Abstract: According to one aspect, the subject matter described herein includes a system for Diameter routing and firewall filtering. The system includes a Diameter signaling router comprising a network interface for receiving, from a first Diameter node, a first Diameter message having Diameter information. The Diameter signaling router also includes a firewall module for determining whether the first Diameter message satisfies a firewall policy. The firewall policy is based on at least a portion of the Diameter information in the first Diameter message. The Diameter signaling router further includes a routing module for forwarding at least a portion of the first Diameter message towards a second Diameter node in response to the first Diameter message satisfying the firewall policy.

Abstract: A method and a system for preserving sensor data based on a time key, and a recording medium thereof are provided. The time key based sensor data security preserving method includes encrypting the sensor data with an encryption key obtained using a time key based polynomial derived using random numbers and a secret key which is shared by a sensor node and an application system; and decrypting the encrypted sensor data with a decryption key obtained by deriving the same polynomial as the time key based polynomial using the random numbers and the secret key. Thus, integrity and confidentiality of the sensor data can be preserved.

Abstract: Techniques are disclosed herein for managing the transfer of digital media that is recorded on a source device (e.g., personal video recorder) to a target device (e.g., portable media player). In one aspect, a user interface is provided for scheduling recording of digital media content on a source device and for inputting user preferences for transferring digital media content to be recorded on the source device to a target device. A user request is received in the user interface to schedule recording of digital media on the source device. User preferences for transferring digital media from the source device to the target device are also received in the user interface. The digital media is recorded on the source device per the user's request. Synchronization of the recorded digital media from the source device to the target device is managed based on the user preferences.

Abstract: Systems and methods for broadcast and multicast retransmissions within a protected wireless communications system are described. Retransmitted broadcast or multicast frames are designated by modification of fields or subfields in the MAC header of the frame which are constituent parts of the additional authentication data used to generate encryption keys. Such modifications cause legacy receivers to disregard the retransmitted frames or render legacy receivers to be unable to decrypt the retransmitted frame, avoiding the generation of duplicate frames. Non-legacy receivers recognizing the modification conventions can restore the MAC header to the original state and can reconstruct the original encryption keys and decrypt the retransmitted frames. A non-legacy transmitter can retransmit a frame without the need to re-encrypt the frame.

Abstract: A network storage server implements a method to discard sensitive data from a Persistent Point-In-Time Image (PPI). The server first efficiently identifies a dataset containing the sensitive data from a plurality of datasets managed by the PPI. Each of the plurality of datasets is read-only and encrypted with a first encryption key. The server then decrypts each of the plurality of datasets, except the dataset containing the sensitive data, with the first encryption key. The decrypted datasets are re-encrypted with a second encryption key, and copied to a storage structure. Afterward, the first encryption key is shredded.

Abstract: When setting of marking on recording data is performed, the marking is automatically performed at a suitable position corresponding to a status during image capturing. While recording of captured images is being performed, a status of a zoom operation, a moving pattern of a camera, and a feature value of video/audio signals are monitored, and a time point at which a predetermined change has occurred regarding this monitored state is detected. A predetermined data position based on this detected time point is then set as a marking position. Setting information of the marking position is stored in a structure of management information, and is stored in a storage section together with the recording data.

Abstract: A method for protecting a Web application running on a first local Web Server bases from hacker attacks, said Web Server being connectable to at least one client, the method comprising the following steps: —providing a plurality of preset rules on said Server, which correspond to specific characteristics of HTTP requests; —receiving an HTTP request on said server from the client, said HTTP request comprising a plurality of characteristics; —analyzing said characteristics of said received HTTP request in accordance with said rules provided on said server; —rejecting said HTTP request, if said rules identify said HTTP request as harmful request; —accepting said HTTP request, if said rules identify said HTTP request as trustable request; —classifying said HTTP request as doubtful request, if said rules identify said request neither as harmful request nor as trustable request; —evaluating the characteristics of said doubtful local request; —generating a learned rule on basis of the edge base evaluation.

Abstract: A system for device enabled verifiable stroke and image based workflows comprises a plurality of portable computing devices, coupled by a network to a stroke and image workflow server. The portable computing devices include a display, stroke capture capability and a wireless communication capability. The portable computing devices are adapted to receive images, add stroke annotations to the received images, and send the annotated received images. The stroke and image workflow server is coupled to the network for communication with the portable computing devices. The stroke and image workflow server sends and receives documents from the portable computing devices, maintains a log for verification, and implements a paper like workflow and processing the documents. Essentially, this stroke and image workflow server implements paper like workflow and handles the overhead of processing electronic documents so that it is invisible to the user.

Abstract: A system is disclosed for creating and implementing an access control policy framework in a weakly coherent distributed collection. A collection manager may sign certificates forming equivalence classes of replicas that share a specific authority. The collection manager and/or certain privileged replicas may issue certificates that delegate authority for control of item policy and replica policy. Further certificates may be signed that create one or more items, set policy for these one or more items, and define a set of operations authorized on the one or more items. The certificates issued according to the present system for creating and implementing a control policy framework cannot be modified or simply overridden. Once a policy certificate is issued, it may only be revoked by the collection manager or by a replica having revocation authority.

Abstract: An image processing apparatus includes an input unit which receives, from an image capturing apparatus, moving image data in which the shadow of a foreign substance adhered to the surface of an optical member is captured, an obtaining unit which obtains, from the moving image data, foreign substance information including information of the position and size of the foreign substance captured in the moving image data, a playback unit which can play back the moving image data while correcting the shadow of the foreign substance in the moving image data by using the foreign substance information, a display unit which displays an image played back by the playback unit, and a setting unit which sets, in accordance with the playback status of the moving image data, whether to perform processing of correcting the shadow of the foreign substance in each frame of the moving image data.

Abstract: In a video playback apparatus that is capable of communicating with a printing device, if an event of which notification is to be given has occurs in the printing device, a situation in which viewing by the user is impeded by the notification and a situation in which unnecessary video is recorded are suppressed. If an error occurs in the printing device, the type of display information prevailing when the error is detected is discriminated (S34). In case of a moving-picture program broadcast, an error message is displayed and the display information starts being stored (S35), thereby making it possible to resume viewing after error recovery. On the hand, in the case of a still picture or other type of display information, an error message is displayed (S310) without storing display information, thereby suppressing unnecessary recording of display information.

Abstract: In one embodiment, a computer implemented method for indexing security policies is provided. The computer implemented method determines a policy vocabulary to form a set of policy elements, and creates an index from the set of policy elements. The computer implemented method further receives a request to form requested policy elements, locates requested policy elements in the index to form a set of returned policy elements, and identifies a rule for use with the returned policy elements.

Abstract: A video player and a video-playback control method which are capable of easily performing a selection operation on a display object in a moving image are disclosed. The video player predicts the occurrence of the selection operation of the display object, which is an area for which an action is defined in the moving image, by the start of a move operation of the cursor 51 or the proximity of a hand to a touch panel, and changes the playback state of the title to pause or slow playback. Description information defined for the display object may be automatically displayed. Also, the areas of the display objects may be visualized by displaying figures.

Abstract: Techniques are disclosed for verifying whether payload signatures correspond to a vulnerability or exploit. Generally a security system may be configured to detect an attack on a server while the server is processing a payload. The security system generates (or obtains) a provisional signature corresponding to the vulnerability. For example, a provisional signature may be generated for a vulnerability from a group of payloads determined to correspond to that vulnerability. The effects of subsequent payloads which match the provisional signature may be monitored. If the effects of a payload duplicate the attack symptoms, a confidence metric for provisional signature may be increased. Once the confidence metric exceeds a predetermined threshold, then the provisional signature may be made active and used to block traffic from reaching an intended destination.

Abstract: The embodiments protect an IC against Design-For-Test (DFT) or other test mode attack. Secrets in ROM or PROM are secured. One embodiment for securing information on an IC includes receiving a ROM read command, writing data from a plurality of ROM address locations to an encryption logic in response to receiving the ROM read command, and writing an encryption logic output of the encryption logic to a test control logic, the encryption logic output representing the data from the plurality of ROM address locations. Writing the data from the plurality of ROM address locations to the encryption logic may also include writing the data from the plurality of ROM address locations to a multiple input shift register (MISR) in response to the ROM read command, and writing an MISR output to the test control logic, the MISR output representing the data from the plurality of ROM address locations.

Abstract: In an environment such as a cloud computing environment where various guests can be provisioned on a host machine or other hardware device, it can be desirable to prevent those users from rebooting or otherwise restarting the machine or other resources using unauthorized information or images that can be obtained from across the network. A cloud manager can cause one or more network switches or other routing or communication processing components to deny communication access between user-accessible ports on a machine or device and the provisioning systems, or other specific network resources, such that the user cannot cause the host machine to pull information from those resources upon a restart or reboot of the machine. Further, various actions can be taken upon a reboot or attempted reboot, such as to isolate the host machine or even power off the specific machine.

Abstract: Video data pieces are classified into groups according to prescribed rules. A cut number assigned to each of the groups is decided on the basis of the length or lengths of a video data piece or pieces in each of the groups and the number of the video data piece or pieces in each of the groups. A cut or cuts are extracted from the video data piece or pieces in each of the groups. Regarding each of the groups, the number of the extracted cut or cuts is equal to the decided cut number. Digest data is generated from the extracted cuts for all the groups.

Abstract: In a recording apparatus, an instruction section instructing start of recording of input data containing video data and/or audio data, a recording section recording, in a first recording mode, the input data in a recording medium as a separate unit from the input data previously recorded and recording, in a second recording mode, the input data in the recording medium successively as one unit with the input data previously recorded when instructed by the instruction section to start recording of the input data, and a control section controlling the recording section so that the input data is recorded in any of recording modes including the first recording mode and the second recording mode are provided, in accordance with number of units the input data recorded in the recording medium.

Abstract: This document discusses, among other things, a system and methods for weak authentication data reinforcement. In an example embodiment, authentication data is received in a request to authenticate a user. In response to authentication being detected to be weak authentication data, it may be determined whether the request to authenticate is associated with a human user. An example embodiment may include initiating an authentication process based on determining that the request to authenticate is associated with the human use.

Abstract: Encrypted text data c1 generated by encrypting plaintext data using an encryption key, verification data having a size smaller than the encrypted text data c1, and encrypted text data c2 generated by encrypting the verification data using the encryption key are acquired (S601). It is checked if a decryption result of the encrypted text data c2 using a decryption key matches the verification data (S607). If it is determined that the two data match, the encrypted text data c1 is decrypted using the decryption key (S608).