Abstract: Systems and methods are provided for data protection across connected, disconnected, attended, and unattended environments. Embodiments of the inventions may include differential encryption based on network connectivity, attended/unattended status, or a combination thereof. Additional embodiments of the invention incorporate “trust windows” that provide granular and flexible data access as function of the parameters under which sensitive data is accessed. Further embodiments refine the trust windows concept by incorporating dynamic intrusion detection techniques.

Abstract: Digital signature generation apparatus, comprising an envelope generator operable to generate an envelope representation, of only one polarity, of a sampled data segment, and operable for each of successive portions comprising a predetermined plurality of samples to provide a portion sum value as the sum the values of the samples in the portion, thereby to provide said envelope representation; a threshold value generator operable to determine a threshold value for each portion of the envelope representation; an event detector operable to detect, as an event, a transition of a portion sum value across the threshold value for the portion concerned; and a signature generator operable in response a detected event to generate a digital signature characteristic of the sampled data segment.

Abstract: A recording apparatus is disclosed. The recording apparatus includes a data input portion configured to input data, a first moving image signal recording portion configured to record, based on the input data, a first moving image signal having a first image quality attribute, a condition detector configured to detect that the input data satisfies a predetermined condition during recording of the first moving image signal, and a second moving image signal recorder configured to record, based on the input data, a second moving image signal having a second image quality attribute when the condition detector detects that the input data satisfies the predetermined condition.

Abstract: An exponentiation method resistant against side-channel attacks and safe-error attacks. Input to the method is g in a multiplicatively written group G and a /-digit exponent d with a radix m>1 and output is z=gd-1·(d?1) is expressed as a series of (/?1) non-zero digits, d*0 . . . d*I-2, in the set {m?1, . . . , 2m?2} and an extra digit d*I-1 that is equal to dI-1?1, where dI-1 represents the most significant radix-m digit of d, and gd-1 is evaluated through a m-ary exponentiation algorithm on input g and (d?1) represented by d*0 . . . d*I-1. Also provided are an apparatus and a computer program product.

Abstract: A browser is requested to display a text file having a description of a screen structure. The state information on a current state of the embedded device is acquired. An access request for requesting the browser to update, with the acquired state information, a value of at least one node in a document object model (DOM) tree generated from the text file by the browser, is submitted by a state display control program. The at least one node is recorded in an access history list. At a subsequent time, it is determined whether to permit a subsequent access request. If the source of the subsequent access request is not the state display control program, and the at least one node is recorded in the access history list, the subsequent access request is denied.

Abstract: A computer computes an SSID and a key from a string. The computer wirelessly accesses a wireless-access-device preconfigured with the SSID and the key.

Abstract: The system and method for passively identifying encrypted and interactive network sessions described herein may distribute a passive vulnerability scanner in a network, wherein the passive vulnerability scanner may observe traffic travelling across the network and reconstruct a network session from the observed traffic. The passive vulnerability scanner may then analyze the reconstructed network session to determine whether the session was encrypted or interactive (e.g., based on randomization, packet timing characteristics, or other qualities measured for the session). Thus, the passive vulnerability scanner may monitor the network in real-time to detect any devices in the network that run encrypted or interactive services or otherwise participate in encrypted or interactive sessions, wherein detecting encrypted and interactive sessions in the network may be used to manage changes and potential vulnerabilities in the network.

Abstract: An information processing apparatus of this invention displays an operation window which allows selection of any of multiple applications. Each of the applications includes multiple functions with use authorization being set for each of the functions. The information processing apparatus displays, upon accepting selection of a specific application having some of the multiple functions for which use authorization which requires authentication of a user is set, an authentication window for authentication of the user. The authentication window allows use of the specific application to be selected without authentication of the user, by permitting use of a function, of the multiple function of the specific application, for which use authorization requiring no authentication of the user is set.

Abstract: A system includes a detection unit configured to detect unauthorized access to one or more information processing apparatuses that are virtually implemented by virtual machines executed by a computer; an authorized network configured to transfer authorized access to the one or more information processing apparatuses from an external network; a honeypot network configured to transfer unauthorized access to the information processing apparatuses from the external network; and a control unit configured to connect the information processing apparatuses for which no unauthorized access has been detected to the authorized network, and connect the information processing apparatuses for which unauthorized access has been detected to the honeypot network; wherein the control unit shifts, in response to detecting unauthorized access by the detection unit, the corresponding information processing apparatus into a decoy mode in which the detected unauthorized access is disconnected from a normal operation.

Abstract: A system includes a detection unit configured to detect unauthorized access to one or more information processing apparatuses that are virtually implemented by virtual machines executed by a computer; an authorized network configured to transfer authorized access to the one or more information processing apparatuses from an external network; a honeypot network configured to transfer unauthorized access to the information processing apparatuses from the external network; and a control unit configured to connect the information processing apparatuses for which no unauthorized access has been detected to the authorized network, and connect the information processing apparatuses for which unauthorized access has been detected to the honeypot network; wherein the control unit shifts, in response to detecting unauthorized access by the detection unit, the corresponding information processing apparatus into a decoy mode in which the detected unauthorized access is disconnected from a normal operation.

Abstract: A cloud based service use may be logged into the service through multiple client devices simultaneously. Methods, systems, and computer program products base upon cryptographic challenge response are provide to efficiently and securely simultaneously effect a logout from the cloud based service at one or many logged-in client devices associated with the user. When a valid logout request is received by the cloud based service, a current key associated with the user is invalidated, and in some instances, replaced with a new key. Upon subsequent attempt to use the cloud based service by the user, one or more tokens residing on any previously logged-in client device associated the user will not allow cloud based service usage until the user validly logs into the cloud-based service and receives one or more new tokens based upon the new key at each client device.

Abstract: A system and method for optimization of AV processing of disk files. The system includes an AV scanner, a data cache module, an AV service and file analysis module. The optimization allows for reduction of time needed for the AV processing. Trusted files associated with a trusted key file are found. The trusted files that have been found are cached and excluded from further AV processing and the AV processing time is reduced.

Abstract: A system, method and program product for utilizing a steganographic process to hide data element in a carrier object. A system is disclosed that includes: a pivot object generator that generates a pivot object having a key hidden therein, wherein the key is hidden in the pivot object based on an inputted salt; and a carrier object generator that generates a carrier object having a data element hidden therein using a steganographic hiding system, wherein the steganographic hiding system requires utilization of the key to extract the data element from the carrier object.

Abstract: A browser is requested to display a text file having a description of a screen structure. The state information on a current state of the embedded device is acquired. An access request for requesting the browser to update, with the acquired state information, a value of at least one node in a document object model (DOM) tree generated from the text file by the browser, is submitted by a state display control program. The at least one node is recorded in an access history list. At a subsequent time, it is determined whether to permit a subsequent access request. If the source of the subsequent access request is not the state display control program, and the at least one node is recorded in the access history list, the subsequent access request is denied.

Abstract: A method of authenticating a user of a computing device is proposed, together with computing device on which the method is implemented. In the method a modified base image is overlaid with a modified overlay image on a display. The modified overlay image comprises a plurality of numbers. At least one of the modified base image and modified overlay image is moved by the user. Positive authentication is indicated in response to the base image reference point on the modified base image being aligned, in sequence, with two or more numbers from the overlay image that equal a pre-selected algebraic result when one or more algebraic operator is apply to the numbers.

Abstract: An information processing apparatus according to the present invention includes a biometric authentication unit that authenticates one piece of biometric information based on registered biometric information, wherein the one piece of biometric information is image information unique to a living body, and a plurality of pieces of user information are associated with the one piece of biometric information, and the registered biometric information is biometric information registered in advance, and a login processing unit that selects, based on user specification information for specifying user information used for login processing, one of the plurality of pieces of user information associated with the biometric information successfully authenticated by the biometric authentication unit so that the login processing unit uses the selected one of the plurality of pieces of user information to perform the login processing.

Abstract: An embodiment of the present invention proposes a novel file and multimedia management and tracking system using a secure key server. The invention also proposes a novel, but very simple, digital watermarking technique. With the invented technology, the user's files/data can be encrypted and managed automatically, whether the data is stored in a USB format or in a public storage space. Furthermore, the file/data access record will be kept on the secure key server. Hence, an user can always track when the file/data was accessed. The advantage of the invented secure file manage system is that the key server never access the protected electronic data, and the data—encrypted or decrypted—are always on the local machine. The secure key server only manages the keys and records the key queryings. With the present invented technology, the multimedia server and the multimedia owner can protect their copyright, even when the multimedia is downloaded from the Internet.

Abstract: Embodiments are directed to providing access to a resource over a network. A client device may request access to a server. An application may be provided to the client device. The application may cause control of the client device to be switched from a first desktop to a secure desktop. The secure desktop may be configured to restrict applications access to within the secure desktop. An indication of the resource on the server to map to may be received at the client device. The indicated resource may be mapped onto a file system on the client device. Mapping may comprise using a remote file access protocol, using DLL injection, or adding a kernel module to an operating system on the client device. The mapped resource may be constrained to be accessed through the secure desktop.

Abstract: A method and system for session modification are provided. The method includes these steps: A home policy and charging rules function (h-PCRF) sends a policy and charging control (PCC) rule providing message to a first policy and charging enforcement function (PCEF) according to a received PCC rule request message, an application layer service message, or an h-PCRF self-trigger event; and the h-PCRF sends a PCC rule providing message to a second PCEF according to a PCC rule response message received from the first PCEF. With this present disclosure, session modification may be implemented when two or more PCEFs are included in the PCC architecture of a system architecture evolution (SAE) system.

Abstract: An electronic file sending method is provided to securely and easily send en electronic file to a receiver. A receiving apparatus receives from a sending apparatus an electronic mail including an encrypted electronic file. The sending apparatus uses a public key of a management server to encrypt a decryption password that is necessary to decrypt the encrypted electronic file and sends the encrypted decryption password to the management server. In association with a file identifier of the electronic file, the management server stores the decryption password and an electronic mail address of a correct receiver, who is a receiver of the receiving apparatus. The receiving apparatus sends to the management server the file identifier of the electronic file and the electronic mail address of the receiver. The management server uses a public key of the receiving apparatus to encrypt the password and sends the encrypted password to the receiving apparatus.