Abstract: It is an object of this invention to implement a predicate encryption scheme with delegation capability. A cryptographic process is performed using dual vector spaces (dual distortion vector spaces) of a space V and a space V* paired through a pairing operation. An encryption device generates as a cipher vector a vector in which transmission information is embedded, the cipher vector being the vector of the space V. Using a predetermined vector of the space V* as a key vector, a decryption device performs the pairing operation on the cipher vector generated by the encryption device and the key vector to decrypt the cipher vector and to extract information concerning the transmission information.

Abstract: A data communication system and method in which a need to store a frame count value in a non-volatile memory and update the frame count value is obviated, and in which the effect resulting when a frame with its frame count value altered to a value close to a full count value is transmitted is reduced. When a valid frame count value is not held, an inquiry is made for a frame count value. The frame count value is notified from the receiving end, and the frame count value is acquired. An encryption key is generated on the basis of the frame count value. Data is encrypted with the encryption key. Data in a frame structure is transmitted. When the frame transmission ends, the frame count value is incremented.

Abstract: Semantic information may be secured by an agent using one or more semantic security labels (e.g., security predicates). The agent may be configured to allow other agents to access the semantic information according to a set of semantically expressed policies, strategies, and/or rules. A request to receive information may be mapped to a negotiation policy of the agent. The agent may evaluate the request against a semantic information sharing policy. If the information is accessible under the information sharing policy, the information may be provided. If not, the agent may negotiate information sharing terms using the negotiation ontology, strategy, and rules. Similarly, the agent may request information from other entities. Terms of the information requests may be negotiated using the negotiation ontology, strategy, and rules.

Abstract: System and methods for leveraging passive networks are disclosed. In one embodiment, a method includes receiving, from a first data source, a first data descriptor, wherein the first data descriptor identifies an instance of contact between at least two persons. The method also includes determining a connection between the at least two persons, wherein the connection is based on an instance of contact between the at least two persons identified in the first data descriptor. The method further includes determining, with a processor, a first contact count for the connection, the first contact count based on a number of instances of contact between the at least two persons associated with the connection. The method also includes calculating, with the processor, a connection score for the connection, wherein the connection score is based at least in part on the first contact count.

Abstract: This document describes various techniques for distributing credentials based on hardware profiles. A resource access request including a hardware profile is transmitted to a remote entity having access to a previous hardware profile and a credential useful to access a resource is received if at least a portion of the hardware profile matches the previous hardware profile.

Abstract: Implementations of the present disclosure include methods, systems, and computer-readable storage mediums for receiving an encrypted first data set from a first entity, storing the encrypted first data set in computer-readable memory, receiving an encrypted second data set from a second entity, storing the encrypted second data set in computer-readable memory, receiving public encryption information associated with the encrypted first data set and the encrypted second data set, storing the public encryption information in computer-readable memory, and processing, using the one or more processors, the encrypted first data set and the encrypted second data set to provide the set intersection, wherein an advantage of a first adversary in guessing data elements of the encrypted first data set is negligible in a security parameter.

Abstract: Apparatuses, computer readable media, methods, and systems are described for identifying risk assessment queries for assessing risk of a process, providing the identified risk assessment queries to a client device for presentation, receiving response data from the client device comprising responses to the risk assessment queries, determining response values for at least some of the risk assessment queries based on the received response data, and calculating a process risk metric based on the determined response values.

Abstract: A method, system, and apparatus for agile generation of one time passcodes (OTPs) in a security environment, the security environment having a token generator comprising a token generator algorithm and a validator, the method comprising generating a OTP at the token generator according to a variance technique; wherein the variance technique is selected from a set of variance techniques, receiving the OTP at a validator, determining, at the validator, the variance technique used by the token generator to generate the OTP, and determining whether to validate the OTP based on the OTP and variance technique.

Abstract: Methods and devices for storing sent message data are described. The sent message data corresponds to a message sent to a destination by a communication device via a server. The method includes compiling a first portion of the message which has a plurality of components; applying security encoding to the first portion; and storing the first portion. The first portion includes at least one but not all of the plurality of components in the message, and pointers to the components not included in the first portion.

Abstract: A method and system for managing an air interface key are provided in the present invention, which relate to the communication field; the method including: a serving GPRS Support Node+ (SGSN+) or a Mobile Switching Centre/Visitor Location Register+ (MSC/VLR+) transmits a key distributing message to a Radio Network Controller+ (RNC+), wherein the message carries at least one of an intermediate key KASMEU, a ciphering key CKU or an integrity key IKU.

Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for booting a computing device having an encrypted storage medium using full disk encryption, referred to as tamper-resistant boot. The system retrieves a kernel cache and a kernel cache digest from an unencrypted storage medium and verifies the authenticity of the kernel cache based on the credentials and the kernel cache digest. Initiation and execution of the operating system is performed if the kernel cache is authentic. In one embodiment, the system verifies the authenticity of a request to disable tamper-resistant booting by utilizing a password verifier and a password proof.

Abstract: Methods and apparatus for connecting, e.g., bridging, a cable network to other networks and/or devices is described. A bridge device facilitates the distribution of cable provider content to end users operating IP based devices. The bridge device performs one of more of the following: interface protocol conversions, user device controlled tuner selection, transcoding of data, transrating of a data stream, decryption in accordance with a conditional access protocol and re-encryption in accordance with an authorized service domain protocol.

Abstract: A category setting part sets a type of a decoded image based on characteristics of the decoded image which are fineness of the decoded image and an intensity of movement of the decoded image. A code amount setting part sets a target code amount of an output image based on the type of the decoded image. A quantization step value setting part sets a quantization step value of the output image based on the target code amount of the output image. A transcoder can set the target code amount of the output image depending on fineness of the decoded image. The transcoder can distribute the target code amount of the output image to a reference image and a predicted image depending on the intensity of movement of the decoded image.

Abstract: The present invention discloses an encoding apparatus using a Discrete Cosine Transform (DCT) scanning, which includes: a mode selection means for selecting an optimal mode for intra prediction; an intra prediction means for performing intra prediction onto video inputted based on the mode selected in the mode selection means; a DCT and quantization means for performing DCT and quantization onto residual coefficients of a block outputted from the intra prediction means; and an entropy encoding means for performing entropy encoding onto DCT coefficients acquired from the DCT and quantization by using a scanning mode decided based on pixel similarity of the residual coefficients.

Abstract: A digital media device and a method for sharing data include a source device sending a search request to search digital media devices under a power-on status, and sending a control command to a middle device from the found digital media devices, to control the middle device to search at least one target device under a power-off status. The data sharing method further includes sending a power-on command to the middle device to power on the target device. The data sharing method further includes sharing data with the target device when the target device powering on successfully and supporting DLNA network.

Abstract: A system and method for encoding multimedia video is described. As video is encoded a quantization parameter is selected for each macroblock. As described herein, the quantization parameter for each macroblock may be selected by limiting the universe of all possible quantization parameters to a particular range of possible quantization parameter values. This increases the speed of video encoding by reducing the number of quantization parameters that are tested for each video macroblock.

Abstract: A computer-implemented method to detect a potentially malicious uniform resource locator (URL) is described. A presentation of a URL on a display of a computing device is detected. An actual URL associated with the URL presented on the display is obtained. The URL presented on the display is compared to the actual URL associated with the presented URL. If the URL presented on the display does not match the actual URL, the actual URL is prevented from being accessed.

Abstract: A security system includes an appliance to be secured, including a processor and a first wireless transceiver for accessing a data network with a first power requirement; and a second wireless transceiver receiving power to operate even if the appliance is off, hibernates or sleeps, the second wireless transceiver operating at a second power requirement lower than the first power requirement, the second wireless transceiver communicating a signal indicating a security status of the appliance.

Abstract: A method and apparatus for representing policies and searching for polices that match a packet are provided. The policies being represented and searched for include policies that overlap and policies that have “don't care” attributes.

Abstract: An electronic device 100 executes a key-using process that uses a key. A physical quantity generation part 190 generates a physical quantity intrinsic to the electronic device and having a value which is different from one electronic device to another and different each time the physical quantity is generated. A key generation part 140 generates the same key for each key-using process, based on the physical quantity generated by the physical quantity generation part 190, each time the key-using process is to be executed, immediately before the key-using process is started. A key-using process execution part 1010 executes the key-using process such as generation of a keyed hash value, by using the key generated by the key generation part 140. A control program execution part 180 deletes the key generated by the key generation part 140, each time the key-using process is ended.