Abstract: The invention provides a secure and efficient resource management system and a corresponding method for managing resources of a product that is put on the market by a licensor via a distribution chain. In particular, the number of keys needed for managing said resources can be reduced. At the time that the product is released to the market the exact licensing conditions of the product need not be known yet. The licensing conditions and the associated configuration of resources of the product are managed via a second key which is provided to a licensee. The licensee, however, has no knowledge of the first key and the derivation function which generates said second key based on the first key. Therefore, it is ensured that the licensee cannot claim more resources of the product than the licensor allows.

Abstract: A content management device, includes: a folder level access control information storage unit configured to store folder level access control information indicating access rights of a user to a folder where content is stored; an access control unit configured to acquire content level access control information indicating access rights of a user to content, from a predetermined content level access control unit; and a user interface configured to output display data for displaying a hierarchical structure between at least one folder and at least one content stored in the at least one folder, along with information indicating whether or not an inconsistency has occurred in access rights between the folder level access control information of the at least one folder and the content level access control information of the content stored in the at least one folder.

Abstract: A system and method for using content on multiple devices includes a head end associating a first user device and a second user device with a user account and authorizing the first user device and the second user device to receive content. The first user device forms a selection signal corresponding to a first content. The head end communicates the first content to the first user device corresponding to the selection signal. The first user device displays the first content on a first display associated therewith. The second user device receives the first content and displays the first content on a second display associated with the second user device.

Abstract: A method and system of binding content at first access is disclosed. A non-volatile storage device may provide a content access script and a content binding script in order to access protected content. An accessing application may attempt to access the protected content by executing a content access script. The accessing application must have permission to access and execute the content access script. If the accessing application cannot access or execute the content access script, the accessing application may access and execute the content binding script. The content binding script contains instructions that enable the accessing application to successfully execute the content access script. The content binding script, when executed, may disable itself from being executed again by moving critical information associated with the access to protected data. Thus, the content binding script may be executed once to enable an accessing application to successfully execute the content access script.

Abstract: System for conducting remote biometric operations that includes a biometric data reading device connected to a personal computer and configured to send said encrypted data to a remote data authentication center for establishing a secure communications channel once the user identity has been verified by means of said biometric data. This invention refers to a remote biometric operations system that can be connected to a computer to carry out electronic banking and other similar operations with a certain degree of safety.

Abstract: A cryptographic method is provided of a type with public key over a non-supersingular elliptic curve E, determined by the simplified Weirstrass equation y2=x3+a·x2+b over a finite field GF(3n), with n being an integer greater than or equal to 1. The method includes associating an element t of said finite field with a point P? of the elliptic field. The step of associating includes: obtaining a pre-determined quadratic non-residue ? on GF(3n); obtaining a pre-determined point P=(zP, yP) belonging to a conic C defined by the following equation: a·?·z2?y2+b =0; obtaining a point Q=(zQ, yQ), distinct from the point P belonging to the conic C and a straight line D defined by the following equation: y=t·z+yP?t·zP; obtaining the element ? of GF(3n) verifying the following linear equation over GF(3): ??·?=(?2·zQ)/a; and associating, with the element t of the finite field, the point P? of the elliptic curve, for which the coordinates are defined by the pair (?·zQ/?, yQ).

Abstract: Information useful for authenticating an entity is sent over a back channel during the authentication of an entity to a RESTful service. The delivery of the entity-related information is triggered by the validation of a service ticket received by the authentication component of the RESTful service.

Abstract: A requesting application transmits a session key request comprising request parameters to an application authentication system, which generates a random nonce and current timestamp, calculates a session key, and transmits the session key and session key parameters to the requesting application. The requesting application creates a pasteboard, generates a random challenge, calculates an output of a function with the random challenge as input, posts the output on the pasteboard, launches an invited application, and transmits the session key parameters and the pasteboard name to the invited application with which the user initiates an authentication session by providing credentials. The invited application requests a session key from the application authentication system, which confirms the authentication session, calculates a second session key, and transmits it to the invited application, which accesses the pasteboard, determines the random challenge, and posts the function output at an expected value.

Abstract: A device for secure access to digital media contents, the device comprising an access means for accessing digital media contents from a data source and a reader for authenticating a user, the authentication being performed by checking some authentication data. An internal communication path between the access means and the reader is not directly accessible from outside the device.

Abstract: A system includes a line-based receiver for receiving protected content from a source and a line-based transmitter for providing the protected content to a destination. The protected content is secure, such as by using a High-bandwidth Digital Content Protection (HDCP) mechanism. Between the line-based transmitter and receiver is a wireless transmitter and a wireless receiver. The wireless transmitter establishes an encrypted wireless link with the wireless receiver according to a second encryption mechanism. The wireless transmitter is further configured for receiving the protected content from the line-based receiver, encrypting the protected content according to the second encryption mechanism, and wirelessly transmitting the encrypted protected content. The wireless receiver is further configured for receiving the wirelessly transmitted protected content from the wireless transmitter and decrypting the protected content according to the second encryption mechanism.

Abstract: Identification and prevention of email spam that originates from botnets may be performed by finding similarity in their host property and behavior patterns using a set of labeled data. Clustering models of host properties pertaining to previously identified and appropriately tagged botnet hosts may be learned. Given labeled data, each botnet may be examined individually and a clustering model learned to reflect upon a set of selected host properties. Once a model has been learned for every botnet, clustering behavior may be used to look for host properties that fit into a profile. Such traffic can be either discarded or tagged for subsequent analysis and can also be used to profile botnets preventing them from launching other attacks. In addition, models of individual botnets can be further clustered to form superclusters, which can help understand botnet behavior and detect future attacks.

Abstract: A system and method for securing data and information is disclosed. Multiple cryptographic paradigms may be applied to multiple length data segments to encrypt such data to prevent unauthorized use. The system and method uses pattern keys. At least one pattern key uses a cryptographic paradigm different from the other pattern keys. Furthermore, each pattern key has a given key strength and at least one pattern keys key strength differs from the one or more other pattern keys used in the process. The pattern keys are applied to the data in accordance with a key pattern which defines the sequence that each pattern key is applied to the data. The length of each data segment may vary one from the other and such segment length is determined in accordance with the pattern key applied. In addition, the initial plaintext data may first be encrypted using a first password before the disclosed process is implemented.

Abstract: A local content server system (LCS) for creating a secure environment for digital content is disclosed, which system comprises: a communications port in communication for connecting the LCS via a network to at least one Secure Electronic Content Distributor (SECD), which SECD is capable of storing a plurality of data sets, is capable of receiving a request to transfer at least one content data set, and is capable of transmitting the at least one content data set in a secured transmission; a rewritable storage medium whereby content received from outside the LCS may be stored and retrieved; a domain processor that imposes rules and procedures for content being transferred between the LCS and devices outside the LCS; and a programmable address module which can be programmed with an identification code uniquely associated with the LCS. The LCS is provided with rules and procedures for accepting and transmitting content data.

Abstract: A method of granting a user in a first organization access to private information stored within an authorization profile of a second organization, an access agreement between the two organizations is formed. Authorization is requested for the user, the authorization profile is retrieved, and authorization to private information pertaining to abuse or neglect is granted if authorized by the access agreement. In a method of authorizing access by users to private information pertaining to abuse or neglect stored by an organization as associated with a program, three types of caseloads are defined. The first authorizes access to information of a first individual of a first program, the second authorizes access to information of a second individual of all programs, and the third authorizes access to information of all individuals of a second program.

Abstract: Disclose are system, method and computer program product for correcting antivirus records. In an example method, during analysis of a software object for malware, an antivirus application retrieves from an antivirus database an antivirus record associated with the analyzed object, which identifies the object as malicious or clean. The application also checks if there is a correction for the antivirus record in an antivirus cache and use the correction for analysis of the software object. If no correction is found in the cache, the application checks correctness of the antivirus record with an antivirus server. The antivirus server uses statistical information about software objects collected from antivirus applications deployed on different computers to validate correctness of antivirus records. If the antivirus server provides a correction for the antivirus record, the application uses the provided correction for analysis of the software object for malware.

Abstract: The remote access to backed-up user data techniques include a method, a system, and/or an apparatus. In some embodiments of these techniques, the method includes generating one or more backed-up first file segments corresponding to the user file, encrypting each of the one or more backed-up first file segments, determining mapping information and storage identifying information for each of the one or more backed-up first file segments, updating a backup status file associated with the user file with the mapping information and the storage identifying information, and transmitting the one or more backed-up first file segments to a second system for backup. This Abstract is provided for the sole purpose of complying with the Abstract requirement rules. This Abstract is submitted with the explicit understanding that it will not be used to interpret or to limit the scope or the meaning of the claims.

Abstract: According to an aspect of the present invention, there is provided a data transmitting apparatus including an authenticator generating unit and a communicating unit. The authenticator generating unit generates a first authenticator by using a first encryption key and generates a second authenticator including a first to an n-th fragment information items by using a second encryption key. The communicating unit transmits a first packet including the first authenticator and the first fragment information item to a destination device and, after the first packet is transmitted, if a response indicating successful authentication is not received from the destination device within a certain period, sequentially transmits an i-th packet (i is an integer being 2 or more and n or less) including the i-th fragment information item to the destination device.

Abstract: Some embodiments provide a verification system for automated verification of entities. The verification system automatedly verifies entities using a two part verification campaign. One part verifies that the entity is the true owner of the entity account to be verified. This verification step involves (1) the entity receiving a verification code at the entity account and returning the verification code to the verification system, (2) the entity associating an account that it has registered at a service provider to an account that the verification system has registered at the service provider, (3) both. Another part verifies the entity can respond to communications that are sent to methods of contact that have been previously verified as belonging to the entity. The verification system submits a first communication with a code using a verified method of contact. The verification system then monitors for a second communication to be returned with the code.

Abstract: In one aspect, a method of classifying a computer object as malware includes receiving at a base computer data about a computer object from each of plural remote computers on which the object or similar objects are stored. The data about the computer object received from the plural computers is compared in the base computer. The computer object is classified as malware on the basis of said comparison. In one embodiment, the data about the computer object includes one or more of: executable instructions contained within or constituted by the object; the size of the object; the name of the object; the logical storage location or path of the object on the respective remote computers; the vendor of the object; the software product and version associated with the object; and, events initiated by or involving the object when the object is created, configured or runs on the respective remote computers.

Abstract: The present invention relates to a method for the secure access of mobile terminal to the Wireless Local Area Network (WLAN) and for secure data communication via wireless link, which, combining the common key encryption technology and the symmetry encryption technology, has resolved the failure in WLAN to provide effective control on secure MT access, and overcome the limitation on the confidentiality of the data communication via wireless link. When MT logs on AP, both parts must perform the certificate authentication through AS. Only the MT holding the legitimate certificate can access to AP holing the legitimate certificate; MT and AP perform the negotiation of common key for conversation, complete the dynamic revision of the secret key in each authentication, each secret key and in the process of conversation to achieve confidential data communication.