Abstract: A system for automated cryptographic key management comprises a key control system, a key management agent system, and a key system application program interface. A method for automated cryptographic key management is also disclosed. The method comprises the automatic generation of cryptographic keys by the key control system and distribution of such keys by the key control system to the key management agent system.

Abstract: A device and method for placing the device in a locked state having an associated set of permitted tasks so as to permit the device owner to share the device with others but maintain security over aspects of the device. A task change request is evaluated to determine whether the requested task is permitted and, if so, the requested task is allowed; if not, then an authorization process is invoked to prompt the user to input authorization data. Upon verification of the authorization data, the device may be unlocked and the requested change implemented. The permitted tasks may designate specific applications, specific operations or functions within applications or at the operating system level, one or more currently open windows, and other levels of granularity.

Abstract: A system and method for database security provides, a database security method that receives an encryption property from an application and receives information relating to a database server. The method then requests security access to a database server using the strongest encryption algorithm server may support. If this request gets turned down, then the method determines the strongest encryption algorithm the server actually supports using the information the database server sent back and calculates the encryption keys. The method then caches the encryption algorithm along with the encryption keys in a persistent storage. For subsequent connections, the method checks the persistent storage first and retrieves the encryption algorithm and encryption keys from the persistent storage if the cache values are available, and sends the cached value to database server. By doing this, the database driver doesn't need to synchronize the encryption algorithm with server and calculate the encryption keys again.

Abstract: The proposed invention provides a user-friendly way for people to turn a traditional in-progress voice-only telephone call into a multi-media call. This may be accomplished using various technologies that can be provided over the Internet or some other multi-media computing/networking platform. The multi-media aspect of the invention may be used to facilitate the sharing of additional information between the call participants as well as dynamically update security aspects (e.g., encryption keys) associated with call.

Abstract: Systems and methods for sharing information across at least two organizations is described. A physical node may receive a request for authorization for a user in an organization to access an individual's information in another organization. The request may be logged. The physical node may determine whether the user is authorized to access the individual's information and, if it is, provide appropriate access.

Abstract: A method and apparatus is used for generating a perfectly random secret key between two or more transceivers in a wireless communication network. In a point-to-point system, both transceivers produce an estimate of the channel impulse response (CIR) based on the received radio signal. The CIR estimation is synchronized and may include error correction and detection. A long secret key of bits is generated from a digitized version of the CIR estimate, from which a perfectly secret encryption key is derived by privacy amplification.

Abstract: A method of submitting information as part of an authentication operation includes generating a one time password that is intended for use in an authentication operation. The method further includes providing the one time password in a display field, wherein the display field is adapted to work in conjunction with a browser to submit the one time password in response to a request for the one time password. A method of controlling submission of identity information within an authentication system includes receiving a trust list from the authentication system. The trust list identifies entities that are authorized to receive the identity information. The method further includes receiving a request to submit the identity information to a candidate entity for an authentication operation, and providing the identity information to the candidate entity if the trust list indicates that the candidate entity is authorized to receive the identity information.

Abstract: In one embodiment, a server and a client are configured to trust a certificate of an intermediate proxy device. The proxy device may then intercept a client-server security session request message sent from the client to the server. In response, the proxy device initiates a proxy-server security session with the server and obtains server security information from the server. Then, the proxy device initiates a client-proxy security session with the client using the trusted proxy certificate, and obtains client security information from the client. Upon obtaining the client security information, the proxy device creates a dynamic certificate using the obtained client security information and the trusted proxy certificate, and establishes the initiated proxy-server security session with the dynamic certificate.

Abstract: An authentication server, on receipt of a request to delete a user account, determines whether the account exists in a user authentication table. If the account exists, the authentication server deletes the account, and retrieves, from a requesters list in which information of devices from which users have to date requested user authentication is saved, an address of a device from which the user targeted for deletion has previously issued an authentication request, and issues a deletion request to that device together with account information. Similar processing to change a user account is performed in response to a change request.

Abstract: Briefly, in accordance with one or more embodiments, a transport level transactional security may be converted into a persistent document signature. In one embodiment, a digital signature of an electronic mail message may be saved in a file attached to the electronic mail message. The file with the added digital signature may be saved, transmitted, received, and/or otherwise utilized independent of the original electronic mail message. A receiving node may verify the identity of an originating node based at least in part on the digital signature contained in the file. In alternative embodiment, the signature for the file may be generated at least in part on a message to be transmitted according to a secure transmission and/or file download protocol from a server to a client.

Abstract: An information processing system, which includes: an information distribution server; a client apparatus; and a plurality of service providing servers that provide service to a user of the client apparatus, and the information distribution server including: a user authentication information memory that stores user authentication information; a receiving section that receives authentication information from the plurality of service providing servers; and an authentication proxy information distributing section that distributes authentication proxy information prepared based on the user authentication information and the authentication information, and the client apparatus including: a user authentication section that carries out authentication of the user, and an authentication proxy section that, if the authentication is carried out by the user authentication section, executes a proxy authentication when the user accesses at least one of the plurality of service providing servers on the basis of the distribut

Abstract: A method for security authentication within a wireless network is disclosed. A method within an adhoc mesh network for two devices to quickly determine roles (i.e. which is the authenticator and which is the supplicant) while establishing a security association is provided for. The invention further provides for the inclusion of cached key information in the role negotiation process and the application of role negotiation to a shortened three-way handshake.

Abstract: An information processing apparatus that obtains pieces of content information relating to content recorded in an information recording medium, the information processing apparatus includes a data analyzing unit configured to read a content certificate which is recorded in the information recording medium and which corresponds to the content recorded in the information recording medium, a data transmitting unit configured to transmit a content certificate identifier analyzed using the data analyzing unit to a content information provision server, a data receiving unit configured to receive, from the content information provision server, the pieces of content information relating to the content which is specified on the bases of the content certification identifier, and a data outputting unit configured to output the pieces of content information received using the data receiving unit.

Abstract: A method for implementing an online transaction security product includes downloading an online transaction security product program from a web site to an information handling system. The security product program includes an anti-malicious code program configured to detect malicious code on the information handling system. Lastly, the security product program is executed, wherein the anti-malicious code program of the security product program operates to detect malicious code on the information handling system.

Abstract: A presence table stores therein presence information. A storage unit stores therein in associated manner a terminal identifier unique each of a plurality of terminals and an encryption key to be used for multicast communication within a multicast group. A receiving unit receives a subscription request message from a first terminal from among the terminals. The subscription message includes the terminal identifier of the first terminal, and a request requesting subscription to the presence information present in the storage unit. An acquiring unit acquires the encryption key from the storage unit by using the terminal identifier of the first terminal. A transmitting unit transmits acquired encryption key to the first terminal.

Abstract: A system and method for automatically extracting contract data from electronic contracts includes an administrator module configured to provide templates for inputting document patterns and a list of contract data tags for each of a plurality of contract document types. A parser is configured to convert an electronic contract document into a contract text document and reformat the contract text document to provide a pattern for the text contract document. A pattern recognition engine is configured to determine a list of contract document types in the electronic contract by comparing and matching patterns of all known contract document types with the pattern of the contract text document. A contract data extraction engine is configured to extract contract data for each contract document type on the list.

Abstract: A method includes storing, at a storage location of a system, a first security value and utilizing, at the system, a first security certificate compatible with the first security value and incompatible with at least a second security value, wherein the first security certificate enables one or more processing features of the system in conjunction with the first security value. The method also includes receiving a certificate revocation stimulus and modifying a value at a first bit position of the storage location so as to convert the first security value stored at the storage location to the second security value. Another method includes receiving multimedia data at a system, wherein the multimedia data is representative of multimedia content including a digital watermark representing one or more system identifiers, and disabling at least one processing feature if the system identifiers includes a unique identifier associated with the system.

Abstract: Techniques for managing heterogeneous key stores are presented. A centralized key management service receives key instructions in a generic format. These key instructions are communicated to distributed key agents distributed over a network. The key agents translate the key instructions into native formats expected by distributed key stores. The key agents then process the key instructions in the native formats against the distributed key stores on behalf of the centralized key management service.

Abstract: An authentication printing system, comprising: an authentication unit that acquires authentication information from a user and authenticates based on the authentication information that the user possesses the authority to execute authentication printing (referred to as “authorized user”); a printing unit that acquires a print job corresponding to the authorized user from a printing job holding unit, and executes the authentication printing based on the print job (referred to as “print execution job”); a re-authentication unit that acquires the authentication information from a user upon completion of print processing, with regard to the print execution job, and authenticates based on the authentication information that the user is the authorized user of the print execution job; and a determination unit that determines that a printed matter is collected by the authorized user with regard to the print execution job, when re-authentication is completed with regard to the print execution job.

Abstract: In one embodiment, a method of forming a secure group from a plurality of nodes for communicating with a user A comprises performing a discover protocol, wherein after performing the discover protocol, all nodes belong to at most one small group and wherein all nodes in each small group share a common key. The method further comprises selecting a leader for each small group. The method further comprises, for each of the leaders, generating a respective common key for the user A and that respective leader. The method further comprises generating a key tree having a plurality of levels, wherein the keys for the lowest level of the key tree are the common keys generated for each leader and wherein the keys for each successive layer are generated by combining pairs of keys from lower levels of the key tree.