Abstract: A method for authenticating a portable data carrier (10) to a terminal device employs a public key (PKG) and a secret key (SK1) of the data carrier (10) as well as a public session key (PKT) and a secret session key (SKT) of the terminal device. The data carrier (10) employs as a public key a public group key (PKG). As a secret key the data carrier (10) employs a key (SK1) that has been derived from a secret group key (SKG) associated with the public group key (PKG).

Abstract: Systems and methods for transfer of data including establishing two separate connections, the two separate connections including a high speed connection and a high integrity connection. Blocks of data are exchanged over the high speed connection while the high integrity connection facilitates communication of descriptor data regarding data received over the high speed connection. As such, the data transfer speed of the high speed connection is utilized while communication via the high integrity connection allows for data reliability features not provided by the high speed connection. The systems and methods may include receiver side data handling such that data received chronologically out of order may be ordered at the receiver.

Abstract: A role-based Graphical User Interface (GUI) may be provided. First, information associated with an application user may be received. A role associated the application user may be then determined. The role may then be analyzed to determine which application elements are permitted to the user and which application elements are restricted from the application user. Next, the permitted application elements may be loaded with permissible GUI elements visible and restricted GUI elements hidden. The permissible GUI elements may be associated with the application elements permitted to the application user, while the restricted GUI elements may be associated with the application elements restricted from the user.

Abstract: The invention relates to a value-added service applied to the broadcasting of video programs or content and more particularly to mobile television (Mobile TV). The invention promotes service continuity during the broadcasting of programs having an undefined duration and the broadcasting of which has been subject to a Pay-Per-View type purchase.

Abstract: A data collection apparatus includes an information storing unit which stores application information collected from a server providing a service by running an application and includes detail information indicating a detail of the application, an information collecting unit which collects the application information from the server, an information identifying unit which identifies application information in which an abnormality has occurred and application information, affected by the abnormality, a first comparing unit which compares, as to the application information identified by the information identifying unit, all application information including the detail information and all application information including the detail information collected in the previous point, and extracts application information different from the application information collected in a previous point, and an information sending unit which sends the application information, extracted by the first comparing unit, to a data manageme

Abstract: An authentication and authorization plug-in model for a cloud computing environment enables cloud customers to retain control over their enterprise information when their applications are deployed in the cloud. The cloud service provider provides a pluggable interface for customer security modules. When a customer deploys an application, the cloud environment administrator allocates a resource group (e.g., processors, storage, and memory) for the customer's application and data. The customer registers its own authentication and authorization security module with the cloud security service, and that security module is then used to control what persons or entities can access information associated with the deployed application.

Abstract: A cryptographic framework embodies modular methods for securing data, both at rest and in motion, via an extensible encryption method. Key derivation and synchronization methods are defined. Using a small set of initialization values (keys), a multi-dimensional geometric form from which two or more entities (participants) may derive the same discrete set of public and secret keys. Participants can initialize a random number generation method of practically infinite non-repeating length. Furthermore, the random number generator can be used as a One Time Pad synchronized between participants, without ever exchanging said One Time Pad. Furthermore, a method for ciphering and deciphering data including a method for splitting the encrypted data into multiple files or streams and for recombining the original data back.

Abstract: A sandbox architecture that isolates and identifies misbehaving plug-ins (intentional or unintentional) to prevent system interruptions and failure. Based on plug-in errors, the architecture automatically disables and blocks registration of the bad plug-in via a penalty point system. Publishers of bad plug-ins are controlled by disabling the bad plug-ins and registering the publisher in an unsafe list. Isolation can be provided in multiple levels, such as machine isolation, process isolation, secure accounts with limited access rights, and application domain isolation within processes using local security mechanisms. A combination of the multiple levels of isolation achieves a high level of security. Isolation provides separation from other plug-in executions and restriction to system resources such as file system and network IP.

Abstract: A semantics engine is described that produces a semantically-impaired but equivalent version of the original source code that can be compiled and executed using conventional tools for commonly used programming languages. This semantically-impaired source code and the compiled assemblies it produces are incomprehensible to anyone who would attempt to read them. The semantics-impairing process is irreversible both at the source and the assembly levels and the machine code generated by the semantically-impaired source code is exactly the same as that produced by the original source code. The semantics engine achieves confidentiality without using encryption or compression. All protective modifications are made directly to copies of the original source code thereby introducing no intermediate forms of the code.

Abstract: In certain embodiments, a method for monitoring and securing a baseboard management processor is provided. The method includes coupling to a baseboard management controller of a computer system via a console port, maintaining a persistent connection to the baseboard management controller, monitoring data from the console port, determining from the data whether an unauthorized access has occurred, and sending an alert if the unauthorized access has occurred.

Abstract: To reduce automatically a number of enabled connection profiles in a mobile station, for example, while the number of enabled connection profiles is at its maximum, a mobile station automatically selects one of the existing enabled connection profiles to disable and automatically disables the auto-selected connection profile.

Abstract: Systems, computer-implemented methods, and computer-readable media for establishing an online account with a resource provider are provided. An authentication token including identification of a user from an authentication server is received. The identification of the user from the authentication token is utilized to establish an online account for the user with the resource provider. Additional credentialing information from the user for the online account is received. The additional information received from the user is associated with the online account for the user with the resource provider.

Abstract: This disclosure describes systems and associated processes that provide digital rights management for applications. In some embodiments, these system and processes couple DRM protection with individual applications, rather than with a centralized service. For instance, these systems and processes can be implemented in the context of an application store or distribution service that distributes applications for purchase or for free to user devices. Developers can submit applications to the application distribution service for distribution to end users. In response to receiving an application from a developer, the application distribution service can modify the application to include DRM features. The application distribution service can accomplish this modification without input from or the knowledge of the developer. The DRM features included in the modified application can prevent or otherwise reduce copying or modifying of the application.

Abstract: An information processing apparatus includes an authentication unit configured to identify a user who uses a data processing apparatus, a storage unit configured to store user identification information for identifying the user who is identified by the authentication unit and is identified as not having ended using the data processing apparatus, and an acquisition unit configured to, in accordance with the user identification information stored in the storage unit, acquire from the data processing apparatus information about using of the data processing apparatus by the user identified with the user identification information that has not been acquired during the state in which communication with the data processing apparatus is unavailable.

Abstract: According to one embodiment, an authenticator which authenticates an authenticatee, which stores first key information (NKey) that is hidden, includes a memory configured to store second key information (HKey) which is hidden, a random number generation module configured to generate random number information, and a data generation module configured to generate a session key (SKey) by using the second key information (HKey) and the random number information. The authenticator is configured such that the second key information (HKey) is generated from the first key information (NKey) but the first key information (NKey) is not generated from the second key information (HKey).

Abstract: Methods, computer program products and systems are described for online-content management. Online content from multiple contributors is received at one or more first computers for public online display. An authentication score is determined for a contributor of the multiple contributors. The contributor's name and a representation of the contributor's authentication score is published online for display on one or more second computers in association with the online content received from the contributor.

Abstract: A cryptography device which reduces side channel information including a first computing block adapted to either encrypt or decrypt received first input data and to output the encrypted or decrypted first input data as first output data at a first data output, a second computing block adapted to either encrypt or decrypt received second input data and to output the encrypted or decrypted second input data as second output data at a second data output, and a control unit connected to the first and second computing blocks and adapted in a first operating condition on the one hand to partially or completely assign the first output data to the first computing block as the first input data and on the other hand to completely or partially assign the first output data to the second computing block as part of the second input data.

Abstract: A technique protects source code and is performed in an electronic device. The technique involves performing, on the source code, a scanning operation which provides a scanning result indicating whether the source code includes a cryptographic key. The technique further involves performing a remedial operation (e.g., alerting an administrator, deleting the key, replacing the key, combinations thereof, etc.) to prevent undesired exposure of the cryptographic key when the scanning result indicates that the source code includes a cryptographic key. The technique further involves refraining from performing the remedial operation when the scanning result indicates that the source code does not include a cryptographic key.

Abstract: Methods of securely performing online transactions are described which involve two independently controlled web servers. In order to complete a transaction, a user interacts concurrently with each of the two web servers and authentication may occur between the user and each web server and between web servers. Each of the two web servers provide data which is used to complete the transaction and the data provided by the first web server is communicated directly to the second web server for use in the transaction. In an embodiment, the first web server provides a web page which enables a user to specify a variable which is used in the transaction. This is communicated to the second web server which processes the transaction along with an identifier for the message. The identifier may be used in validating the variable before it is used in processing the transaction. Following completion of a transaction this may be reported in real time to the first web server.

Abstract: When setting up communication from a user equipment UE (1), such as for providing IP access for the UE in order to allow it to use some service, information or an indication or at least one network properly relating to a first network, e.g. the current access network (3, 3?), is sent to the UE from a node (13) in a sue and network such as the home network (5) of the subscriber ask UE. The information or indication can be sent in a first stage of an authentication procedure being part of the setting up of a connection from the UE. In particular, the network property can indicate whether the access network (3, 3?) is trusted or not.