Abstract: A portable data transport device that provides security to data stored therein, and is configured to communicate data with a host computer for securing and transporting data. The portable data transport device includes a first processor and a biometric identification system. Upon successful biometric identification of an enrolled user, the first processor permits mounting of the data transport device to a host computer. However, prior to the commencement of read/write operations, cross-checking of stored identification codes of components of the portable data transport device occurs, including the use of a hash function. If any identifier does not match, no read/write data operations are permitted. The portable data transport device includes a file security program that includes a DLL encryption/decryption program having a self-check feature. Upon self check, if any changes were made to the encryption/decryption program, no read/write operations are permitted.

Abstract: There are provided method and apparatus for detecting and concealing reference and non-reference video frames. A video decoder includes an entropy decoder, an error detector, and an error concealer. The entropy decoder is for decompressing a video bitstream intended to have a fixed frame rate and parsing the decompressed video bitstream to find picture order counts for frames of the decompressed video bitstream. The error detector is for determining that a particular frame of the decompressed video bitstream is missing based upon the picture order counts. The error concealer is for concealing the particular frame. The method is accomplished by decompressing and parsing the video bitstream to find picture order counts for frames of the decompressed video bitstream and then determining that a particular frame of the decompressed video bitstream is missing based upon comparison of their associated picture order counts, and then concealing that particular frame.

Abstract: Example embodiments herein include a verification process that provides a safe and efficient mechanism for recovering security associations between network devices. More specifically, the verification process transmits a secured message from a first network device to a second network device across a network. Furthermore, the security association includes a parent process and a corresponding child process. The verification process detects, at the first network device, an incompatibility in the security association between the first network device and the second network device. Next, the verification process transmits a status query from the first network device to the second network device in order to determine the status of the security association between the first network device and the second network device. In response, the verification process receives a verifiable reply message that is indicative of the status of the security association between the first network device and the second network device.

Abstract: A personal authentication system using biometrics information. The system orders, when an characteristic element in the biometrics information (such as a characteristic point in a fingerprint) can be expressed with two types of information (such as, for instance, a coordinate values for a characteristic point in a fingerprint and a local partial image), the characteristic points using one type of information (for instance, local partial image) as label information, and outputs other type of information (such as coordinate values) as key information according to the order.

Abstract: A computer-implemented method for malicious code detection. An emulator is initialized, and import dynamic link libraries are processed. Instructions of a target program are emulated using the emulator. Select application programming interface calls are intercepted using an intercept list during the program emulation.

Abstract: Systems, methods and computer readable media for remotely disabling communication devices. When a communication device is identified for disablement, a disable signal may be transmitted to the emergency communication device. If the emergency communication device receives the disable signal, the emergency communication device may authenticate the source of the disable signal. If the source of the disable signal has been authenticated, the emergency communication device may disable itself. Disablement may include physical destruction or physical alteration of hardware or software necessary for the communication device to operate. Disablement may also include being locked-out from access to or use of hardware or software necessary for the communication device to operate.

Abstract: A method and an apparatus for monitor mirroring in the display of data requiring confidentiality is disclosed, including a computer system, an identification unit that identifies the data requiring confidentiality, and a filter unit that filters the identified data requiring confidentiality, so that only the filtered data and data not requiring confidentiality are shown on the monitor. The screen content of the monitor can thereupon be mirrored onto a further monitor.

Abstract: The present invention relates to a method for using interlaced video signal of a base layer in interlayer texture prediction. The present method constructs a pair of frame macro blocks from vertically-adjacent two field macro blocks pertaining to interlaced video signal of a base layer, separates video signal containing the pair of frame macro blocks into even-field and odd-field components, interpolates the even-field and the odd-field components respectively in vertical and/or horizontal direction, and constructs a combined video data by interleaving the interpolated even-field and odd-field components.

Abstract: A method and system for authenticating credentials for management of a client is disclosed. The credentials are provided to a verification application. The credentials are authenticated to an authentication application. A connection between the authentication application and a security server is established. An authenticator is invoked. Administrative rights associated with the credentials are verified. An authentication certificate indicating the administrative rights is sent to the client.

Abstract: A network device negotiates an encryption protocol with another network device, receives data from a trusted client device, encrypts the received data with the negotiated encryption protocol, and applies a label switched path (LSP) label to the encrypted data for transmission to the network device through an untrusted Multiprotocol Label Switching (MPLS) network.

Abstract: A biometrics authentication system uses biometrics authentication media to simplify the process of issuing biometrics authentication media, and reduce issuing costs. A biometrics authentication application is downloaded from a server to a mobile communication terminal, and an area for authenticated biometrics information is created. A user brings this mobile communication terminal to a service area and causes an image of his own biometrics information to be captured, and this biometrics data and an account number are stored in a common area of the mobile communication terminal. Therefore, the mobile communication terminal has functions of an individual card storing biometrics information, and issuing of a card for use in biometrics authentication is completed.

Abstract: A security analyzer analyzes a security of a device-under-analysis (DUA). In one embodiment, the security analyzer identifies two or more valid message-delivery preconditions for a communication protocol supported by the DUA. One of the identified valid message-delivery preconditions is selected and the security analyzer delivers an attack to the DUA according to the selected message-delivery precondition. The same or similar attacks can also be delivered to the DUA via other message-delivery preconditions. Based on the DUA's response, the security analyzer determines whether a vulnerability has been found.

Abstract: Described are techniques for processing a data storage configuration request for an application. The data storage configuration request is received from a requester. A first user level of a plurality of user levels at which the data storage configuration request is made by the requester is determined. Each user level is associated with a different level of abstraction with respect to processing performed in the data storage system for implementing the data storage configuration request. The data storage configuration request is serviced. Servicing the request includes determining whether to perform the data storage configuration request in accordance with security criteria defining, for each of the plurality of user levels, permitted operations that may be performed for different requesters in connection with the data storage configuration request.

Abstract: A recursive based approach to key generation produces keys for encrypted communication. Simple mathematical operations are utilized with the inherent uncertainty of an interactive process between two endpoints to establish a common secret key. The uncertainty-based key cipher starts with some public information and some private information. The public information includes a vocabulary (alphabet) and keypad, and the private information can include an authentication code. The keypad is an abstraction that represents, for example, a set of “buttons.” These buttons will be used to translate a working key into a text that could be used to evaluate coincidences in a generated working key. Each keypad button can have more than one possible value. The number of options inside the button is the so called “uncertainty level.

Abstract: An active shield can be configured to receive a test signal, and configured to output a plurality of shield signals, derived from the test signal, via a plurality of signal paths. A compare logic can be configured to compare the test signal with each of the plurality of shield signals to provide at least two comparison signals indicating comparison results and can be configured to output the at least two comparison signals. A detection and decision logic can be configured to determine whether the active shield is subject to attack based on patterns of the at least two comparison signals.

Abstract: An arithmetic circuit capable of Montgomery multiplication using only a one-port RAM is disclosed. In a first read process, b[i] is read from a memory M2 of a sync one-port RAM for storing a[s?1: 0] and b[s?1: 0] and stored in a register R1. In a second read process, a[j] is read from the memory M2, t[j] from a memory M1 of a sync one-port RAM for storing t[s?1: 0], b[i] from the register R1, and a value RC from a register R2, and input to a sum-of-products calculation circuit for calculating t[j]+a[j]*b[i]+RC. In a write process, the calculation result data FH is written in the register R2, and the calculation result data FL in the memory M1 as t[j]. A first subloop process for repeating the second read process, the sum-of-products calculation process and the write process is executed after the first read process.

Abstract: A method encoded on a data storage medium as executable software for processing data includes steps for providing a scrambling key for scrambling a current piece of information from a plurality of pieces of information, providing with the current piece of information a current identification token from a series of identification tokens, the current identification token to be combined with the scrambling key for scrambling a subsequent piece of information from the plurality of pieces of information, and scrambling the current piece of information using a combination of the scrambling key and a previous identification token from the series of identification tokens to create scrambled current data. A system and an article of manufacture for processing data are also disclosed.

Abstract: A process of information leakage prevention for sensitive information in a database table. Content to be inspected is extracted at a deployment point. The content is processed by a first fingerprinting module to determine if the content matches fingerprint signatures generated from database cells between a first threshold size and a second threshold size which is larger than the first threshold size. The content is also processed by a second fingerprinting module to determine if the content matches fingerprint signatures generated from database cells larger than the second threshold size. The content may also be filtered, and the filtered content processed with an exact match module to determine if the filtered content exactly matches data from cells smaller than the first threshold size. Other embodiments, aspects and features are also disclosed.

Abstract: A method for providing access to one or more resources in a computer network, establishing a connection between a user and the computer network via at least one wireless access point, generating an authentication level for the user associated with accessing the one or more resources, sending a program to the client device, receiving authentication data from the user, and changing the authorization level of the user based upon the authentication data received from the user.

Abstract: A biometrics authentication system using biometrics media simplifies the process, and reduces the costs, of issuing a portable communication terminal having biometrics functions. A biometrics application program is downloaded from a server to a portable communication terminal, an area for authenticated biometrics information is caused to be created, and biometrics information on an individual card of the user is stored in a common area of the portable communication terminal. Thus, the portable communication terminal has the functions of an individual card storing biometrics information, and the portable communication terminal can be used as an individual card for biometrics authentication.