Abstract: A mechanism is provided for sending a password to a terminal. A password send request is received. The status of each of a plurality of terminals coupled to the information processing device via a network is acquired. On the basis of the acquired statuses, at least one item is selected from a group comprising the terminal serving as a destination for the password, the communication method with the terminal, or the method for inputting the password in the terminal. The password is then sent to the selected terminal via a network.

Abstract: A cryptographic system that can prevent encryption and decryption processes from being inefficient as an encryption key is updated is provided. The cryptographic system includes: a first encryption unit for encrypting original data in a first encryption method using a main key to generate first encrypted data; a second encryption unit for encrypting the first encrypted data in a second encryption method using a sub key to generate second encrypted data; a database for storing the second encrypted data generated; a key update unit for updating the current version of the main key to a new version of the main key and updating the current version of the sub key to a new version of the sub key; and a data update unit for converting the second encrypted data encrypted with the current version of the sub key into a state encrypted with the new version of the sub key.

Abstract: A method and apparatus for encrypting an area of an electronic document are provided. The method includes displaying the electronic document, receiving an input signal including information about a first point and a second point of the electronic document, shifting an area adjacent to the first point toward the second point in response to the input signal, displaying only an area of the electronic document other than an encrypted area determined according to a result of the shifting, and enabling a lock mode that maintains a state of displaying the area other than the encrypted area.

Abstract: A computing platform implements one or more secure enclaves including a first provisioning enclave to interface with a first provisioning service to obtain a first attestation key from the first provisioning service, a second provisioning enclave to interface with a different, second provisioning service to obtain a second attestation key from the second provisioning service, and a provisioning certification enclave to sign first data from the first provisioning enclave and second data from the second provisioning enclave using a hardware-based provisioning attestation key. The signed first data is used by the first provisioning enclave to authenticate to the first provisioning service to obtain the first attestation key and the signed second data is used by the second provisioning enclave to authenticate to the second provisioning service to obtain the second attestation key.

Abstract: In one embodiment, a command is received from a video provider at a media rendering device, the command being a command to embed a subscriber ID in at least one video frame in a video stream. A random key, k is also received from the video provider at the media rendering device. An injective transformation is invoked for k and the subscriber ID, the injective transformation generating a sequence of pairs of: near-transparent patterns and corresponding time periods. Logical blocks of the at least one video frame in the video stream are overlaid with one of the near-transparent patterns for its one of the corresponding time periods. Related apparatus, systems, and methods are also described.

Abstract: A method of accessing a remote resource (4) from a data processing device (2) includes obtaining a first URL corresponding to the remote resource (4), obtaining secret data corresponding to the first URL, using the secret data to generate an obscured URL at the data processing device (2), and accessing the remote resource using the obscured URL. This allows the user of the device (2) to see a first URL which is intelligible and provides useful information about the device, without sharing that information with the network. The obscured URL identifies the actual location of the remote resource and can be an unintelligible stream of digits or letters.

Abstract: A first information handling system receives a security challenge and forwards it to a second information handling system. The second information handling system retrieves a private key from a public/private encryption key pair and satisfies the challenge with the private key. The second information handling system forwards the satisfied challenge without divulging the private key. The second information handling system is in a more secure environment than the first information handling system. The challenge may be satisfied by signing the challenge with the private key. Satisfying the challenge may be a step in creating a secure shell connection between the first information handling system and an organization maintaining the first information handling system and the second information handling system.

Abstract: In one embodiment, a method is performed by a computer system. The method includes receiving base attribute values of a registrant device. The method further includes determining similarities of the base attribute values to a reference string to yield base similarity values. The method also includes registering the registrant device for policy enforcement using the base similarity values. Furthermore, the method includes, responsive to a trigger, determining target attribute values of a target device. Also, the method includes determining similarities of the target attribute values to the reference string to yield target similarity values. Moreover, the method includes, responsive to the target similarity values satisfying a similarity threshold in relation to the base similarity values, configuring policy enforcement such that the target device is treated as the registrant device.

Abstract: In accordance with embodiments disclosed herein, there is provided systems and methods for providing a post-processing mechanism for physically unclonable functions. An integrated circuit includes a physically unclonable function (PUF) unit including an adaptive PUF logic. The adaptive PUF logic receives a PUF response having a plurality of bits. The adaptive PUF logic also determines whether a record exists for bit among the plurality of bits in the PUF response. The record includes a stored bit location and a stored bit value corresponding to the stored bit location. The adaptive PUF logic also overrides a bit value of the bit in the PUF response with the stored bit value when it is determined that the record exists for the bit in the PUF response. The bit value of the bit in the PUF response is different from the stored bit value.

Abstract: A computer implemented method may allow for the upload and verification of a document. In one aspect, the method may receive a file at a data server associated with an insurance company event and determine if the file contains a computer security threat. The method may also determine if the file is supported and convert the file wherein the converted file is supported. The method may further flag the converted file for association with an insurance company event and transmit the converted file to a permanent storage server.

Abstract: Corruption of program stacks is detected by using guard words placed in the program stacks. A called routine executing on a processor checks a guard word in a stack frame of a calling routine. The checking determines whether the guard word has an expected value. Based on determining the guard word has an unexpected value, an indication of corruption of the stack frame is provided. Some routines, however, may not support use of guard words. Thus, routines that are interlinked may have differing protection capabilities. In this situation, a determination may be made as to whether a caller routine supports guard word protection. Based on determining that the caller routine supports guard word protection, the called routine verifies the guard word.

Abstract: Techniques are disclosed for efficient computation of consecutive values of one-way chains and other one-way graphs in cryptographic applications. The one-way chain or graph may be a chain of length s having positions i=1, 2, . . . s each having a corresponding value vi associated therewith, wherein the value vi is given by vi=h (vi+1), for a given hash function or other one-way function h. An initial distribution of helper values may be stored for the one-way chain of length s, e.g., at positions given by i=2j for 0?j?log2 s. A given one of the output values vi at a current position in the one-way chain may be computed utilizing a first helper value previously stored for another position in the one-way chain between the current position and an endpoint of the chain. After computation of the given output value, the positions of the helper values are adjusted so as to facilitate computation of subsequent output values.

Abstract: Embodiments are directed to using a hash signature of a rendered DOM object of a website to find similar content and behavior on other websites. Embodiments break a DOM into a large number of data portions (i.e., “shingles”), apply a hashing algorithm to the shingles, select a predetermined number of hashes from the hashed shingles according to a selection criteria to create a hash signature, and compare the hash signature to that of a reference page to determine similarity of website DOM object content. Embodiments can be used to identify phishing websites, defaced websites, spam websites, significant changes in the content of a webpage, copyright infringement, and any other suitable purposes related to the similarity between website DOM object content.

Abstract: A system includes a target directory service, a domain mesh with a plurality of domains, and a synchronization host coupled to the domain mesh. The synchronization host is configured to synchronize password changes received in the domain mesh with the target directory service. Synchronizing the password changes includes receiving at the synchronization host a hash value representative of a plaintext password from the domain mesh, performing at the synchronization host an additional hash on the hash value to generate protected password data, and exporting the protected password data from the synchronization host to the target directory service.

Abstract: Systems and methods for encrypting an unencrypted data set within a file are provided. The disclosed systems and methods can be configured to create a ciphertext object within the existing data structures of a native file format. The systems and methods enable the secure copying data between multiple applications while displaying a revealed form of the data to a user.

Abstract: The computer receives customer registration information and encryption parameters from a customer, then transmits them to the server of an entity such as a pharmacy or bank. After the entity utilizes the transmitted encryption parameters to encrypt confidential portions of a message to the customer, the computer captures the message by way of receiving, photographing, scanning, or otherwise obtaining a copy of the message. The computer identifies glyphs in the message indicative of the corresponding encryption parameters as well as where the encrypted portions of the message start/end. Using the identified glyphs and corresponding encryption parameters, the computer decrypts the confidential portions of the message and displays the message in entirety on the computer.

Abstract: Systems, methods, and computer-readable media provide for secure access to virtual machines in heterogeneous cloud environments. In an example embodiment, client credentials, such as a public key of a public-private key pair, are provided to a virtual machine in a first cloud, such as a private cloud. The virtual machine can be migrated from the first cloud to a second cloud, such as one of a plurality of heterogeneous public clouds. The virtual machine in the second cloud can be accessed from the first cloud via Secure Shell (SSH) authentication using the client credentials. The client credentials can be updated, and the updated client credentials can be used for subsequent SSH access to the virtual machine in the second cloud.

Abstract: A control network communication arrangement includes a second protocol embedded into a first protocol in a way that modules supporting the second protocol may be aware of and utilize the first protocol whereas modules supporting only the first protocol may not be aware of the second protocol. Operation of modules using the second protocol does not disturb operation of the modules not configured to use or understand the second protocol. By one approach, unique additional information is embedded into a message to provide authentication of the first protocol message. This acts as a quality check protecting against unauthorized messaged being sent on the control network.

Abstract: Network management technology as disclosed herein generates and dynamically updates an intuitive, interactive visualization of a computer network in live operation. The network management technology interprets human user interactions, such as gestures, conversational natural language dialog, and combinations of gestures and natural language dialog, as network directives. The technology can implement the network directives to, for example, facilitate analysis of network activity or to respond to network security events.

Abstract: The embodiments discussed herein relate to updating and encrypting passwords for one or more computing devices. The computing devices can be associated with a common user account. According to the embodiments discussed herein, the user the can update a password of the user account at one computing device, and log into another computing device using the updated password without having to provide the current password for the other computing device. The embodiments incorporate a variety of encryption and key generation methods in order to safely transmit password updates between local computing devices. Specifically, the embodiments set forth methods and apparatus for generating and storing breadcrumbs that allow for decrypting a current password of a computing device using a new password.