Abstract: Provided is a content receiving device that can reduce processing loads at a time when an encrypted stream is decrypted. A video recording and reproducing device 5 includes: a receiving section 20 that receives a video stream in which data of a content containing video is divided into a plurality of TS packets; an extraction section 23 that extracts from the video stream, in a case where the video stream received by the receiving section 20 is an encrypted stream, a scramble key for decrypting the encrypted stream; a decryption section 24 that decrypts, by using the scramble key, only a specific packet among the plurality of TS packets; and an obtaining section 25 that obtains predetermined information of the video stream, based on data decrypted by the decryption section 24.

Abstract: A computing device which includes an access control mechanism which is used to control access to keys which are used in cryptographic processes. Any application wishing to gain access to a key must first obtain authorization from the access control mechanism. Authorized applications may access keys directly, without having to pass data through the access control mechanism.

Abstract: A system includes a remote control device and a security device, wherein both devices share a unique and constant common key, algorithms or protocol specific to a pair formed by the remote control device and the security device. The unique and constant common key, algorithms or protocol are set up during a device initialization phase. The remote control device is configured to communicate wirelessly with a receiver of the security device. The remote control device, which is paired with the security device sending data towards the receiver, includes an encryption module and a memory to store the unique and constant common key. The data is encrypted by the encryption module with the unique and constant common key, and the security device includes a decryption module and a key corresponding to the unique and constant common key to decrypt the data received from the remote control device.

Abstract: A method and system for adaptive vulnerability scanning (AVS) of an application is provided. The adaptive vulnerability scanning of an application assists in identifying new vulnerabilities dynamically. The endpoints of an application are scanned using a predefined set of rules. Subsequently, one or more possible vulnerabilities are presented. The vulnerabilities are analyzed and predefined rules are modified. The steps of scanning the application and modification of rules are iteratively repeated till the adaptive vulnerability scanning capability is achieved. A neural network is used for training the adaptive vulnerability scanner. This neural network is made to learn some rules based on predefined set of rules while undergoing the training phase. At least one weight in neural networks is altered while imparting the self learning capability.

Abstract: Grouping personal accounts to tailor a web service may be accomplished by grouping information from two or more personal accounts. In some embodiments, a personal account may include a set of persons. By grouping personal accounts, a service provider may tailor a web service to multiple people based on information about those people.

Abstract: A computer-implemented method for identifying security risks in downloads may include (1) identifying a request to download a file that is subject to a security assessment, (2) determining that a first segment of the file is required for the security assessment, (3) based on determining that the first segment of the file is required for the security assessment, retrieving the first segment of the file before retrieving a second segment of the file, and (4) determining, based at least in part on the first segment, that the file includes a security risk. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A private key and a public key are provided during manufacture of a device and are stored in the device. At least one cryptographic key is subsequently negotiated, the negotiation being security-protected as a function of the generated private key and/or the public key. This method can find application in building automation.

Abstract: The embodiments of the present invention relate to apparatuses in the form of a first network unit and a device, and also relates to a method for enabling protection of a bootstrap message in a device management network system. The method comprises: receiving at the first network unit, a request to bootstrap the device; transmit a request for a bootstrap key, to a second network unit; receiving a message comprising the bootstrap key and further comprises trigger information and transmitting the trigger information to the device to trigger generation of the bootstrap key internally in the device. Thereafter a protected bootstrap message can be transmitted to the device from the first network unit, and when the device verifies and/or decrypts the bootstrap message, device management (DM) sessions can start between the device and the first network unit.

Abstract: A method of authenticating users to reduce transaction risks includes indicating a desire to conduct a transaction, inputting information in a workstation, and determining whether the inputted information is known. Moreover, the method includes determining a state of a communications device when the inputted information is known, and transmitting a biometric authentication request from a server to a workstation when the state of the communications device is enrolled. Additionally, the method includes obtaining biometric authentication data in accordance with a biometric authentication data capture request with the communications device, biometrically authenticating the user, generating a one-time pass-phrase and storing the one-time pass-phrase on the authentication system when the user is authenticated, comparing the transmitted one-time pass-phrase against the stored one-time pass-phrase, and conducting the transaction when the transmitted and stored one-time pass-phrases match.

Abstract: A method based on access conditions verification performed by two conditional access devices consecutively on a control message before releasing a control word to a descrambler. The control message encapsulates a second part including another control message. The processing unit for carrying out the method comprises a first conditional access device connected to a second conditional access device provided with a descrambler and a secured processor or secured hardware logic. The control message and the second part are each encrypted and accompanied by respectively first and second authentication data. The first conditional access device decrypts and verifies integrity of the control message, verifies the first access conditions and transmits the second part to the second access control device. The second conditional access device decrypts and verifies integrity of the second part and further verifies the second access conditions, and releases and loads the control word into the descrambler.

Abstract: A method of handling media content comprises providing a set of one or more first layer data items that are to be accessible via a first media track. Each first layer data item is decodable to be rendered as a portion of the media content. Moreover, a set of one or more second layer data items is provided that are to be accessible via at least one second media track, each second layer data item being decodable to be rendered in combination with at least one decoded first layer data item as an enhanced portion of the media content. With each second layer data item a track reference index is associated that identifies the first media track via which the first layer data items are accessible. Then, the second layer data items and the associated track reference indices are encrypted for being transmitted to a content recipient.

Abstract: Novel systems and methods for testing network security are disclosed. In one example, at least one specified data message and at least one specified access credential to at least one third-party web-based service is stored on a monitoring system. At least one software agent configured with the specified data message and the specified access credential to the third-party web-based service is installed on at least on system to be tested. The software agent is executed on the testing system to send the specified data message to the third-party web-based service using the specified access credential. A monitoring system which is independent of the network, access the third-party web-based service with the access credential. The monitoring system compares, if data on the third-party web-based service is equivalent to the specified data message sent by the software agent. In another example, the software agent is configured with a custom start-logging command.

Abstract: In a communication-parameter providing apparatus, a search is conducted at the start of a communication-parameter automatic setting process. Upon detection of a communication apparatus, the rate at which the communication-parameter providing apparatus sends a beacon per unit time is increased, whereby a communication-parameter receiving apparatus can easily detect the communication-parameter providing apparatus.

Abstract: A method for verifying access conditions performed by two conditional access devices consecutively on a control message before releasing a control word to a descrambler. The control message includes a first part including first access conditions and a second part structured as a control message including at least second access conditions and a control word. A first conditional access device is configured for decrypting the control message with a common key specific to units having a first conditional access device and verifying the authenticity of said message. When the verification succeeds, the second part and a second right is transmitted to a second conditional access device, which decrypts the second part with a common key specific to units having a second conditional access device and verifies the authenticity of said second part and the second access conditions in relation to the second right encrypted by a personal key embedded therein.

Abstract: The system and method may include identifying manifest data associated with a package to be developed on a package development system, receiving the package from the package development system via a first network, comparing the manifest data to the package to determine whether a code injection exists in the package, and distributing the package to a plurality of user systems via a second network based on a determination that the code injection does not exist in the package.

Abstract: A system for cryptographic processing of content comprises an input for receiving the content. A plurality of look-up tables represents a white-box implementation of a combined cryptographic and watermarking operation. The look-up tables represent processing steps of the combined cryptographic and watermarking operation and the look-up tables being arranged for being applied according to a predetermined look-up scheme. The look-up scheme prescribes that an output of a first look-up table of the plurality of look-up tables be used to generate an input of a second look-up table of the plurality of look-up tables. The combined cryptographic and watermarking operation comprises a cryptographic operation and a watermarking operation. A control module looks up values in the plurality of look-up tables in dependence on the received content and in accordance to the look-up scheme, thereby applying the combined cryptographic and watermarking operation to the content.

Abstract: A system for defending against internet-based attacks is disclosed. The system may include a processor which may be configured to receive information associated with a device when a web request is transmitted by the device to access a web page monitored by the processor. The processor may also determine whether traffic associated with the web request from the device is suspected of being used for malicious activity and, if not, enable the device to access the web page. If the traffic is suspected of being used for malicious activity, then the processor may transmit a challenge to the device if the traffic is determined to be suspected. Furthermore, the processor may receive information associated with the web request, which may be provided by a uniform resource locator invoked in response to the traffic being determined to be suspected.

Abstract: A method of running an application in a process virtual machine (PVM) on a computing device using a dynamically-linked module (DLM) with an integrity self-check feature is provided. The DLM is written in PVM-native bytecode, and the PVM is configured to execute applications stored as PVM-native bytecode within a single code file associated with that application. The method includes (a) dynamically linking the application to the DLM by loading the PVM-native bytecode of the DLM from a resource file separate from the single code file of the application, (b) performing the integrity self-check feature on the DLM to ensure the integrity of the PVM-native bytecode of the DLM, and (c) in response to the DLM passing the integrity self-check, calling functions of the DLM from within the application. Embodiments directed to analogous computer program products and apparatuses are also provided.

Abstract: A method for controlling data access in a data-at-rest system includes executing a link intrusion prevention analysis between multiple layers of the data-at-rest system (for instance, at an application layer and a file layer), introducing a privacy policy at enforcement points that span multiple system layers, and dynamically altering the privacy policy.

Abstract: A device according to the present invention is configured for transmitting data between two semiconductor chips of a data processor in an encrypted manner, wherein a first semiconductor chip is connected to a second semiconductor chip. The device includes a non-volatile memory element in each of the two semiconductor chips, wherein an encryption initial value for an encryption rule is stored in the memory element of the first semiconductor chip and a decryption initial value associated to the encryption initial value for a decryption rule associated to the encryption rule is stored in the memory element of the second semiconductor chip. Additionally, the first semiconductor chip has a first data transmission interface formed to generate an encryption data stream from an input data stream using the encryption initial value according to the encryption rule.