Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for storing a password recovery secret on a peripheral such as a power adapter by receiving a password recovery secret at the power adapter via an interface with the computing device, and storing the password recovery secret on a memory in the power adapter. The password recovery secret can be recovered by requesting the password recovery secret from the power adapter, wherein the password recovery secret is associated with a computing device, receiving the password recovery secret from the memory of the power adapter, and recovering a password based on the password recovery secret. The power adapter can include an electrical source interface, an electronic device interface, an intermediate module to adapt electricity between the interfaces, a memory, and a memory interface through which a password recovery secret is received for storage in the memory.

Abstract: Methods and systems to detect virtualization of computer system resources, such as by malware, include methods and systems to evaluate information corresponding to a computer processor operating environment, outside of or secure from the operating environment, which may include one or more of a system management mode of operation and a management controller system. Information may include processor register values. Information may be obtained from within the operating environment, such as with a host application running within the operating environment. Information may be obtained outside of the operating environment, such as from a system state map. Information obtained from within the operating environment may be compared to corresponding information obtained outside of the operating environment. Direct memory address (DMA) translation information may be used to determine whether an operating environment is remapping DMA accesses.

Abstract: An electronic unit includes a processor (P), an input-output device (18) and a cryptographic device (14). The unit is directly connected by two-way data transmission (20) set up between the input-output device and the cryptographic device, the electronic unit being integrated in a microcircuit card.

Abstract: In a method and system for increasing security when accessing a business system, a generic hub receives a request having a first transfer protocol from a user to access an application or application data maintained in an application server. In response to the user request, the generic hub verifies the authorization of the user to access the application server. If the user is authorized, a user interface to the application is presented to the user and input data is received from the user interface. The input data is checked for validity based on application-specific metadata and type checks bound to this metadata associated with fields in the user interface, and any extraneous or non-expected data is removed from the input data. The input data and user request of a first transfer protocol are tunneled to the application using a second transfer protocol.

Abstract: The present invention relates to a recording and storage means in digital STB (Set Top Box) and PVR (Personal Video Recorder) and method thereof. The digital broadcast receiver for receiving real-time digital broadcast programs comprises: storage means for storing broadcast programs, being attachable and separable to and from a set by a user without taking the set apart; a coupling means for attachment and separation of the storage means to and from a main body of the broadcast receiver; and a connection means as a path for power supply of the storage means, and signal.

Abstract: A domain controller hierarchy includes one or more hub domain controllers in communication with one or more local domain controllers, such as local domain controllers at a branch office. The hub domain controller(s) is writable, while the local domain controller(s) is typically read-only. Non-secure and secure information is partitioned to specific local domain controllers at the one or more hub domain controllers. The non-secure and secure information is then passed from the hub domain controller only to the local domain controller associated with the given partition at the hub domain controller on request. For example, a user requests a logon at a client computer system at a local branch office, and the logon is passed from the local domain controller to the hub domain controller. If authenticated, the user logon account is passed to the local domain controller, where it can be cached to authenticate subsequent requests.

Abstract: An AV communication control circuit suitable for a radio LAN-LSI in a radio AV transmission/reception device is formed by a copyright protection processing unit configured to carry out a copyright protection processing with respect to AV data entered from an AV stream signal line, a selection unit configured to select either one of AV data entered from an AV stream signal line through the copyright protection processing unit and AV data entered from a general purpose bus, and a transmission control unit configured to carry out control for transmitting AV data selected by the selection unit to a network.

Abstract: A device for managing secure communications by examining message packets to detect and control the use of encryption keys noninvasively examines an incoming message packet according to typical cryptographic protocols and sequences. If an incoming packet exhibits the use of an encryption key, such as via IKEP, IPsec, or PPTP, the device processes the packet to attempt to find the corresponding encryption key. The device compares the key to a list of known suspect keys to determine a blocked status. If the key is not on the list, a sequence of authorization rules concerning prohibited key usage attempts to determine a result. The authorization rules examine available keying attributes from the message packet, possibly via a remote server, and compute an indication concerning key usage. If the authorization rules are still undeterministic of usage of the key, the device uses a default action.

Abstract: A method is provided for inserting signature blocks into a message being transmitted along a communication path between a first client station and a second client station. The method includes a step of receiving, at an intermediate node in the communication path, a message transmitted from the first client station destined for delivery to the second client station. The message bears a sender-identifier (e.g., email address) and a recipient-identifier (e.g., email address). The method further includes a step of selecting, based at least in part on the sender-identifier, a predefined signature block for the message. The method further includes a step of inserting the selected signature block into the message. The signature block to be inserted may be based on both the sender identifier and the recipient identifier.

Abstract: A method and system for securely logging onto a banking system authentication server so that a user credential never appears in the clear during interaction with the system in which a user's credential is DES encrypted, and the DES key is PKI encrypted with the public key of an application server by an encryption applet before being transmitted to the application server. Within the HSM of the application server, the HSM decrypts and re-encrypts the credential under a new DES key known to the authentication server, the re-encrypted credential is forwarded to the authentication server, decrypted with the new DES key known to the authentication server, and verified by the authentication server.

Abstract: A system is provided that uses cryptographic techniques to support secure messaging between senders and recipients. A sender may encrypt a message for a recipient using the recipient's public key. The sender may send the encrypted message to the message address of a given recipient. A server may be used to decrypt the encrypted message for the recipient, so that the recipient need not install a decryption engine on the recipient's equipment.

Abstract: A domain controller hierarchy includes one or more hub domain controllers in communication with one or more local domain controllers, such as local domain controllers at a branch office. The hub domain controller(s) is writable, while the local domain controller(s) is typically read-only. Non-secure and secure information is partitioned to specific local domain controllers at the one or more hub domain controllers. The non-secure and secure information is then passed from the hub domain controller only to the local domain controller associated with the given partition at the hub domain controller on request. For example, a user requests a logon at a client computer system at a local branch office, and the logon is passed from the local domain controller to the hub domain controller. If authenticated, the user logon account is passed to the local domain controller, where it can be cached to authenticate subsequent requests.

Abstract: A system, method and program product for evaluating a security risk of an application. A determination is made whether unauthorized access or loss of data maintained or accessed by the application would cause substantial damage. A determination is made whether the application is shared by different customers. A determination is made whether a vulnerability in the application can be exploited by a person or program which has not been authenticated to the application or a system in which the application runs. A numerical value or weight is assigned to each of the foregoing determinations. Each of the numerical values or weights corresponds to a significance of the determination in evaluating said security risk. The numerical values or weights are combined to evaluate the security risk. Other factors can also be considered in evaluating the security risk.

Abstract: An object of the present invention is to enable the configuration tasks needed to form a wireless LAN to be performed using a simple method while increasing security during such configuration. In a wireless network configuration system GH1 including an encryption key setting system LH1, where an access point 20 determines after the power thereto is turned ON that configuration for connection to a wireless LAN has not yet be carried out, the access point 20 activates a restricted receiving mode in which only an initial configuration packet is accepted. A terminal 50 that has sent an initial configuration packet and the access point 20 that has received such initial configuration packet while the restricted receiving mode is active each create an identical WEP key with reference to the data on a CD-ROM 51 or the data in a ROM 12, respectively, and set and register the created WEP key in itself.

Abstract: Detecting obfuscated attacks on a computer. A first program function is invoked to render static components of a web page and identify program code within the web page or associated file. In response, before executing the identified program code, a malicious-code detector is invoked to scan the identified program code for malicious code. If the malicious-code detector identifies malicious code in the identified program code, the identified program code is not executed. If no malicious code is detected, a second program function generates revised program code from execution of the identified, program code. In response, before executing the revised program code, the malicious-code detector is invoked to scan the revised program code for malicious code. If the malicious-code detector identifies malicious code in the revised program code, the revised program code is not executed.

Abstract: A method and system for securely logging onto a banking system authentication server so that a user credential never appears in the clear during interaction with the system in which during a log on process, an encryption applet and the public key of a public/private key pair of a banking application server, the private key for which is known by a hardware security module (HSM) of the banking application, are downloaded by a user's browser. The applet contains code for generating a DES key and performing DES and PKI encryption. A user's credential is DES encrypted, and the DES key is PKI encrypted with the public key of the application server by the applet before being transmitted to the application server.

Abstract: In a service providing system, a plurality of application users can work together in real time, and an application can be created which can handle a plurality of protocols. In the system where the web-AP and SIP server environments are cooperative with each other, a web-AP execution server executing a web application associated with a web context is connected to a web context manager managing a context of the HTTP protocol. A SIP-AP execution server is connected to a SIP context manager managing a context of the SIP protocol for executing a SIP application associated with a SIP context related to a web context. A handler manager passing a message between HTTP and SIP handlers is connected to the web-AP execution server. The web and SIP context managers have cooperation managers working together.

Abstract: A system and method are disclosed for user fraud protection and prevention of access to a distributed network communication system. A first set of identification data associated with a first network access are stored. A second set of identification data associated with a second network access are stored. The first and second sets of identification data comprise a first computing device identification and a second computing device identification, respectively. If one or more fraud indicators are determined in the two sets of identification data, then the first and/or second network access may be revoked. The fraud indicators may include, e.g., use of the same username with different computing device identifications, use of the same computing device identification at different geographical locations, violation of a threshold for computing device identifications, violation of a threshold for authentication failures, and violation of a threshold for rate of network propagation by a user account.

Abstract: To provide an apparatus and method for realizing an improved content preview process in a content using mechanism based on content usage-right information. A client obtains default usage-right information (Default Usage Right) when it is registered to a license server, and determines, based on the default usage-right information, whether or not the content can be played back in a content preview process without purchasing the content. The client which is permitted to preview the content is limited to a client which has been registered to the license server to obtain the default usage-right information. This prevents preview-data from being randomly distributed.

Abstract: A piracy protection system incorporates tamper detection capabilities into a protected copy of an application by disassembling a statically linked binary of the application, modifying some of the instructions in the application, and then rewriting all of the modified and unmodified instructions to a new executable file, a protected copy. The piracy protection system comprises an offline tamper detection technique in which the software itself detects the tampering and causes the program to fail, therefore protecting itself from malicious attacks. The system further comprises a dynamic software-watermarking process that incorporates code obfuscation to prevent reverse engineering.