Abstract: A method for identifying a patient for later access to an electronic patient record for the patient using a communication device belonging to an inquiring person. The patient record is stored in a database using a primary key which serves to identify the patient and which has at least one unambiguously associated secondary key, where the secondary key used to identify a patient is at least one subscriber information item which characterizes a subscriber in a wireless communication network. The secondary key for identification is transmitted between a mobile terminal used for communication in the wireless communication network and a portal via the at least one communication network.

Abstract: This disclosure describes methods, systems, and application programming interfaces for creating a credential managed account. This disclosure describes creating a new password managed account, defining the password managed account, wherein the password managed account is to access a service on a managed computing device, identifying the password managed account for a lifecycle, and automatically managing the password managed account by updating and changing a password for the password managed account on a periodic basis.

Abstract: Security software on a client observes a request for a resource from an application on the client and then determines the application's reputation. The application's reputation may be measured by a reputation score obtained from a remote reputation server. The security software determines an access policy from a graduated set of possible access policies for the application based on the application's reputation. The security software applies the access policy to the application's request for the resource. In this way, the reputation-based system uses a graduated trust scale and a policy enforcement mechanism that restricts or grants application functionality for resource interactivity along a graduated scale.

Abstract: Contents data that have been enciphered and transmitted are recorded as they are on a recording medium, and the contents key used to encipher these data is enciphered in a way used in this recording system and is recorded on the medium. Moreover, a step is taken to ensure that fine trick plays can be performed. In recording contents data that have been enciphered and transmitted, the contents data themselves are recorded in the enciphered state on the recording medium. However, the contents data are decoded by a contents data decoding circuit 46, and a map file containing necessary management information for reproduction is created by a map file creating circuit 47 and this file is recorded together with the contents data.

Abstract: The present invention relates to antivirus protection and more particularly to antivirus protection in a cloud server. The present invention protects a user machine from a virus while allowing the user to get the benefit of using multiple antivirus options without the need to run the antivirus options on the user machine.

Abstract: It should not be possible for control units for motor vehicles to be exchanged between individual motor vehicles by unauthorized persons. For a motor vehicle it should, therefore, be rendered possible for individual functionalities of a control unit to be unblocked only for a specific motor vehicle. For this purpose, a first cryptographic key and a second cryptographic key are stored in a control unit. A cryptographic device is designed to encrypt a first message initially by one of the cryptographic keys, subsequently to encrypt a result of the encryption by the other cryptographic key and, finally, to provide a result of the second encryption as third cryptographic key for an encryption and/or decryption of a further message. A method configures a control unit in a motor vehicle.

Abstract: An electronic device may include a finger biometric sensor and a processor being switchable between a user-interface locked mode and a user-interface unlocked mode. The processor may cooperate with the finger biometric sensor to acquire spoof detection data based upon an object being placed adjacent the finger biometric sensor, and determine whether the acquired spoof detection data is representative of a live finger. The processor may also switch from the user-interface locked mode to the user-interface unlocked mode when the acquired spoof detection data is representative of a live finger, and cooperate with the finger biometric sensor to acquire biometric matching data. The processor may further perform finger matching based upon the acquired biometric matching data and stored biometric enrollment data.

Abstract: Provided is a memo synchronization system, a mobile system, and a method for synchronizing memo data. The memo synchronization system includes a storage device, an authentication unit configured to authenticate a user by receiving authentication information of the user from a mobile terminal via a memo application installed in the mobile terminal, and a synchronization unit stored on the storage device and configured to synchronize memo data stored in the mobile terminal with memo data stored in a web storage space of an online memo service based on a request for synchronization transmitted from the mobile terminal through the memo application. The request for synchronization includes a synchronization request generated by the memo application according to an event set by the user.

Abstract: A method capable of erasing a password from a BIOS automatically includes steps of the BIOS determining whether a password erasing flag has been set when an electronic device is booting; the BIOS erasing the password if the password erasing flag has been set; the BIOS displaying a password input window if the password erasing flag has not been set; inputting a comparison data in the password input window; the electronic device transmitting the comparison data to a server; the server comparing the comparison data with a registration data, generating a comparison result, and transmitting the comparison result to the electronic device; the BIOS determining whether the comparison result is correct; the BIOS setting the password erasing flag and rebooting the electronic device if the comparison result is correct; and the BIOS rebooting the electronic device directly if the comparison result is wrong.

Abstract: A system that authorizes access to a resource by a client validates the client and generates a Security Assertion Markup Language (“SAML”) assertion for the valid client. The system then sends an access request with the SAML assertion to a OAuth server. In response, the OAuth server returns an access token for the resource to the client.

Abstract: Disclosed are systems, methods and computer program products for controlling access to encrypted files. In one aspect, the system detects a request from an application to access an encrypted file. The system identifies the application that requested access to the encrypted file and one or more file access policies associated with the application. The file access policy specifies at least a file access method associated with the application. The system then controls access to the file based on the identified one or more file access policies.

Abstract: At least initially blocking client download of certain content and injecting a user verification step for such downloads is disclosed. In some embodiments, client download of a response from a server to a client request is blocked, and instead a notification page with options to accept or decline the server response is provided to the client.

Abstract: A method for providing analysis and detection of malicious software may include directing a comparison of patterns within sample code to a predetermined set of malicious software patterns, determining whether the sample code is likely to be malicious software based on the comparison, and, in response to a determination that the sample code is likely to be malicious software, determining a malicious software cluster with which the sample code is associated based on the patterns within the sample code. A corresponding computer program product and apparatus are also provided.

Abstract: A system and method remotely enrolls, authenticates and provides unified authentication services in an ASP setting to a user to access requested information via a communication medium. A filter is coupled to client side components via the communication medium and a user management component coupled to the client side components via the communication medium. The user management component allows end-users to register their credentials only once. In addition, the user management component allows end-users to define the level of protection of access to their web application accounts. This includes accounts that have been configured specifically for use with the present invention and particular user credentials and accounts that have been subsequently set up but configured to use the same user credentials. The present invention can then reuse those credentials to authenticate the user to one or more potentially unrelated web applications.

Abstract: Apparatus, systems and methods may provide a browser interface to detect an attempt by web content to manipulate data in a local data store. In addition, the data may be classified into a category if the data is remotely accessible. Additionally, a security policy may be applied to the data based on the category. In one example, a separator may separate the data from other data based on the category, the data may be encrypted/decrypted based on the category, and/or context information and user input may be determined to apply the security policy further based on the context information and the user input.

Abstract: Systems and methods relating to generating a key that is difficult to clone are described. The methods include receiving a programmable logic device (PLD) with a first key and applying a one-way hash function to a second key or the first key and the second key to create a third key. The application of the one-way hash function is performed using one or more components hardwired into the PLD. The methods further include storing the third key in the PLD only after using the one or more components to apply the one-way hash function.

Abstract: There is provided an image forming apparatus that eliminates the need for separately preparing an encrypted file for each user. To achieve this, the image forming apparatus performs control of browsing of a browsing file that is browsed at a terminal. The document acquisition portion of the image forming apparatus acquires document data. The document encryption portion encrypts the document data with a public key as the browsing file. The position information setting portion sets position information to permit browsing of the browsing file encrypted by the document encryption portion in a viewer for causing the browsing file to be browsed at the terminal. In the case where it has been determined that the position information coincides with a current position, a browsing execution portion at the terminal uses a secret key to decrypt the browsing file for causing it to be browsed.

Abstract: Automated provisioning of hosts on a network with reasonable levels of security is described in this application. A certificate management service (CMS) on a host, one or more trusted agents, and a public key infrastructure are utilized in a secure framework to establish host identity. Once host identity is established, signed encryption certificates may be exchanged and secure communication may take place.

Abstract: Implementations for providing a persistent secure execution environment with a hosted computer are described. A host operating system of a computing system provides an encrypted checkpoint to a persistence module that executes in a secure execution environment of a hardware-protected memory area initialized by a security-enabled processor. The encrypted checkpoint is derived at least partly from another secure execution environment that is cryptographically certifiable as including another hardware-protected memory area established in an activation state to refrain from executing software not trusted by the client system.

Abstract: Systems and methods for performing settlement of token access transactions are provided. In one embodiment, the invention provides for batch processing bank card transactions, including receiving transaction records for a plurality of bank card transactions, wherein at least some of the transaction records include encrypted token information; determining whether the transaction records contain encrypted token information; decrypting the encrypted token information for a transaction record that is determined to have encrypted token information; and providing clear text token information obtained by decrypting the encrypted token information for a transaction record for transaction settlement.