Abstract: A system and method for controlling use of content in accordance with usage rights associated with the content and determined in accordance with the environment of a user device. A request is received for secure content from a user device and the integrity of the environment of the user device is verified. Appropriate usage rights are retrieved based upon the results of the verification of integrity and the content is rendered on the user device in accordance with the appropriate usage rights.

Abstract: A system and method detects malware on client devices based on partially distributed malware definitions from a central server. A server stores malware definitions for known malware. The server generates one or more filters based on the malware definitions and distributes the filter(s) to client devices. The server also distributes full definitions to the clients for a subset of the most commonly detected malware. The client device scans files for malware by first applying the filter to a file. If the filter outputs a positive detection, the client scans the file using the full definition to determine if the file comprises malware. If the full definition is not stored locally by the client, the client queries the server for the definition and then continues the scanning process.

Abstract: Described herein is a method and apparatus for managing archives. The archive management process receives a passphrase and an indicator of an archive to be managed. The passphrase is used to encipher or decipher an archive key dependent on whether data is to be inserted or extracted from the archive key. The passphrase can be changed by re-enciphering the archive key.

Abstract: A method of a wireless communication device for accessing secure resources of a resource provider or the device itself. A password associated with the wireless communication device is identified. A password identifier is assigned to the password and a non-password identifier is assigned to a non-password different from the password. The password identifier has a non-sequential association with the non-password identifier. The password identifier, the password, the non-password identifier, and the non-password are provided at a user interface of the wireless communication device. Access to a secure resource is granted in response to determining that the password identifier has been detected at the user interface.

Abstract: Techniques are provided for users to authenticate themselves to components in a system. The users may securely and efficiently enter credentials into the components. These credentials may be provided to a server in the system with strong authentication that the credentials originate from secure components. The server may then automatically build a network by securely distributing keys to each secure component to which a user presented credentials.

Abstract: A transceiver comprises a transmitter configured to transmit data signals, a receiver configured to receive data signals, and a controller configured to encrypt a string and supply the encrypted string to authenticate the transceiver.

Abstract: This invention discloses a system wherein behaviormetrics are utilized to authenticate electronic transactions, either alone or in combination with other identifiers such as PIN's, passwords, codes and the like. Probability profiles or probability distribution representations may be constructed for determining whether a purported or alleged authorized user is in fact the authorized user, by comparing new data on a real-time basis against probability distribution representations including an authorized user probability distribution representation and a global or wide population probability distribution representation, to provide a probability as to whether the purported authorized user is the authorized user.

Abstract: A cluster of computer system nodes share direct read/write access to storage devices via a storage area network using a cluster filesystem. At least one trusted metadata server assigns a mandatory access control label as an extended attribute of each filesystem object regardless of whether required by a client node accessing the filesystem object. The mandatory access control label indicates the sensitivity and integrity of the filesystem object and is used by the trusted metadata server(s) to control access to the filesystem object by all client nodes.

Abstract: An image processing apparatus capable of reducing the number of processing flows and also reduce time and effort required by a user in searching a desired processing flow. The image processing apparatus including an authentication unit adapted to execute user authentication, and an execution unit adapted to execute processing on image data with a plurality of processes as a sequential processing flow while cooperating a plurality of different functions with one another. Setting data personalized for a user authenticated by the authentication unit is obtained, and the plurality of processes is registered as a sequential processing flow. The processing flow is executed with a part of the processing flow replaced by processing personalized for the user set in the setting data, upon executing the registered processing flow.

Abstract: This invention provides for progressive processing of biometric samples to facilitate verification of an authorized user. The initial processing is performed by a security token. Due to storage space and processing power limitations, excessive false rejections may occur. To overcome this shortfall, the biometric sample is routed to a stateless server, which has significantly greater processing power and data enhancement capabilities. The stateless server receives, processes and returns the biometric sample to the security token for another attempt at verification using the enhanced biometric sample. In a second embodiment of the invention, a second failure of the security token to verify the enhanced biometric sample sends either the enhanced or raw biometric sample to a stateful server. The stateful server again processes the biometric sample and performs a one to many search of a biometric database.

Abstract: Systems and methods are disclosed for providing memory security override protection for improved manufacturability of information handling systems. A security authentication system is added to a software driven security override signal for unlocking programmable memory circuitry, such as flash memory, according to security protection techniques associated with the Intel AMT (Active Management Technology) architecture. This security authentication system disclosed requires authentication of software security override requests before they are allowed. More particularly, the systems and methods disclosed add specific BIOS (Basic Input Output System) code to check the security override status and the software security override request signals on boots of the computer system to make sure these requests are not coming from rogue elements within the computer system. If the authentication is validated, then the programmable memory circuitry is unlocked on the next boot of the system to allow for reprogramming.

Abstract: A system and methods for identity management and authentication are provided herein. The present invention employs shadow domains to prove entity membership in an identity management system where responsibility for trust relationships is devolved to the user. The present invention additionally teaches doubly signed certificate transmission for authentication of assertions made by third parties in the identity management network.

Abstract: A security system assesses the response time to requests for information to determine whether the responding system is in physical proximity to the requesting system. Generally, physical proximity corresponds to temporal proximity. If the response time indicates a substantial or abnormal lag between request and response, the system assumes that the lag is caused by the request and response having to travel a substantial or abnormal physical distance, or caused by the request being processed to generate a response, rather than being answered by an existing response in the physical possession of a user. If a substantial or abnormal lag is detected, the system is configured to limit subsequent access to protected material by the current user, and/or to notify security personnel of the abnormal response lag.

Abstract: A data storage and data backup device that offers automatic reduction of duplicate data storage, and that easily can be connected to computing devices, computing systems and networks of computing devices. The device offers high protection against destruction or modification of already stored data, and requires flipping a physical switch and possibly require user authentication in order for the protection to be temporarily bypassed. Several connection types of the device to the computer systems are supported such as wired, wireless like Bluetooth or WI-FI, but not limited to those.

Abstract: According to one aspect, a provisioning server comprises a configuration module that configures a network device and an identification certification module that certifies the identity of the network device. With use of the provisioning server, the network device does not require configuration with network connectivity in order to obtain its certified identity. In one embodiment, configuration module configures the device for operation at the device's point of deployment in a network. In one embodiment, the identity certification module is configured to generate a digital certificate for the network device and the configuration module is configured to automatically configure the network device based on its digital certificate. The provisioning server is coupled to the network device with a secure communication link. As a result, a more trusted network device is ultimately deployed into its network of operation.

Abstract: The present invention discloses a method and apparatus for protecting .net programs, relating to software protection. The method mainly includes: selecting a binary code segment from a .net program; transforming the binary code segment, and removing it from the .net program; writing the binary code segment to a shell of the .net program, and writing a shell calling instruction to the .net program; and executing the .net program, and calling a .net virtual machine to execute the binary code segment. The apparatus includes a selecting module, a transforming and removing module, a writing module, and an executing module. The programs running on the .net platform can be protected simply by being transformed.

Abstract: A system and method that facilitates the authentication of streamed data received at a device, where authentication information is not distributed over the data stream.

Abstract: A communication terminal device includes a wireless communication unit, an integrity measurement request unit, a cryptographic processing unit, a pointing unit. The integrity measurement request unit generates a command to request another computer device to measure integrity. The cryptographic processing unit performs cryptographic processing concerning communication with the another computer device. The pointing unit acquires positional information when a result of the integrity measurement satisfies a predetermined condition.

Abstract: The present invention is directed to methods of and systems for adaptive networking that monitors a network resource of a network. The method monitors an application performance. The method categorizes a first subset of traffic of the network. The categories for the first subset include trusted, known to be bad, and suspect. The method determines an action for a second subset of traffic based on the category for the first subset of traffic. Some embodiments provide a system for adaptive networking that includes a first device and traffic that has a first subset and a second subset. The system also includes a first resource and a second resource for the transmission of the traffic. The first device receives the traffic and categorizes the traffic into the first and second subsets. The first device assigns the first subset to the first resource.

Abstract: This invention discloses a system for determining whether a purported or alleged authorized user is in fact the authorized user, by comparing new data on a real-time basis against probability distribution representations including an authorized user probability distribution representation and a global or wide population probability distribution representation, to provide a probability as to whether the purported authorized user is the authorized user. This invention may utilize keyboard dynamics, data, X-Y device data, or other data from similar measurable characteristics, to determine the probability that the new data from the purported authorized user indicates or identifies that user as the authorized user.