable distance of several mm to several cm, which is extremely shorter than the receivable distance of the radio communicating portion. When an authentication button is operated by a user and when another apparatus is arranged within a range of the receivable distance of the authentication radio communicating portion, the authentication radio communicating portion performs authentication processing with the other apparatus through the authentication antenna and registers authentication data resulting from the authentication with a memory. The radio communicating portion connects to the authenticated other apparatus through an antenna based on the authentication data and performs data communication. The invention is applicable to a radio communication system including a mobile terminal.

Abstract: The present disclosure includes devices, methods, and systems for creating a case study file that includes an image file from an imaging modality, executing a hash algorithm on the case study file to produce a hash key, compressing the case study file, bundling the hash key with the compressed file, encrypting the bundled file, and moving the encrypted bundled file through an Internet connection to a storage computing system, among other embodiments.

Abstract: A method for decrypting a serial transmission signal includes the following steps. First, the serial transmission signal including a serial data signal and a serial clock signal is received. Then, m bits are sequentially read from the serial data signal according to the serial clock signal. Next, values corresponding to the m bits are generated. Thereafter, each value is added to a content value of a register by an addition operation to obtain an addition result, and then the addition result replaces the content value and is stored in the register.

Abstract: Apparatus and method for generating a traffic encryption key includes generating a traffic encryption key for encrypting data transmitted as part of a service, the traffic encryption key having a validity equal to a traffic encryption key validity time period; checking whether a period for the service is longer than the traffic encryption key validity time period; and if the period of the service is longer than the traffic encryption key validity time period, ascertaining a residual period which indicates by what period the service is longer than the traffic encryption key validity time period of the traffic encryption key; generating a residual traffic encryption key which is used for encrypting data transmitted as part of a service; ascertaining a residual traffic encryption key validity time period which indicates for how long the residual traffic encryption key is valid; and associating the residual traffic encryption key validity time period with the residual traffic encryption key.

Abstract: An automatic patch deployment system is provided that deploys a patch according to an assessed risk and a policy. The policy may specify actions to be taken to deploy the patch for different categories of risk. The automatic patch deployment system receives a patch notification, an assessment of the risk, and the policy and deploys the patch accordingly. For example, installation of a patch may be indefinitely delayed for high risk patches, rescheduled for medium risk patches, or installed immediately for low risk patches.

Abstract: An authentication method is provided in which a first portable device generates and transmits a first random number and a first timestamp to a first USIM in the first portable device; the first USIM calculates a first sign for the first portable device; the first portable device requests authentication for authenticated communication from a second portable device through transmission of the first random number, the first timestamp, and the first sign to the second portable device; the second portable device generates a second random number and a second timestamp and transmits the information to a second USIM in the second portable device; the second USIM generates a second sign for the second portable device and a second personal key which the second portable device transmits to the first portable device; the first portable device then transmits the information to the first USIM which generates a first personal key for authenticated communication.

Abstract: A method of validating a user, includes: —storing for a user data representative of a validation code for the user including a combination of symbols from a set of symbols; presenting a displayed image including a plurality of designatable areas in which the set of symbols is distributed between said designatable areas such that each designatable area contains a plurality of the symbols; varying the image between subsequent presentations such that the distribution of symbols between the designatable areas changes between subsequent presentations, validating a user in an validation routine by detecting designation by a user of a combination of the designatable areas in a presented image, and determining whether the combination of designated designatable areas contains the combination of symbols making up the validation code for the user.

Abstract: Slice-based prioritized secure video streaming comprises a transmitter receiving a slice comprising a plurality of macroblocks and selecting an encryption key based at least in part on a relative importance of secure transmission of the macroblocks. If the importance is high, a master key is selected. If the importance is medium, a first key derivable by applying a one-way function to the master key is selected. If the importance is low, a second key derivable by applying the one-way function to the first key is selected. The slice is encrypted using the encryption key. A receiver receives the encrypted slice, decrypts a header of the slice using the master key, to obtain an indication of a relative importance of secure transmission of the macroblocks. The receiver selects a decryption key based at least in part on the indication, and decrypts the slice using the decryption key.

Abstract: An intermediate network device includes a local caching module that caches user information from a remote server before a local user requests the information. In particular, the local caching module securely obtains and caches one-time passwords for a local user. The local caching device maintains separate sets of one-time passwords for each user. The local caching module may access the locally cached one-time passwords to authenticate a local user to a resource protected by a one-time password.

Abstract: A method, program product and apparatus include resistance structures positioned proximate security sensitive microchip circuitry. Alteration in the position, makeup or arrangement of the resistance structures may be detected and initiate an action for defending against a reverse engineering or other exploitation effort. The resistance structures may be automatically and selectively designated for monitoring. Some of the resistance structures may have different resistivities. The sensed resistance may be compared to an expected resistance, ratio or other resistance-related value. The structures may be intermingled with false structures, and may be overlapped or otherwise arranged relative to one another to further complicate unwelcome analysis.

Abstract: Techniques are provided for processing data. Connections having different security properties are stored, wherein each of the connections allows applications at the client computer to access data sources at a server computer. A request is received from an application to access a data source, wherein the request has associated security properties. In response to the client computer requesting establishment of a connection on behalf of the application, it is determined whether there is a stored connection that used a same set of security properties as are associated with the request from the application and that connected to the data source that the application requests access to. In response to determining that there is a stored connection that used the same set of security properties and that connected to the data source, the connection and an associated client encryption seed, client encryption token, server encryption seed, and server encryption token are re-used.