Abstract: To provide a multiplexing method which facilitates a reproduction process and reduces unpleasantness felt by a viewer about image quality. The multiplexing method includes: a step of judging whether or not a clip to be coded should be coded as part of a continuous reproduction unit in which bitstreams are structured so as to allow continuous reproduction (S100); a step of determining a color space that is common within the continuous reproduction unit when it is judged that the clip should be coded as part of the continuous reproduction unit (S110); a step of generating bitstreams by coding the clip to be coded according to a determined color space (S112); and a step of packet-multiplexing bitstreams (S118).

Abstract: A system and method for provisioning digital identity representations (“DIRs”) uses various techniques and structures to ease administration, increase accuracy, and decrease inconsistencies of a digital-identity provisioning system. Various methods are provided for creating new DIRs, requesting DIRs, notifying principals of available DIRs, and approving issuance of new DIRs.

Abstract: Methods and systems for information dissemination in mobile ad hoc networks founded on Content Based Routing. The method comprises encoding, via an encoding logic within the source node, a plurality of information categories associated with the content in a header of the packet, encrypting the packet with an encryption key unique to the plurality of information categories, with the encrypted packet having a unique dissemination group identity in its header, and disseminating the encrypted packet to nodes that have subscribed to the data based on the dissemination group identity. The system comprises a host within the source node, an identity generator to generate the dissemination group identity for the content, an encryption unit for encrypting the content, and a routing unit to disseminate the content to the dissemination mesh based on established subscriptions.

Abstract: Translation of role-based authoring models for managing RBAC “roles” to resource authorization policy (RAP), such as ACL-based applications, is provided. A generic RBAC system is defined from which mappings to other authorization enforcement mechanism make possible the translation of RBAC “roles” to resource authorization policies applied to resources managed by a resource manager, e.g., a file system resource manager. An implementation is described that uses Windows Authorization Manager as a storage mechanism and object model to manage object types and relationships translated from an RBAC system.

Abstract: Illustrative embodiments provide a computer implemented method, a data processing system, and a computer program product for previous password based authentication. In one illustrative embodiment, the computer implemented method comprises obtaining a combination of an identifier and a password and determining whether the password is current and correct. The computer implemented method responsive to determining the password is other than current and correct, prompting for an old password and determining whether the old password matches a previous password. Responsive to the old password matching a previous password, thereby creating a password match, permitting access to a resource.

Abstract: A method of activating security functions on a computer device, for example a mobile communications device. The computer device includes a device state that may be realized by way of a first user input or a second user input. The method includes designating the first user input to realize the device state as a security rule having an associated security function, detecting realization of the device state, and activating the associated security function if the device state was realized by way of the second user input rather than the first user input. For example, the first user input may be a shortcut input, and the second user input may be a conventional or normal input.

Abstract: A satisfactory reproduction is still enabled with recorded MPEG2-TS having a jitter or the like. A recording/reproducing device includes: a reading unit that reads data to which a time stamp is added and for which reference information is multiplexed to permit the acquisition side to reproduce a clock; an output controller outputting data as read-out data at a timing depending on time stamp information; a selection unit changing the operation by the output controller; a time stamp deletion unit removing time stamp information; a separation unit separating the data; a detection unit that determines whether the reference information is unauthorized; and a buffer management unit controlling a starting/halting of reading in accordance with the remaining volume of a buffer for temporarily storing data.

Abstract: Techniques for proxing services with a single sign on are provided. A principal authenticates to a first identity service. The first identity service is in a trusted relationship with a second identity service. An authentication request is sent to the second identity service and the request includes an authentication response supplied by the first identity service in response to successful authentication of the principal to the first identity service. In response to the authentication request and the accompanying response, the principal is authenticated for access to the second identity service. Furthermore, targeted services accessible to the second identity service are proxied from and to the principal during interactions between the principal and an external service of that principal.

Abstract: A data storage device encrypts data stored in non-volatile memory using a bulk encryption key. The data storage device uses a key derivation function to generate an initial encryption key. The data storage device then wraps an intermediate encryption key with the initial encryption key and stores the wrapped intermediate key in the non-volatile memory. The data storage device wraps the bulk encryption key with the intermediate encryption key and stores the wrapped bulk encryption key in the non-volatile memory. The data storage device can unwrap the wrapped intermediate key to generate the intermediate encryption key using the initial encryption key. The data storage device can unwrap the wrapped bulk encryption key to generate the bulk encryption key using the intermediate encryption key. The data storage device decrypts data stored in the non-volatile memory using the bulk encryption key.

Abstract: A randomly accessible storage medium stores unit data including a data body portion including data units, and a management information portion. New data is additionally recorded in the unit data from a predetermined position within the data body portion so that a beginning portion of the new data is additionally recorded in a leading additional recording area extending from the additional recording start position to an end position within a data unit including the additional recording start position. A subsequent portion of the new data is recorded in a physical storage area on the storage medium. The management information portion is updated according to the additionally recorded new data and recorded in the storage medium. The resulting unit data includes a new data body portion starting from the beginning of the previous data body portion and ending in the end of the new data, and the updated managing information portion.

Abstract: The object is to enable a user to efficiently set a function for an image processing apparatus using a display medium he carries. When a user operates his mobile phone to activate a function setting information input program, an input screen for setting a function is displayed. When the user inputs function setting information, the mobile phone performs a code conversion for the function setting information to create a code image, and displays it on a display section. The user holds up the code image displayed on the mobile phone to a reading section of an image processing apparatus. The reading section reads the code image. The image processing apparatus performs authentication of the user, and then, it extracts the function setting information from the code image and sets a function. The image processing apparatus performs image processing in accordance with the function.

Abstract: An apparatus and system provide a tamper-resistant scheme for portability of DRM-protected digital content. According to embodiments of the invention, a portable crypto unit may be utilized in conjunction with a VT integrity services (VIS) scheme as well as a Virtual Machine Manager (VMM) and a TPM to provide a secure scheme to protect digital content. Additionally, in one embodiment, the digital content may be partitioned into blocks comprising multiple segments to further enhance the security of the scheme.

Abstract: Stateless human detection for real-time systems allows a real-time message system to challenge incoming messages suspected of being generated by an automated application. When a suspect message is detected, a challenge is presented to a sender of the message. The challenge is designed to require human intervention to provide a correct answer to the challenge. A challenge packet is sent with the challenge and includes a challenge answer and, possibly, a server identifier, a challenge identifier and/or a time stamp that can be used to prevent attacks on the challenge. The challenge packet is encrypted so that the sender cannot access the contents thereof. When the sender provides a response to the challenge, the sender returns the challenge packet. The challenge packet is decrypted and the challenge answer is compared to a sender answer. If the answers match, the sender is allowed subsequent access to the messaging system.

Abstract: A method of adjusting a security level of a removable medium, including receiving a unique identification (ID) of a removable medium, a name of a file being processed, and a requested operation, determining the security level of the removable medium, determining a security level of the file being processed, and one of increasing and decreasing the security level of the removable medium based on the determined security level of the file being processed. Further, security levels of removable media are mapped to security zones which are subsequently used to allow or prevent transportation of a removable medium inside or outside of certain boundaries.

Abstract: Provided is a method of preventing digital content from being used despite the presence of copy control information. In the method, a security apparatus capable of restricting use of contents generates a nonce with respect to a storage device and stores the nonce in the storage device and a memory separated from the storage device when content is stored in the storage device; updates the nonces stored in the memory and storage device when movement of the content occurs; and permits use of the content only when the nonce of the storage device, which is stored in the memory, is equal to the nonce stored in the storage device if the content is requested for use, thereby preventing a disk cloning attack.

Abstract: A hook is set for one or more downloading functions. Subsequently, code is executed within an application process. Responsive to the executed code calling one of the hooked functions, a return address of the called function is examined. If the return address is within a heap memory area of the application process, a remedial action, such as returning an error code or displaying an alert, is taken.

Abstract: Embodiments of multiple security token transactions are described herein. One or more of the described techniques may be utilized to provide, in a single request and response, an authentication token and a plurality security tokens for proof of identity at respective service providers.

Abstract: A system and a method for providing a secure wireless ad-hoc network in a wireless communication system having at least two transceivers coupled by a wireless transmission link are disclosed. The method includes receiving a data transmission at a first transceiver from a second transceiver, wherein the data transmission identifies a source of a signal in the data transmission and the signal is identified by a signal envelope; detecting a deep fade in the data transmission, wherein the first and second transceivers are configured to sample the source of the signal in the data transmission; determining whether the received signal exceeds a predetermined threshold for deep fades, wherein the predetermined threshold is preset by the first and second transceivers; generating a bit-string corresponding to each of the transceivers based on channel fading information relating to the wireless transmission link; and, using the bit-string, generating a key.

Abstract: A system comprising control logic adapted to activate multiple security levels for the system. The system further comprises a storage coupled to the control logic and comprising a stack, the stack associated with one, but not all, of the multiple security levels. The system also comprises security logic coupled to the control logic and adapted to restrict usage of the system if the control logic attempts to fetch an instruction op-code from the stack.

Abstract: An electromechanical system consists of a memory storage unit in which the licensed video files are stored. The function of this device is to recognize the requested data and thereby allow the video file contents from the memory storage unit according to the instructions set to this device. It is an effective means for protecting the video files in the device from non-duplication.