Abstract: This invention includes a solution to enable a digital authentication solution comprising a network. Next, a first device is coupled to the network. The first device may include an authentication key generator that is able to generate both public and private keys in electronic formats. Next, the first device is coupled to a certificate authority gateway. The certificate authority gateway includes devices capable of converting the electronically formatted public key to a non-electronic format, and vice versa. Next, the certificate authority gateway is coupled to a certificate authority server. The certificate authority server includes devices capable of converting the electronically formatted public key to a non-electronic format, and vice versa. The certificate authority server is also contained in a secure area such as a locked room, or a safe. The secure area includes features that allow the non-electronically formatted public key to be passed across the boundary of the secure area.

Abstract: A “Media Transmission Optimizer” provides a media transmission optimization framework for lossy or bursty networks such as the Internet. This optimization framework provides a novel form of dynamic Forward Error Correction (FEC) that focuses on the perceived quality of a recovered media signal rather than on the absolute accuracy of the recovered media signal. In general, the Media Transmission Optimizer provides an encoder that optimizes the transmission of redundant frames of electronic media information encoded at different bit rates, and provides optimized playback quality by providing a decoder that automatically selects an optimal path through one or more available representations of each frame as a function of overall rate/distortion criteria.

Abstract: Disclosed herein is a method for digital video encoding prediction comprising creating a constructed reference frame using an encoder and compressing a series of source video frames using the constructed reference frame to obtain a bitstream including a compressed digital video signal for a subsequent decoding process. The constructed reference frame is omitted from the series of digital video frames during the subsequent viewing process.

Abstract: A method and system for verifying outsource data and providing a certification system includes but is not limited to a method including receiving one or more deposits of one or more data elements in connection with an outsourcing transaction from or on behalf of a third party, verifying an identification of the third party, maintaining a transaction log to provide a validation record acknowledging receipt of the one or more deposits, and performing a cryptographic action against one or more aspects of the outsourcing transaction to provide a certified version of the transaction log to confirm the outsourcing transaction.

Abstract: A versatile log system is disclosed for producing logs for documents or other objects. The system allows authorized users to configure a log table and at least one coupled table, validate log entries for the log table, and validate data records for the coupled table. When the system is installed with investigative identity data search algorithm, identity data processing algorithm, interactive data entry features, and phrase construction feature, it can significantly improve production efficiency and data accuracy.

Abstract: A machine-readable medium may have stored thereon an instruction, which when executed by a machine causes the machine to perform a method. The method may include combining a first operand of the instruction and a second operand of the instruction to produce a result. The result may be encrypted using a key in accordance with an Advanced Encryption Standard (AES) algorithm to produce an encrypted result. The method may also include placing the encrypted result in a location of the first operand of the instruction.

Abstract: A device comprises a data storage media storing data content and a digital signature. At least a portion of the digital signature is encrypted on the data storage media. The device also includes a removable control circuitry including a unique key. If the unique key corresponds to the encrypted portion of the digital signature, the removable control circuitry allows access to the data content. If the unique key does not correspond to the encrypted portion of the digital signature, the removable control circuitry prevents access to the data content. Embodiments of the invention may be useful to prevent a user from accessing the data content without the original control circuitry used to write the data content. For example, embodiments of the invention may prevent a user from using a different control circuitry that would readily allow unauthorized copying and distribution of the data content.

Abstract: A Terminal Identity Token is created for identifying a User Equipment (UE) connected to a radio base station in a radio system. The UE communicates with the radio base station via a secure communication associated with an existing cryptographic key. The Terminal Identity Token is created based on a physical cell identity of a target cell known to both the UE and the radio base station, the terminal identity, and the existing key. By using the Terminal Identity Token, a secure communication can be established and enhanced without having to provide for additional security network components or additional signaling.

Abstract: A method of identifying a user of a device having a security policy and including a touch sensitive input device. The method includes receiving data corresponding to use of the touch sensitive input device by the user and determining from the received data at least one feature. Based on the at least one feature and a signature associated with an identifiable user, the method determines a likelihood that the user is the identifiable user and modifies, based on the likelihood, the security policy on the device.

Abstract: A method comprises establishing a network connection between the first processing device and the second processing device for transfer of data associated with a software authenticator from the first processing device to the second processing device, encrypting the software authenticator data with encryption that is separate from encryption used for the network connection, and transferring the encrypted software authenticator data from the first processing device to the second processing device.

Abstract: A system including a memory having regions including a first and second region, the first region being different from the second region, and a digital rights management engine to receive a plurality of ciphertext cipher blocks, decrypt the ciphertext cipher blocks yielding plaintext cipher blocks, output the plaintext cipher blocks to the first region of the memory over a period of time, provide a plurality of decoy cipher blocks in addition to the plaintext cipher blocks, the decoy cipher blocks having a pattern in which: a first one of the decoy cipher blocks consists of data, and a second one of the decoy cipher blocks consists of data which is the same as the data of the first one of the decoy cipher blocks, and output the decoy cipher blocks to the second region of the memory during the period of time. Related apparatus and methods are also included.

Abstract: A method is provided in one example embodiment and includes generating a first document and a second document associated with video data that includes a group of pictures (GOPs). The method also includes hashing a plurality of video frames associated with the video data. Additionally, the method includes appending each of the video frames' respective hash and respective display times to the first document, and appending each of a plurality of I-frames' respective hash and respective display times to the second document. The method further includes communicating the first document and the second document in a reliable manner over a network to a next destination.

Abstract: A data processing system has a browser with scripting engine means for executing a script. The scripting engine means implements a public scripting engine and a private scripting engine. The browser is configured to have the script executed by the public scripting engine if the script does not require access to a pre-determined resource at the system. The browser is configured to have the script executed by the private scripting engine if the script requires access to the pre-determined resource. Only the private scripting engine has an interface for enabling the script to access the predetermined resource. The scripting engine means is configured to prevent the private scripting engine from communicating data to the public scripting engine or to a non-approved server external to the data processing system.

Abstract: A system includes a communication device configured to transmit a message to an unsecured server. A secured server is in communication with the communication device, and is configured to receive the message from the communication device before the message is transmitted to the unsecured server, encrypt the message, and transmit the encrypted message to the unsecured server.

Abstract: In a method and a system for providing secure communication in a cellular radio system radio base station key is generated by determining a set of data bits known to both the UE and the radio base station, and creating the radio base station key in response to the determined set of data.

Abstract: A flexible aes instruction for a general purpose processor is provided that performs aes encryption or decryption using n rounds, where n includes the standard aes set of rounds {10, 12, 14}. A parameter is provided to allow the type of aes round to be selected, that is, whether it is a “last round”. In addition to standard aes, the flexible aes instruction allows an AES-like cipher with 20 rounds to be specified or a “one round” pass.

Abstract: A method includes upon receiving a request from a user to perform an operation on a device that is running under an operating system, authenticating the user on the basis of credential data that is retrieved from a data storage unit that is associated with a lights-out management (LOM) capability of the device. If authentication of the user is successful, the user is enabled to perform the operation.

Abstract: A proxy server may receive from a user endpoint, a secure connection request to a second server. The secure connection request may comprise a globally unique identifier registered for the endpoint. The proxy server may intercept, from the user endpoint, a first secure handshake with the second server. The proxy server may initiate a second secure handshake with the second server based on the intercepted first secure handshake. The proxy server may intercept from the second server a second secure handshake response comprising a server certificate with metadata. The proxy server may generate a second certificate using the metadata and signed with a first certificate authority associated with the globally unique identifier registered for the endpoint. The proxy server may transmit to the user endpoint a modified response to the secure connection request secured with the second certificate to establish a proxied secure connection.

Abstract: Protecting user credentials from a computing device includes establishing a secure session between a computing device and an identity provider (e.g., a Web service). Parameters of the secure session are communicated to a credential service, which renegotiates or resumes the secure session to establish a new secure session between the credential service and the identity provider. User credentials are passed from the credential service to the identity provider via the new secure session, but the computing device does not have the parameters of the new secure session and thus does not have access to the passed user credentials. The credential service then renegotiates or resumes the secure session again to establish an additional secure session between the credential service and the identity provider. Parameters of the additional secure session are communicated to the computing device to allow the computing device to continue communicating securely with the identity provider.

Abstract: Access to online collaborative resources such as an online meeting, web conference, online chat room, an online video conference, an online audio conference, a collaboratively edited document, a collaborative browsing session, an online social networking group, or a web site is secured by providing a first user-specific URL to a first user for addressing collaborative resource; responsive to the first user accessing the first user-specific URL, granting by a computing system access to the collaborative event to the first user; and responsive to a second user accessing the first user-specific URL, preventing by a computing system access to the collaborative event to the second user. Optionally, time criteria for accessing the first user-specific URL may be used to invalidating the first user-specific URL, wherein access to the collaborative resource is disabled.