Abstract: Electronic information is encoded and transmitted by comparing values of adjacent pixels in an electronic image, determining an amount of entropy present in values of adjacent pixels, identifying a highest-order non-matching bit in the values of adjacent pixels, replacing bits of lower order than the highest-order non-matching bit with data, storing the image and replaced bits in a computer memory, and transmitting the image and replaced bits, via a computer network, to a recipient.

Abstract: A Digital Rights Management (DRM) system provides a lightweight layering of encryption and decryption of keys that allows efficient use of different cryptographic techniques to effect the secure delivery of multimedia content. Asymmetric cryptography, where a public key is used to encrypt information that can only be decrypted by a matched private key, is used by the DRM system to deliver symmetric keys securely.

Abstract: Described is an architecture for providing access to administrative functionality in a virtualization system using implied authentication. This approach avoids the problems associated with the requirements to use a user ID and password to access an admin console. The user ID and password can be rendered completely unnecessary, or where the user ID and password combination is only used as a supplement to the implied authentication.

Abstract: A system and method for managing implementation of policies in an information technologies system receives at least one policy function, at least one refinement template and at least one available policy function from the at least one memory, receives a policy input indicating a high-level policy for the IT system where the policy input is compliant with the at least one policy function and is received in a format that is not machine-enforceable at an enforcement entity of the IT system, based on the received policy input, automatically or semi-automatically generates a machine-enforceable rule and/or configuration by filling the at least one refinement template, where the machine-enforceable rule and/or configuration includes the at least one available policy function and being compliant with the received policy input, and distributes the machine-enforceable rule and/or configuration to the at least one memory of the IT system or another at least one memory to thereby enable implementation of the policies.

Abstract: A method includes transmitting, from a first device, a message indicating that the first device is available to share a resource. The method includes receiving, at the first device, a request to use the resource. The request is received from a second device and includes authentication information. The method includes, based on a determination that the second device is unknown to the first device, determining whether the second device is authenticated based on the authentication information. The method also includes, based on determining that the second device is authenticated, sharing the resource of the first device with the second device.

Abstract: Technology is disclosed for mitigating account enumeration and thus enhances network security. The technology can receive from a client computing device a sequence of characters corresponding to a portion of an email address input by a user. The technology retrieves a set of email addresses that have a common first portion identical to the received sequence of characters and generates hashed data. The hashed data is sent to the client computing device. A result value is then generated by hashing the input email address by using the same hashing function as the hashed data. If the result value is in the hashed data, the technology displays a text region for collecting from the user a password.

Abstract: A token-verifiable proxy uploader is disclosed. A token request may be transmitted from an end-user communication device for requesting an upload token from a hosted services server that is configured to authorize transmission of a first media file to a hosted proxy server. The upload token may be transmitted to the end-user communication device. Validation of the user of the end-user communication device may be conducted without the end-user device providing any credentials to the media sharing site and in which the end-user device is does not transmit any credentials specific to the media sharing site as part of the validation. The token validation call may be in response to the hosted proxy server receiving the upload token and either: (1) the first media file from the end-user communication device; or (2) a request from the end-user communication device to upload the first media file to the hosted proxy server.

Abstract: Methods, systems, and computer-readable storage media for enforcing access control in encrypted query processing. Implementations include actions of obtaining a set of user groups based on the user credential and a user group mapping, obtaining a set of relations based on the query, obtaining a set of virtual relations based on the set of user groups and the set of relations, receiving a first rewritten query based on the set of virtual relations and a query rewriting operation, encrypting the first rewritten query to provide an encrypted query, and transmitting the encrypted query to at least one server computing device over a network for execution of the encrypted query over access controlled, encrypted data.

Abstract: An authentication-related request sent from a mobile device to an authentication server is received at a proxy server. A posture of the mobile device is dynamically determined based at least in part on information included in the request. The request is validated based at least in part on the dynamically-determined posture. The proxy server communicates with an authentication server on behalf of the mobile device to obtain authentication information usable by the mobile device to access a service.

Abstract: A permitting system for controlling devices in a system includes a permit issuing agent that receives a command to be sent to a device. Based upon at least one attribute of the command, the permit issuing agent identifies one or more business logic modules that is pertinent to the command. Each business logic module has a respectively different set of business rules associated with it. Each identified business logic module determines whether the command complies with the business rules associated with that module. If the command is determined to comply with the business rules of all of the identified business logic modules, the agent issues a permit for the command, and the permit is sent to the device for execution of the command.

Abstract: Identification of potential fraudulent website activity is performed based on log entry analysis. A log entry representing a user referral from an external referrer is processed to determine whether the referred user performed a log in procedure at a user account website of an organization. The external referrer is, for example, a phishing website. In one example, the referred user first accesses an enterprise website of the organization via the phishing website and subsequently accesses the user account website via the phishing website. In an alternate example, the referred user only accesses the user account website via the phishing website. Upon determining the referred user performed a log in procedure at the user account website, a fraud prevention system is notified.

Abstract: A disclosed example involves managing power states, signing a suspend-to-RAM (STR) data structure by: generating a header key, a scatter/gather table key and a dynamic random access memory (DRAM) key using a root key generated by the secure processor. Generating a header signature using the header key, the header signature based on a table header and a random or pseudo-random value. Generating a scatter/gather table signature using the scatter/gather table key, the scatter/gather table signature based on a scatter/gather table header and a random or pseudo-random value. Generating a DRAM signature using the DRAM key and a value from a region of DRAM. Storing the header signature, the scatter/gather table signature and the DRAM signature in the STR data structure. Resume the processor system from the low-power mode when the data structure is valid based on a comparison of a first signature and a second signature.

Abstract: A novel method and apparatus for protection of streamed media content is disclosed. In one aspect, the apparatus includes control means for governance of content streams or content objects, decryption means for decrypting content streams or content objects under control of the control means, and feedback means for tracking actual use of content streams or content objects. The control means may operate in accordance with rules received as part of the streamed content, or through a side-band channel. The rules may specify allowed uses of the content, including whether or not the content can be copied or transferred, and whether and under what circumstances received content may be “checked out” of one device and used in a second device. The rules may also include or specify budgets, and a requirement that audit information be collected and/or transmitted to an external server. In a different aspect, the apparatus may include a media player designed to call plugins to assist in rendering content.

Abstract: A virtual security coprocessor is created in a first processing system. The virtual security coprocessor is then transferred to a second processing system, for use by the second processing system. For instance, the second processing system may use the virtual security coprocessor to provide attestation for the second processing system. In an alternative embodiment, a virtual security coprocessor from a first processing system is received at a second processing system. After receiving the virtual security coprocessor from the first processing system, the second processing system uses the virtual security coprocessor. Other embodiments are described and claimed.

Abstract: According to an embodiment of the present invention, an image output apparatus for outputting an output target image acquired from an external storage device which stores the output target image and which is externally connected to the image output apparatus includes a receiving unit configured to receive an access request requesting to access the external storage device, an authentication-information storage unit with authentication information stored therein, an authentication unit configured to perform authentication of the access request using the authentication information, and a control unit configured to control access to the external storage device based on a result of the authentication.

Abstract: A system and method for controlling distribution and use of digital identity representations (“DIRs”) increases security, usability, and oversight of DIR use. A DIR stored on a first device may be obtained by a second device for use in satisfying the security policy of a relying party. Release of the DIR to the second device requires permission from a device or entity that may be different from the device or entity attempting to access the relying party. Further, the use of the DIR to obtain an identity token may separately require permission of even a different person or entity and may be conditioned upon receiving satisfactory information relating to the intended use of the DIR (e.g., the name of the relying party, type of operation being attempted, etc.). By controlling the distribution and use of DIRs, security of the principal's identity and supervisory control over a principal's activities are enhanced.

Abstract: A method, which is performed in a first electronic device, for authorizing access to a second electronic device is disclosed. The method may include establishing communication between the first electronic device and the second electronic device. The method may also obtain data indicative of a motion of at least one of the first and second electronic devices in response to a movement of the at least one of the first and second electronic devices. Based on the data, a control signal authorizing access to the second electronic device is generated, and transmitted to the second electronic device.

Abstract: A digital identity device for uniquely identifying legal entities. The digital identity device is used for secure electronic communications.

Abstract: A server-implemented technique can include obtaining external context parameters indicative of an external context of a video chat session, calculating an abuse score based on the external context parameters, the abuse score being indicative of a likelihood the video chat session is abusive, and comparing the abuse score to an abuse score threshold. When the abuse score exceeds an abuse score threshold, the server can transmit, to a reviewer computing device, a request for a human reviewer to review a recorded portion of the video chat session for abuse. When the reviewer computing device returns a response indicating that the human reviewer deemed the video chat session to be abusive, the server can modify a profile of a participant in the abusive video chat session to obtain a modified profile, and generate an output based on the modified profile.

Abstract: A virtual security coprocessor is created in a first processing system. The virtual security coprocessor is then transferred to a second processing system, for use by the second processing system. For instance, the second processing system may use the virtual security coprocessor to provide attestation for the second processing system. In an alternative embodiment, a virtual security coprocessor from a first processing system is received at a second processing system. After receiving the virtual security coprocessor from the first processing system, the second processing system uses the virtual security coprocessor. Other embodiments are described and claimed.