Abstract: Subject matter disclosed herein relates to memory devices and security of same.

Abstract: A method for securing communications between a first node (N1) and a second node (N2) in a network (1) further comprising a management device (2) provided with root keying materials, the method comprising the following steps: the management device generating, based on root keying materials, a first node keying material shares comprising a number of sub-elements and the first node keying material shares being arranged for generating a first complete key, the management device selecting a subset of sub-elements of the first keying material shares, the number of sub-elements selected being less or equal than the total number of sub-elements of the first keying material shares, and the selected sub-elements forming a first node partial keying material shares or symmetric-key generation engine, the first node generating, based on the first node symmetric-key generation engine and on an identifier of the second node, a first key, used for securing communications with the second node.

Abstract: Methods of securely authenticating a host to a storage system are provided. A series of authentication sessions are illustratively performed. Each of the authentication sessions includes the host transmitting an authentication request to the storage system. The storage system authenticates the host based at least in part upon a content of the authentication request. After each successful authentication of the host to the storage system, an encryption key that was utilized in encrypting the authentication request that was transmitted to the storage system is deleted. After each encryption key deletion, a new encryption key that is different than the previous key is optionally stored and is utilized in the next authentication session.

Abstract: Disclosed are various embodiments for a behavior-based identity system that recognizes and/or authenticates users based at least in part on stored behavioral events which have been observed previously or have been preconfigured. Multiple behavioral events expressed by a client relative to multiple resources of a network site are observed. The behavioral events correspond to data that a user has elected to share, and the user may opt-in or opt-out of the behavior-based identity system. A comparison is performed between the observed behavioral events and multiple stored behavioral events associated with a user identity. An identity confidence level as to whether the user identity belongs to a user at the client is generated based at least in part on the comparison.

Abstract: A system for secure information storage and delivery includes a vault repository that includes a secure vault associated with a user, wherein the secure vault is associated with a service level including at least one of a data type or a data size limit associated with the secure vault, the secure vault being adapted to receive and at least one data entry and securely store the at least one data entry if the at least one of a size or a type of the at least one data entry is consistent with the service level. A mobile vault server coupled to the vault repository creates a mobile vault on a mobile device based on the secure vault and is capable of authenticating the mobile device based on user authentication information. The mobile vault server includes a mobile device handler that communicates with the mobile device.

Abstract: A method and computer program product for managing and controlling direct access of an administrator to a computer system. At least one computer program on the computer system receives from the administrator a request for the direct access to the managed computer system directly from the system console and requests a service management system to search open tickets. In response to that the open tickets are found, the at least one computer program requests the administrator to choose at least one ticket from the open tickets and grants the administrator the direct access to the computer system in response to determining that the at least one ticket is valid.

Abstract: The invention relates to a method for configuring a mobile device capable of reproducing, for a user, multimedia content previously provided by a remote content server. The invention relates to using a client installed on said electronic device to relay authentication requests between a card, preferably complying with the provisions of the Mobile Commerce Extension standard, and an authentication server that is accessible via an access point.

Abstract: A server apparatus having a one-time scan code issuing function, a user terminal having a one-time scan code recognizing function, and a method for processing a one-time scan code are provided so as to safely and conveniently transmit one-time information used for key-exchange-scheme-based encryption, using a scan code such as a bar code and a QR code.

Abstract: An apparatus and method are disclosed for determining authentication frequency (i.e., the length of time between authenticating and re-authenticating a user) and challenge type (e.g., username/password, fingerprint recognition, voice recognition, etc.) based on what software applications a user is running on a data-processing system, and how those applications are being used (e.g., what functions are used, what data is input to or output by the application, how often and for how long applications are used, what input devices and output devices are used, etc.) Advantageously, the illustrative embodiment enables authentication frequency and challenge type to be adjusted based on the likelihood of malicious activity and/or the potential cost of malicious activity, as inferred from current and past application usage. In addition, the illustrative embodiment enables selection of an authentication challenge type that is less intrusive to a user based on current application usage.

Abstract: A system and method for writing a new or replacement public key to a bootloader stored in a memory segment in the memory of a vehicle ECU without having to rewrite the entire bootloader. The method includes defining a key table in the bootloader memory segment includes a number of vacant memory slots that are available to store replacement public keys if they are needed. The key table is a separate section of the bootloader memory segment so that the key table memory slots are not used by the bootloader code.

Abstract: Techniques for in-app user data authorization are described. An apparatus may comprise a processor circuit, a permissions component, and a token component. The permissions component may be operative on the processor circuit to receive a request from an application to perform a task on a device and to return a response to the request to the application based on active permissions for the application. The token component may be operative on the processor circuit to manage a token database and to determine the active permissions for the application based on the token database. Other embodiments are described and claimed.

Abstract: A privacy management system (PMS) is disclosed for a Chief Privacy Officer (CPO) or other user to use in monitoring and/or controlling in realtime the flow of data (e.g., outflow) about the user and his/her online experience. The PMS may employ pattern recognition software to evaluate analytics data and potentially block private information from being sent within the analytics data. The PMS may provide a dashboard displaying a whitelist and/or blacklist indicating what destinations/sources are blocked or allowed as well as private information settings indicating what types of private information should be blocked. The PMS includes browser-client scripting code and may also include a PMS-certified verification icon and/or lock and unlock icons for display on webpages being monitored/controlled in realtime by the PMS.

Abstract: A hardware architecture for encryption and decryption device can improve the encryption and decryption data rate by using parallel processing, and pipeline operation, and save footprint by sharing hardware components. The hardware architecture can also be associated with a memory to protect the information stored at the memory. The encryption device can include a tweaking value manager to generate an array of tweaking values corresponding to the array of data blocks based on a tweaking encryption key, a first encryption unit to encrypt a first portion of the array of data blocks into a first portion of encrypted data blocks based on corresponding tweaking values and a data encryption key, a second encryption unit to encrypt a second portion of the array of data blocks, and a data block combiner to combine the first portion of encrypted data blocks and the second portion of encrypted data blocks.

Abstract: It is provided a recorder apparatus in which a user can use simply and efficiently plural functions which can be performed simultaneously. According to an embodiment of the invention, a recorder apparatus has a display, an input section for a video being inputted, a random access recording medium for recording the video, an output section for outputting the video recorded in the recording medium, a multitask control section, a display control section and a reception section for receiving an specification of the tab and the direction of the video for a processing target for the selected function. The multitask control section performs plural functions in parallel simultaneously which plural functions includes a function for recording the inputted video in the recording medium. The display control section displays tabs assigned to the plural functions respectively and processing situation of the function selected by specifying the tab on the display.

Abstract: In a counter mode encryption scheme, a sending device sends a first message including first cipher text and a first counter used to generate the first cipher text to a receiving device for decryption. The sending device subsequently generates a second counter for generating second cipher text. The sending device sends a second message including the second cipher text and intermediate state data corresponding to a change between the first counter second counter to the receiving device for decryption. The intermediate state data are represented by a smaller number of bits than the first counter. The method enables improved counter mode encrypted communication in networks that lose one or more intermediate messages between the first message and the second message.

Abstract: A computer implemented method, a data processing system, and a computer program publish an audio annotation of a media signal. A media player plays a media signal. The media player then records an audio annotation to the media signal. Responsive to recording the audio annotation to the media signal, the media player records an identifier to be associated with the media signal. The audio annotation is then published to a social networking host.

Abstract: A method is disclosed, and a corresponding data carrier and policy converter, for producing at least one Security Descriptor Definition Language, SDDL, rule from an eXtensible Access Control Markup Language, XACML, policy (P), wherein said at least one SDDL rule is enforceable for controlling access to one or more resources in a computer network. A reverse query is produced indicating a given decision (d), which is one of permit access and deny access, and a set (R) of admissible access requests. Based on the reverse query, the XACML policy (P) and the given decision (d) are translated into a satisfiable logic proposition in Boolean variables (vi, i=1, 2, . . . ) From said ROBDD, variable assignments (RCj=[ARCj1: v1=xj1, ARCj2: v2=xj2, . . . ], j=1, 2, . . . ) satisfying the logic proposition are derived and at least one SDDL rule is created based on said variable assignments (RCj=[ARCj1: v1=xj1, ARCj2: v2=xj2, . . . ], j=1, 2, . . . ) satisfying the logic proposition.

Abstract: A method of operating a virtual computing system includes receiving at a security controller security data corresponding to a candidate virtual machine that is proposed to be included in a virtualization environment managed by a virtualization environment manager, comparing the security data of the candidate virtual machine to security data of other virtual machines in the virtualization environment, and in response to the comparison, recommending that the virtualization environment manager exclude the candidate virtual machine from the virtualization environment. Related systems and computer program products are disclosed.

Abstract: Methods, systems, and computer-readable media for exception handling of interactive communications privileges governing interactive communications with entities outside a domain are disclosed. The interactive communications privileges may have been learned through domain administrator configuration or may have been self-learned without domain administrator input. The interactive communications privileges can be used to process interactive communications requests between entities inside a domain and entities outside the domain. Exceptions to the interactive communications privileges can be requested by user entities inside the domain for interactive communications with entities outside the domain. In this manner, if the interactive communications privileges are not sufficient according to user entities inside the domain, the user entities inside the domain can request exceptions for other interactive communications privileges with entities outside the domain.

Abstract: A computationally-implemented method comprises obtaining at least a portion of data from a data source, determining a content of the data, determining an acceptability of an effect of content of the data at least in part via at least two virtual machine representations of at least a part of a real machine having at least one end-user specified preference, at least one of the at least two virtual machine representations operating at least in part on an individual core of a multi-core system, and displaying at least one data display option based on the determining an acceptability of a content of the data.