Abstract: A system and method remotely enrolls, authenticates and provides unified authentication services in an ASP setting to a user to access requested information via a communication medium. A filter is coupled to client side components via the communication medium and a user management component coupled to the client side components via the communication medium. The user management component allows end-users to register their credentials only once. In addition, the user management component allows end-users to define the level of protection of access to their web application accounts. This includes accounts that have been configured specifically for use with the present invention and particular user credentials and accounts that have been subsequently set up but configured to use the same user credentials. The present invention can then reuse those credentials to authenticate the user to one or more potentially unrelated web applications.

Abstract: Storage associated with a virtual machine or other type of device may be migrated between locations (e.g., physical devices, network locations, etc.). To maintain the security of the storage, a system may manage the encryption of the storage area such that a storage area is encrypted with a first encryption key that may be maintained through the migration. A header of the storage area, on the other hand, may be encrypted using a second encryption key and the first encryption key may be stored therein. Upon transfer, the header may be re-encrypted to affect the transfer of security.

Abstract: A wireless communication system includes a pager or similar device that communicates to a home terminal. The home terminal confirms the identity of the pager and attaches a certificate to the message for ongoing transmission. Where the recipient is also a pager, an associated home terminal verifies the transmission and forwards it in a trusted manner without the certificate to the recipient.

Abstract: Approaches for limiting exploitable or potentially exploitable sub-components in software components are disclosed. In certain implementations, a first software component in the component creation environment may be identified. The first software component may include a first sub-component that provides a function that is exploitable or potentially exploitable to compromise the first software component. The first sub-component may be disabled such that the function provided by the first sub-component is not available via the first software component when the first software component is executed. The first software component may be placed in the component repository after the first sub-component is disabled such that the first software component is placed in the component repository without availability of the function provided by the first sub-component. In some implementations, disabling the first sub-component may comprise removing the first sub-component from the first software component.

Abstract: A system and method for generating user authentication challenges based at least in part on an account owner's social network activity information. A login request including an account owner's correct username and password as well as additional login information is received from a user. The login attempt is detected as a potentially fraudulent based on the additional login information from the user. The account owner's social network activity information is analyzed. An authentication challenge based at least in part on the account owner's social network activity information is generated and sent for display. The login request is allowed or denied based on the completion on the authentication challenge.

Abstract: A home subscriber server (400) receives a request for authentication information from an authentication server (300) and transforms cryptographic keys for a user equipment (100) into access specific cryptographic keys based on an identity of an authenticator (200) controlling access from the user equipment (100) to an EPS network, and generates the authentication information including the access specific cryptographic keys and a separation indicator which is set. The user equipment (100) checks whether the separation indicator included in the authentication information is set, and if the separation indicator is set, transforms cryptographic keys into access specific cryptographic keys based on the identity of the authenticator (200), and computes a key specific to an authentication method from the access specific cryptographic keys.

Abstract: Techniques for memory compartmentalization for trusted execution of a virtual machine (VM) on a multi-core processing architecture are described. Memory compartmentalization may be achieved by encrypting layer 3 (L3) cache lines using a key under the control of a given VM within the trust boundaries of the processing core on which that VMs is executed. Further, embodiments described herein provide an efficient method for storing and processing encryption related metadata associated with each encrypt/decrypt operation performed for the L3 cache lines.

Abstract: According to an embodiment, a programmable logic device includes a plurality of logic blocks, memory, a plurality of connection control elements and a logic unit. The logic blocks are grouped into one or more programmed partitions. The memory stores authentication information and partition information. The connection control elements controllably interconnect different ones of the logic blocks. The logic unit controls external access to the one or more partitions based on the authentication information, controls reprogramming of the one or more partitions based on at least some of the partition information and configures the connection control elements based on at least some of the partition information.

Abstract: A content reception equipment for accessing an in-home content transmission equipment from a remote place executes a first authentication process with the content transmission equipment in advance, executes the remote access information sharing process required for access from a remote place, and causes the information on the content reception equipment and the remote access information to be registered in an equipment information table of the content transmission equipment.

Abstract: Methods and systems are disclosed for providing indirect and temporary access to a company's IT infrastructure and business applications. The methods/systems involve establishing an access control center (ACC) to control the access that technical support personnel may have to the company's IT infrastructure and business applications. Thin client terminals with limited functionality may then be set up in the ACC for use by the technical support personnel. The thin client terminals connect the technical support personnel to workstations outside the ACC that operate as virtual desktops. The virtual desktops in turn connect the technical support personnel to the IT infrastructure and business applications. An ACC application may be used to control the connection between the thin client terminals and the virtual desktops and the virtual desktops and the IT infrastructure and business applications.

Abstract: The systems and methods described herein relate to secure extranets which utilize certificate authentication to mediate access, transactions, and user tracking. Such extranets may be employed to provide an interface accessible over a network, such as the Internet, capable of authenticating and recording transactions for business, medical, or other purposes.

Abstract: Systems and methods for content-protecting video codecs are described. At least one embodiment of the invention comprises a system for protecting video content comprising computer memory comprising a stored set of instructions for processing video data; and at least one microprocessor configured to process the video data according to the stored set of instructions, the stored set of instructions requiring identification of data to be removed, at least a portion of which is essential to obtaining a visually acceptable reproduction of video, the stored set of instructions being further configured to replace removed data with data-hiding values, wherein the visually acceptable reproduction of video cannot be generated without a key that enables recovery of enough of the removed data from the data-hiding values that replaced the removed data.

Abstract: A memory system comprises an encryption engine implemented in the hardware of a controller. In starting up the memory system, a boot strapping mechanism is implemented wherein a first portion of firmware when executed pulls in another portion of firmware to be executed. The hardware of the encryption engine is used to verify the integrity of at least the first portion of the firmware. Therefore, only the firmware that is intended to run the system will be executed.

Abstract: Techniques for managing power consumption and computational load on a processor during video processing and decoding are provided. One representative embodiment discloses a method of processing a data stream that includes video data. According to the method, one or more protocols used to create the data stream are identified. The various parsing and decoding operations required by the protocol are then identified and managed based on the available electrical power or available processing power. Another representative embodiment discloses a method of processing a data stream that includes video data. According to the method, one or more protocols used to create the data stream are identified. The various parsing and decoding operations required by the protocol are then identified and managed based on a visual quality of the video or a quality of experience.

Abstract: A method for handling digital certificate status requests between a client system and a proxy system is provided. The method includes the steps of receiving at the proxy system digital certificate status request data transmitted from the client system and generating query data for the digital certificate status in response to receiving the digital certificate status request data. The query data is transmitted to a status provider system, and status data from the status provider system in response to the query data is received at the proxy system. Digital certificate status data based on the status data received is generated and transmitting to the client system.

Abstract: Techniques for credentials management in large scale virtual private network (VPN) deployment are disclosed. In some embodiments, credentials management in large scale VPN deployment includes generating a public/private key pair and a certificate signing request at a satellite device; automatically communicating the certificate signing request to a portal over a public, untrusted network to authenticate the satellite device using a serial number associated with the satellite device, in which the certificate signing request and the serial number are verified by the portal; and receiving a certificate from the portal for using to establish VPN connections and configuration information for the satellite device, in which the certificate includes a credential signed by a trusted certificate authority, and the configuration information includes gateway configuration information identifying a plurality of gateways to which the satellite device is configured to connect using VPN connections.

Abstract: A coding technique is disclosed in which frames of a video sequence are assigned to one of a plurality of sub-channels to be transmitted to a decoder. The frames are coded according to predictive coding techniques such that ordinarily prediction references of the frames in each sub-channel only reach the reference frames that occur within the same sub-channel. Thus, if transmission errors arise with respect to one sub-channel, decoding may occur for another sub-channel until the transmission error is detected and corrected.

Abstract: There is provided a system and method for audio challenges for providing human response verification. There is provided a method comprising receiving a request to verify whether a client is human controlled, generating, using a database, a challenge question and a corresponding answer set, selecting a plurality of images and an audio instruction corresponding to the challenge question, presenting the plurality of images and the audio instruction to the client, receiving a submission to the challenge question from the client, and responding to the request by verifying whether the submission is contained in the answer set to determine whether the client is human controlled. By utilizing easily understood elements such as common shapes and objects, familiar characters, colors, sizes, orientations, and sounds, even young children can solve the challenge question, whereas automated systems are deterred by the complex audio and image analysis required.

Abstract: Techniques for configuring network security include obtaining non-packet flow information, evaluating a policy rule based on the obtained information, and proposing a security arrangement based on the evaluation. The non-packet flow information can include, for example, authentication information obtained during an Internet Key Exchange protocol session or information obtained from a layered service provider. Therefore, policies such as Internet Protocol security (IPsec) policies can be defined and implemented so that they more accurately reflect the network's security requirements.

Abstract: Methods, systems, and computer-readable media are disclosed for packet sanitization. A particular method intercepts a packet of a packet stream, where the packet stream is transmitted in accordance with a particular protocol. The packet is analyzed based on a specification associated with the particular protocol. Based on the analysis, a data value of a field of the packet is replaced with a sanitized data value to create a sanitized packet. The sanitized packet may be injected into the packet stream or may optionally be forwarded to a signature module that checks the sanitized packet for malicious content. When malicious content is found, the sanitized packet may be dropped, the sanitized packet may be logged, the sanitized packet may be redirected, or a notification regarding the sanitized packet may be sent to an administrator.