Abstract: An embodiment of a method for filtering a digital media file includes receiving a selection of a first maturity level, and receiving a media content rating table including at least one media rating entry. Each media rating entry includes a location indicator indicating a predetermined portion of the digital media file and a maturity rating indicator corresponding to a maturity rating of the predetermined portion. The method further includes receiving the digital media file, and modifying at least one predetermined portion of the digital media file if the indicated maturity rating of the at least one predetermined portion is greater than the selected first maturity level to produce a first modified digital media file.

Abstract: Data security access and management may require a server dedicated to monitoring document access requests and enforcing rules and policies to limit access to those who are not specifically identified as having access to the data. One example of operation may include selecting data to access via a user device, identifying a user profile associated with the user device, retrieving at least one user policy associated with the user profile, determining whether the user policy permits the user device to access the data, matching the user policy to a data policy associated with the data, receiving an encryption key at the user device, applying the encryption key to the data, and unwrapping the data from a wrapped data format to access the data.

Abstract: Processes and techniques for protecting web users from malicious executable code are described. A proxy engine is implemented that intercepts communications between a web browser and a script engine. The proxy engine can invoke a variety of custom event handlers that are configured to handle specific types of events (e.g., script events) that occur in the processing of web content. A script shield event handler detects the presence of script in pre-defined script-free zones and prevents the script from being executed on a user's device.

Abstract: A computing device may determine that a policy event to initiate data destruction for a first set of data has been triggered. The first set of data may be located on a first file. The computing device may delete, in response to the determining, a first security key used for decrypting the first set of data. The computing device may delete, in response to the determining, one or more transaction log entries associated with the first set of data. The one or more transaction log entries may include a copy of the first set of data. The one or more transaction log entries may be a part of a transaction log. The transaction log may be a second file that stores a history of each data change within the database.

Abstract: A method of facilitating the exchange of data between a user having a computing device, and a remote entity, where a first connection has been established between the user and the remote entity, and where the user has associated data exchange information with an application on the computing device, the data exchange information defining properties of the data to be exchanged between the user and the remote entity.

Abstract: A searchable encryption method enables encrypted search of encrypted documents based on document type. In some embodiments, the searchable encryption method is implemented in a network intermediary, such as a proxy server. The network intermediary encrypts documents on behalf of a user or an enterprise destined to be stored on a cloud service provider. The searchable encryption method encodes document type information into the encrypted search index while preserving encryption security. Furthermore, the searchable encryption method enables search of encrypted documents using the same encrypted index, either for a particular document type or for all encrypted documents regardless of the document type.

Abstract: When visual focus on a mobile device is limited, aural cues can be used to aid in entering a pattern based access code. The mobile device displays a plurality of positions from which an access code for accessing a mobile device can be selected. Indications of a set of positions of the plurality of positions in a sequence are received. The sequence of the set of the positions form an access code. For at least the first of the set of positions, an aural cue associated with the first position is determined, and the aural cue is emitted to indicate the first position based on the aural cue. It is determined whether the access code is correct. Access to the mobile device is allowed if the access code is correct.

Abstract: A key ceremony application creates bundles for custodians encrypted with their passphrases. Each bundle includes master key share. The master key shares are combined to store an operational master key. The operational master key is used for private key encryption during a checkout process. The operational private key is used for private key decryption for transaction signing in a payment process. The bundles further include TLS keys for authenticated requests to create an API key for a web application to communicate with a service and to unfreeze the system after it has been frozen by an administrator.

Abstract: A system and method is disclosed for performing unified broadcast encryption and traitor tracing for digital content. In one embodiment a media key tree is divided into S subtrees, the media key tree including media keys and initial values, which may be random values. The digital content is divided into a plurality of segments and at least some of the segments are converted into a plurality of variations. The random values are transformed into media key variations and a separate media key variant is assigned to each of the subdivided subtrees. A unified media key block including the media key tree is stored on the media.

Abstract: The invention relates to a method for securing access to a computer device, that includes the step of establishing a secured connection and authentication of said computer device and the user of the computer device with a remote server, wherein the steps of establishing the secured connection and authentication are carried out upon the execution of commands included in a data set adapted for implementing the pre-start of the computer device before triggering the execution of the boot loader of the computer device operating system.

Abstract: An approach for authentication is provided. The approach performs identifying, by one or more computer processors, an account attempting to access content. The approach performs identifying, by one or more computer processors, a file including at least authentication information. The approach performs identifying, by one or more computer processors, a location of the authentication information within the identified file. The approach performs identifying, by one or more computer processors, a length of the authentication information. The approach performs identifying, by one or more computer processors, the authentication information in the identified file based at least on the identified location and the identified length of the authentication information.

Abstract: A hierarchical tree structure is used to facilitate the communication of encrypted keys to particular users having access to the tree. All users are in communication with a root node, but the information content of the material at the root node is decipherable only by the intended users of this information. Protected data is encrypted using a variety of data-keys specific to the data. These data-keys are encrypted using a combination of node-keys that are specific to particular users or groups of users. Users having access to the node-key associated with a particular encrypted data-key are able to decipher the data associated with the data-key; users without access to the particular node-key are unable to decrypt the data-key, and thus unable to decipher the data. The hierarchical tree is preferably structured based on a similarity of access rights among users, to minimize the overhead associated with providing user-specific access rights.

Abstract: A method includes receiving a target credential object having administrative rights over a first user account located on a target system. The first user account includes a log-in permission for the target system. The method also includes receiving data indicative of a second user account corresponding to the first user account, wherein the second user account is located on a local system. The method further includes sending a first request to remove the log-in permission from the first user account to the target system using the target credential object. The method still further includes receiving a log-in request corresponding to the second user account on the local system. The method additionally includes, in response to receiving the log-in request for the second user account, sending a second request to add the log-in permission on the first user account to the target system using the target credential object.

Abstract: A method for protecting digital media content from unauthorized use on a client, is described. The method comprising the steps of receiving from a server on the client a list of processes, instructions, activity descriptions or data types that must not be active simultaneously with playback of the digital media content (“the blacklist”). The method further comprising checking, on the client, for the presence of any items on the list; and continuing interaction with the server, key management and playback of protected content only if no items on the list are detected on the client. A system is also described.

Abstract: A method for distributed trust authentication of one or more users attempting to access one or more service providers operating on a network includes performing primary authentication of a user using a first authentication factor, generating a first partial digital signature for a first authentication response to the primary authentication, performing secondary authentication of the user using a second authentication factor, generating a second partial digital signature for the second authentication response to the secondary authentication, combining the first and second partial digital signatures to form a composite digital signature, and validating the composite digital signature.

Abstract: A re-encryption key generator according to an embodiment generates a re-encryption key to obtain re-encrypted data that can be decrypted by a second private key of a second user device by re-encrypting ciphertext obtained by encrypting plaintext by a first public key of a first user device without decryption. The re-encryption key generator stores a first private key corresponding to the first public key. The re-encryption key generator stores a second re-encryption key generation key of the second user device that is different from a second public key corresponding to the second private key. The re-encryption key generator generates the re-encryption key based on the first private key and the second re-encryption key generation key.

Abstract: A system and method are provided for generating a Short Term Key Message (STKM) for protection of a broadcast service being broadcasted to a terminal in a mobile broadcast system. The method includes transmitting, by a Broadcast Service Subscription Management (BSM) for managing subscription information, at least one key information for authentication of the broadcast service to a Broadcast Service Distribution/Adaptation (BSD/A) for transmitting the broadcast service, generating, by the BSD/A, a Traffic Encryption Key (TEK) for deciphering of the broadcast service in the terminal and inserting the TEK into a partially created STKM, and performing, by the BSD/A, Message Authentication Code (MAC) processing on the TEK-inserted STKM using the at least one key information, thereby generating a completed STKM.

Abstract: Methods, computer program products, computer systems, and the like, which provide security in cloud-based services using lightweight replicas, are disclosed. The methods, computer program products, computer systems, and the like include detecting an intrusion into an application server, dynamically provisioning a replica application server in a server system in response to the detecting the intrusion, and transitioning a datastream from the application server to the replica application server, where the application server is provisioned in the server system, the intrusion is an attack on the application server, and the attack is conducted via a datastream between a first computing system and the application server. The replica application server is a replica of at least a portion of the application server.

Abstract: A computer-implemented method, computerized apparatus and computer program product for monitoring traffic in a computer network. The computer network comprises a plurality of devices configured to apply a transformation function on a target port identifier of a requested transmission by an application program executing thereon and direct the transmission to a different target port per the scrambled identifier thereby obtained. The transformation function depends on at least one parameter shared among the plurality of devices and applying thereof is conditioned on the application program requesting transmission being listed in a list of authorized application programs. Attempts to access invalid ports as defined by the transformation function are identified and an action for mitigating a security threat ascribed thereto is provided.

Abstract: A method in one example implementation includes extracting a plurality of data elements from a record of a data file, tokenizing the data elements into tokens, and storing the tokens in a first tuple of a registration list. The method further includes selecting one of the tokens as a token key for the first tuple, where the token is selected because it occurs less frequently in the registration list than each of the other tokens in the first tuple. In specific embodiments, at least one data element is an expression element having a character pattern matching a predefined expression pattern that represents at least two words and a separator between the words. In other embodiments, at least one data element is a word defined by a character pattern of one or more consecutive essential characters. Other specific embodiments include determining an end of the record by recognizing a predefined delimiter.