Abstract: A method for managing authentication of user interface elements in a user interface can be provided. The method can include displaying a plurality of widgets in the web browser and sending an HTTP request for data to a web site, wherein the HTTP request is sent via an XMLHttpRequest API. The method can further include receiving from the web site a 401 HTTP status code associated with a custom “WWW-Authenticate” header value indicating that the HTTP request is unauthorized for communication with the web site and detecting the custom “WWW-Authenticate” header value. The method can further include displaying in a first widget of the plurality of widgets a text field for entering user credentials. The method can further include sending to the web site an HTTP request including the user credentials entered by a user, wherein the HTTP request is sent via the XMLHttpRequest API.

Abstract: A system and method for analog encryption and decryption, in which the encryption and encoding processes are interrelated, such that by failing to decrypt the retrieved data, decryption fails.

Abstract: Disclosed is a method for visual verification a Captcha's source. In the method, a Captcha is served to a user. The Captcha includes visual information related to a characteristic of a source of the Captcha and related to a puzzle question of the Captcha. The visual information is for visual verification by the user of the Captcha's source. A response is received from the user based on the served Captcha. A determination is made as to whether the received response is a solution of the puzzle question of the served Captcha.

Abstract: An information storage apparatus includes a storage unit configured to store an encrypted content and an encryption key to be applied to decryption of the encrypted content, the storage unit including a protected area in which a converted encryption key is stored and to which access restrictions are set, the converted encryption key being a data item acquired through conversion of the encryption key, and a general purpose area storing the encrypted content and an encrypted content signature file set correspondingly to the encrypted content, the encrypted content signature file containing, as a recorded data item, a block identifier indicating in which of areas in the protected area storage of the converted encryption key is permitted, to permit a reproducing apparatus to execute content reproduction possibility judgment applying the block identifier, the reproducing apparatus being configured to read the encrypted content from the storage unit and execute a reproducing process.

Abstract: Methods and apparatus for a system to maintain confidentiality of data in a database management system by selecting encryption schemes for data items, storing encrypted data in databases, transforming SQL queries to run over encrypted data, and executing queries over encrypted data on the database server.

Abstract: A two-party approximation protocol is transformed into a private approximation protocol. A first input x?{0, 1, . . . , M}n and a second input y?{0, 1, . . . , M}n of a two party approximation protocol approximating a function of a form ƒ(x, y)=?j=1ng (xj, yj) is received. Variable B is set as a public upper bound on ƒ(x, y). Variable l is set l=O*(1). The following is performed until ? j = 1 l ? z j ? l t or B<1, where t is an arbitrary number: (1) a private importance sampling protocol with the first input x, the second input y, and a third input 1k, is executed independently for j?[l], where k is a security parameter, an output of the private importance sampling protocol is shares of Ij?[n]?{?}; (2) l coin tosses z1, . . . , zl are independently generated where zj=1 iff Ij??; and (3) B is divided by 2 if ? j = 1 l ? z j ? l t or B<1 is not satisfied.

Abstract: A communication terminal generates a temporary network key based on a managed master network key and on key identification used for security processing on a communication frame. The security processing is performed on the communication frame using the temporary network key. A secure communication frame is produced in which the identification of the key is indicated.

Abstract: Technology is provided for transferring a right to a digital content item based on one or more physical actions detected in data captured by a see-through, augmented reality display device system. A digital content item may be represented by a three-dimensional (3D) virtual object displayed by the device system. A user can hold the virtual object in some examples, and transfer a right to the content item the object represents by handing the object to another user within a defined distance, who indicates acceptance of the right based upon one or more physical actions including taking hold of the transferred object. Other examples of physical actions performed by a body part of a user may also indicate offer and acceptance in the right transfer. Content may be transferred from display device to display device while rights data is communicated via a network with a service application executing remotely.

Abstract: The present description refers to a computer implemented method, computer program product, and computer system for receiving a resource request at a representational state transfer (REST) client from a user, the resource request including a user ID, determining, by the REST client, a key pair including a public key and a corresponding private key that are associated with the user ID, obtaining, by the REST client, a certificate associated with the user ID that is signed by a certificate authority and based on at least the user ID and the public key associated with the user ID, impersonating, by the REST client, the user to a REST server using the certificate and the private key associated with the user ID, and accessing, by the REST client on behalf of the user, using a stateless protocol with the REST server, the requested resource.

Abstract: In accordance with various embodiments, systems and methods which allow mapping and protecting communication services and granular access to subscriber information. Such a system can include a plurality of applications, executing on one or more application servers. The system can also include a services gatekeeper which is operable to intercept requests for access to communication services, obtain scoped authorization from a subscriber for access to specified communication services, and enable access to the specified communication services in accordance with the scope authorized by the subscriber.

Abstract: Systems and techniques for authenticating joint friends of users of wireless devices. An authenticating authority delivers a token to a wireless device for each party identified as a friend of a user of the wireless device, such as through relationships in an online social network. Two wireless devices can use information relating to the tokens to determine information relating to joint friends of the users of the devices, such as the identities of joint friends or simply the numbers of joint friends. Tokens can be further refined to allow for analysis that provides information relating to the degree of intimacy of the relationship between a user and a party identified as a friend.

Abstract: A method and apparatus for detecting a Return-Oriented Programming exploitation. At a computer device, a mechanism to detect a control transfer of a code location in a memory is established. This may be, for example, hooking the control transfer. The code location relates to an electronic file. In the event that a control transfer of the code location is detected, a comparison is made between a destination code location address with values in the freed stack. If the code location address matches any of the values in the freed stack, then it is determined that the control transfer of the code location relates to a Return-Oriented Programming exploitation.

Abstract: Authenticating a user to access a virtual machine (VM) stored on a client computing device includes receiving user authentication credentials associated with a certificate, such as a PIN associated with a certificate housed on a smart card. The certificate is associated with a public key and a private key. The technique includes encrypting the VM to be decrypted with an unlock code, and generating a challenge string by encrypting the unlock code using the public key associated with the certificate. The challenge string is a result of encrypting of the unlock code, and the unlock code can be obtained by decrypting the challenge string using the private key. The technique further includes decrypting the challenge string using the private key to retrieve an unlock code associated with the VM, decrypting the VM with the unlock code, and causing the decrypted VM to be executed on the client computing device.

Abstract: A system for securing an electronic device may include a memory, a processor, one or more operating systems residing in the memory for execution by the processor, an input-output (I/O) device of the electronic device coupled to the operating system; and a security agent configured to execute on the electronic device at a level below all of the operating systems of the electronic device accessing the I/O device. The security agent may be further configured to: (i) trap, at a level below all of the operating systems of the electronic device accessing an input/output (I/O) device, an attempted access of a facility for I/O operation with the I/O device; and (ii) using one or more security rules, analyze the attempted access to determine whether the attempted access is indicative of malware.

Abstract: Scanning for computer viruses or E-mail and data content filtering is performed using a distributed programming approach. A master computer 4 serves to divide the scanning operation into a plurality of tasks that are allocated to further computers 8, 10, 12, 14, 20. These further computers then separately perform the tasks and return the results to the master computer 4. The master computer 4 can check the update status of the further computers prior to them starting operation in order to check that they have the latest data defining the scanning to be performed.

Abstract: Embodiments of the invention provide techniques for controlling access to digital images based physical and temporal proximity to the image capture event. In one embodiment, an imaging device capturing a digital image broadcasts an invitation to wireless devices in the surrounding area. The wireless devices respond with an acceptance, including the email address (or some other network address) of the device owner. The digital image is made available at a network location with restricted access. Access to the image is controlled with an access list based on the acceptances received by the imaging device.

Abstract: The subject matter of this specification can be embodied in, among other things, a method that includes specifying, with uniform resource identifiers (URIs), substantially all data accessible by applications on a device. The method also includes receiving at a universal interface a request from an application on the device for data that is specified by a URI associated with the request. Substantially all requests for data from applications on the device are received at the universal interface. The method also includes determining, based on the URI associated with the request, a content provider responsible for managing the requested data, and outputting the requested data to the application using the determined content provider to obtain the requested data based on the URI associated with the request.

Abstract: A method and apparatus for providing conditional access to media programs is described. An exemplary method comprising the steps of transmitting media information encrypted according to a control word (CW) to a receiver station, transmitting entitlement management information (EMI) to the receiver station, the EMI comprising a service bitmap, and transmitting entitlement control information (ECI) to the receiver station, the entitlement control information including the control word (CW) encrypted according to a key (K) and an index to an element of the service bitmap, wherein the control word (CW) is decrypted by the receiver stations according to a value of the indexed element of the service bitmap.

Abstract: A shortcut management device capable of improving user-friendliness of a portal application. The shortcut management device is capable of executing shortcuts which use functions of an electronic apparatus, and manages at least part of the functions used by the shortcuts. A storage unit registers shortcuts. An invalidation detecting unit detects that the license is invalidated. A retrieval unit retrieves a shortcut made inexecutable in association with the license of which the invalidation is detected. An invalidation unit invalidates the retrieved shortcut.

Abstract: In general, according to one embodiment, a storage device includes a data storage, a key storage, a receiver, an acquisition unit, a first computing unit, and a second computing unit. The data storage stores therein data. The key storage stores therein a plurality of device keys. The receiver receives identification information on an access device that accesses the data. The acquisition unit acquires an index specifying one of the device keys stored in the key storage. The first computing unit computes a second key based on the device key specified by the index and the identification information, the second key being used to perform an operation on key information acquired by performing an operation on a first key shared with the access device. The second computing unit computes the first key by performing an operation on the key information using the second key.