Abstract: A method of maintaining a blacklist for gesture-based passwords is provided. A data store of index values corresponding to gestures is maintained on a blacklist server. Upon receiving a new gesture based password, an electronic device converts the password to an index value and forwards that index value to the blacklist server. The blacklist server increases an occurrence of the received index value by one in a data store and if the increase results in a blacklist threshold being exceeded, the index value is inputted to the blacklist. A notification can be sent back to the electronic device if the forwarded index value is on the blacklist or is inputted to the blacklist.

Abstract: A method and system for authenticating an internet user identity by cross-referencing and comparing at least two independent sources of information. A first IP address of an internet user is identified and the geographical location of the first IP address is traced to determine a first location. The geographical-location of a communication voice device of said internet user is identified to determine a second location. The first and second locations are compared for geographical proximity to confirm the identity of the internet user. Based upon geographical proximity of said locations, a score is assigned to the internet user, and access to a website is allowed or limited based upon said score. Alternatively, additional authentication information can be required or access can be terminated.

Abstract: A Multilevel Security (MLS) server provides MLS functionality to single-level applications running on a remote Multiple Independent Level Security (MILS) or MLS client device. More specifically, the MLS server provides a plurality of different security domains in which applications can execute. The client device executes a single-level application in a first security domain, the single-level application not natively capable of communicating with other domains. The single-level application in the first security domain sends a request to the MLS server. The MLS server receives the request, passing it to all applicable domains, including a second security domain, where it is duly executed. The MLS server then provides the results of the request execution—if any—back to an appropriate application on the client device.

Abstract: A method for revoking access to a mobile device includes providing a plurality of authenticated applications accessible by the mobile device, and providing a plurality of revocation timeout intervals for revoking access by the mobile device to the plurality of authenticated applications. Access to a first authenticated application is revoked after a first timeout interval and access to a second authenticated application is revoked after a second timeout interval.

Abstract: There are disclosed systems and methods for reducing the number of computations performed by a computing device constructing a public key from an implicit certificate associated with a certificate authority in an implicit certificate scheme. In one embodiment, the device first operates on the implicit certificate to derive an integer e. The device then derives a pair of integers (e1, e2) from the integer e, such that each of the pair of integers (e1, e2) has a bit length less than the bit length of the integer e, and such that the ratio of the pair of integers (e1, e2) corresponds to the integer e. The device then computes the public key by combining the integers e1 and e2 with public key contribution data derived from the implicit certificate and a public key of the certificate authority.

Abstract: The present invention provides a system, method, and computer-readable medium that opportunistically install a software update on a computer that closes a vulnerability that existed on the computer. In accordance with one aspect of the present invention, when antivirus software on a computer identifies malware, a method causes a software update that closes the vulnerability exploited by the malware to be installed on the computer. The method includes identifying the vulnerability exploited by the malware, using a software update system to obtain a software update that is configured to close the vulnerability; and causing the software update to be installed on the computer where the vulnerability exists.

Abstract: An authentication agent apparatus includes a communication request reception unit that receives a communication request to a client B of an authentication server from a client A of the authentication server, a data reception unit that receives data to be transmitted to the client B from the client A, an authentication request unit that issues to the authentication server an authentication request on the client A, a communication enabling request unit that requests the authentication server to enable communication between the client A and the client B, an enabling data acquisition unit that acquires enabling data to enable the communication with the client B from the authentication server, and a generation unit that generates transmission data to be transmitted to the client B on the basis of the enabling data and the data to be transmitted.

Abstract: An IC chip, a board, information processing equipment, and a storage medium are provided that can prevent, even when information is transferred between a plurality of programs, leaking of the right protection algorithm of information in connection with the transfer. A security board is included an IC chip having a secure module. The secure module receives an encryption key request signal, and generates a communication encryption key every time when the encryption key request signal is received, the communication encryption key being used to encrypt information to be transferred between a plurality of programs. The number of times the communication encryption key is supplied is counted. If the counted number is equal to or less than a predetermined number, the communication encryption key is supplied to outside. If the counted number exceeds the predetermined number, the supply of the generated communication encryption key to outside is stopped.

Abstract: To provide a copyright protection storage medium in which copyright protected contents are recorded by an information recording apparatus connected to a content server providing copyright protected contents and a license server handling licenses concerning recording/playback of the copyright protected contents through a network, in which the copyright protected contents are written by a simple copy-and-paste when the information recording apparatus is possessed by a prescribed user, and the copyright protected contents are written by combining a domain model which assures playback in the apparatus and a media-bind model when the information recording apparatus is possessed by another user.

Abstract: A memory system includes a storage device storing a plurality of instructions and a central processing unit processing an instruction fetched from the storage device, wherein the central processing unit detects a change in the instruction fetched from the storage device while processing the instruction.

Abstract: Embodiments of the invention improve the detection of malicious software applications, such as a rootkit, on hosts configured to access storage volumes over a storage area network (SAN). A rootkit detection program running on a switch may be configured to detect rootkits present on the storage volumes of the SAN. Because the switch may mount and access storage volumes independently from the (possibly comprised) hosts, the rootkit is not able to conceal itself from the rootkit detection program running on the switch.

Abstract: A specific method is provided for recording, management and confidential distribution of meetings by means of multiple electronic devices, fitted with at least one microphone, mainly a mobile phone, an electronic agenda, or laptop. The method includes recording the meeting, sending this recorded data to the remote server, audio track synchronization, selecting optimum track sections to produce an optimum final track, store this ciphered, coded track in the database, and, finally, publish this track in a confidential manner.

Abstract: Policy filtering services are built into security processing of an execution environment for resolving how to handle a digital security certificate of a communicating entity without requiring a local copy of a root certificate that is associated with the entity through a certificate authority (“CA”) chain. Policy may be specified using a set of rules (or other policy format) indicating conditions for certificate filtering. This filtering is preferably invoked during handshaking, upon determining that a needed root CA certificate is not available. In one approach, the policy uses rules specifying conditions under which a certificate is permitted (i.e., treated as if it is validated) and other rules specifying conditions under which a certificate is blocked (i.e., treated as if it is invalid). Preferably, policy rules are evaluated and enforced in order of most-specific to least-specific.

Abstract: A computer system includes a mashup section that provides a mashup that performs an action on a resource. An attribute identification section identifies an attribute of a user running the mashup. An access control section provides access control. The mashup is associated to a permission artifact. The permission artifact specifies a principal and whether to permit the principal to take the action on the resource. The access control is triggered only when the mashup attempts to perform the action on the resource, and checks whether the attribute of the user running the mashup is predefined as belonging to the principal specified in the permission artifact associated to the mashup, and then permits the action on the resource only when the attribute belongs to the principal. Plural users with the same attribute belong to the principal when the same attribute is defined as belonging to the principal.

Abstract: instructions to: (1) process first data by encrypting based on a first key and re-arranging based on a first mapping to obtain second data, where a first element included in the first data is associated with a first index corresponding to a location in a first memory; (2) request to store the second data in a second memory at locations determined based on the first mapping; (3) in response to determining that the first element is not stored in the first memory, request a second element from the second memory; and (4) in response to determining that the first element is stored in the first memory: (a) retrieve the first element from the first memory; and (b) request a third element from the second memory that has not been previously requested, without requesting the second element from the second memory.

Abstract: Apparatus and method to decode video data while maintaining a target video quality using an integrated error control system including error detection, resynchronization and error recovery are described. Robust error control can be provided by a joint encoder-decoder functionality including multiple error resilience designs. In one aspect, error recovery may be an end-to-end integrated multi-layer error detection, resynchronization and recovery mechanism designed to achieve reliable error detection and error localization. The error recovery system may include cross-layer interaction of error detection, resynchronization and error recovery subsystems. In another aspect, error handling of a scalable coded bitstream is coordinated across a base-layer and enhancement layer of scalable compressed video.

Abstract: A device, system, and method are directed towards facilitating a registration of a user for a network service. In one embodiment, a server receives, from a user at a client device, user information including at least one text block. The server analyzes the text block to determine an authenticity value of the user information. The analysis may be based on the length of a lexicon of the text block, the size of a word such as the longest word in the text block, or the number of clauses in the text block. The analysis may be further based on expected values determined by such values in authentic text blocks of a similar nature. Based on the authenticity value, the system may allow the user to access the network service, disallow access to the network, allow conditional access, queue the registration application for further review, or take other actions.

Abstract: A system and method for protecting computing systems, and more particularly a system and method which a dedicated hardware component configured to communicate with a protection program. A computer hardware subsystem includes a memory comprising content. The content is at least a list of files which have been modified within a predetermined period of time. The list of files is a subset of files of a hard drive. A dedicated hardware component is configured to track the files which have been modified and provide a location of the files to the memory. A communication link between the dedicated hardware component and a protection program provides the protection program with the subset of files of the hard drive as referenced by the memory content.

Abstract: A system to print a security document and a control method thereof. The printing system simplifies a security procedure, and minimizes or prevents the security document from being illegally copied or copied without authorization. The printing system includes an input unit which receives an authenticator to copy the security document, and an output unit which determines whether the authenticator is equal to an authentication mark on the security document, and copies the security document in different ways according to the determined result.

Abstract: A method is provided for tamper detection of a transmitted signal. The method is comprised of generating a first digital data signal having a first data rate. The method is also comprised of generating a second digital data signal having a second data rate. The method is further comprised of concurrently transmitting the first digital data signal at a first carrier frequency using a first modulation format and the second digital data signal at a second carrier frequency using a second modulation format. The method includes selecting the second carrier frequency and a bandwidth of the second digital data signal so that the second digital data signal is contained within a frequency spectrum defined by a bandwidth of the first digital data signal. The method also includes verifying an integrity of the first digital data signal at a remote receiver based on defection at the remote receiver of the second digital data signal. A system (100) is also provided for generating a tamper-protected transmitted signal.