Abstract: Rather than storing all data in the same manner, e.g., an encrypted manner, a security level with which to associate received data of a given type may be determined. Subsequently, distinct types of data may be stored in a distinct manner, with the manner of storage having a security level appropriate to the type of data. For example, a first type of data may be stored in an encrypted manner (i.e., with a high level of security), while a second level of data may be stored in a plain text manner (i.e., with a low level of security).

Abstract: Network devices, systems, and methods are described that cause a particular port on a first network device to send data packets from the particular port on the first network device to an intrusion system (IS) on a second network device.

Abstract: Methods and apparatuses are provided for facilitating group access controls in peer-to-peer or other similar overlay networks. A group administrator may create a group in the overlay network and may assign peer-specific certificates to each member of the group for indicating membership in the group. A group member peer node can access data objects in the overlay network using its respective peer-specific certificate to authenticate itself as a group member. The authentication is performed by another peer node in the network. The validating peer node can authenticate that the group member is the rightful possessor of the peer-specific certificate using a public key associated with the peer node to which the peer-specific certificate was issued. The validating peer node can also validate that the peer-specific certificate was properly issued to the group member using a public key of the apparatus that issued the peer-specific certificate.

Abstract: In an embodiment, a method for converting an input video sequence, comprising digital images organized in frames and operating at a variable frame-rate, into an output video sequence, operating at a pre-set constant frame-rate, storing the input video sequence temporarily and controlling fetching of images of said temporarily stored input video sequence. The method further includes controlling fetching of images from the temporarily stored input video sequence by adjusting an emptying rate to form an intermediate video sequence; and carrying out an operation of motion-compensated interpolation on the intermediate video sequence to form the output video sequence operating at a pre-set constant frame-rate, the emptying rate being adjusted as a function of a number of images of the input video sequence with variable frame-rate temporarily stored. An application is in the reproduction of video sequences in mobile terminals, with the capacity of audio-video conversation, for example for videoconferences.

Abstract: Apparatuses, methods and articles of manufacture for performing data leakage prevention are provided. Data leakage prevention may be performed by determining a signature of a transmitted document, the transmitted document being in transit to a location beyond a network boundary. The signature of the transmitted document is compared with one or more signatures of documents authorized to be transmitted beyond the network boundary. The transmitted document is prevented from being transmitted beyond the network boundary if the signature of the document does not correspond to a signature of a document authorized to be transmitted beyond the network boundary.

Abstract: A technique for performing data loss prevention includes creating for a user, using a data processing system, respective permissive policies with a most permissive enforcement action for each content category of a resource. In this case, the content category includes at least two categories. The technique also includes forming, using the data processing system, a policy set based on the respective permissive policies. The technique further includes creating, using the data processing system, an effective policy from the policy set using a least permissive enforcement action. Finally, the technique includes applying, using the data processing system, the effective policy to determine whether a user action is permitted on the resource.

Abstract: A system and method is provided for visual authentication and authorization of a user for mobile touch devices, the system having: a login display on a mobile touch device displaying a visual pattern; a data collection engine whereby touch attributes are obtained from a plurality of user touch events to the mobile touch device with reference to the visual pattern, the touch attributes comprise measured touch attributes and derived touch attributes calculated from the measured touch attributes; an authentication engine whereby the touch attributes are compared to projected user touch attributes derived from user touch attribute values obtained during prior successful logins.

Abstract: To control privileges and access to resources on a per-process basis, an administrator creates a rule that may be applied to modify a token of a process. The rule may include an application-criterion set and changes to be made to the groups and/or privileges of the token. The rule may be set as a policy within a group policy object (GPO), where a GPO is associated with one or more groups of computers or users. When a GPO containing a rule is applied to a computer, a driver installed on the computer may access the rule(s) anytime a logged-on user executes a process. If the executed process satisfies the criterion set of a rule, the changes contained within the rule are made to the process token, and the user has expanded and/or contracted access and/or privileges for only that process.

Abstract: Methods of preventing private information, which is hidden within data of a private domain reserved by an application program, from being easily accessed by a CPU and other devices, both where the data of the private domain is decrypted and the access to said data are restricted are disclosed, where the mentioned other devices do not include a decryption module utilized in the methods. Therefore, as long as agreements related to encryptions and decryptions are made in advance between the application program and the decryption module, private information can be well protected.

Abstract: A method of granting a user in a first organization access to private medication information stored within an authorization profile of a second organization, an access agreement between the two organizations is formed. Authorization is requested for the user, the authorization profile is retrieved, and authorization to private information is granted if authorized by the access agreement. In a method of authorizing access by users to private medication information stored by an organization as associated with a program, three types of caseloads are defined. The first authorizes access to medication information of a first individual of a first program, the second authorizes access to medication information of a second individual of all programs, and the third authorizes access to medication information of all individuals of a second program. Authorization for access is requested and granted for the user to access one or more of the caseloads.

Abstract: A Secure Non-autonomous Peering (SNAP) system includes a hierarchical digital watermarking scheme, a central licensing authority, licensed fabricators and assemblers.

Abstract: The present application enables the enterprise to configure various policies to address various subsets of the traffic based on various information relating the client, the server, or the details and nature of the interactions between the client and the server. An intermediary deployed between clients and servers may establish an SSL VPN session between a client and a server. The intermediary may receiving a response from a server to a request of a client via the clientless SSL VPN session. The response may comprise one or more cookies. The intermediary may identify an access profile for the clientless SSL VPN session. The access profile may identify one or more policies for proxying cookies. The intermediary may determine, responsive to the one or more policies of the access profile, whether to proxy or bypass proxying for the client the one or more cookies.

Abstract: Methods and systems integrating sensitive or private data with cloud computing resources while mitigating security, privacy and confidentiality risks associated with cloud computing. In one embodiment, a computer network system includes a firewall separating a public portion of the computer network from an on-premises portion of the computer network, a database storing private data behind the firewall, and a user device connected with the computer network. The user device accesses an application hosted in the public portion of the computer network. In response, the application generates return information. The user device receives the return information and generates a request for private data based on at least a portion of the returned information. The request is transmitted to the database which generates a response including the requested private data. The response is transmitted in an encrypted form from the database via the computer network to the user device.

Abstract: This invention relates to a system and method for establishing a secure group of entities in a computer network, such as those originating from different trust domains, for the purpose of protecting the activity being executed. The invention allows for the on-demand automated creation of a virtual security perimeter around an arbitrary group of services originating from different trust domains. The security perimeter allows the activity being executed within the group to be protected, and for inter-group messages and communication to be kept confidential. A shared security context is also provided by which the group can be regulated, and new entities can be invited to join the group. The preferred embodiment of the invention has application to service orientated architectures and preferably makes use of existing technologies, such as W3C web services and security protocols, and OASIS service co-ordination protocols.

Abstract: A method of granting a user in a first organization access to private information stored within an authorization profile of a second organization, an access agreement between the two organizations is formed. Authorization is requested for the user, the authorization profile is retrieved, and authorization to private information pertaining to abuse or neglect is granted if authorized by the access agreement. In a method of authorizing access by users to private information pertaining to abuse or neglect stored by an organization as associated with a program, three types of caseloads are defined. The first authorizes access to information of a first individual of a first program, the second authorizes access to information of a second individual of all programs, and the third authorizes access to information of all individuals of a second program.

Abstract: The remote access to backed-up user data techniques include a method, a system, and/or an apparatus. In some embodiments of these techniques, the method includes generating one or more backed-up first file segments corresponding to the user file, encrypting each of the one or more backed-up first file segments, determining mapping information and storage identifying information for each of the one or more backed-up first file segments, updating a backup status file associated with the user file with the mapping information and the storage identifying information, and transmitting the one or more backed-up first file segments to a second system for backup. This Abstract is provided for the sole purpose of complying with the Abstract requirement rules. This Abstract is submitted with the explicit understanding that it will not be used to interpret or to limit the scope or the meaning of the claims.

Abstract: Embodiments show an apparatus for verifying a validity of an encrypted token associated to a product, wherein the apparatus has a decryptor for decrypting an encrypted token using a decryption key to obtain a decrypted token having information bits related to the product and structure bits. The apparatus further has an evaluator for evaluating whether the structure bits fulfill a predetermined condition, wherein the encrypted token is verified to be valid when the predetermined condition is fulfilled or is not verified to be valid when the predetermined condition is not fulfilled. Further embodiments show an apparatus for generating an encrypted token associated to a product, wherein the apparatus has a plain token generator and an encryptor for encrypting the plain token using an encryption key to obtain an encrypted token.

Abstract: An electronic storage in a network accessible server securely stores sensitive user data. Technologies disclosed enable secure user access to the sensitive data stored in a user account from a client device associated with the user account. Other technologies disclose detecting a specified condition or event, sending a notification to a proxy associated with the user account upon detecting the condition or event, and granting access to the sensitive user data by a client device of the proxy upon authentication of the proxy's client device.

Abstract: A device and method for placing the device in a locked state having an associated set of permitted tasks so as to permit the device owner to share the device with others but maintain security over aspects of the device. A task change request is evaluated to determine whether the requested task is permitted and, if so, the requested task is allowed; if not, then an authorization process is invoked to prompt the user to input authorization data. Upon verification of the authorization data, the device may be unlocked and the requested change implemented. The permitted tasks may designate specific applications, specific operations or functions within applications or at the operating system level, one or more currently open windows, and other levels of granularity.

Abstract: According to one general aspect, a method may include receiving, via a first network tap point included by a first network segment, a first portion of network communication data between a client computing device and a server computing device. The method may include receiving, via a second network tap point included by a second network segment, a second portion of network communication data between the client computing device and the server computing device. The method may include attempting to correlate each sub-portion of the first portion of network communication data to corresponding sub-portion of the second portion of network communication data. The method may also include analyzing the correlated network communication sub-portions to generate at least one set of metrics regarding the performance of the network communication between the client computing device and server computing device.