Abstract: A method is provided in one example embodiment that includes identifying a file format identifier associated with a beginning of a file, parsing the file based on the file format identifier until an end of the file is identified, and calculating a hash from the beginning of the file to the end of the file. The method may also include sending the hash to a reputation system and taking a policy action based on the hash's reputation received from the reputation system.

Abstract: A resource in unencrypted form and a wrapped key are received in a request from an application server system and at a key server system. The wrapped key includes a resource encryption key and a user identifier that have been encrypted using a master key. The user identifier identifies a user that is permitted to use the resource encryption key to decrypt the resource. The request does not include the user identifier. The wrapped key is decrypted to access the resource encryption key. The resource in unencrypted form is encrypted into an encrypted resource with the resource encryption key. The encrypted resource is sent to the application server system.

Abstract: A data object storing data in the memory device is associated with at least one software application. Accessing the object will invoke the at least one software application which processes the data in the object. Individual ones of a plurality of first sets of protocols are selectable for enabling data to be provided and stored in a data object. A second set of protocols can be used to retrieve data from the data object, or data derived from such data, irrespective of which of the first set of protocols was used to enable the provision and storing of data in the object.

Abstract: A seed value is received and a resource encryption key is generated from the seed value. The resource encryption key may be sent to an application server such that the application server system is able to encrypt a resource using the resource encryption key. Authentication credentials and a wrapped key are received and the wrapped key is decrypted to generate an unwrapped key that includes the resource identifier, the resource encryption key, and the user identifier in unencrypted form. The user identifier is accessed from the unwrapped key it is determined that the received authentication credentials correspond to the accessed user identifier. The resource encryption key is sent in unencrypted form to the application server system such that the application server system can decrypt the resource using the resource encryption key in unencrypted form.

Abstract: Authentication credentials are received at a key server system. A service associated with the wrapped key is identified. A master key is accessed based on the identified service, the master key being associated with the identified service. The wrapped key is decrypted to generate an unwrapped key that includes the resource identifier, the resource encryption key, and the user identifier in unencrypted form. The user identifier is identified accessed from the unwrapped key. The received authentication credentials are determined to correspond to the accessed user identifier. In response to determining that the received authentication credentials correspond to the accessed user identifier, the resource encryption key are sent in unecrypted to the application server system such that the application server system can decrypt the resource using the resource encryption key in unencrypted form.

Abstract: A computer system includes multiple computer modules each including at least a calculator and a storing unit. A first computer module of the computer modules includes: a storing unit that stores authentication information for connection with a second computer module of the computer modules; an authenticator that authenticates an information processing device accessing the first computer module, and allows the information processing device to access thereto based on an authentication result; and a relay connector that connects the information processing device allowed to access the first computer module to the second computer module based on the authentication information.

Abstract: A Browsable SlideShow is recorded on a BD-ROM. The Browsable SlideShow includes a video stream, an audio stream and PlayList information. The video stream and the audio stream are recorded on separate areas on an optical disc. The PlayList information includes a plurality of pieces of PlayItem information, each of which has an In_time and an Out_time which specify a single piece of picture data in the video stream and a Still_time indicating a period during which the piece of picture data is still-displayed. A still period indicated by the Still_time is a length of time that is longer than or equal to a VBV-delay when reading a subsequent piece of picture data to an Elementary Buffer 5 of a playback apparatus. The VBV-delay is based on the time required for seeking between the separate areas and reading the audio stream.

Abstract: A method of establishing security association between heterogeneous networks is disclosed. The method comprises a first step of receiving information of heterogeneous networks near a mobile station; a second step of transmitting a request message requesting authentication related information transfer to a target heterogeneous network where the mobile station intends to perform handover, among the heterogeneous networks near the mobile station; and a third step of receiving authentication related information and key related information of the target heterogeneous network. At this time, the first step, the second step, and the third step are preferable performed before handover is performed between heterogeneous networks.

Abstract: Security elevation techniques are described. In an implementation, a request is received for additional security access beyond that which is currently specified for a program. An identity that describes the program is checked with a plurality of conditions. The security level is automatically elevated to grant the additional security access when the identity corresponds to one of the conditions that indicates that the security level is to be automatically elevated.

Abstract: Apparatus, methods, and computer program products are disclosed for using gestures to authenticate a principal. The method acquires a multi-pattern authentication gesture that has multiple input patterns. The multiple input patterns have a temporal dimension. At least two of the multiple input patterns overlap in the temporal dimension. The multi-pattern authentication gesture also has a duration. The method compares whether the multi-pattern authentication gesture is sufficiently similar to an available gesture template over a portion of the duration and assigns a level-of-trust to the principal responsive to the comparison. The apparatus and program products use the method.

Abstract: A system and method for filtering unwanted Internet Protocol traffic based on blacklists receives a first blacklist containing a first plurality of Internet protocol addresses associated with unwanted Internet traffic. The system also operates a first plurality of access control lists adapted to block the unwanted Internet traffic from one of the first Internet protocol addresses listed in the first blacklist. The system also assigns a first weight to each of the first Internet protocol addresses based on a reliability of Internet traffic from each of the first Internet protocol addresses. Additionally, the system reduces a first number of the first access control lists to optimally trade off a number of desirable Internet protocol addresses blocked with a number of bad Internet protocol addresses blocked based on the first weight of each of the first Internet protocol addresses.

Abstract: The present disclosure provides a method for scalable anti-replay windowing. According to one exemplary embodiment, the method may include receiving at least one data packet having at least one new sequence number. The method may also include comparing the at least one new sequence number to an anti-replay window configured to prevent packet replay, the anti-replay window having at least one existing sequence number. The method may further include shifting the contents of the anti-replay window by varying the location of a starting index and an ending index. Of course, additional embodiments, variations and modifications are possible without departing from this embodiment.

Abstract: A data provider generates a data encryption key and an identifier, uses the data encryption key to encrypt data, sends the encrypted data and the identifier to a data requestor, and sends the data encryption key and the identifier to a crypto information server. The data requestor sends the identifier to the crypto information server to request the encryption key. The crypto information server authenticates the data requestor and, contingent on that authentication, sends the data encryption key to the data requestor. If a plurality of data instances are captured, then for each instance, a respective data encryption key and identifier are generated.

Abstract: An image encryption apparatus encrypts a digital image by specifying a partial region from the digital image, converting the selected partial region into a processing image based on an encryption key, and specifying a position of the partial region by regularly converting a pixel value of the processing image.

Abstract: A method and system to transport encrypted keys among the participants of a real time communications session are provided. The system may include a message detector, a carrier packet detector and a decrypting module. The message detector may be configured to receive, at a target device, a first communication from a source device. The first communication may comprise a first message. The carrier packet detector may be configured to receive, at a target device, a second communication from a source device. The second communication may comprise a first encrypted key to decode the first message. The decrypting module may be configured to decode the message, utilizing the first encrypted key.

Abstract: A commercial off-the-shelf smartphone is adapted, through software modifications only, to provide multiple operating domains or domains that provide differing levels of security and reliability. Each operating domain is isolated from the others. Detection of unauthorized modification is provided. Cross domain activity notification is provided.

Abstract: A method of method of installing a wireless communications network configures a client device to connect wirelessly to an access point arranged to provide a wireless communications network. The method comprises running an installation program on the client device for configuring the client device to attach to the wireless communications network. The installation program is automatically provided with wireless network configuration information comprising at least a wireless network identifier which identifies traffic using the wireless communications network. The automatic provision of the wireless network configuration information comprising said wireless network identifier is implemented by connecting an installation device comprising non-volatile memory which stores said information, and configuring said installation program to utilize the information stored on said installation device.

Abstract: A method for protecting a key used, by an electronic circuit, in a symmetrical algorithm for ciphering or deciphering a message, including the steps of complementing to one the key and the message; executing the algorithm twice, respectively with the key and the message and with the key and the message complemented to one, the selection between that of the executions which processes the key and the message and that which processes the key and the message complemented to one being random; and checking the consistency between the two executions.

Abstract: CPU of a console accepts a full application activation instruction generated via an activation instruction switch. The CPU searches through all of apparatus of a mixing system, which the console belongs to, to detect any apparatus having connected thereto a USB dongle that has recorded therein an access key corresponding to an application program to be fully activated. If such an apparatus has been detected within the mixing system, the CPU places the application program in a fully activated state. If, on the other hand, no such apparatus has been detected, the CPU terminates a full application activation process. Such arrangements allows the application program, which requires authentication of the access key, to be executed with simple operation, while preventing unauthorized use of the application program.

Abstract: A management apparatus connectable, through a network, to a managed device located in a network environment utilizing a firewall to disallow spontaneous access through the network from an outside, the management apparatus includes an input unit configured to enter an instruction addressed to the managed device, and an instruction reply unit configured to receive a query from the managed device through the firewall as to the presence/absence of the instruction and, when the instruction entered through the input unit is present, reply with the entered instruction in response to the query in the course of a session established when the query is received, wherein the instruction reply unit, along with replying with one instruction entered in response to the query, maintains the session and, executes another entered instruction according to the response of the managed device to the reply.