Abstract: A method and a system for collecting and maintaining historical party reputation data and for using the historical party reputation data to calculate an access decision rating and recalculating the access decision rating when the historical party reputation data has changed has a reputation updater for updating a reputation when a party's reputation has changed, a reputation storer for storing the party's reputation, an access decision rating maker for making a rating on a party's access abilities based upon the party's reputation and reputation history storage for storing a party's reputation having access decision rating storage for storing previous and present access decision storage ratings.

Abstract: A method for verifying the certification of a recording apparatus (14) associated to a control device (12), wherein the control device (12) validates a first certificate written on the recording apparatus (14). Furthermore, a method for identification of a recording apparatus (14), a method for handling a recording apparatus (14), and a recording apparatus for use in connection with a control device (12) are disclosed.

Abstract: A data storage unit can store an encrypted medium device key Enc (Kcu, Kmd_i), and a medium device key certificate (Certmedia). A controller can include an information recording unit to store a controller key (Kc) and first controller identification information (IDcu). A key generation unit executes a one-way function calculation based on the controller key and the first controller identification information to generate a controller unique key (Kcu). An identification information generating unit executes a one-way function calculation based on the controller key and the first controller identification information to generate second controller identification information (IDcntr). A key encryption unit encrypts the medium device key (Kmd_i) by the controller unique key (Kcu) to generate encrypted medium device key Enc (Kcu, Kmd_i). A key exchange unit executes an authentication key exchange process with a host device using the medium device key (Kmd_i) and the medium device key certificate (Certmedia).

Abstract: A method for encoding macroblock units of a video image, and a related system are disclosed. The method includes: receiving the video image; generating a plurality of information types of a first macroblock unit; and storing the information types of the first macroblock unit in a continuous address space in the buffer. The system includes: an encoder, for receiving the video image, and generating a plurality of information types of a first macroblock unit; and a buffer, coupled to the encoder, for storing the information types of the first macroblock unit in a continuous address space in the buffer.

Abstract: Methods and apparatus for installing browser extensions are disclosed. An example method includes receiving a browser extension installation package in a main browser process, validating a digital signature of the installation package and launching a sandboxed sub-process of the browser application. The example method includes, in the sandboxed sub-process: respectively transcoding or recoding at least one of the plurality of constituent files, where the transcoded and/or recoded files replace their corresponding original constituent files. The example method includes, after the transcoding and/or recoding, passing the constituent files from the sandboxed sub-process to the main browser process and installing the browser extension to the browser application using the transcoded and/or recoded files.

Abstract: An overall cyber security risk diagram is generated from a hierarchy of determined KPI's by combining a Procedures and Protocol KPI determined from values assigned to answers to questions presented to organization personnel implementing a control systems, with a Group Security Policies KPI that is determined from system-wide policy information and settings of the automation system by an automated processing device tool, and a Computer Settings KPI determined from device setting data collected from individual system devices by the automated processing device tool and relevant to cyber security. The device setting data comprises service areas unique to each device that are not assessable by review of the domain data collected and used to determine the Group Security Policies KPI. Each level of the hierarchy of determined KPI's may be used to generate a representation of relative risk of a cyber-security attribute.

Abstract: In some embodiments, a phishing detection method includes computing a first phishing indicator of a target webpage; when the target webpage is considered suspicious of phishing according to the first phishing indicator, computing a second phishing indicator of the target webpage, and deciding whether the webpage is a phishing site according to the first and second phishing indicators. Computing the second phishing indicator comprises comparing a word content (semantic content) of the target webpage to a word content of each of a plurality of reference webpages. Comparing the word contents may include counting the number of visible words which are common to the target and reference webpages, and/or computing a ratio of a number of words which are common to the target and reference webpages to the total number of words in both the target and reference webpages.

Abstract: A method includes obtaining input to modify a policy of a set of context-aware document policies. A policy of the set is applicable to a requested action on a document so as to indicate allowability of the requested action based at least on satisfaction of a condition of the policy that relates to a content of the document. When a plurality of policies of the set are applicable to the requested action on the document, allowability of the requested action is determined by the allowability that is indicated by application of the applicable policy with a highest priority. The modified policy is compared with another policy of the set. If the comparison indicates the modified policy and the other policy are applicable to a single requested action on a single document, the set of policies is automatically ensured to remain self consistent.

Abstract: Techniques for highly parallel evaluation of XACML policies are described herein. In one embodiment, attributes are extracted from a request for accessing a resource including at least one of a user attribute and an environment attribute. Multiple individual searches are concurrently performed, one for each of the extracted attributes, in a policy store having stored therein rules and policies written in XACML, where the rules and policies are optimally stored using a bit vector algorithm. The individual search results associated with the attributes are then combined to generate a single final result using a predetermined policy combination algorithm. It is then determined whether the client is eligible to access the requested resource of the datacenter based on the single final result, including performing a layer-7 access control process, where the network element operates as an application service gateway to the datacenter. Other methods and apparatuses are also described.

Abstract: A system for enabling a device to compute an outcome of an exponentiation Cx having a base C and/or an exponent x, the system comprising means for establishing a plurality of values ?i; means for establishing a plurality of values ?i satisfying ?i=C?i; means for establishing a plurality of values ?i satisfying that the sum of the values ?i?i equals x; and an output for providing the device with the plurality of values ?i. A device computes an outcome of the exponentiation Cx. The device comprises means for computing a product of the values ?i to the power of ?i. The device is arranged for using the product as a result of the exponentiation Cx.

Abstract: Techniques for building and managing network policies for accessing resources of a datacenter are described herein. In one embodiment, events are captured within a network element pertaining to certain activities of accessing certain resources of a datacenter, wherein the network element operates as an application service gateway to the datacenter. A new rule/policy is provisioned based on attributes extracted from the captured events, where the attributes includes at least one of user attribute, environment attribute, and a resource attribute. A simulation is performed on the new rule/policy under a real time network traffic condition, generating a simulation result. The new rule/policy is committed if the simulation result satisfies a predetermined condition, wherein the new rule/policy is enforced within the network element to determine whether a particular client is eligible to access a particular resource of the datacenter. Other methods and apparatuses are also described.

Abstract: A security system is provided for use with computer systems. In various embodiments, the security system can analyze the state of security of one or more computer systems to determine whether the computer systems comply with expressed security policies and to remediate the computer systems so that they conform with the expressed security policies. In various embodiments, the security system can receive compliance documents, determine whether one or more computer systems comply with portions of security policies specified in the compliance documents, and take actions specified in the compliance documents to cause the computer systems to comply with the specified security policies. The security system may provide a common, unified programming interface that applications or tools can employ to verify or enforce security policies.

Abstract: Methods, apparatus, products are disclosed for providing policy-based application services to an application running on a computing system. The computing system includes at least one compute node. The compute node includes an application and a plurality of application services of a service type. Providing policy-based application services to an application running on a computing system includes establishing, on the compute node, a service policy specifying one of the application services of the service type for use by the application, establishing a performance ruleset, the performance ruleset specifying rules for analyzing the performance of the computing system, measuring performance of the computing system, and adjusting the service policy in dependence upon the performance ruleset and the measured performance. Providing policy-based application services to an application running on a computing system may also include accessing, by the application, the specified application service.

Abstract: An electronic image data verification program disclosed herein is capable of detecting presence or absence of a change, specifying a changed portion (the position of a change) if present, and making the presence or absence and the changed portion provable to third parties, by generating partial signature information separately from electronic image information to be registered, by dividing and maintaining the partial signature information, and by clearly separating functions/roles of the electronic image information (original information) and the partial signature information (verification information).

Abstract: According to one embodiment, an information processing device includes a receiving section configured to receive a trigger signal from a device connected thereto, a verifying section configured to verify the trigger signal when the receiving section receives the trigger signal, and an activating section configured to activate the system when the verification of the trigger signal is successfully made by the verifying section.

Abstract: A configuration for achieving efficient content verification processing based on hash values is provided. Hash values of hash units set as segmented data of a content stored on an information storage medium are recorded in a content hash table and are stored on the information storage medium together with the content. An information processing apparatus for executing content playback executes hash-value comparison processing based on one or more randomly selected hash values. Regardless of the data amount of content, the configuration can perform hash-value determination and comparison processing based on hash units having a small amount of data, so that user equipment for executing content playback can perform efficient content verification.

Abstract: There is provided an authentication method for a system (10) comprising several devices (30). The method involves: a) providing each device (30) with an identity value (pi: i=1, . . . , n) and a polynomial (P) for generating a polynomial key; (b) including a verifier device (p1) and a prover device (P2)amongst said devices (30); (c) arranging for the prover device (p2) to notify its existence to the verifier device (P1); (d) arranging for the verifier device (pi) to challenge the prover device (p2) to encrypt a nonce using the prover (P2)device's polynomial (P) key and communicate the encrypted nonce as a response to the verifier device (p1); (e) arranging for the verifier device (p1) to receive the encrypted nonce as a further challenge from the prover device (pZ) and: (i ) encrypt the challenge using the polynomial keys generated from a set of stored device identities; or (ii) decrypt the challenge received using the set of polynomial keys; until said verifier device (p1) identifies an authentication match.

Abstract: A non-transitory machine-readable storage medium storing program code for causing a processor to establish a plurality of links to a plurality of devices communicatively coupled to the processor, a particular link of the plurality of links supporting control-plane communications between the processor and a particular device of the plurality of devices over a wireless access network; receive a server message from a particular server of a plurality of servers communicatively coupled to the processor, the server message comprising message payload for delivery to the particular device; generate an encrypted message comprising the message payload and an identifier identifying a particular agent of a plurality of agents on the particular device; and send the encrypted message to the particular device over the particular link, wherein establishing the plurality of links comprises executing a link initialization sequence associating the particular link with a credential associated with the particular device.

Abstract: A method, performed by a video provisioning system, may include receiving a request for a first digital rights management (DRM) token, associated with a video asset purchased via the video provisioning system, from a browser application associated with a user device and providing the first DRM token to the browser application. The method may further include receiving a license authorization request to issue a DRM license for the video asset, where the license authorization request is received from a license server, where the DRM license is to be used by the user device to decrypt the video asset, and where the license authorization request includes a second DRM token; determining whether the second DRM token matches the first DRM token; and authorizing the license server to issue the DRM license for the video asset, when the second DRM token matches the first DRM token.

Abstract: A system and method are provided for identifying active content in websites on a network. One embodiment includes a method of classifying web content. In one embodiment, the classifications are indicative of active and/or malicious content. The method includes identifying properties associated with the web page based at least partly on the content of the web page and storing said properties in a database of web page properties. The method further includes comparing at least one definition to properties stored in the database of web page properties and identifying the web page with at least one definition based on comparing said definition with said stored properties. The method further includes identifying the web page with at least one category associated with the at least one definition, wherein said category is indicative of active content associated with the web page. Other embodiments include systems configured to perform such methods.