Abstract: An information processing device includes: a data processing unit that executes a process of reproducing content recorded in a medium, wherein the data processing unit acquires a token from the medium, the token being management data corresponding to content recorded in the medium, compares a server ID recorded in the acquired token with a server ID recorded in a server certificate acquired from a server from which the management data is acquired, and halts reproduction of content when the two server IDs are not identical.

Abstract: Disclosed in one example is a method of authenticating with multiple social network services. The method may include storing first authentication information associated with a user for a first social networking service using at least one computer processor, receiving second authentication information associated with the user for a second social networking service from a social networking application, and sending to the social networking application the first authentication information. The first authentication information may enable the social networking application to utilize a protected application programming interface call for the first social networking service and the second authentication information may enable the social networking application to utilize a protected application programming interface call for the second social networking service.

Abstract: There is provided a system and method for a digital receipt for use with an interoperable keychest. There is provided a method for online registration of a digital receipt associated with a content, comprising performing a transaction to obtain from a first distributor the content encrypted by a title key and a first digital rights management (DRM) license usable with the first distributor to access the title key, receiving from the first distributor the digital receipt associated with the content including information relevant to the transaction, and transmitting the digital receipt to the interoperable keychest acting as a central key repository (CKR) for an online registration of the digital receipt associated with the content. Authorized media distributors may then generate new DRM licenses using the CKR, enabling interoperable content playback of the same universal file across different media distributors and clients.

Abstract: A security auditing computer system efficiently evaluates and reports security exposures in a target Web site hosted on a remote Web server system. The auditing system includes a crawler subsystem that constructs a first list of Web page identifiers representing the target Web site. An auditing subsystem selectively retrieves and audits Web pages based on a second list, based on the first. Retrieval is sub-selected dependent on a determined uniqueness of Web page identifiers relative to the second list. Auditing is further sub-selected dependent on a determined uniqueness of structural identifiers computed for each retrieved Web page, including structural identifiers of Web page components contained within a Web page. The computed structural identifiers are stored in correspondence with Web page identifiers and Web page component identifiers in the second list. A reporting system produces reports of security exposures identified through the auditing of Web pages and Web page components.

Abstract: Provided are techniques for transmitting a lightweight domain access protocol (LDAP) request from an user interface application (UIA) to a LDAP server, receiving, at the UIA, a LTPA token in response to the transmitting of the LDAP request; transmitting, from the UIA, to a command line interface associated with an application, the LTPA token in conjunction with a command to be executed by the application; verifying by the application the LTPA token; and in response to the verifying, executing, by the application the command. The techniques also include transmitting, from the application, to a second command line interface associated with a second application, the LTPA token in conjunction with a second command to be executed by the second application; verifying by the second application the LTPA token; and in response to the verifying by the second application, executing, by the second application the second command.

Abstract: A method is provided in one example embodiment that includes receiving in an external handler an event notification associated with an event in a virtual partition. A thread in the process in the virtual partition that caused the event can be parked. Other threads and processes may be allowed to resume while a security handler evaluates the event for potential threats. A helper agent within the virtual partition may be instructed to execute a task, such as collecting and assembling event context within the virtual partition, and results based on the task can be returned to the external handler. A policy action can be taken based on the results returned by the helper agent, which may include, for example, instructing the helper agent to terminate the process that caused the event.

Abstract: Methods and systems for deploying management tunnels between managed and managing devices are provided. According to one embodiment, a managed device receives an address of a management device. The managed device has stored therein a pre-configured unique identifier of an authorized management device and a digital certificate assigned to the managed device prior to installation of the managed device within a network. A tunnel is established between the devices. The management device has stored therein a digital certificate assigned to the management device prior to installation of the management device within the network. The digital certificate of the management device is received by the managed device. Prior to allowing the management device to use the tunnel to perform management functionality in relation to the managed device, a unique identifier included within or associated with the digital certificate of the management device is confirmed with reference to the pre-configured unique identifier.

Abstract: Systems and methods for providing electronic content and applications to residents of controlled-environment facilities are disclosed. The portable computing device may be configured to determine that an external memory has been coupled to it. The external memory may include content requested by the resident and a key configured to allow the device to access the content to the exclusion of other devices associated with other residents. The portable computing device may retrieve the key from the external memory and allow the resident to view or play the content if the key matches a lock programmed within the device. If the resident attempts to insert a non-authorized external memory into the device, its contents may be erased and/or an alert may be generated. The content of the external memory may be transferred to the portable computing device and then the external memory may be locked so that it is unusable.

Abstract: An approach for monitoring and protecting electronic data in a networked computing environment (e.g., a cloud computing environment) is provided. In a typical embodiment, an activity monitor gathers characteristics of data traffic of one or more virtual machines. The data traffic is analyzed to determine whether any of the data traffic is indicative of a malicious activity (e.g., unauthorized data transfers). If it appears a VM is engaging in malicious activity, then a counter for the VM is incremented by a predefined value that is associated with the malicious activity. When the counter for the VM exceeds a point threshold, a remediation action is taken with respect to the VM.

Abstract: A way of sharing a set of data where each data item is stored at a different file path. The data items may be files or folders that reside on different remote storage servers or within the same file system. One or more data items in the set of data do not share a common root folder. Data items in the set of data that share a common root folder are stored amongst other data items in the common root folder that do not belonging to the set of data items to be shared. A single URL or link is generated to provide immediate access to the set of data to recipients of the URL or link.

Abstract: There is provided a method for using a multi-user operating system. A user attempts to access the multi-user operating system. The user is prompted to enter a shared credential associated with the multi-user operating system and an individual credential of the user. The entered shared credential and the entered individual credential are verified. Access is granted to the user if both the entered shared credential and the entered individual credential are verified. Commands entered by the user granted the access are tracked via the entered shared credential while the user is using the multi-user operating system. The tracked commands indicate the entered individual credential.

Abstract: System and methods are provided for performing privacy-preserving, high-performance, and scalable DNA read mapping on hybrid clouds including a public cloud and a private cloud. The systems and methods offer strong privacy protection and have the capacity to process millions of reads and allocate most of the workload to the public cloud at a small overall cost. The systems and methods perform seeding on the public cloud using keyed hash values of individual sequencing reads' seeds and then extend matched seeds on the private cloud. The systems and methods are designed to move the workload of read mapping from the extension stage to the seeding stage, thereby ensuring that the dominant portion of the overhead is shouldered by the public cloud.

Abstract: The subject matter described herein includes methods, systems, and computer readable media for preventing software piracy. One method includes specifying at least one codemark that is intrinsic to a computing system. The method further includes inserting guard code in an application. The guard code including a first code portion that uses a codemark and produces an output that depends on a value of the codemark and a second code portion that uses the output of the first code portion. The method further includes executing the first and second code portions and selectively triggering a protective action based on the output of the second code portion. Multiple types, styles, and frequencies of guard codes can be used to provide in-depth, long lasting, and strong protection.

Abstract: In a method of providing software for use by a control unit of a vehicle, before its use by the control unit, the software is signed according to a public-key method against a falsification, using the secret or private key of a software signature site. The signed software is checked for integrity by using the public key complementary to the secret key of the software signature site.

Abstract: A wireless communication system includes a system and method for encryption of multicast data between a subscriber station and a base station that communicate a multicast service in a Machine-To-Machine (M2M) communication system. An M2M service controller manages the multicast service manages information for encrypting the multicast data and provides the information to the subscriber station and the base station.

Abstract: A method of performing a Real-Time Communication in Web-browsers (RTCWEB) identity authentication based on an authentication of a non-RTCWEB compliant Identity Provider (IdP) server comprising receiving, by an RTCWEB IdP client, an RTCWEB identity authentication request from a user agent, creating a session resource with a Relying Party (RP) client, wherein the RP client guards the session resource, instructing the user agent to authenticate with the RP client by employing a non-RTCWEB identity protocol to access the session resource, receiving authentication results from the non-RTCWEB compliant IdP server via the RP client, and sending an RTCWEB authentication to the user agent via the session resource.

Abstract: A user may access an institution system via more than one communications channel, either by the same device (e.g., a mobile device accessing the institution system via a voice channel and a data channel) or by different devices (e.g., a personal computer via a web channel and a phone via a voice channel). If a user is not currently authenticated to a communications channel and attempts to access the institution system via a communications channel, the user may be authenticated using strong authentication. If the user is currently authenticated to the institution system via a communications channel and would like to engage a second communications channel to access the institution system, the user may authenticate to the second communications channel using both communications channels and weak authentication, such as single factor authentication or a challenge question.

Abstract: A method includes receiving from a client device at a client interface application a request to access an application, determining whether the application is external to a communication network, redirecting the request to an external communication server when the application is external to the communication network, sending the request from the external communication server to the application that is external to the communication network, receiving information from the application that is external to the communication network at the external communication server responsive to sending the request, and replicating a screen of the external communication server containing the information received from the application for display at the client interface application.

Abstract: Methods and systems are disclosed that generally involve handling logins for a user accessing a plurality of computer resources. In one embodiment, once a user enters login information for a first computer resource, the login information can be stored and/or re-used to access a plurality of other computer resources without the user having to re-enter the login information for each resource. The methods and systems can involve a software framework in communication with various plugins, each plugin including one or more login candidates representing a type of a computer resource. The plugins and/or login candidates can allow the framework to pluggably and dynamically recognize and log into various types of computer resources.

Abstract: A virtual private network (VPN) device is described that provides a strict anti-replay mechanism for packets in a group VPN. An example first VPN device includes one or more processors, one or more network interfaces configured to receive a packet having an encryption header that includes a group VPN member identifier association with a second VPN device and a sequence number, wherein the first and second VPN devices are members of a group VPN, a data repository configured to store a window of sequence numbers maintained by the first VPN device for the second VPN device, and a VPN session management module operable by the one or more processors to identify the window of sequence numbers based on the group VPN member identifier, determine whether the sequence number of the header is included in the window of sequence numbers, and process the packet based on the determination.