Abstract: According to one embodiment, the ID provider device stores pieces of policy information for each service provider ID. The ID provider device outputs a policy evaluation request including the user ID used in the log-in processing and the service provider ID in the authentication federation request when the log-in processing is successful. The ID provider device reads the policy information in accordance with the service provider ID in the policy evaluation request. The ID provider device judges whether to permit the transmission of the service data in accordance with whether environmental conditions of the user for the execution of a service conform to the read policy information.

Abstract: An exemplary system includes a spatial input subsystem configured to detect gestures made by a plurality of users within a physical user space associated with a display screen. The system further includes a shared display subsystem communicatively coupled to the spatial input subsystem and configured to authenticate the plurality of users by identifying a plurality of user identities corresponding to the plurality of users based on characteristics of the plurality of hands, and execute a multi-user shared display session that provides the plurality of authenticated users with concurrent control of a display on the display screen. Corresponding systems and methods are also described.

Abstract: Methods, apparatus, systems and devices for facilitating transfer of a remote session from a first user terminal to a second user terminal are disclosed herein. According to one example, the transferred remote session is a telephone call session. According to another example, the transferred remote session is a session of a rights-enabled remote on-demand service—for example, a service where on demand media content is remotely provided or an interactive game service. In some embodiments, data indicative of usage rights for the remote service is transferred from the first to the second user terminal. In some embodiments, in order to transfer the session between the first terminal and second terminal, the user terminals are brought in proximity or into contact, and data indicative of the session is sent via a short-range communications channel, for example a short-range contact or ‘wired’ channel, or a short-range wireless link, for example, a Bluetooth or infrared link.

Abstract: According to an embodiment, there is provided is an information processing apparatus including: a storage unit that stores therein information, which is set for a screen to be displayed on an information display unit, as to whether or not to permit an external input device to enter data to the information processing apparatus, and information as to whether or not to permit data entered from an external input device; an external-input-unit control unit that controls data entry to the screen from an external input device by utilizing information about a type of the external input unit and the information as to whether or not to permit the external input unit to enter data; and an input-key control unit that controls the data entry permitted by the external-input-unit control unit by consulting the information as to whether or not to permit data entered from the external input unit.

Abstract: A communication terminal that can adjust which section of a one-time pad cipher key is used and achieve cipher communication when there is a possibility that the one-time pad cipher keys are not completely matched between communication terminals. A cipher key transfer device acquires a one-time pad cipher key from a key sharing system, divides the acquired one-time pad cipher key with a predetermined number of bits, and transfers the same to a mobile communication terminal after converting the same into one-time pad cipher key cartridges. Along with the partner's terminal, the mobile communication terminal negotiates which one-time pad cipher key cartridge will be used to perform cipher communication, decides the one-time pad cipher key cartridge to be used, and begins cipher communication.

Abstract: Disclosed are a device for right managing web data, a recording medium for performing a method for right managing web data on a computer, and a device and a method for providing right management information. In the device for right managing web data, a message processing unit adds agent information, which shows support for right management, to the header of a web data request message that is sent to a web server from a web browser, and sends same to the web server, parses and outputs the right information included in the header of a web data reply message that is sent to the web browser from the web server, and sends web data that is included in the web data reply message to the web browser. Also, a right managing unit controls the output of web data, which is included in the web data reply message, through a web browser based on the parsed right information which is input from the message processing unit.

Abstract: A system, apparatus, method, and machine readable medium are described for multi-device operations within an authentication framework. For example, one embodiment of a method comprises: detecting N authentication devices on a client, wherein N>1; generating a N cryptographic entities, one for each of the N authentication devices; transmitting a command to the client to register each of the N cryptographic entities into each of the N authentication devices; executing the command on the client and responsively registering each of the N cryptographic entities into each of the respective N authentication devices; and subsequently using at least one of the authentication devices and its associated cryptographic entity for authenticating a user of the client over a network.

Abstract: According to various aspects of this disclosure, a circuit arrangement is provided. The circuit arrangement may include: a memory configured to store a first encryption key for generating a first authentication vector for authentication between a mobile station and a home network of the mobile station; and a key-generator configured to derive a second encryption key from the first encryption key, the second encryption key for generating a second authentication vector for authentication between the mobile station and a visited network.

Abstract: Methods and apparatus are provided for securing communications between a node and a server, for example, during a boot process. In accordance with an aspect of the invention, a method is provided for securing communications between a node and a server, comprising: dynamically gathering hardware-related metadata for the node using a process running in memory; generating a unique identifier for the node using the hardware-related metadata; generating a public/private key pair for the node using the unique identifier; and securing communications between the node and the server using the public/private key pair. The process comprises, for example, an in-memory microkernel executing on a boot node. The hardware-related metadata comprises, for example, information about physical characteristics of the node. The unique identifier for the node can optionally be further based on information obtained from a Trusted Processing Module. The node can be authenticated using the public/private key pair.

Abstract: A system and method for quality assured analytical testing is disclosed. A user is prompted by the system questions which relate to an analytical test to be conducted or an analytical instrument to be employed. Input received by the system from the user is evaluated to determine to which degree the inputs are correct. The user is certified if the determined degree is above a preset threshold. Next, the user is prompted by the system for a user identification and if the user is a certified user, access is provided to a testing routine of the analytical instrument.

Abstract: A digital cinema management device includes a control unit that manages keys used when exhibiting contents with playback devices and controls a representation of a management window for performing the key management, in which the control unit displays an arrangement representation in the management window and provides a representation at an arrangement position defined by a playback device and content exhibited by the playback device, the representation representing a status of a key used when decoding content corresponding to the arrangement position with a playback device corresponding to the arrangement position.

Abstract: The invention provides a method and apparatus for transmitting data securely using an unreliable communication protocol, such as User Datagram Protocol. In one variation, the invention retains compatibility with conventional Secure Sockets Layer (SSL) and SOCKS protocols, such that secure UDP datagrams can be transmitted between a proxy server and a client computer in a manner analogous to conventional SOCKS processing. In contrast to conventional SSL processing, which relies on a guaranteed delivery service such as TCP and encrypts successive data records with reference to a previously-transmitted data record, encryption is performed using a nonce that is embedded in each transmitted data record. This nonce acts both as an initialization vector for encryption/decryption of the record, and as a unique identifier to authenticate the record.

Abstract: To prevent falsification of an attribute of data, a mechanism is provided, which encrypt document/image data while holding the attribute contained in electronic document data as a plain text and make it extremely difficult to decrypt the document/image data if the attribute is falsified. A transmitter receives a public key set including a plurality of public keys from a receiver, encrypts the document/image data using a common key, selects a public key from the public key set based on an attribute of the data, encrypts the common key using the selected public key, and transmits the data including the encrypted document/image data, the encrypted common key, and the attribute to the receiver.

Abstract: A system includes a controller configured to control a process, and store at least one binary file, wherein the at least one binary files is generated from at least one source file, wherein the at least one source file comprises instructions configured to be executed by a processor in the controller. The controller may also be configured to retrieve a whitelist file comprising a first hash key value derived from the at least one binary file, and execute an executable file based on the whitelist file, wherein the executable file comprises the source file.

Abstract: Systems and methods may provide for determining a composite false match rate for a plurality of authentication factors in a client device environment. Additionally, the composite false match rate can be mapped to a score, wherein an attestation message is generated based on the score. In one example, the score is associated with one or more of a standardized range and a standardized level.

Abstract: The invention defines a digital programmable smart card terminal device and token collectively known as the token device. The token device comprises a field programmable token device which accepts a users smart card. The combination of token device and smart card may then be used for a variety of applications that include user authentication, secure access, encryption. One specific application is that of an electronic wallet. The token device can be used both in connected and unconnected modes.

Abstract: Systems and methods are described for using a client agent operating in a virtual private network environment to intercept HTTP communications. Methods include: intercepting at the network layer, by a client agent executing on a client, an HTTP request from an application executing on the client; modifying the HTTP request; and transmitting, via a transport layer connection, the modified HTTP request to a server. Additional methods may comprise adding, removing, or modifying at least one cookie in the HTTP request. Still other methods may comprise modifying at least one name-value pair contained in the HTTP request. Corresponding systems are also described.

Abstract: Encryption techniques for securing data in a data cache are generally disclosed. Example methods may include one or more of reading the cache to identify data, determining whether the data is encrypted to identify previously unencrypted data and/or previously encrypted data, and encrypting selectively at least a portion of the previously unencrypted data. The present disclosure also generally relates to a computer system data processor configured to read a cache to identify data, determine whether the read data is encrypted, and encrypt selectively at least a portion of the previously unencrypted data. The present disclosure also generally relates to computer accessible mediums containing computer-executable instructions for data encryption upon execution of the instructions by a data processor. The instructions may configure the data processor to perform procedures that read the cache to identify data, determine whether the data is encrypted, and selectively encrypt data determined as unencrypted.

Abstract: A widely distributed security system (SDI-SCAM) that protects computers at individual client locations, but which constantly pools and analyzes information gathered from machines across a network in order to quickly detect patterns consistent with intrusion or attack, singular or coordinated. When a novel method of attack has been detected, the system distributes warnings and potential countermeasures to each individual machine on the network. Such a warning may potentially consist of a probability distribution of the likelihood of an intrusion or attack as well as the relative probabilistic likelihood that such potential intrusion possesses certain characteristics or typologies or even strategic objectives in order to best recommend and/or distribute to each machine the most befitting countermeasure(s) given all presently known particular data and associated predicted probabilistic information regarding the prospective intrusion or attack.

Abstract: A method and device for transforming data with a secret parameter in an elliptic curve cryptosystem based on an elliptic curve defined over an underlying prime field, includes multiplying a point of the elliptic curve; representing the data to be transformed, by a scalar representing the secret parameter, wherein the multiplying includes performing at least one point addition operation and at least one point doubling operation on points of the elliptic curve; providing a representation in affine coordinates of the elliptic curve point to be multiplied and a representation in projective coordinates of intermediate elliptic curve points obtained during the multiplying; performing both the point addition operation and the point doubling operation by means of a sequence of elementary prime field operation types, the elementary prime field operation types including: a first type of prime field operations including field multiplication and field squaring of coordinates of the elliptic curve points and a second type