Abstract: A video processing device for encrypting a compressed video signal that includes a key storage device for storing at least one encryption key. An encryption processing device retrieves the at least one encryption key from the key storage device, and directly encrypts an elementary bit stream into at least one encrypted elementary bit stream.

Abstract: Various embodiments provide a method and apparatus of providing accelerated encrypted connections in a cloud network supporting transmission of data including per-user encrypted data. Transmission of encrypted data from an application server uses an encryption scheme that encrypts static data using a first encryption scheme that derives keys from the content itself and encrypts dynamic data, such as dynamic website content with personalized user data, using a second encryption scheme.

Abstract: Multi-tiered distributed security authentication and filtering. One embodiment comprises managing user access to one or more computing resources, by centrally maintaining user subscription information comprising user authentication information and system authorization information, and providing relevant subscription information from the user subscription information to one or more remote computing systems. Managing user access further includes, in a remote computing system, authenticating a user login to the remote computing system based on user authentication information from said relevant subscription information, and upon user authentication, selectively authorizing user access to computing resources of the remote computing system based on system authorization information from said relevant subscription information.

Abstract: A system includes authentication of a user with a first server, reception of a request from the user to authenticate the user with a second server, requesting, from the first server, in response to receiving the request, user credentials to access the second server, reception of the user credentials from the first server, and transmission of the user credentials to the second server.

Abstract: A material set, such as an asymmetric keypair, is processed using an associated workflow to prepare the material set for activation and/or use. In one embodiment, a material set is generated and information about the material set is communicated to a workflow manager. Based at least on the information, the workflow manager generates a workflow that when accomplished will allow the material set to be activated and/or used. In another embodiment, a service provider provides a key manager, workflow manager and destination for the key, such as a load balancer that terminates SSL connections. A key can be generated by the key manager, sent through the workflow manager for processing (potentially communicated to third parties such as a certificate authority, if needed) and installed at a destination.

Abstract: An apparatus, method, system and computer-readable medium are provided for preserving an encryption of data when confronted by an attack, such as a side channel analysis (SCA) attack based on a statistical analysis. In some embodiments, hardware, software, and/or firmware associated with an encryption calculation may be exercised or accessed during a background operation when an actual or real operation is not taking place. During the background operation, dummy values for data and one or more keys may be input to the hardware. A switching between the real operation and the background operation may take place seamlessly such that measurement of a physical characteristic associated with the hardware is indistinguishable in terms of when the real and background operations are active. In this manner, the secrecy of a key used in connection with the real operation may be preserved.

Abstract: Methods, systems, and techniques for managing groups of entities, such as individuals, employees, or systems, and providing entitlement and access to computer resources based on group membership are provided. Example embodiments provide a Group Management System having a Group Management Engine “GME,” an Entitlement Engine, and a Provisioning Engine, which work together to allow simplified grouping of entities and providing entitlement and access to the entities based upon the group membership. In one embodiment, the GME leverages dynamic programming techniques to enable accurate, scalable systems that can manage near real time updates and changes to the group's status or to the entities' status. These components cooperate to enable provisioning of applications based upon current entitlement.

Abstract: Disclosed are various embodiments for determining if a requesting client is within a predetermined distance of a location of a trusted client. In one embodiment, a trusted signal having a plurality of trusted signal metrics may be established by the trusted client as being associated with a specified location. The trusted signal may then be rendered to the requesting client to be recorded as a contested signal. In one embodiment, an authentication service may then determine if the contested signal is of an adequate signal quality according a predetermined quality threshold. Assuming the contested signal is of an adequate quality, the authentication service then determines that the requesting client is within a common acoustic environment as the trusted client if the contested signal corresponds to the trusted signal by comparing a plurality of contested signal metrics with a plurality of trusted signal metrics.

Abstract: Exemplary method, system, and computer program product embodiments for cryptographic erasure of selected encrypted data are provided. In one embodiment, by way of example only, data files are configured with a derived key. The derived keys adapted to be individually shredded in a subsequent erasure operation. The derived key allows for cryptographic erasure of the selected encrypted data in the data files without necessitating at least one of removal and rewrite of retained data. Additional system and computer program product embodiments are disclosed and provide related advantages.

Abstract: During a bootstrapping process, path names of necessary bootstrap modules are collected and stored into a file. When an infected bootstrap component is detected, the method initiates emulation of the bootstrapping process within a virtual machine rather than directly cleaning malware from the infected bootstrap component. A settings file is copied into the virtual machine indicating the necessary bootstrap components in the host computer (including the infected component). Alternatively, the actual components are copied into the virtual machine. A clean version of the infected bootstrap component is made available to the virtual machine. The virtual machine is launched using the bootstrap components (including the clean version of the infected bootstrap component) and it emulates the bootstrapping process of the operating system. A successful bootstrap indicates the infected bootstrap component may be cleaned on the host computer.

Abstract: A method and system for mobile information security protection may include extracting, by a first processor, identification information corresponding to a plurality of applications installed on a mobile device, sending the extracted identification information to a server, matching, by a second processor, the identification information to information stored in a database storage, receiving matched information from the database storage as a result of matching the identification information, sending the matched information to the mobile device, and presenting the matched information to a user of the mobile device.

Abstract: Improved handling of battery recognition tasks in an electronic device such as a cell phone, smart phone, computer system, recording device or others is facilitated. Recognition of a battery so as to enable exchange of power between the device and the battery is determined by a match between one of a plurality of number strings stored in the device and the decrypted response to an encrypted challenge derived from the one of stored number string.

Abstract: A method for containing a threat in network environment using dynamic firewall policies is provided. In one example embodiment, the method can include detecting a threat originating from a first node having a source address in a network, applying a local firewall policy to block connections with the source address, and broadcasting an alert to a second node in the network. In more particular embodiments, an alert may be sent to a network administrator identifying the source address and providing remedial information. In yet other particular embodiments, the method may also include applying a remote firewall policy to the first node blocking outgoing connections from the first node.

Abstract: A mobile device management system that monitors the security state of one or more mobile devices and sets indicators related to such security state. Enterprise network applications, such as an email application, can access the security state information when making access control decisions with respect to a given mobile device.

Abstract: A system includes a location look-up module that determines a current location for a user log-on to the network, and determines a next location of the user log-on to the network. An analyzer module analyzes at least one portion of the network for potential future location information for authenticating with the determined next location by an authorization module. The authorization module authenticates the next log-on to the network based on a comparison with the potential future location information.

Abstract: A method and system for application-based monitoring and enforcement of security, privacy, performance and/or other policies on a mobile device includes incorporating monitoring and policy enforcement code into a previously un-monitored software application package that is installable on a mobile device, and executing the monitoring and policy enforcement code during normal use of the software application by a user of the mobile device.

Abstract: A method and system for application-based monitoring and enforcement of security, privacy, performance and/or other policies on a mobile device includes incorporating monitoring and policy enforcement code into a previously un-monitored software application package that is installable on a mobile device, and executing the monitoring and policy enforcement code during normal use of the software application by a user of the mobile device.

Abstract: An information security method for a mobile terminal. The method includes setting security information for a content associated with a first user, uploading the content to a Social Network Service (SNS) site, and uploading the security information to the SNS site to permit the SNS site to register the security information in order to display the content according to the security information when the content is accessed by a second user via the SNS site.

Abstract: A method, system and program for uploading a resource from remote storage to a remote service. The method comprises the steps of connecting to the remote service, initiating an upload of the resource to the remote service, selecting the remote storage as a source of the resource, acquiring the resource from the remote storage, and uploading the resource to the remote service. In one embodiment, at least part of the method is executed by a proxy server and the step of acquiring the resource from the remote storage comprises downloading the resource to the proxy server. In another embodiment, the remote service communicates directly with the remote storage. In this further embodiment, a client device acquires authentication data for the resource from the remote storage and the step of acquiring the resource from the remote storage includes providing the authentication data to the remote storage.

Abstract: The method includes the steps of: a) generating by an application software (SWA) a message forming a key (DKE) comprising an encrypted data field containing a time-stamping or sequencing time marker; b) transferring the message to a portable communication device (CD), held by a user; c) transmitting the message, by short-range transmission, from the communication device to a reading interface (ERED) coupled to a lock device (LOCK); d) analyzing the message by decrypting the data field and checking the consistency of the time marker with an inner clock of the interface or with a sequence number memorized in the interface; and e) in case of compliant message, sending from the interface to the lock device a digital accreditation (OPEN) stored in memory in the interface and to operate the lock device unlocking upon recognizing the compliance of said digital accreditation.