Abstract: A DTV transmitting system includes a frame encoder, a randomizer, a block processor, a group formatter, a deinterleaver, and a packet formatter. The frame encoder builds an enhanced data frame and adds parity data into the data frame. The frame encoder further divides the data frame into first and second sub-frames including first and second portions of the parity data, respectively, and permutes a plurality of the first sub-frames and a plurality of the second sub-frames, respectively. The randomizer randomizes enhanced data in the permuted sub-frames, and the block processor codes the randomized data at a rate of 1/N1. The group formatter forms a group of enhanced data having one or more data regions and inserts the 1/N1 coded data into at least one of the data regions. The deinterleaver deinterleaves the group of enhanced data, and the packet formatter formats the deinterleaved data into enhanced data packets.

Abstract: The invention relates to a method for generating an identifier for identifying a pair, wherein the pair comprises a cryptographic device and a computer system (1, 2, . . . , i, . . . I), wherein the cryptographic device has a first secret key, wherein a second secret key (118.i) is associated with the computer system, wherein a blocking system (120) for accessing the second secret key of the computer system is provided, wherein the blocking system has a third secret key, and wherein the following steps are carried out for generating the identifier: generating a second public key (116.i) from the second secret key and a third public key (128) associated with the third secret key by means of the blocking system, transmitting the second public key (116.i) to the computer system (i), and generating the identifier from the first secret key and the second public key, using the cryptographic device.

Abstract: This document describes various techniques for distributing credentials based on hardware profiles. A resource access request including a hardware profile is transmitted to a remote entity having access to a previous hardware profile and a credential useful to access a resource is received if at least a portion of the hardware profile matches the previous hardware profile.

Abstract: A method in one example implementation includes selecting at least one criterion for controlling data transmission from within a virtual machine. At least one application is included within the virtual machine, which includes a policy module. The selected criterion corresponds to at least one policy associated with the policy module. The method also includes evaluating the selected criterion of the policy to permit an attempt to transmit the data from within the virtual machine. In more specific embodiments, the policy may include a plurality of criteria with a first selected criterion permitting transmission of the data to a first application and a second selected criterion prohibiting transmission of the data to a second application. In another specific embodiment, the method may include updating the policy module through an administration module to modify the selected criterion.

Abstract: In one aspect, a compressive sampling encoder comprises matrix determination circuitry configured to determine a particular sampling matrix selected from a codebook comprising a plurality of sampling matrices. The compressive sampling encoder further comprises sampling circuitry coupled to the matrix determination circuitry and configured to apply the particular sampling matrix to a first signal to generate a second signal, and encryption circuitry configured to receive an identifier of the particular sampling matrix and to encrypt the identifier of the particular sampling matrix. The compressive sampling encoder provides at one or more outputs thereof the second signal and the encrypted identifier of the particular sampling matrix. Other aspects include a compressive sampling decoder, compressive sampling encoding and decoding methods, and associated computer program products.

Abstract: A computer-implemented method for smart cipher selection may include (1) receiving, at a server and from a client, a request to communicate according to a cipher for encryption, the request containing a client list of ciphers available at the client, (2) identifying a server list of ciphers available at the server, (3) measuring, in response to receiving the request, a resource load at the server and a risk factor indicating a degree of risk posed by the client, and (4) selecting a common cipher, from the client list and the server list, for encrypted communication based on the measured resource load at the server and the measured risk factor indicating the degree of risk posed by the client. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: In an resource-on-demand environment, dynamically created server instances are allowed to boot from encrypted boot volumes. Access keys to the boot volumes are provided from a key provider that authenticates new instances based on possession of a security token that has been previously shared between the key provider and the new instance through an out-of-band communication.

Abstract: Methods and systems for performing device authentication using proxy automatic configuration script requests are described. One example method includes generating a unique key for a client device; configuring the client device to send a request for a proxy automatic configuration (PAC) script upon accessing a network, the request including the unique key; receiving, over a network, a request for the PAC script including a request key; and authenticating the client device on the network if the request key matches the client device's unique key.

Abstract: The present disclosure describes methods, systems, and computer program products for providing secure identity propagation in a cloud-based computing environment. One computer-implemented method includes receiving, from a user, a first security response message, transmitting, to the user in response to receiving the first security response message, a second security response message, wherein the second security response message comprises a Token Granting Token (TGT), receiving, from a cloud application, a Service Token (ST) request, wherein the ST request comprises the TGT, verifying the ST request based on the TGT, generating, in response to the verifying, a ST, wherein the ST is used to validate an access request to access a backend system, and transmitting the ST to the cloud application.

Abstract: Methods and systems are disclosed for detecting a security threat. The methods and systems comprise detecting that a first device is coupled with the first I/O interface, responsive to the detection that the first device is coupled with the first I/O interface, temporarily disabling data communication between the first and second I/O interfaces, acquiring a file from the detected first device via the first I/O interface, determining whether the acquired file poses a security threat, and responsive to a determination that the acquired file does not pose a security threat, enabling the data communication between the first and second I/O interfaces.

Abstract: A method of security sandboxing which may include detecting an illicit intrusion to a computer on a first computer system; cloning the intruded computer; directing all traffic from the illicit intrusion to the cloned computer; observing activities of the illicit intrusion interacting with the cloned computer; and dynamically adapting the cloned computer to perform activities of predicted interest to the illicit intrusion based on the observed activities of the illicit intrusion. The steps of the method may be performed by one or more computing devices.

Abstract: Embodiments relate to an isolated program execution environment. An aspect includes receiving, by the isolated program execution environment on a computer comprising a processor and a memory, a request to run a program. Another aspect includes wrapping program code corresponding to the program as a function. Another aspect includes cloning a real global object of the isolated program execution environment to create a fake global object. Another aspect includes passing the fake global object to the function. Another aspect includes executing the function, such that the function executes the program.

Abstract: An information processing apparatus includes a file acquiring unit, a generating unit, a data processing unit, and an output unit. The file acquiring unit acquires a file on the basis of an instruction from a user. The generating unit generates restriction information for restricting access to the file acquired by the file acquiring unit. The data processing unit associates the restriction information generated by the generating unit with the file acquired by the file acquiring unit. The output unit outputs the restriction information generated by the generating unit on a paper medium.

Abstract: A computer program product for processing a message is provided. The computer program product comprises a computer readable storage medium having program instructions embodied therewith. The program instructions readable by a processing circuit cause the processing circuit to perform a method. The method validates a security token for a user. The method allows the user to compose a message. Based on the security token, the method verifies that the user is authorized to send the message to an intended recipient of the message and that a security level of the message is at or below a security level of the user.

Abstract: A security chip is used in a contents data playing device. The security chip includes a storage unit configured to store firmware data including a firmware program, and a firmware update management unit configured to determine whether an update process is to be executed on the firmware data based on a comparison between expiration information set for the firmware data and time information received via a network, in response to a request input to the security chip to acquire a contents key or to decrypt contents data, and to reject the request when the update process is to be executed. The firmware program causes the security chip to function as a contents key acquisition control unit configured to acquire, via the network, the contents key for decrypting the contents data, and a decryption unit configured to decrypt the contents data by using the contents key.

Abstract: Methods, systems, and computer-readable media for authenticating customers of an organization and managing authenticated sessions of various customers are presented. Some aspects of the disclosure provide ways for a customer of an organization to authenticate using a mobile computing device, such as the customer's personal mobile device, when interacting with the organization in various contexts, such as when accessing an automated transaction device or when interacting with an agent of the organization during an in-person session or during a teleconference session. In some arrangements, the customer's authentication status, which may be established on the mobile computing device and which, in some instances, may be verified based on the location of the mobile computing device, may be carried over from the mobile computing device to another computing device or system, such as an automated transaction device or a teller terminal device, which may be used by an agent of the organization.

Abstract: Techniques are provided for detecting computer fraud. The techniques include obtaining a text version of a candidate destination and a graphical rendering of the candidate destination, comparing the text version of the candidate destination and the graphical rendering of the candidate destination with a corresponding text version of a stored destination and a corresponding graphical rendering of the stored destination, and generating a fraud warning if the graphical rendering of the candidate destination is substantially similar to the graphical rendering of the stored destination while the text version of the candidate destination differs substantially from the corresponding text version of the stored destination.

Abstract: Methods, systems, and computer-readable media for analyzing and indicating network resources as potentially malicious are disclosed. Some aspects of the disclosure provide ways for threat-analyzing individuals and/or organizations to transmit information about potentially malicious resources in a safe manner. Users or computing devices may transmit non-resolvable “de-fanged” resource identifiers, which lessens the likelihood that the receiving computing device will download malicious data or applications from the resource. Some aspects disclosed herein provide ways to correctly and accurately “re-fang” the resource identifier for threat analysis of the resource, for example by selecting one or more re-fangers to apply and applying the re-fangers to the identifier. Data may be retrieved from the resource (for example via a headless or non-interactive browser), and the resource and/or resource identifier may be categorized as malicious.

Abstract: A method for detecting a malicious network activity. The method includes extracting, based on a pre-determined criterion, a plurality of protection phase feature sequences extracted from a first plurality of network traffic sessions exchanged during a protection phase between a server device and a first plurality of client devices of a network, comparing the plurality of protection phase feature sequences and a plurality of profiling phase feature sequences to generate a comparison result, where the plurality of profiling phase feature sequences were extracted from a second plurality of network traffic sessions exchanged during a profiling phase prior to the protection phase between the server device and a second plurality of client devices of the network, and generating, in response to detecting a statistical measure of the comparison result exceeding a pre-determined threshold, an alert indicating the malicious network activity.

Abstract: One or more embodiments of techniques or systems for connection authentication are provided herein. A mobile device or device may act as an initiator of a connection with a vehicle, which acts as a target. A user utilizing the device may initiate a connection request by launching an application or browser on the device. The device transmits the connection request to the vehicle. The vehicle may receive the connection request and respond with a device identifier (ID) request. A user of the device may select whether or not to continue. If the user continues, the device transmits a device ID of the device to the vehicle. An interface component may render the connection request for an occupant of the vehicle, such as the driver, and await a response. In this way, a driver of a vehicle may act as a gatekeeper for connections.