Abstract: A data transfer method performed at a proxy server includes intercepting a data request from a client computer that is directed to a target server, encrypting profile information, augmenting the data request by adding the encrypted profile information to the data request, and sending the augmented data request to the target server. A data transfer method that is performed at an information server includes receiving a data request from a proxy server, extracting profile information added to the data request by the proxy server, using the extracted profile information to generate a response, and sending the response to the proxy server.

Abstract: Methods, systems and computer program products to implement generic Digital Rights Management (DRM) are provided herein. The methods include opening a session between an initiator and a responder, exchanging one or more of device and system information and sending one of an operation or event based on DRM capabilities, DRM partner, DRM authority, DRM characteristics, DRM Trust and CCEVS profiles. The operation includes one or more of a dataset, response code, operation parameter and response parameter. These extensions may be in the form of one or more of an operation, an event, a dataset or property code.

Abstract: Provided is a broadcast receiving device including a determining unit configured to make a determination on a channel selected by a selecting unit as to whether the corresponding encryption key is available or unavailable, and a control unit configured to, when the determining unit determines that the encryption key is unavailable, allow the selecting unit to sequentially select channels displayed in a channel window, allow the determining unit to make the determination, and allow an output unit to generate and output the channel window so that the channel with the encryption key determined as unavailable is identified.

Abstract: Techniques are provided for users to authenticate themselves to components in a system. The users may securely and efficiently enter credentials into the components. These credentials may be provided to a server in the system with strong authentication that the credentials originate from secure components. The server may then automatically build a network by securely distributing keys to each secure component to which a user presented credentials.

Abstract: Methods and systems for maintaining data connectivity in a secure data storage network are disclosed. In one aspect, a method includes assigning a volume to a primary secure storage appliance located in a secure data storage network the primary secure storage appliance selected from among a plurality of secure storage appliances located in the secure data storage network, the volume presented as a virtual disk to a client device and mapped to physical storage at each of a plurality of storage systems. The method further includes detecting at one of the plurality of secure storage appliances a failure of the primary secure storage appliance. The method also includes, upon detecting the failure of the primary secure storage appliance, reassigning the volume to a second secure storage appliance from among the plurality of secure storage appliances, thereby rendering the second secure storage appliance a new primary secure storage appliance.

Abstract: A data transfer method performed at a proxy server includes intercepting a data request from a client computer that is directed to a target server, encrypting profile information, augmenting the data request by adding the encrypted profile information to the data request, and sending the augmented data request to the target server. A data transfer method that is performed at an information server includes receiving a data request from a proxy server, extracting profile information added to the data request by the proxy server, using the extracted profile information to generate a response, and sending the response to the proxy server.

Abstract: A data transfer method performed at a proxy server includes intercepting a data request from a client computer that is directed to a target server, encrypting profile information, augmenting the data request by adding the encrypted profile information to the data request, and sending the augmented data request to the target server. A data transfer method that is performed at an information server includes receiving a data request from a proxy server, extracting profile information added to the data request by the proxy server, using the extracted profile information to generate a response, and sending the response to the proxy server.

Abstract: A data transfer method performed at a proxy server includes intercepting a data request from a client computer that is directed to a target server, encrypting profile information, augmenting the data request by adding the encrypted profile information to the data request, and sending the augmented data request to the target server. A data transfer method that is performed at an information server includes receiving a data request from a proxy server, extracting profile information added to the data request by the proxy server, using the extracted profile information to generate a response, and sending the response to the proxy server.

Abstract: When installing and maintaining a wireless sensor network in a medical or factory environment, distribution of keying material to sensor nodes (18) is performed by a key material box (KMB) (12), such as a smartcard or the like. The KMB (12) has a random seed stored to it during manufacture, and upon activation performs an authentication protocol with a sensor node (18) to be updated or installed. The KMB (12) receives node identification information, which is used in conjunction with the random seed to generate keying material for the node (18). The KMB (12) then encrypts the keying material for transmission to the node (18), and transmits over a wired or wireless communication link in a secure manner. The node (18) sends an acknowledgement message back the KMB (12), which then updates the nodes status in look-up tables stored in the KMB (12).

Abstract: A system, method and program product for generating a biometric reference template revocation message on demand. The method includes generating, using a biometric reference template revocation engine, a biometric reference template revocation message and loading the biometric reference template revocation engine onto a secure portable device for generating on demand of the individual the biometric reference template revocation message.

Abstract: A security payload is attached to a received binary executable file. The security payload is adapted to intercept application programming interface (API) calls to system resources from the binary executable file via export address redirection back to the security payload. Upon execution of the binary executable file, the security payload replaces system library export addresses within a process address space for the binary executable file with security monitoring stub addresses to the security payload. Upon the binary executable computer file issuing a call to a given API, the process address space directs the call to the given API back to the security payload via one of the security monitoring stub addresses that is associated with the given API. The security payload then can assess whether the call to the given API is a security breach.

Abstract: This document describes techniques and apparatuses for secure computing in multi-tenant data centers. These techniques permit a client to delegate computation of a function to multiple physical computing devices without the client's information being vulnerable to exposure. The techniques prevent discovery of the client's information by a malicious entity even if that entity is a co-tenant on many of the same physical computing devices as the client.

Abstract: Embodiments of the present invention provide a system that facilitates session management between a web application and a Customer Relationship Management (CRM) system. During operation, the system receives, at a proxy, a service call intended for a CRM system. Next, the system modifies a header of the service call to include authentication credentials for the CRM system. The system then determines if an available session token for the CRM system exists at the proxy. If so, the system modifies the header of the service call to include the session token. Next, the system forwards the service call with the modified header to the CRM system. The system then receives a response to the service call, which includes the session token. Upon receiving the response, the system stores the session token at the proxy for a subsequent service call. Finally, the system forwards the response to the web application.

Abstract: A system and a related method are disclosed for authenticating a user of an electronic system. The system, and related method access (a) data relating to a defined interaction with an input device for a purported authorized user, (b) a probability distribution representation for the defined interaction for an authorized user, and (c) a probability distribution representation for the defined interaction for a wide population, from which it can determine value indicative of whether the purported authorized user is the authorized user. The purported authorized user can be authenticated as the authorized user, if the value satisfies a prescribed threshold.

Abstract: According to one aspect, a method for certifying the identity of a network device. The method includes an initial step of coupling the network device to a provisioning device via a physically secure communications link. The provisioning device then certifies the identity of the network device including generating a cryptographic private key for the network device and sending the generated private key to the network device over the physically secure communications link.

Abstract: Systems and methods for use with a client device and a server provide interactive phishing detection at the initiation of the user. Detection of phishing is based on the user's comparison of a visual indicator sent from the server to the client device with a another identical looking visual indicator displayed, for example, on a trusted website. Several security measures may be employed such as changing the visual indicator periodically, generating the visual indicator in a random manner, and authenticating the client device to the server before the server will transmit the visual indicator to the client device. User comparison of the website-displayed visual indicator with the user's client device user interface-displayed visual indicator may facilitate user verification of authenticity of a software application.

Abstract: In a Reverse Turing Test an applicant seeking access to a computer process is presented with an image containing human-readable data that is intended to be inaccessible to an automated process or bot. In an improved Reverse Turing Test the applicant is presented with multiple sub-images that have to be rearranged in order to yield the overall image. This does not substantially increase a human applicant's difficulty in dealing with the test, but makes it much more difficult for a bot to interpret the image.

Abstract: A system and method to control the writing on electronic paper (e-paper). An e-paper device may incorporate authentication indicia as part of informational data written on e-paper material. The informational data is protected by a security methodology that is accessible to authorized entities. A reader device may be used to help make a verification determination of whether encrypted or encoded data has been altered. In some instances an output alert operably coupled to the reader device serves as a verification status indicator.

Abstract: A secure message that includes an attachment is received at a server. The secure message may have a secure layer that indicates that the secure message is at least digitally signed. The secure message may be provided without the attachment to the mobile device over a wireless network. A request may be received from the mobile device to access the attachment. The request may include an attachment identifier (ID) that identifies the attachment in accordance with a message-attachment indexing system. In response to the request to access the attachment, the server may perform an index lookup to find the attachment based upon the attachment ID, may look through the secure layer of the secure message in order to locate the attachment within the secure message, and may render at least an initial portion of the attachment by the server in a format for viewing by the mobile device.

Abstract: An image processing apparatus capable of reducing the number of processing flows and also reduce time and effort required by a user in searching a desired processing flow. The image processing apparatus including an authentication unit adapted to execute user authentication, and an execution unit adapted to execute processing on image data with a plurality of processes as a sequential processing flow while cooperating a plurality of different functions with one another. Setting data personalized for a user authenticated by the authentication unit is obtained, and the plurality of processes is registered as a sequential processing flow. The processing flow is executed with a part of the processing flow replaced by processing personalized for the user set in the setting data, upon executing the registered processing flow.