Abstract: For reducing the false contour effect the gravity center coding is utilized. However, a GCC with a few number of levels introduces noise in a picture. Therefore, each picture is divided into segments and such GCC is performed only in regions, where the false contour effect is critical. This is the case for skin areas of a picture. Such areas are detected by the color analysis and texture analysis. If this analysis leads to a skin area, a specific false contour mode for data processing is used. Otherwise, a standard mode is employed.

Abstract: Contagion isolation and inoculation is disclosed. In some embodiments, a request is received from a host, e.g., via a network interface, to connect to a protected network. It is determined whether the host is required to be quarantined. If the host is required to be quarantined, the host is provided only limited access to the protected network. In some embodiments, a quarantined host is permitted to access the protected network only as required to remedy a condition that caused the quarantine to be imposed, such as to download a software patch, update, or definition; install, remove, and/or configure software and/or settings as required by a policy; and/or to have a scan or other diagnostic and/or remedial operation performed. In various embodiments attempts to communicate with hosts not involved in remediation are redirected to a quarantine system, such as a server, that provides information, notices, updates, and/or instructions to the user.

Abstract: Learning-based image compression is described. In one implementation, an encoder possessing a first set of learned visual knowledge primitives excludes visual information from an image prior to compression. A decoder possessing an independently learned set of visual knowledge primitives synthesizes the excluded visual information into the image after decompression. The encoder and decoder are decoupled with respect to the information excluded at the encoder and the information synthesized at the decoder. This results in superior data compression since the information excluded at the encoder is dropped completely and not transferred to the decoder. Primitive visual elements synthesized at the decoder may be different than primitive visual elements dropped at the encoder, but the resulting reconstituted image is perceptually equivalent to the original image.

Abstract: Determining a security policy to apply to access requests to network sites that have not been classified for security risks is accomplished according to user behavior. Past behavior of users and requests to access network sites that are known security risks is recorded. When a user requests access to a site that is not classified for security purposes, a security policy is selected based on one or more users' past behavior. When a user has a history of not accessing sites that pose security risks, a more permissive security policy is set, and when a user has a history of requesting access to sites that do pose security risks a more restrictive security policy is set. Access requests are tracked, and security policy may be set at a name server that is remote from a user or user's computing system.

Abstract: A device, an encoding method, and a decoding method enable a separate marking of base representations and enhanced representations of key access units to save memory or to allow a better scalable video coding optimization. The encoding method of a sequence of original pictures to a sequence of access units includes, after encoding of one of the access units, storing a first decoded picture of the first encoded picture and a second decoded picture of the second encoded picture for inter prediction for encoding of others of the access units; and identifying the first decoded picture and the second decoded picture to be no longer used for inter prediction.

Abstract: An authentication process for a client and a target service to perform mutual authentication. A combined code is received that comprises a combined code hash of at least two sets of data from which an encoding scheme of the at least two sets of data can be determined. The two sets of data comprise a first set of data that includes a first hash of a public key associated with a certificate used to establish a secure channel with a target service, and a second set of data that includes a credential for authentication. The certificate can be validated with the first set of data included in the combined code. In response to a successful validation of the certificate, the credential from the second set of data can be provided to the target service for authentication.

Abstract: A method provides for dynamic changes in a software video player. The method includes learning of a dynamic change from an input pin of a decoder filter, recording states of the decoder filter and a renderer filter, stopping the decoder and the renderer filters without changing a state of a source filter, and setting parameters for an output pin of the decoder filter. The parameters include setting a decoding mode. If the decoder filter output pin and a renderer filter input pin remain connected, a ReconnectEX function is used to set a new media type at the decoder filter output pin. Otherwise the method calls a Connect function to connect the pins and set the new media type. The method further includes changing to a decoder core in the decoder filter appropriate for the dynamic change and restoring the decoder and the renderer filters back to their original states.

Abstract: A novel apparatus and method of differential decoding for use in a communication system such as a cable system. The differential decoding mechanism of the present invention enables the use of the Chase algorithm for Reed Solomon (RS) codes (i.e. non-binary codes). The mechanism is well suited for use in systems employing QAM data modulation/demodulation techniques and that also incorporate use of a differential encoder such as in DOCSIS capable cable modem systems. The differential decoding mechanism is operative to analyze the input to the differential decoder and adjust the decoding action accordingly. The mechanism generates the first and second candidate constellation points needed by the Chase algorithm. Considering the differential encoding, there are four possible constellation candidates. The differential decoder reduces these four possible options to two by eliminating from consideration two of them.

Abstract: A module is configured to identify a phishing Web site. The module identifies email associated with a Web site and transmitted to a plurality of recipients. The module then determines that the Web site has received less than a first threshold amount of traffic before a first time. The module then determines that the Web site has received more than a second threshold amount of traffic between the first time and a second time (i.e., a spike in traffic between the first time and the second time). The module then determines that at least a portion of the more than a second threshold amount of traffic is received as a result of the email associated with the Web site being sent to the plurality of recipients.

Abstract: A computer implemented method, apparatus, and computer program product for managing privileges on a data processing system. The process initiates a privilege monitor. All other entities in the data processing system are prevented from assigning privileges. The privilege monitor is the only entity authorized to assign privileges. The process monitors for requests for privileges. In response to detecting a request from a user for a privilege, the process selectively assigns the privilege to the user through the privilege monitor.

Abstract: A video compressor has a real-time compression with a constant frame rate. The complexity in the compression of each frame is controlled to be smaller than a maximum value according to power management or compression time requirement. Delay jitter is eliminated. The present invention can be applied to MPEG-like video coding systems, such as H.264, MPEG4 and H.263.

Abstract: Embodiments of the present invention comprise systems and methods for managing and combining data contained in layers in a multilayer bitstream such that one or more transform coefficients in a first layer are used to modify one or more coefficients in a second layers that in turn is reconstructed using the modified one or more coefficients.

Abstract: A system and method is described for enhancing data security in a broad range of electronic systems through encryption and decryption of addresses in physical memory to which data is written and from which data is read. It can be implemented through software, hardware, firmware or any combination thereof. Implementation in Digital Rights Management execution using the invention reduces cost, enhances performance, and provides additional transactional security.

Abstract: A system for authenticating a physical object includes an enrolment device, an authentication device, and a storage for storing authentication data. The enrolment device includes an input for receiving a property set Y of the object measured using a measurement procedure. A processor is used for creating a property set I from the measured property set Y that meet a predetermined robustness criterion. It then creating a property set A from the property set I that includes less information on the actual properties than property set Y, and finally generates a control value V in dependence on properties of the property set A. An output is used for supplying the control value to the storage as part of the authentication data. The enrolment device operates in an analogous way.

Abstract: Techniques have been developed whereby dynamic kernel/user-level tracing may be employed to efficiently characterize runtime behavior of production code. Using dynamic tracing techniques, user space or kernel instruction sequences between system calls may be instrumented without access to source code. In some realizations, instrumentation may be interactively specified on a host system. In some realizations, instrumentation specifications may be supplied as functional definitions (e.g., as scripts and/or probe definitions) for installation on a host system. Using the developed techniques, data states, parameters passed and/or timing information may be sampled to provide more detailed insight into actual program behavior. In signature-oriented exploitations, more powerful intrusion signatures are possible. In anomaly-oriented exploitations, a more detailed “sense of self” may be developed to discriminate between normal and anomalous program behavior.

Abstract: A mechanism is provided to automatically retrieve zoning best practices from a centralized repository and to ensure that automatically generated zones do not violate these best practices. A user selects a set of hosts and storage controllers. The user also selects a guidance policy for creating the zone, and also selects a set of validation policies that must be enforced on the zone. If the user selects a guidance policy and a validation policy combination that is incompatible, the mechanism allows the user to change either the selected guidance policy or the set of validation policies. If the user has selected consistent-zoning as a guidance policy, then the mechanism automatically selects a guidance policy that does not violate the known validation policies.

Abstract: A machine-executable method implementable in a system operable to execute a browser application having at least one security-context zone and operable to apply at least one security policy to interaction between the system and web sites corresponding to domain identifiers populating the at least one security-context zone includes comparing a first set of domain identifiers populating a first security-context zone of the at least one security-context zone with a second set of domain identifiers. The method further includes populating the first security-context zone with at least one second-set identifier not included in the first set of domain identifiers.

Abstract: A system for detecting unauthorised use of a network is provided with a pattern matching engine for searching attack signatures into data packets, and with a response analysis engine for detecting response signatures into data packets sent back from an attacked network/computer. When a suspect signature has been detected into a packet, the system enters an alarm status starting a monitoring process on the packets sent back from the potentially attacked network/computer. An alarm is generated only in case the analysis of the response packets produces as well a positive result. Such intrusion detection system is much less prone to false positives and misdiagnosis than a conventional pattern matching intrusion detection system.

Abstract: Techniques are described for repairing some types of user account problems that interfere with granting a user access to a computer system and doing so during a process to authenticate the user in a way that does not require the user to re-enter authentication information or require the user to restart a communication session with the computer system. In response to a determination that a user's account has a problem during an authentication process, techniques are provided to enable a user to execute an appropriate process or processes to fix the user account, after which the authentication process continues. In this way, the correction to the user account may appear to be seamless to the user.

Abstract: In an encryption communication using VPN technologies, a load on a VPN system becomes large if the number of communication terminals increases. When an external terminal accesses via an internal terminal an application server, processes become complicated because it is necessary to perform authentication at VPN and authentication at the application server. A management server is provided for managing external terminals, internal terminals and application servers. The management server authenticates each communication terminal and operates to establish an encryption communication path between communication terminals. Authentication of each terminal by the management server relies upon a validation server. When the external terminal performs encryption communication with the application server via the internal terminal, two encryption communication paths are established and used between the external terminal and internal terminal and between the internal terminal and application server.