Abstract: User interface generation in view of constraints of a certificate profile is described.

Abstract: A system and method whereby the identity of a person, entity, device or the like attempting to gain access to a secured resource may be securely authenticated includes a means for receiving from a service client a request for access to a secured resource; means for generating and communicating to the purported authorized user a challenge string adapted to provide a basis for authenticating the identity of the requester; a means for receiving from the service client a response string corresponding to the challenge string; and a means for evaluating the response string to authenticate the identity of the requester. The secured resource has a common identifier by which it may be generally identified outside of the authentication system, but the request for access lacks sufficient information content for the service client to be able to determine the common identifier.

Abstract: An information processing apparatus which presents a viewing schedule of a video content to a user is disclosed. The apparatus includes: a first acquiring means for acquiring a broadcast schedule of a broadcast content to be broadcast; a second acquiring means for acquiring information about a recorded content that has been recorded and an on-demand content that has been downloaded; a generating means for arranging the broadcast content, the recorded content, and the on-demand content on a same time axis as these contents are mixed, and generating the viewing schedule; and a display control means for displaying the generated viewing schedule.

Abstract: A display apparatus receives video data and plays back the received video data in real time. The display apparatus records history information indicating user operations performed in relation to video display when the video data is being played back and the operation time. Subsequently, to redisplay the video data, the display apparatus acquires appropriate video data from an external apparatus and plays back the video data in real time while reproducing the user operations indicated by history information, according to operation times.

Abstract: Techniques for non-unique identity establishment are presented. A plurality of biometric data associated with a user is acquired from a plurality of biometric devices. The intersection of the biometric data is registered or a vector for the biometric data is registered. This information is also registered along with answers to questions provided by the user. When a user attempts to subsequently access a secure resource of a network, the retained information is compared against user-supplied biometric data and in some cases where appropriate user-supplied answers to establish an identity of the user and to authenticate the user for access to the secure resource.

Abstract: A method is provided for protecting a computer system, comprising creating an isolated process, then assigning a first process group to the process; creating an additional group process within the first process group; performing a first determination by an application programming interface (API) that the additional group process is within the first process group, and as a result of the first determination, causing the additional group process to inherit and duplicate a handle of the process. Process communications and control within isolated groups is permitted freely, whereas process control by an isolated process for non-isolated processes or isolated processes in different groups is constrained or prohibited.

Abstract: A method is provided for viewing a bookmarked video clip. The method includes establishing communication over a broadband network with a first network element on which at least one bookmark resides. The bookmark includes metadata identifying a bookmarked video clip of a video program and specifies a network address at which the bookmarked video clip is located. Upon user request, metadata associated with a specified bookmark is received. Communication is established with a second network element on which the specified bookmarked video clip is located using the network address of the specified bookmarked video clip provided in the metadata. The bookmarked video clip is received from the second network element. The bookmarked video clip is encrypted in accordance with a digital rights management scheme. The bookmarked video clip is decrypted and rendered.

Abstract: A mobile terminal device includes a recording setting unit configured to set a programmed recording based on an input of programmed-recording information that is used for performing programmed recording of a broadcast program, a reception-state checking unit configured to start a tuner at a predetermined time before a recording start time set by the recording setting unit and continuously checking a reception state of broadcast radio waves until the recording start time, a notifying unit configured to notify, if the reception-state checking unit determines that the reception state of the broadcast radio waves is not a desired reception state, a notification indicating so, and a recording starting unit configured to start recording processing of the broadcast program if the reception-state checking unit determines that the reception state of the broadcast radio waves is the desired reception state.

Abstract: A system apparatus and method for protecting information on a storage device. Embodiments of the invention may create a virtual volume on a storage device. Embodiments of the invention may further transfer information to the virtual volume, remove information stored outside the virtual volume and extend the size of the virtual volume. Other embodiments are described and claimed.

Abstract: In a domain comprising a plurality of devices, the devices in the domain sharing a common domain key, a method of enabling a entity that is not a member of the domain to create an object that can be authenticated and/or decrypted using the common domain key, the method comprising providing to the entity that is not a member of the domain a diversified key that is derived using a one-way function from at least the common domain key for creating authentication data related to said object and/or for encrypting said object, the devices in the domain being configured to authenticate and/or decrypt said object using the diversified key.

Abstract: Disclosed is a computer program that provides a secure workflow environment through a cloud computing facility, wherein the secure workflow environment may be adapted to (1) provide a plurality of users with a workspace adaptable to provide secure document management and secure communications management, wherein the users comprise at least two classes of user, including a participant and a subscriber, the subscriber having control authority within the workspace that exceeds that of the participant and the participant having control over at least some of the participants own interactions with the workspace, (2) maintain a secure instance of each communication provided by each of the users such that each communication can be managed, (3) maintain a secure instance of each document interaction provided by each user such that each interaction can be managed; and extending the secure workflow environment to the users through a secure network connection.

Abstract: A method and apparatus to simultaneously play back first media data and second media data according to a selected method while the first media data is being played back in a trick play mode, wherein the second media data is independent from the first media data.

Abstract: Provided are an apparatus and method for managing digital rights. An agent unit manages application programs to which DRM is to be applied and rights to contents processed by the application programs to which DRM is to be applied, and encrypt and decrypt the contents processed by the application programs. A rights management unit authenticates a user and manages a user right to the contents processed by the application programs. A kernel API hooking unit monitors input/output of a file through hooking kernel native APIs, requests the rights management unit to verify the user right to the contents to be processed, and requests the agent unit to encrypt or decrypt the contents when the user right to the contents to be processed is verified.

Abstract: A method implemented by a network element to track IPv6 addresses of devices in a home network, wherein the network element provides DHCPv6 service to the home network and a home network router on the home network assigns IPv6 address to the devices using a prefix provided by the DHCPv6 service, the method including receiving a DHCPv6 request for a prefix delegation from a home network router, sending a DHCPv6 message including an assigned prefix to the home network router, the DHCPv6 message including a request for notification of configured IPv6 addresses, receiving a first ICMP message from the home network router, including a MAC address and corresponding IPv6 address for a configured device, and sending the home network router a second ICMP message to acknowledge recording the IPv6 address for the configured device, enabling the network element to provide services and forward traffic directly to the configured device.

Abstract: The system and method described herein may include a configuration management database containing various configuration items describing every known resource in a datacenter. Upon receiving a request proposing changes to the datacenter, the proposed changes may be approved for automated execution (i.e., without human intervention) in response to analyzing relationships modeled in the configuration management database and determining that the proposed changes have no potential impacts on essential or critical resources. Otherwise, an impact workflow may be created to coordinate interaction between various human participants to resolve the potential impacts. Further, in contexts where multiple proposed changes have been approved, the multiple proposed changes may be analyzed to detect any potential conflicts.

Abstract: A method of using a mini filter driver to secure access to encrypted information stored on a removable storage device. The method comprises receiving a request to read information from the removable storage device. The mini filter driver ascertains if the request originated from an authorized client. The mini filter driver receives encrypted information read from the removable storage device, and decrypts the encrypted information in the event that the request originated from an authorized client. The decrypted information can then be conveyed to the authorized client. If the client is not authorized, then the mini filter driver does not decrypt the information.

Abstract: A system and method for processor-based security is provided, for on-chip security and trusted computing services for software applications. A processor is provided having a processor core, a cache memory, a plurality of registers for storing at least one hash value and at least one encryption key, a memory interface, and at least one on-chip instruction for creating a secure memory area in a memory external to the processor, and a hypervisor program executed by the processor. The hypervisor program instructs the processor to execute the at least one on-chip instruction to create a secure memory area for a software area for a software module, and the processor encrypts data written to, and decrypts data read from, the external memory using the at least one encryption key and the verifying data read from the external memory using the at least one hash value. Secure module interactions are provided, as well as the generation of a power-on key which can be used to protect memory in the event of a re-boot event.

Abstract: A receiving apparatus according to the present invention is able to normally decode reception data even when a part of an initialization symbol during training is corrupted. The receiving apparatus includes an initialization signal generation unit that generates an initialization signal, and a descrambling circuit that descrambles reception data by a descrambler initialized by the initialization signal. The reception data includes a training data set for establishing connection of high-speed serial communication, the training data set including one or more TSn ordered sets. The TSn ordered set includes one or more COM symbols and one or more pieces of data other than COM symbols. The initialization signal generation unit generates the initialization signal at an initialization last timing at which at least the last COM symbol among the COM symbols forming the last TSn ordered set included in the training data set is input to the descrambling circuit.

Abstract: A system and a method are provided for activating one or more security functions of a mobile electronic device. The system and method provide for the activation of one or more security functions when the mobile electronic device is stored in a mobile electronic device holder. Security functions include, for example, closing a data item currently being displayed on the mobile electronic device, erasing decrypted information stored on the mobile electronic device, locking the mobile electronic device, and performing a secure garbage collection operation.

Abstract: A management device detects whether any normal monitoring module that has not been tampered with exists by referring to monitoring results received from an information security device and selects, when existence is detected, one of the monitoring modules and assumes that the selected monitoring module has been tampered with. The monitoring device then successively applies a procedure to monitoring modules other than the selected monitoring module by referring to the monitoring results, starting from the selected monitoring module, the procedure being to assume that any monitoring module determining that a monitoring module assumed to have been tampered with is normal has also been tampered with. As a result of the procedure, when all of the monitoring modules are assumed to have been tampered with the management device determines the selected monitoring module to be a normal monitoring module that has not been tampered with.