Abstract: An approach is provided for managing access rights of users to information spaces using signatures stored in a memory tag. A signature manager caused reading of a memory tag to initiate a request, from a device, for an initial access to an information space. The request includes an authorization signature associated with the device. The signature manager determines a level of access to the information space by comparing the authorization signature against a lattice of signature primitives associated with the information space. The signature manager then modifies the authorization signature based on the determination and stores the modified authorization signature for validation of subsequent access to the information space by the device.

Abstract: Systems and methods for establishing a security-related mode of operation for computing devices. A policy data store contains security mode configuration data related to the computing devices. Security mode configuration data is used in establishing a security-related mode of operation for the computing devices.

Abstract: A method and apparatus for distributing Certificate Revocation List (CRL) information in an ad hoc network are provided. Ad hoc nodes in an ad hoc network can each transmit one or more certificate revocation list advertisement message(s) (CRLAM(s)). Each CRLAM includes an issuer certification authority (CA) field that identifies a certification authority (CA) that issued a particular certificate revocation list (CRL), a certificate revocation list (CRL) sequence number field that specifies a number that specifies the version of the particular certificate revocation list (CRL) that was issued by the issuer certification authority (CA). Nodes that receive the CRLAMs can then use the CRL information provided in the CRLAM to determine whether to retrieve the particular certificate revocation list (CRL).

Abstract: This invention relates generally to a method and apparatus, as implemented by a software program on a computer system, for digitally producing counterfeit-deterring scrambled or encoded indicia images. This method and system are capable of combining a source image with a latent image so the scrambled latent image is visible only when viewed through a special decoder lens. The digital processing allows different latent images to be encoded according to different parameters. Additionally, latent images might be encoded into single component colors of an original visible image, at various angles from each other.

Abstract: An information processing apparatus includes a main memory unit storing while on-power; an auxiliary storage unit functionable even off-power; a control unit performing hibernation of generating operating-state data indicating a state when the power is lost, storing the data in the auxiliary storage unit, and, when restored, reading the data from the auxiliary storage unit; and a security chip that including a configuration register, encrypts data, and storing the data in the auxiliary storage unit. The control unit includes: a first registration unit performing, when the data is generated, calculation based thereon to obtain a calculated value; a second registration unit performing, when the data is read from the auxiliary storage unit at the hibernation, calculation based on the data to obtain a calculated value to write it into the configuration register; and a verification unit performing verification at boot-up from the hibernation based on the value written.

Abstract: Various embodiments of the present invention relates to systems, devices and methods of detecting tampering and preventing unauthorized access by incorporating programmability and randomness into a process of coupling, driving and sensing conductive wires that are arranged above sensitive areas in a secured system. Such a tampering detection system comprises a security mesh network, a random number generator, a security controller and a security monitor. The security mesh network includes a plurality of security elements made from the conductive wires. The security controller selects a subset of security elements, forms a security array, and generates a driving stimulus. The security monitor selects a SENSE node, monitors an output at the SENSE node, and generates a flag signal indicating the presence of a tampering attempt. Programmability and randomness are introduced to at least one of the system parameters including array configuration, driving stimulus, SENSE node, and detection mode via random numbers.

Abstract: A module for controlling integrity properties of a data stream input into a device, such as a machine for manufacturing or a management system related to such machines. A plurality of control items are registered in a database. At least one activable control means executes a control of one integrity property according to one of several registered control items. A list is attached to the database with selectable links for activating at least one of the control means. Configuration means perform on at least one of the links a chronological selection according to a predefined management profile on integrity properties of the data stream in order to introduce a selectable relative time delay between activations of control items. Due to that configuration, the integrity control thus obtained is provided with high reliability as well as in a very flexible manner.

Abstract: A system includes an encoding module and a decoding module. The encoding module generates a three-dimensional (3D) model of a part, modifies the 3D model to include a 3D structure, and generates a computer-aided design (CAD) file based on the modified 3D model. The decoding module determines whether the CAD file includes the 3D structure, authorizes operation of analysis software on the CAD file when the CAD file includes the 3D structure, and prohibits operation of the analysis software when the CAD file does not include the 3D structure.

Abstract: An IP server sends e-mail to a mobile device MS. This e-mail includes an application specifier that specifies startup of a Java application stored in mobile device MS and a data specifier that includes data used in operations executed by mobile device MS in accordance with a Java application. On the other hand, the ADF for the Java application stored in mobile device MS includes trusted source data containing a plurality of e-mail addresses that indicate trusted origins. Mobile device MS compares the e-mail transmission origin address with the trusted source data. Mobile device MS, only in the case where the transmission origin address of the received e-mail is included in the trusted source data, starts up a Java application based on an application specifier included in said e-mail, and uses data included in said data specifier in operations executed by that Java application.

Abstract: Identity authentication systems and techniques are disclosed which solves the problem associated with limited processing power and smart card technology in the handling of biometric authentication. By distributing the processing of an identity authenticating process between a smart card and a computer terminal, the complicated calculation involved in a biometrics matching process can be carried out to allow verification using biometric parameters stored on smart cards. There is disclosed a system and technique for user authentication, together with a system and technique for distributed processing. A registration method is also described.

Abstract: Techniques for processing filter rules are disclosed. To this end, filter rules having one or more attributes where each attribute indicates a condition to qualify whether a filter rule applies to a subsequent event are received. Summary rules are generated where each summary rule has a number of summary conditions. Some filter rules become associated with the generated summary rules. The summary conditions are extended to span the attributes of the associated filter rules.

Abstract: An access control system (10) is disclosed for controlling access to data stored on at least one data storage medium (14) of a computing system. The access control system (10) comprises authentication means (25) to authenticate users permitted to access data stored in the at least one data storage medium (14) and database means (29) arranged to store data access profiles. Each data access profile is associated with a user permitted to access data stored in the at least one data storage medium (14), each data access profile includes information indicative of the degree of access permitted by a user to data stored in the at least one data storage medium (14), and each data access profile includes a master data access profile (M) and a current data access profile (C). The current data access profile (C) is modifiable within parameters defined by the master data access profile (M).

Abstract: In accordance with one or more aspects, a current security policy for accessing a device or volume of a computing device is identified. A secondary access control state for the device or volume is also identified. An access state for the device is determined based on both the current security policy and the secondary access control state.

Abstract: A method provided herein includes the following steps: storing seal data of an electronic seal, a digital certificate, electronic signature program and a private key of a sealer in an external portable apparatus; performing a Hash conversion to a file to be sealed and the seal data of the electronic seal to generate a data digest, wherein the file to be sealed is a layout file; sealing, in the portable apparatus, the data digest using the private key of the sealer and the electronic signature program to generate an electronic signature result; and combining the file to be sealed, the seal data of the electronic seal, the digital certificate and the electronic signature result to generate a seal combination file.

Abstract: A system including a server apparatus executes an application program and a client apparatus enabling a user to utilize the application program by communicating with the server apparatus based on an instruction of the user. The server apparatus includes: an output detection section for detecting output-processing which is processing of outputting data from the application program into a shared area; and an output control section for storing instruction information in the shares area, instead of storing the output data outputted from the application program therein, in response to the detection of the output-processing, the instruction information specifying an acquisition method by which an authorized client apparatus acquires the output data.

Abstract: A method for locking the application program includes: when running a application program stored in a terminal, it judges whether a first unlocking key of the application program exists in the terminal; in the case that the first unlocking key does not exist, the terminal generates and stores the first unlocking key, and sends it to a device; judging whether the device has locked the application program, in the case that the result of judgment is no, proceeding to the first step, otherwise proceeding to the second step: the first step, the device locks the application program, generates a second unlocking key, and notifies the second unlocking key to a user, proceeding to the second step; the second step, performing the authentication process for the user; in the case that the first unlocking key exists in the terminal, the first unlocking key is sent to the device, judging whether the device has locked the application program or not, if not, proceeding to the third step, otherwise proceeding to the forth ste

Abstract: Embodiments are directed towards employing a plurality of single use passwords to provide phishing detection and user authentication. A user receives a plurality of single use passwords that expire within a defined time period after having been sent to a registered device. During a login attempt, the user enters a user name and a requested one of the passwords, which once entered expires. If valid, the user then enters a portion of another password to complete a displayed portion of a password, and a specified other one of passwords. If the displayed portion of the other passwords does not match any portion of one of passwords, then the user may detect a phishing attempt and terminate the login. If the user correctly the password data, the user may then access secured data. Each new login request requires a different set of passwords to be used.

Abstract: A system and a method of retrieving information is described. In a system according to the invention, software modules may be used to provide the user with information that is most likely to be the information desired.

Abstract: A method, service, system, computer program, etc., provides a list of acceptable authentication servers that a user could use to log in when accessing a networked device, such as a networked printer or document processing device. The embodiments include preparing a module, such as a dynamically loadable module (DLM) for use in the networked system accessed by the users. Each of the networked devices is enabled to accept the DLM. The embodiments forward the DLM to the networked devices as a print job along a print job submission path within the network. The networked devices recognize the DLM as a special job. Further, the networked devices use the DLM to install the XML file on each of the networked devices. Thus, the authentication server lists and authentication programs are updated within each of the networked devices using the DLM.

Abstract: A computer-implemented method of implementing information security. The method can include receiving a user input comprising a first user identifier and at least a second user identifier, determining whether the first user identifier corresponds to at least one of a plurality of existing user profiles, and determining whether the second user identifier corresponds to at least one of the plurality of existing user profiles. When it is determined that the first user identifier does not correspond to at least one of the plurality of existing user profiles, but that the second user identifier does correspond to at least one of the plurality of existing user profiles, the method can include selecting the user profile to which the second user identifier corresponds, automatically generating a unique user identifier, and associating the unique user identifier with the selected user profile.