Abstract: An encrypted security system and associated methods for controlling physical access. The system includes a security server configured to receive a request for authentication from a mobile device, the request comprising information identifying the mobile device and a physical access control device. The security server forwards an encryption message comprising a plurality of unique identifiers to the physical access control device via the mobile device. The physical access control device is configured to authenticate the plurality of unique identifiers in the encryption message and operate an access control mechanism.

Abstract: A solution is described which allows mobile devices to specify that certain sites are allowed to be logged into based on the device credentials alone. The solution integrates OpenID with a telecommunications network in order to verify the user's identity. This verification is based on the trust that the telecom carrier has to identify the subscriber at the GGSN. The solution splits the OpenID Provider (OP) into two systems—an internal OP and an external OP. The external OP can reside in the public network and can allow the user to authenticate with a password. The internal OP resides in the private network of the carrier and is directly connected to the GGSN such that it is only reachable from the GGSN.

Abstract: A method is disclosed. The method includes encrypting a first data, wherein the encrypting the first data set is performed using a first key, and the encrypting the first data set is performed using a dedicated encryption circuit. The first data set is stored on a first storage medium. A second data set is encrypted, wherein the encrypting the second data set is performed using a second key, and the encrypting the second data set is performed using the dedicated encryption circuit. The second data set is stored on the first storage medium.

Abstract: Set forth herein are systems, methods, and non-transitory computer-readable storage media for processing media requests in a secure way. A server configured to practice the method receives, from a media player client, a request for media content. The server requests a playback token from a playback service associated with the media content and generates a tag containing the playback token. Then the server transmits to the media player client a response to the request for media content based on the tag, wherein the media player client retrieves the media content by presenting the playback token to the playback service. The media player client can be an embedded media player or other player in a web browser. The server and the playback service can operate based on a common, pre-shared feed token. Other playback client and playback service embodiments exist.

Abstract: Secure access to a resource is provided by receiving a user request associated with a username for access for a resource and checking the username associated with the request against a reference username associated with the user. The reference username is linked to a second username associated with the user. If the received username matches the reference username, the request is modified by replacing the received username with the second username, and the modified request is forwarded towards the resource. A new username can be recorded upon receiving a request for the user. In response to the received request, the new username is recorded at a reference location linked to the location of the second username.

Abstract: Systems and methods are provided for authorizing a user to access an access-controlled environment. The system includes a system server platform that communicates with fixed PC's, servers and mobile devices (e.g., smartphones) operated by users. The systems and methods described herein enable a series of operations whereby a user attempting to access an access-controlled environment is prompted to biometrically authenticate using the user's preregistered mobile device. Biometric authentication can include capturing images of the user's biometric features, encoding the features as a biometric identifier, comparing the biometric identifier to a previously generated biometric identifier and determining liveness. In addition, the authentication system can further authorize the user and electronically grant access to the access-controlled environment.

Abstract: Embodiments of the systems, devices, and methods described herein generally facilitate the secure transmittal of security parameters. In accordance with at least one embodiment, a representation of first data comprising a password is generated at the first computing device as an image or audio signal. The image or audio signal is transmitted from the first computing device to the second computing device. The password is determined from the image or audio signal at the second computing device. A key exchange is performed between the first computing device and the second computing device wherein a key is derived at each of the first and second computing devices. In at least one embodiment, one or more security parameters (e.g. one or more public keys) are exchanged between the first and second computing devices, and techniques for securing the exchange of security parameters or authenticating exchanged security parameters are generally disclosed herein.

Abstract: Provided is a license management system comprising: a license check device that independently operates on a platform; and an information processing device that is connected to the license check device, in which the license check device includes: a license check unit that checks for presence or absence of a license of the information processing device; a first start unit that starts the license check unit in response to a call instructed by the platform; and a calling unit that calls, when the license check unit determines that the license is present, the information processing device, and in which the information processing device includes: an information processing unit that performs a specific information processing; and a second start unit that starts the information processing unit only in response to the call from the license check device.

Abstract: Various embodiments of a system and method for a single request-single response protocol with mutual replay attack protection are described. Embodiments include a system that receives multiple single request messages, each of which include a respective nonce, timestamp, and digital signature. The system may create a record of previously received nonces that, at any given time, may include multiple message nonces received within a valid period of time prior to that given time. To validate a given single request message, the system verifies the digital signature of the message, determines that the timestamp of the message indicates a time within the valid period of time prior to the current time, and determines that the nonce of the message is not present within the record of previously received nonces. The system sends a single response message that includes the same nonce as the validated message.

Abstract: A method for implementing a security agent on behalf of a device, the method comprising: obtaining a list of applications installed on the device from a remote repository; for each respective application on the list, comparing reputation attributes obtained from a reputation database against attributes of the application installed on the device; and for any of the respective applications for which it is determined from the comparing that the application installed on the device is malicious, taking action to limit malicious activity by the respective application installed on the device.

Abstract: A method for a user agent to access a session policy in a network is provided. The method comprises sending, from the user agent, a single session policy request to a single network component, the single network component contacting a plurality of network components, wherein sending the single session policy request to the single network component utilizes a lower layer protocol. The lower layer protocol is at least one of Extensible Authentication Protocol (EAP), Point to Point Protocol (PPP), and General Packet Radio Service (GPRS) Activate Packet Data Protocol (PDP) context. The method further comprises aggregating policy information and providing the aggregated policy information to the user agent.

Abstract: The invention relates to a method for protecting a sensitive operation by checking the integrity of at least a subset of the data manipulated by the sensitive operation. Data to be checked are divided into blocks, an intermediate integrity check value being computed for each block, the intermediate integrity check values being computed in random order. The invention also relates to a cryptographic device wherein at least one sensitive operation of the cryptographic device is protected by a method according to the invention.

Abstract: The present invention relates to a product information system and a corresponding method in a product information system with products 2, to which there are applied machine-readable items of information 14. A data service 5 for data 16 allocated to the products is furnished. The machine-readable item of information 14 applied to a product 2 are read by a data requester 4. The data allocated to the product are requested through sending the read machine-readable data to the data service 5, the data request 15 is received by the data service 5, the requested data 16 are determined by the data service 5 and sent by the data service 5 to the data requester 4. In the step of determining the requested data 16, the data are generated by decrypting encrypted data 11-13 using the machine-readable items of information 14 received with the data request.

Abstract: A third-party watermark is inserted into a file or files uploaded by a client to a storing party such as a file backup server. The third-party watermark may contain information about the upload itself, such as time and date of the upload and the identity of the client. The third-party watermark may also contain authentication information received from the client or elsewhere that establishes that the client is in proper possession of the file, e.g., it is not a bootlegged copy.

Abstract: A system and method for more efficiently establishing a chain of trust from a registrant to a registry. A registrant credential is associated with a Shared Registration command and is sent by a registrar to a registry. Upon successful validation, a token is generated and bound to a registrant identifier. The token is included along with the registrant identifier in subsequent discrete Shared Registration commands submitted to the registry on behalf of the registrant. The registrant thus needs to submit its credential only once for changes that require several discrete commands. Also, it is more efficient for the Shared Registration System to validate a token for a set of commands than to validate different registrant credential for each discrete command.

Abstract: A method and system for protecting computer system state in one aspect generates signatures associated with system dump data, compares the signatures with those of the previous system dump data. Only those system dump data whose signatures are different from the previous dump are transferred for storing.

Abstract: A method operating on a computer begins by generating a read command to read at least some of a plurality of data slices from a dispersed storage network. The method continues by receiving the at least some of the plurality of data slices. The method continues by performing a reverse information dispersal algorithm on at least some of the plurality of data slices to produce a plurality of transposed data elements. The method continues by reverse transposing the plurality of transposed data elements to recover data elements of a data segment.

Abstract: A storage medium includes an ID registration area for storing therein a main body ID which is an ID unique to an information processing apparatus. The information processing apparatus has the main body ID stored therein. The information processing apparatus includes copying means for, when the storage medium is attached thereto, copying a program stored in the storage medium thereinto in the case where the main body ID has not yet been registered. When the copy is made, the main body ID is stored into the ID registration area of the storage medium. The information processing apparatus also includes execution program selecting means for selecting, from the copied program and from the program stored in the storage medium, a program to be executed.

Abstract: A method and apparatus for cross-domain Web-service publishing of information regarding a Web service provider in a first domain having a first security clearance access level into a second domain having a second security clearance access level across a cross-domain security system may comprise a cross-domain publishing service within the second domain receiving through the security system a request to publish information regarding the Web service provider located in the first domain; and may comprise the cross-domain publishing service establishing a surrogate end point within the second domain corresponding to the Web service provider and making available at the surrogate end point Web service information regarding the provision of a Web service by the Web service provider. The second domain cross-domain publishing service may register the Web service provider within the second domain and may also provide a link to the surrogate endpoint.

Abstract: Provided is an information security apparatus that has enhanced stability and confidentiality of a hash key. The information security apparatus includes an information generating PUF unit that has tamper resistance set, using physical characteristics, so as to output a preset hash key, a partial error-correction information storage unit that stores partial error-correction information, an error correcting PUF unit that has tamper-resistance set, using physical characteristics, so as to output error-correcting PUF information, an error-correction information generating unit that generates error-correction information using partial correction information and the error-correcting PUF information, and an error correcting unit that corrects an error for the hash key outputted from the information generating PUF unit and outputs an error-corrected hash key.