Abstract: The invention is directed to systems and methods for detecting the loss, theft or unauthorized use of a device and/or altering the functionality of the device in response. In one embodiment, a device monitors its use, its local environment, and/or its operating context to determine that the device is no longer within the control of an authorized user. The device may receive communications or generate an internal signal altering its functionality, such as instructing the device to enter a restricted use mode, a surveillance mode, to provide instructions to return the device and/or to prevent unauthorized use or unauthorized access to data. Additional embodiments also address methods and systems for gathering forensic data regarding an unauthorized user to assist in locating the unauthorized user and/or the device.

Abstract: A data encoding apparatus for verifying data integrity by using a white box cipher includes: an encoding unit for encoding content by using a white box cipher table; and an arithmetic logic unit for performing an arithmetic logic operation on the white box cipher table and content information to output an encoded white box cipher table. The arithmetic logic operation is an exclusive OR operation. The content information is license information of the content or hash value of the license information of the content.

Abstract: A content protection apparatus using a white-box encryption table includes: a random number generation unit for generating a random number; a white-box encryption table for encrypting the random number and user information provided from a user to generate an encrypted output value; and an operation unit for performing an operation between the encrypted output value and data inputted from an outside to encrypt or decrypt the data.

Abstract: A system and method whereby the identity of a person, entity, device or the like attempting to gain access to a secured resource may be securely authenticated includes a means for receiving from a requester purporting to be an authorized user of a secured resource a request for access by an unauthorized user (such as, for example, a retail store, a service station, an on-line service provider or merchandiser, a healthcare provider, a medical insurer, an information consumer or the like) to the secured resource; a means for generating and communicating to the purported authorized user a challenge string adapted to provide a basis for authenticating the identity of the requester; a means for receiving a response string corresponding to the challenge string; and a means for evaluating the response string to authenticate the identity of the requester.

Abstract: A circuit is operable in a normal operating mode and a test mode. The circuit contains a privileged information supply circuit (12) coupled to the testable circuit (10). A test access circuit (19) provides access to the testable circuit (10). A test control circuit (18) controls switching of the test access circuit (19) to the test mode. A multiplex circuit (16) couples the privileged information supply circuit (12) to the testable circuit (10) for access to privileged information in the normal mode. In the test mode the shadow information supply circuit (14) is coupled to the testable circuit (10) instead.

Abstract: A system and method for uploading data from a customer system to a hosted system is disclosed. A stub is integrated with a firewall between the customer system and the hosted system. The stub includes an inbound layer on the customer system side of the firewall and an outbound layer on the hosted system side of the firewall, and the inbound layer includes a write-only directory. A demon is connected between the inbound layer and the outbound layer of the stub. The demon is configured to recognize newly received data in the write-only directory of the inbound layer, encrypt the newly received data to generate encrypted data, and move the encrypted data to the outbound layer for access by the hosted system.

Abstract: In some embodiments an embedded processor is to participate in cryptographic key exchange with an audio software application, and a key exchange communication path is coupled between the audio software application and the embedded processor. Other embodiments are described and claimed.

Abstract: Implementations of the present disclosure include methods, systems, and computer-readable storage mediums for secure client-side key storage for authentication tracking. Implementations include actions of determining, at a browser executed on a client-side computing device, that an application is authentic, the application being executed on a server-side computing device, in response to determining that the application is authentic, receiving a session signing key (SSK) at a sub-domain of an application domain, the sub-domain including a static script that handles the SSK and that selectively provides request signatures, receiving, at the sub-domain, a message requesting a request signature, determining that the message originated from an authentic origin, and in response to determining that the message originated from an authentic origin, providing a request signature to a source of the message, the request signature being based on the SSK.

Abstract: A processor-implemented method, system, and/or computer program product protects sensitive data in a received transmission. A network interface receives a data transmission, which includes multiple units of data. Any sensitive data in the received data transmission is identified by the recipient according to a pre-determined rule. Identified sensitive data from the data transmission is then encrypted.

Abstract: Improved systems and techniques for secure delivery of data. One or more data providers deliver encrypted data to a storage entity. For each of one or more authorized recipients of data delivered by a data provider, the data provider generates a re-encryption key and delivers it to the storage entity. The storage entity uses a recipient's re-encryption key to re-encrypt data to be delivered to the recipient. The recipient is able to use its own key to decrypt data that has been encrypted with the data provider's key and re-encrypted with the re-encryption key of the recipient. Delivery of data may be managed to insure that it reflects a consistent condition. Data may be homomorphically encrypted by each of a plurality of data providers and processed in aggregate at the storage entity, with a recipient being able to decrypt the aggregated data but not individual elements of the aggregated data.

Abstract: The invention relates to a method and to an electronic device for securing the computation of a modular exponentiation x=mD mod N against invasive attacks. The invention comprises applying a mask to the message m, and after the modular exponentiation is carried out, in verifying that the exponentiation was not altered thanks to properties introduced by the mask.

Abstract: The present invention relates to a method and system for the management of the mobility, the management of an idle mode, the registration management (management of attachment and detachment), and the location management (management of tracking area) of a terminal by using a non-access stratum (i.e., network stratum, hereinafter referred to as “NAS”) in a mobile telecommunication network. To this end, the method for the management of mobility, the management of an idle mode, the registration management, and the location management of a terminal by using a NAS protocol, i.e., messages, according to an embodiment of the present invention, includes a terminal (hereinafter, referred to as “UE”) and a mobility management entity (hereinafter, referred to as “MME”), and addresses to a method for efficiently processing security protected NAS messages if received messages are security protected NAS messages, in a case of sending or receiving messages serving as EMM (EPS Mobility Management) messages, i.e.

Abstract: In a method for generating a cipher-based message authentication code, a state array (25) comprised of rows (31-34) of bytes (S?0-S?15) and columns (41-44) of bytes (S?0-S?15) based on a message to be transmitted is generated. The cipher-based message authentication code is generated by retaining the bytes (29, 30) of at least one row (32, 34) of the state array (25).

Abstract: A method of enhancing security of a storage component communicating with a host processor over a bus comprises: receiving from the bus by the storage component one of a security unlock command, set password command, security disable command and security erase command along with a password associated therewith; determining a security state in which the storage component is operating at reception of the received command; determining if an enhanced security mode is enabled at reception of the received command; and performing security steps of the received command based the determined security state and the determined security mode.

Abstract: Techniques to share binary content are described. An apparatus may comprise a first related client having a message platform with a file share feature and an object store, the file share feature operative to retrieve a data object for a publishing client having a defined relationship with the first related client and a second related client, the first related client to send the data object to the second related client on behalf of the publishing client, and the object store operative to store and manage the data object using a unique name identifier received with the data object. Other embodiments are described and claimed.

Abstract: A storage control apparatus stores a device attribute that indicates whether a physical storage device that is made to be a basis of a pool of a creation target is an encryption device (a physical storage device that is provided with an encryption function) or an unencryption device (a physical storage device that is not provided with an encryption function) as a pool attribute for the pool. In the case in which a pool attribute that has been stored for a pool with which a virtual volume that is a virtual logical volume of a creation target is associated indicates both of an encryption and an unencryption, the storage control apparatus associates the virtual volume of a creation target with a physical storage device that conforms to an attribute that has been specified as a volume attribute of the virtual volume of a creation target among an encryption device and an unencryption device that are a basis of a pool of the associated destination.

Abstract: Systems, methods and apparatus for a content item inspection. A plurality of portions of a content item are received in a buffer, the buffer divided into a plurality of segments. A partial signature of the content item is computed using the received portions of the content item in a most recently received segment and a partial signature computed for a preceding segment. The computed partial signature is compared against a plurality of partial signatures associated with trustworthy content items. If a matching partial signature associated with a trustworthy content item is found for the computed partial signature, the most recently received segment is allowed to be transmitted to a device that requested the content item.

Abstract: A method in one embodiment includes establishing a first secure tunnel between a scanner and a configuration manager, and a second secure tunnel between the scanner and a scan controller, where the scanner is located in a public network and the configuration manager and the scan controller are located in a private network, communicating scanner configuration information between the scanner and the configuration manager over the first secure tunnel, and communicating scan information between the scanner and the scan controller over the second secure tunnel. The secure tunnels may be established from within the private network, by forwarding a first origination port and a second origination port to a first destination port and a second destination port, respectively. The first and second origination ports may be located in the public network, and the first and second destination ports may be located in the private network.

Abstract: Embodiments provide a system for content distribution and protection. The system first receives an order from a user for a protected document. In response to a successful user authentication, the system generates an access code for the user to access the protected document. In response to a received user reading request, the system validates the access code for a reading session. The system then transfers a set of URLs for accessing a set of pages and associated metadata in the protected document to the user. The set of URLs are valid for a period of time. Responsive to a request for reading a next set of pages, the system again validates the access code for the session and transfers another set of URLs for accessing the next set of pages. The system also logs user activities related to the protected document.

Abstract: An electronic monitoring system located in a second service area when an electronic monitoring target has moved from a first service area having a first authority to the second service area having a second authority starts electronic monitoring for the electronic monitoring target that has moved into the second service area, configures a temporary electronic monitoring authority based on the first authority and the second authority, and executes the electronic monitoring on the electronic monitoring target in the second service area according to the configured temporary electronic monitoring authority.