Abstract: A secure display device is designed to display on a screen a first set of information edited by an open operating system. A secure operating system resident in a dedicated circuit edits a second set of information. A filter allocates, independently of the open operating system, a first zone of the screen to the first set of information and a second zone of the screen to the second set of information. The zones and can have a non-zero intersection and any value. A real video memory is used for transferring the two sets of information to the screen under the sole control of the secure operating system so as to produce a secure display of the second set of information.

Abstract: The present invention provides systems and methods for secure transaction management and electronic rights protection. Electronic appliances such as computers equipped in accordance with the present invention help to ensure that information is accessed and used only in authorized ways, and maintain the integrity, availability, and/or confidentiality of the information. Such electronic appliances provide a distributed virtual distribution environment (VDE) that may enforce a secure chain of handling and control, for example, to control and/or meter or otherwise monitor use of electronically stored or disseminated information. Such a virtual distribution environment may be used to protect rights of various participants in electronic commerce and other electronic or electronic-facilitated transactions. Distributed and other operating systems, environments and architectures, such as, for example, those using tamper-resistant hardware-based processors, may establish security at each node.

Abstract: A database is queried based upon data contained in a message to obtain sender identification information, at least part of which is not contained in the message as it was sent. The sender identification information is presented to a recipient, which can send a signal accepting or rejecting the message based upon the sender identification information. If an accept signal is entered, the message can be forwarded to the recipient and/or rendered to the recipient.

Abstract: The present invention relates generally to audio and video processing, e.g., with digital watermarking. One claim recites an apparatus including: electronic memory for buffering data representing audio or video, and an electronic processor.

Abstract: A method for quarantining a node from other nodes in a network is described. A node is scanned to obtain a health posture of the node by determining if the node is compliant with one or more requirements. A current policy in accordance with the obtained health posture of the node is obtained. A previous policy is removed. If the node is determined to be non-compliant, a key that is unique to the non-compliant node is selected. The current policy is applied.

Abstract: A method and apparatus for secure software installation to boot a device authorized by a ticket are described herein. A ticket request including a device identifier of the device is sent for the ticket which includes attributes for one or more components to boot the device into an operating state. The ticket is cryptographically validated to match the one or more components with corresponding attributes included in the ticket. If successfully matched, the one or more components are executed to boot the device.

Abstract: The present invention describes methods and apparatus involving embedding data. Data can be embedded steganographically in content or embedded in, e.g., headers associated with the content. In one implementation, a method of embedding auxiliary information in data is provided. The method includes receiving data and correlated data. The correlated data is related to but independent from the received data. The method further includes receiving auxiliary information, the auxiliary information being independent of the received data and the correlated data; changing the auxiliary information based on at least the correlated data; and embedding the changed auxiliary information in the received data. Other implementations are also provided.

Abstract: The invention relates to a method, a system, an electronic device and a computer program for providing at least one content stream to an electronic device applying Digital Rights Management (DRM). In the method a master integrity key is obtained in a streaming node. An encrypted master integrity key is obtained in an electronic device. The encrypted master integrity key is decrypted in the electronic device. At least one session integrity key is formed in the streaming node and in the electronic device using at least the master integrity key and the integrity of at least one content stream is protected between the streaming node and the electronic device using the at least one session integrity key.

Abstract: In a computing device that includes a host operating system and a management engine separate from the host operating system, if the primary operating system is not operating, a management engine may obtain from a credential server via a first network connection logon information for a secured network and the management engine connects to the secure network through a secured connection using the logon information. If the operating system is operating the operating system provides the logon information to the management engine. Certificate verification may be performed by a remote server on behalf of the management engine. Other embodiments are disclosed and claimed.

Abstract: A data compression method improves Lempel-Ziv (“LZ”) compression by encoding the offsets produced during LZ compression as variable-bit-length (“VBL”) encoded integers, and outputting the VBL integers as part of the compressed data. Other integers produced during LZ compression, as well as integers produced by other data compression algorithms, can also be encoded using a VBL scheme.

Abstract: Operating on video frames includes determining a frame set backdrop of a set of video frames that is a characterization of the relative difference in content of the set of video frames. Decreasing video quality of the set of video frames when the frame set backdrop is relatively higher indicating relatively greater content difference among video frames of the set of video frames and increasing/leaving quality of the set of video frames when the frame set backdrop is relatively lower indicating relatively lesser content difference among video frames of the set of video frames. Alteration of video quality of the set of video frames includes altering a frame rate, altering a pixel resolution, and/or altering color resolution of the set of video frames and/or altering a ratio of independent frames to predictive frames of the set of frames.

Abstract: An authentication method and system. A computing system generates an authentication table associated with a user. The computing system receives first authentication data and second authentication data differing from the first authentication data. The first authentication data and the second authentication data are placed in the authentication table. The authentication table comprising the first authentication data and the second authentication data is stored in the computing system. The computing system generates an action table. The computing system receives first action data and second action data and places the first action data and the second action data in the action table. The action table comprising the first action data and the second action data is stored in the computing system.

Abstract: A process of cryptographically securing a data object including one or more respectively tagged data elements includes selecting a tagged data element from among a plurality of tagged data elements, based on an associated data tag. A plurality of cryptographic key splits is generated from seed data. The cryptographic key splits are bound together to produce a first cryptographic key. A second cryptographic key is generated based on security requirements of the data object. The tagged data element is encrypted using the first cryptographic key. The data object encrypting using the second cryptographic key. At least one of the cryptographic key splits is based on the associated data tag.

Abstract: Systems and methods for an anti-virus detection module that can detect known undesired computer files in archives that may be encrypted, compressed and/or password-protected are provided. According to one embodiment, a method is provided for detection of malicious or undesired computer files within an archive without decrypting and without decompressing the contents of the archive. A type and structure of the archive are identified by examining primary or secondary identification bytes stored within the archive. Based on the identified type and structure, descriptive information is obtained from the archive describing contained files within the archive file. The descriptive information for each contained files is evaluated to determine if any are malicious or undesired computer files by comparing the descriptive information to signatures of known malicious or undesired computer files. Finally, an attempt is made to prevent contained files determined to be malicious or undesired from being opened.

Abstract: A method and apparatus are provided for tracking the state of a software component in use on a computing platform. Upon a change of a first type in the software component (such as a change to an integrity-critical part of the component), an appropriate integrity metric of the software component is reliably measured and recorded in cumulative combination with any previous integrity metric values recorded for changes of the first type to the software component. Upon a change of a second type in the software component (such as a change to a non integrity-critical part of the component), an appropriate integrity metric of the software component is reliably measured and recorded as a replacement for any previous integrity metric value recorded for changes of the second type to the software component. The two resultant values provide an indication of the integrity state of the software component.

Abstract: A method of handling security key change for a user equipment in a wireless communication system includes applying a radio resource control procedure to activate key change, where the radio resource control procedure covers two conditions where the key change is accompanied with an authentication and key agreement run and without an authentication and key agreement run.

Abstract: A method (400) of automatically generating policies and/or roles for role based access (RBAC). The method can include presenting a policy or policy generation table (300) identifying scripts (304) and roles (302) to which the scripts correspond to an operator, and receiving at least one operator input selecting a plurality of desired scripts to be associated with a desired policy or role. The method also can include parsing the scripts to identify corresponding verb-switches (204), and comparing the parsed verb-switches to existing policies or roles (114). When there is at least one of the parsed verb-switches that does not correspond to at least one existing policy, the parsed verb-switch that does not correspond to at least one existing policy can be identified and a policy (106) that includes the identified verb-switch can be generated.

Abstract: Techniques are described for mapping an emulated SSL implementation to, for example, OpenSSL.

Abstract: Disclosed is an audio/video data synchronization apparatus for directly transmitting decoded audio/video data to an external device, without compressing the data, using UWB communication. The apparatus synchronizes video and audio data stored in a terminal without compressing the data and simultaneously transmits the data to an external device using UWB communication, so that users can enjoy high-quality images and sounds. In addition, the receiving end does not necessarily incorporate a separate function for decoding moving images, because it receives uncompressed video/audio data. This makes the apparatus simple and convenient.

Abstract: A system, method, and computer program product are provided for conditionally securing data stored on a peripheral device coupled to a system, based on a state of the system. In use, a state of a system is identified. In addition, data stored on a peripheral device coupled to the system is conditionally secured, based on the state.