Abstract: A wireless mesh network includes a plurality of nodes to which a device key is assigned. The device key belongs to one of a plurality of groups. In a root node, a correspondence relationship between the nodes and the device key thereof, and a correspondence relationship between past join nodes and a device key thereof, are stored. When a new node in the wireless mesh network is detected as a past join node, the device key assigned to the past join node is assigned to the new node again. When the new node is not the past join node, a new device key is assigned to the new node. A cipher text is generated by encrypting a message using device keys assigned to the nodes and the new node. If the number of groups to which the device keys belong is fewer, a size of the cipher text is smaller.

Abstract: Two approaches are provided for distributing trust among a set of certificate authorities. Each approach may be used to secure data in motion. One approach provides methods and systems in which the secure data parser is used to distribute trust in a set of certificate authorities during initial negotiation (e.g., the key establishment phase) of a connection between two devices. Another approach provides methods and systems in which the secure data parser is used to disperse packets of data into shares. A set of tunnels is established within a communication channel using a set of certificate authorities, keys developed during the establishment of the tunnels are used to encrypt shares of data for each of the tunnels, and the shares of data are transmitted through each of the tunnels. Accordingly, trust is distributed among a set of certificate authorities in the structure of the communication channel itself.

Abstract: Various embodiments of systems and methods for providing a secure communication are described herein. A client application generates a Distributed Ruby (DRb) request based on a request received from a user. The obtained DRb request is wrapped to obtain an HTTPS request, which includes the DRb request and one or more authentication information. The generated HTTPS request is forwarded to an HTTPS server, which verifies the HTTPS request based on the authentication information. The HTTPS request is then unwrapped to obtain the DRb request, which is executed by a DRb server to obtain a result of execution of the DRb request.

Abstract: Systems and methods are provided for distributing trust among a set of certificate authorities. One approach provides methods and systems in which the secure data parser is used to distribute trust in a set of certificate authorities during initial negotiation of a connection between two devices. Another approach provides methods and systems in which the secure data parser is used to disperse packets of data into shares. A set of tunnels is established within a communication channel using a set of certificate authorities, keys developed during the establishment of the tunnels are used to encrypt shares of data, and the shares of data are transmitted through each of the tunnels.

Abstract: Methods and systems for monitoring a stream application are disclosed. The stream application is composed from a plurality of processing elements executing on one or more compute nodes. A graphical user interface display presents a user with at least a portion of an operator graph in a running stream application. The operator graph represents the plurality of processing elements, and links between processing elements, corresponding to a flow of data tuples through the stream application. A monitoring application then monitors user interactions with the presentation of the portion of the operator graph on the graphical user interface display and identifies at least a first modification to the stream application based on a processing state of the stream application and the monitored user interactions.

Abstract: A method and apparatus for transmitting a subset voice stream associated with a subset talk group. A voice communication device receives a session identifier from an associated data communication device engaged. The voice communication device transforms the session identifier into a session key identifier, obtains an encryption algorithm implementing a subset talk group filtering feature and a voice encryption key identifier, and combines the session key identifier with the voice encryption key identifier to generate a signaling key identifier. The voice communication device associates the signaling key identifier and an encryption algorithm identifier with the subset voice stream during transmission of the subset voice stream to a receiving voice communication device.

Abstract: First source code of a computer program having a plurality of lines of instructions is received. An obfuscation process is performed on the first source code, including at least two of a shuffling operation, a fertilizing operation, an aggregating operation, and a neutralizing operation. Second source code is generated based on the obfuscation process, where the second source code, when executed by a processor, produces an identical result as the first source code.

Abstract: A security risk of a computer network is assessed by simulating a threat environment of the computer network, wherein the threat environment includes a vulnerability and a website, simulating a protection environment of the computer network and a computer system in the computer network, and simulating network activity of the computer system. The security risk of the computer network is assessed based at least in part on the simulated threat environment, the simulated protection environment, and the simulated network activity of the computer system.

Abstract: A method begins by a module to generate a secure signature on an item by selecting a first key representation index of a set of key representation indexes, wherein a first mathematical encoding of a private key generates a first plurality of key shares as a first key representation. The method continues with the module determining whether a first plurality of signature contributions have been received in response to a signature request for the item based on the first key representation index, wherein one of a first set of dispersed storage (DS) units executes a first mathematical signature function using one of the first plurality of key shares on the item to produce a signature contribution of the first plurality of signature contributions and when the first plurality of signature contributions have been received, generating the secure signature on the item from the first plurality of signature contributions.

Abstract: A syndication system facilitates rights management services between media content owners and media hosting services that elect to participate in the syndication system and mutually elect to participate with each other. The syndication system utilizes a content recognition system to identify hosted media content and ownership rights associated with the hosted content. By applying melody recognition, the content recognition system can identify compositions embodied in hosted media content even when these compositions do not precisely match any known sound recording. Thus, the content recognition system is beneficially able to detect, for example, recorded cover performances and recorded live performances embodied in hosted media content. Once identified, ownership information is determined and the syndication system can facilitate rights management policies associated with the content such as monetizing or blocking the protected content.

Abstract: A digital broadcast receiver and a booting method of the digital broadcast receiver are disclosed herein. A method of secure booting of a system in a digital broadcast receiver comprises aligning a plurality of interleaved portions to generate a digital signature, respectively, with an entire firmware image, generating a digital signature of each interleaved portion, selecting a specific interleaved portion, generating a first message digest to read a region of the selected interleaved portion in the entire firmware image and a second message digest from the digital signature of the selected interleaved portion and verifying the firmware image based on the first and second message digest and booting the system in the digital broadcast receiver.

Abstract: A Session Initiation Protocol Application Server for use within an IP Multimedia Subsystem. The Application Server comprises a receiving unit for receiving a Session Initiation Protocol message from a Serving Call Session Control Function, the Serving Call Session Control Function serving an IP Multimedia Subsystem user and the message containing within a message header an explicit identification of said user. A processing unit determines an action to be applied to said message and includes within a header of the message a role value defining a role of said user in respect of the action. A transmitter unit returns the message including the role value to said Serving Call Session Control Function.

Abstract: A content recognition system operates in conjunction with a media hosting service to identify hosted media content and ownership rights associated with the hosted content. By applying melody recognition, the content recognition system can identify compositions embodied in hosted media content even when these compositions do not precisely match any known sound recording. Thus, the content recognition system is beneficially able to detect, for example, recorded cover performances and recorded live performances embodied in hosted media content. Once identified, ownership information is determined and the media hosting service can carry out appropriate rights management policies associated with the content such as monetizing or blocking the protected content.

Abstract: This document describes various techniques for distributing credentials based on hardware profiles. A resource access request including a hardware profile is transmitted to a remote entity having access to a previous hardware profile and a credential useful to access a resource is received if at least a portion of the hardware profile matches the previous hardware profile.

Abstract: Methods and devices for storing sent message data are described. The sent message data corresponds to a message sent to a destination by a communication device via a server. The method includes compiling a first portion of the message which has a plurality of components; applying security encoding to the first portion; and storing the first portion. The first portion includes at least one but not all of the plurality of components in the message, and pointers to the components not included in the first portion.

Abstract: Some embodiments provide a reporting system for improved granular real-time performance statistics reporting in a distributed platform. The reporting system includes a statistic server and a portal. The statistics server is communicably coupled to servers of the distributed platform that produce statistical data related to the distribution of content and execution of services for different customers. The statistics server aggregates the statistical data from the plurality of servers in an optimized staggered manner during a recurring interval. This reduces the amount of statistical data that is passed at any particular instance in time from the servers the statistics servers. The statistics server incrementally updates a real-time performance report for a particular customer as the statistical data is aggregated for the particular customer so that the computational and memory overhead for deriving the performance report in real-time is reduce.

Abstract: A valid entry point for each boot driver running under an operating system is gleaned. When the operating system is rebooted, a security boot driver is loaded prior to loading other boot drivers. The security boot driver reads the actual entry points of each boot driver, before the boot drivers have run. The security boot driver compares the actual entry points to the corresponding valid entry points. Responsive to an actual entry point not matching its corresponding valid entry point, it is determined that the boot driver is infected. Infected boot drivers are corrected, by replacing their actual entry points with the corresponding, valid entry points. After infected boot drivers have been corrected, the infecting malicious code can be identified and disabled. Sections of boot drivers other than entry points can be gleaned, read and compared, up to entire boot drivers.

Abstract: Method and apparatus for integrating distributed shared services system which integrates web based applications with each other and with other centralized application to provide a single sign-on approach for authentication and authorization services for distributed web sites requiring no access time back to the authentication/authorization server is provided.

Abstract: An active matrix liquid crystal display device includes a thin film transistor substrate having a thin film transistor, an opposing substrate having an opposing electrode, a liquid crystal element interposed between the thin film transistor substrate and the opposing substrate, a protective film layer, a pixel electrode and a black matrix. By forming a protective film layer between the pixel electrodes and the black matrix, there is no negative influence on image quality even when the specific resistance of the black matrix is low. Also, Na contamination, and the like, from the dyes, and the like, used for the light-blocking material can be prevented. At this time, by etching the protective film layer using the pattern of the black matrix as a mask, one sheet is enough for the masks necessary for elimination of the protective film on the pixel electrode section. By this, it becomes possible to stop the increase of number of processes to a minimum.

Abstract: A liquid crystal display device of the present invention includes: an active matrix substrate; a counter substrate; and a liquid crystal layer interposed between the active matrix substrate and the counter substrate, wherein the active matrix substrate includes a plurality of switching elements, a plurality of pixel electrodes, gate lines for supplying a control signal to the switching elements, and source lines for supplying a data signal to the switching elements, the gate lines and the source lines crossing each other, and the pixel electrodes being connected to the respective source lines through the switching elements, the counter substrate includes a counter electrode opposed to the plurality of pixel electrodes through the liquid crystal layer, the plurality of pixel electrodes, the counter electrodes and the liquid crystal layer interposed therebetween form a plurality of pixel regions, and wherein the liquid crystal display device includes a display region including the plurality of pixel regions and