Abstract: Under the present invention, when an application is deployed, certain information corresponding thereto will be stored in an Enterprise Application Directory (EAD). Thereafter, when an instance of the application is requested (e.g., by a requestor), the information is retrieved from the EAD. In addition, the instance is registered with an Application Access Registry (AAR). Registering the instance involves creating a record in the AAR, generating a unique application access key for the instance, and storing the access key with the information in the record. The access key (and optionally the information) is then returned to the requestor, which can then issue service requests to one or more grid services in the shared computer infrastructure. The service request will include the access key so that the grid service can identify the application by searching for the record in the registry using the access key.

Abstract: A method and apparatus prevent eavesdropping via a computer by detecting and alerting if more than one authorized driver is controlling a interface circuit that is providing audio or video input information. Further, prevention is performed by detecting and alerting if more than one authorized application programming interface is receiving audio or video input information from an authorized driver. Also, prevention is performed by detecting and alerting if more than one authorized software application is receiving audio or video input information from an authorized driver. In addition, prevention is performed by detecting and alerting upon first receipt of audio or visual information by an authorized software application via an authorized application programming interface and authorized driver.

Abstract: A computer-implemented method may provide resource-access information. The computer-implemented method may include determining a resource-access scope of a software application and determining whether a resource is within the resource-access scope. The computer-implemented method may also include retrieving resource information associated with the resource from a resource-information database and providing a notification that indicates whether the resource is within the resource-access scope. The notification may comprise the resource information. Additional computer-implemented methods and systems are also disclosed.

Abstract: A method, apparatus and a data storage device are provided for implementing data confidentiality and integrity of data stored in overlapping, shingled data tracks on a recordable surface of a storage device. A unique write counter is stored for each zone written to the recordable surface of the storage device. An encryption key is used together with the write counter information and a logical block address to encrypt each sector being written, and to decrypt all sectors being read. An individual sector is decrypted, obtaining the write counter information and reading the data sector. A message authentication code is stored for each zone. All sectors of the zone are read to perform integrity check on a sector.

Abstract: The invention relates to a method for securing an on-line transaction, comprising a proximity test which permits the proximity of the physical presence of the client to the on-line processing station (PT) with the authentication authority (AA) to be verified, an authentication test for the holder of the chipcard (CP) and a non-repudiation test for the transaction.

Abstract: In a private network setting in which various computers can be attached, the confidential or sensitive data within the various devices on the private network is vulnerable. The ability to copy such confidential or sensitive data to a storage device communicatively coupled to a client computer on the network is governed and controlled. Only devices that include an authentic stamp or digital certificate can be accessed by client computers. If a device does not have a valid stamp or the stamp has been black listed, then the access to the device can be prevented or greatly limited.

Abstract: The object of the present invention is to improve quality of service for customers by sharing and utilizing personal information on customers among variety of industries. In order to achieve the objective, the present invention comprises a personal information storage means (12), a communication means (8) to an external device and an information processing means (14) for controlling operation of each means thereof; wherein said personal information storage means (12) stores not only personal information on an information disclosing person, but also commodity provision information, etc. on commodity service which is provided for the information disclosing person for each information disclosing person of the personal information.

Abstract: A multifunctional apparatus control system includes a multifunctional apparatus an authentication information input device, an I/F converter, and a control server.

Abstract: A data recording apparatus and a data reproducing apparatus which ensure security of a portable recording medium, such as an optical disk. The apparatus has a security mode and a normal mode as operation modes. In the security mode, a system controller of the apparatus records a security identification signal in an area other than a user data area of the optical disk. At the time of copying of the optical disk, the security identification signal disappears, and a limitation is imposed on reproduction, thereby preventing copying operation. In the security mode, the system controller records the security identification signal in the area other than the user data area of the optical disk, as well as recording user data by means of converting an address through use of a password. At the time of reproduction of data, absence or presence of the security identification signal is ascertained. When the security identification signal is present, the address is inversely converted, thereby reproducing data.

Abstract: Described is a technique for detecting attacks on a data communications network having a plurality of addresses for assignment to data processing systems in the network. The technique involves identifying data traffic on the network originating at any assigned address and addressed to any unassigned address. Any data traffic so identified is inspected for data indicative of an attack. On detection of data indicative of an attack, an alert signal is generated.

Abstract: A halting key derivation function is provided. A setup process scrambles a user-supplied password and a random string in a loop. When the loop is halted by user input, the setup process may generate verification information and a cryptographic key. The key may be used to encrypt data. During a subsequent password verification and key recovery process, the verification information is retrieved, a user-supplied trial password obtained, and both are used together to recover the key using a loop computation. During the loop, the verification process repeatedly tests the results produced by the looping scrambling function against the verification information. In case of match, the trial password is correct and a cryptographic key matching the key produced by the setup process may be generated and used for data decryption. As long as there is no match, the loop may continue indefinitely until interrupted exogenously, such as by user input.

Abstract: A surveillance system and method for rapid set up and activating communication between at least one wireless input capture device ICD(s) and a corresponding digital input recorder (DIR) and/or another ICD, including the steps of providing base system; at least one user accessing the DIR via user interface either directly or remotely; the DIR and/or ICD searching for signal from the ICD(s) and establishing communication with them, thereby providing a secure surveillance system having wireless communication for monitoring a target environment.

Abstract: A method to access trusted user generated content (UGC) is provided. User registration information containing one or more identities is obtained. Each identity corresponds to an internet social network that is facilitated by one of a plurality of social network sites. The social relationships are collected using the provided user identities at the different social network sites and user extended social networks are created for each user by joining the social relationships collected. Then, UGC is collected from the plurality of social network sites and the collected UGC is correlated with the extended social networks. The correlated UGC is filtered according to the user configuration of a user making a request, and then the results are presented to the requesting user. A search function is provided to obtain information on demand, or alternatively, a user receives feeds of information according to configured information regarding the user's extended social network.

Abstract: Peculiar identification information to identify a recording medium itself is recorded onto the recording medium on which contents information as a target of a reproduction deadline management is recorded. At least the identification information recorded on the recording medium as mentioned above is read by a terminal apparatus and transmitted to a server apparatus. In the server apparatus, a reproduction possible deadline of the contents information recorded on the recording medium is managed on the basis of reproduction possible deadline information indicative of the reproduction possible deadline regarding the contents information recorded on the recording medium on the basis of at least the identification information. Thus, when the reproduction deadline of the contents recorded on the recording medium is managed, the operation for allowing the server apparatus side to set registration information such as personal information or the like of the user as in the conventional system is unnecessary.

Abstract: A reputation server is coupled to multiple clients via a network. Each client has a security module that detects malware at the client. The security module computes a hygiene score based on detected malware. The security module provides the hygiene score and an identifier of a visited web site to a reputation server. The security module also provides identifiers of files encountered at specified web sites to the reputation server. The reputation server computes secondary hygiene scores for web sites based on the hygiene scores of the clients that visit the web sites. The reputation server further computes reputation scores for files based on the secondary hygiene scores of sites that host the files. The reputation server provides the reputation scores to the clients. A reputation score represents an assessment of whether the associated file is malicious.

Abstract: In order to facilitate the management of the hardware key of a library apparatus employing the LTO system, a write function of a noncontact memory (CM: cartridge memory) contained in an LTO tape cartridge is implemented in a medium carrying mechanism part of the library apparatus, and during an insertion to a tape drive, the IDs unique to a library control part and to the medium carrying mechanism part are recorded in the non-contact memory and utilized as the hardware key of an encrypting apparatus. The hardware key written once is overwritten (erased) during an ejection, thereby preventing leakage of key information.

Abstract: A system for, and method of, generating a plurality of proxy identities to a given originator identity as a means of providing controlled access to the originator identity in electronic communications media such as e-mail and instant messaging.

Abstract: A method of operating a digital program playback device, including: receiving, via a first communications network, a data stream including an encrypted data portion representative of a program; identifying, from the received data stream, an identifier associated with the program; transmitting the program identifier and a device identifier associated with the digital program playback device to an authorization device via a second communications network; receiving, via the second communications network, a decryption key in response to the transmission; and, decrypting the data stream using the decryption key and generating an output signal for playback of the program.

Abstract: The invention relates to a cryptographic method involving an integer division of type q=a div b and r=a mod b, wherein a is a number of m bits, b is a number of n bits, with n being less than or equal to m, and bn?1 being non-null and the most significant bit of b. In addition, each iteration of a loop subscripted by i, which varies between 1 and m?n+1, involves a partial division of a word A of n bits of number a by number b in order to obtain one bit of quotient q. According to the invention, the same operations are performed with each iteration, regardless of the value of the quotient bit obtained. In different embodiments of the invention, one of the following is also performed with each iteration: the addition and subtraction of number b to/from word A; the addition of number b or a complementary number /b of b to word A; or a complement operation at 2n of an updated datum (b or /b) or a dummy datum (c or /c) followed by the addition of the datum updated with word A.

Abstract: A method of identifying the originator of a message transmitted between a client and a server system is provided. The method includes modifying a message to be transmitted between a client and a server system to include a session identification flag and/or a session identifier 500 (e.g., at an end of the message). The method optionally includes one or more of the steps of re-computing a control portion of the message to reflect the inclusion of the session identification flag and the session identifier 502, transmitting the message between the client and the server system 504, and checking the transmitted message for the session identification flag 506, reading the session identifier of the transmitted message to determine the originator of the message 508, removing the session identification flag and/or the session identifier from the transmitted message 510, and re-computing the control portion of the message to reflect the removal of the session identification flag and/or the session identifier 512.