Abstract: A system for, and method of, generating a plurality of proxy identities to a given originator identity as a means of providing controlled access to the originator identity in electronic communications media such as e-mail and instant messaging.

Abstract: Secure communications may be established amongst network entities for performing authentication and/or verification of the network entities. For example, a user equipment (UE) may establish a secure channel with an identity provider, capable of issuing user identities for authentication of the user/UE. The UE may also establish a secure channel with a service provider, capable of providing services to the UE via a network. The identity provider may even establish a secure channel with the service provider for performing secure communications. The establishment of each of these secure channels may enable each network entity to authenticate to the other network entities. The secure channels may also enable the UE to verify that the service provider with which it has established the secure channel is an intended service provider for accessing services.

Abstract: Dynamic encryption for network communication includes distributing a key to a network entity and storing the key into the key table. A key in the key table is used to encrypt data, and an index of the used key in the key table is attached to the encrypted data. The encrypted data is sent to the network entity. Dynamic decryption for a network communication includes receiving a key from a network entity and storing the received key into a key table. Encrypted data is received from the network entity. A key in the key table is located based on an index attached to the data and the data is decrypted with the located key.

Abstract: According to embodiments of the present invention, a computing device provides a security rules subset of a server-side protection element to a pre-validation component deployed at a client side. The computing device validates the user input based on the security rules. The computing device determines, in response to detecting a user input violation and that a violated security rule has/or has not been provided to the pre-validation component, the user as a first or second class of users. The computing device performs different security protection actions to the first and second class of users. The computing device asynchronously performs a dynamic update to the security rule subset provided to the pre-validation component. The security rule subset is screened from the security rules of the server-side protection means. A policy for screening the security rule subset is selected.

Abstract: In one example, a network device may be configured to authenticate a user based on a first pre-shared secret associated with a first login request as a condition to granting the user limited access. The network device may be configured to determine whether a received second request for the user is associated with an additional level of access. The network device may be configured to, in response to determining that the second request is associated with the additional level of access, authenticate the user based on a second pre-shared secret as a condition to granting the user the additional level of access.

Abstract: An authorized user may be provided access to a service only when a wireless token assigned to the user is in the proximity of a computing device. A user's credential may be stored on an RFID token and an RFID reader may be implemented within a security boundary on the computing device. Thus, the credential may be passed to the security boundary without passing through the computing device via software messages or applications. The security boundary may be provided, in part, by incorporating the RFID reader onto the same chip as a cryptographic processing component. Once the information is received by the RFID reader it may be encrypted within the chip. As a result, the information may never be presented in the clear outside of the chip. The cryptographic processing component may cryptographically encrypt/sign the credential received from the token.

Abstract: A system comprises one or more slave elements operably coupled to a plurality of master devices. A central protection function is operably coupled to a first communication bus and configured to control data flow between the one or more slave elements and the plurality of master devices via the communication bus.

Abstract: A user device is configured to receive a request to obtain a service, an application, or content from a provider; obtain, based on receiving the request, a token that may correspond to a user of the user device and may obfuscate an identity of the user to the provider; modify the request to include the token and to form a modified request; provide the modified request to the provider; receive, based on providing the modified request, information regarding the service, the application, or the content from the provider; and present the information for display on a display screen.

Abstract: The present invention includes a system and process for monitoring the existence of secured, marked digital files. A cryptographic token inertly embedded in markup language tags of digital files is sought in relation to external, third-party databases, e.g. files over the Internet. Instances of files lacking the cryptographic token are identified.

Abstract: A mobile security system connects to a mobile device and filters out attacks and malicious code. Using the mobile security system, a mobile device can be protected by greater security and possibly by the same level of security offered by a corporation, enterprise, or other entity associated with the mobile device.

Abstract: Techniques for representation and verification of data are disclosed. The techniques are especially useful for representation and verification of the integrity of data (integrity verification) in safe computing environments and/or systems (e.g., Trusted Computing (TC) systems and/or environments). Multiple independent representative values can be determined independently and possibly in parallel for respective portions of the data. The independent representative values can, for example, be hash values determined at the same time for respective distinct portions of the data. The integrity of the data can be determined based on the multiple hash values by, for example, processing them to determine a single hash value that can serve as an integrity value.

Abstract: A user sets a design and uses that to get access to a resource. The design can include lines, and distances of lines, directions and locations. The design can require a user to select a color and can include colors and amounts by which the different entered parts need to overlap.

Abstract: An information processing apparatus includes a main memory unit storing while on-power; an auxiliary storage unit functionable even off-power; a control unit performing hibernation of generating operating-state data indicating a state when the power is lost, storing the data in the auxiliary storage unit, and, when restored, reading the data from the auxiliary storage unit; and a security chip that including a configuration register, encrypts data, and storing the data in the auxiliary storage unit. The control unit includes: a first registration unit performing, when the data is generated, calculation based thereon to obtain a calculated value; a second registration unit performing, when the data is read from the auxiliary storage unit at the hibernation, calculation based on the data to obtain a calculated value to write it into the configuration register; and a verification unit performing verification at boot-up from the hibernation based on the value written.

Abstract: The invention provides an improved recommender system that includes a client device or service provider server, a trusted function handler module and a recommender module. The recommender system functions to protect the privacy of user rating information maintained by the node (i.e., client device/server) by having the node transform the user rating information using a specific function selected by the function handler and then provide the transformed user rating information to the recommender module. In this way, privacy of the user rating information is maintained because the original user rating information will be unknown to a recommender module.

Abstract: A phishing detecting method includes: a web-page accessing request for accessing a target web page at a target address is received; the target web page from the target address is obtained; the target web page is snapshotted to obtain a present page snapshot; the present page snapshot is compared with several pre-stored page snapshots stored in a database, wherein each of the pre-stored page snapshots corresponds to a pre-stored address; if the present page snapshot matches one of the pre-stored page snapshots, the target address is compared with the pre-stored address, corresponding pre-stored page snapshot of which matches the present page snapshot; if the target address does not match the pre-stored address, the corresponding pre-stored page snapshot of which matches the present page snapshot, it is determined that the target web page is a phishing web page.

Abstract: Techniques are provided for granting authorization to restricted content on a display device from an authorizing device. In one embodiment, the display device may operate in a display mode where only unrestricted content is accessible. To access restricted content, the display device may transmit an authorization request signal to the authorizing device. The authorizing device, having received the authorization request, prompts an authorized user to enter an authentication input, such as a password or gesture, on the authorizing device. Upon verification of the authentication input, the authorizing device is authenticated. An authorization signal is transmitted to the display device, and the display device may operate in an authorized mode, having access to otherwise restricted content or functions.

Abstract: An information processing apparatus includes: a data processing unit which performs copy processing for recording recorded data of a first medium in a second medium, wherein the data processing unit performs processing for referencing selection information received from a management server, selecting a copy unit having a data form defined as copy permitted data in the selection information from the first medium, and copying the copy unit to the second medium.

Abstract: In an embodiment, a method of secure information distribution between nodes, includes: performing a handshake process with an adjacent node to determine membership in a secure group; and distributing secure information to the adjacent node, if the adjacent node is a member of the secure group. In another embodiment, an apparatus for secure information distribution between nodes, includes: a node configured to performing a handshake process with an adjacent node to determine membership in a secure group, and distribute secure information to the adjacent node, if the adjacent node is a member of the secure group.

Abstract: A system and method for performing cryptographic functions in hardware using read-N keys comprising a cryptographic core, seed register, physically unclonable function (PUF), an error-correction core, a decryption register, and an encryption register. The PUF configured to receive a seed value as an input to generate a key as an output. The error-correction core configured to transmit the key to the cryptographic core. The encryption register and decryption register configured to receive the seed value and the output. The system, a PUF ROK, configured to generate keys that are used N times to perform cryptographic functions.

Abstract: A computer-implemented method for verifying the trustworthiness of code prior to issuing code-signing certificates may include (1) receiving a request from a software publisher to sign code, the request including a copy of the code and a digital signature that verifies the integrity of the code, (2) prior to signing the code, verifying the trustworthiness of the code based at least in part on an analysis of the copy of the code included within the request, (3) upon verifying the trustworthiness of the code, signing the code by generating a digitally signed trustworthiness certificate for the code that certifies that the code is trustworthy, and then (4) providing the trustworthiness certificate to the software publisher to enable the software publisher to attest that the code is trustworthy. Various additional methods, systems, and encoded computer-readable media are also disclosed.