Abstract: A computer security system comprises a secure platform adapted to receive sensitive data from an agent. The secure platform is also adapted to cooperate with a trusted platform module (TPM) to encrypt the sensitive data via a TPM storage key associated with the agent.

Abstract: A vehicle black box technique guarantees the integrity of vehicle data stored in a black box in real time by forming input data streams as block data and performing a signature using a signing key and nested hashing. Each vehicle black box includes a reliable unique signing key supporting a non-repudiation function. An error correction function is provided by a unique algorithm for generating integrity verification data even when an error occurs from the vehicle data.

Abstract: A method for transforming an image expressed in terms of a first image encoding to a second image encoding, includes converting a set of original scene exposure-factor values into corresponding first and second image encoding values. A transform is then derived between the first image encoding values and the second image encoding values. The transform is then applied to an image encoded in said first image encoding. Examples of different encoding that can be transformed include Rec. 709, sRGB and other known image encoding standards. A system for performing such transformations as well as an electronic device that is capable of performing such transformations are also disclosed.

Abstract: A method, comprising: storing, at a server device, an electronic resource; receiving, at the server device and from a client device associated with a first user, a request on behalf of the first user to access the electronic resource; responsive to receiving the request on behalf of the first user to access the electronic resource, enabling the client device associated with the first user to access the electronic resource; while the client device associated with the first user is accessing the electronic resource, receiving, at the server device and from the client device associated with the first user, a request to validate a representation of a credential purported to represent another user received by the client device; validating the received representation of the credential as representing a second user; and responsive to validating the received representation of the credential, enabling the first user to electronically sign the electronic resource.

Abstract: A method for improving the security of secret authentication data during authentication transactions is provided that includes converting the secret authentication data of a user into scrambled secret authentication data by associating a different text-string with each item of information included in the secret authentication data. The method also includes capturing the scrambled secret authentication data with a communications device, and conducting an authentication transaction with the captured authentication data.

Abstract: Various aspects of the disclosure relate to providing secure containers or data vaults for data of one or more managed applications. In some embodiments, each managed application may be assigned its own private data vault and/or may be assigned a shared data vault that is accessible to at least one other managed application. As the managed application executes, calls for access to the data may be intercepted and redirected to the secure containers. Data stored in a secure container may be encrypted according to a policy. Other aspects relate to deleting data from a secure container, such as via a selective wipe of data associated with a managed application. Further aspects relate to configuring and creating the secure containers, retrieving key information required to encrypt/decrypt the data stored in the secure containers, and publishing the managed applications, policy information and key information for download to a mobile device.

Abstract: Systems, methods, and apparatus are provided for generating verification data that may be used for validation of a wireless transmit-receive unit (WTRU). The verification data may be generated using a tree structure having protected registers, represented as root nodes, and component measurements, represented as leaf nodes. The verification data may be used to validate the WTRU. The validation may be performed using split-validation, which is a form of validation described that distributes validation tasks between two or more network entities. Subtree certification is also described, wherein a subtree of the tree structure may be certified by a third party.

Abstract: The present invention relates to an image encrypting/decrypting system and method devised in such a way that: a transmitter and a receiver for transmitting and receiving moving images share a seed for encrypting and decrypting the moving images; the transmitter transmits moving images after encrypting the moving images by dividing them into segment units and mixing the time sequencing of the images in each of the segments in accordance with a random number generated by means of the seed; and the receiver decrypts the moving images which it receives, by sorting them in segment units and then restoring the time sequencing of the images in each of the segments in accordance with the random number generated by means of the seed.

Abstract: The present invention discloses a method for accessing a storage server of an IM service system and an IM service system. The method comprises: IM client sending registration request message to IM service system using first user identifier; after receiving registration request message, IM service system obtaining other user identifiers associated with the first user identifier, sending registration success response message comprising other user identifiers associated with the first user identifier to IM client; IM storage client sending login request comprising any one of multiple user identifiers to storage server; storage server receiving login request and obtaining other user identifiers associated with the user identifier in login request; the storage server passing identity verification of multiple user identifiers.

Abstract: The invention provides a method and system for securing information for a virtual world environment. The method includes creating information for a virtual world environment, transmitting the information to the virtual world environment from the memory, selectively removing the information from the virtual world environment, and selectively storing the information on a memory external to the server to prevent access from the server.

Abstract: Methods and apparatus are provided for sequential authentication of a user that employ one or more error rates characterizing each security challenge. According to one aspect of the invention, a user is challenged with at least one knowledge challenge to obtain an intermediate authentication result; and the user challenges continue until a cumulative authentication result satisfies one or more criteria. The intermediate authentication result is based, for example, on one or more of false accept and false reject error probabilities for each knowledge challenge. A false accept error probability describes a probability of a different user answering the knowledge challenge correctly. A false reject error probability describes a probability of a genuine user not answering the knowledge challenge correctly. The false accept and false reject error probabilities can be adapted based on field data or known information about a given challenge.

Abstract: A method for controlling access to a visual medium in a social network comprising user units connected to a social network site server associated to a database and a to a distorted visual medium server storing visual media posted by users of the social network. A visual medium is selected by a posting user on a user unit and made available to at least one entitled user of said social network. The posting user defines a list of entitled users to be entitled to access the visual medium, said list of entitled users comprising at least one identifier identifying at least one entitled user, said identifier being associated to a parameter defining an access level to the selected visual medium. The selected visual medium is uploaded to the distorted visual medium server in association with the list of entitled users.

Abstract: A lock and modular system for securing an electronic device. The system includes a device security module that couples to an electronic device and secures the electronic device to its location. A monitor module ensures that the device security module is coupled to the electronic device before a data security module allows the electronic device to operate. The monitor module may also require that the device security module be recognized before the electronic device will operate. If the device security module is coupled and recognized, the user is prompted to provide an encryption key. If the key is correct, the electronic device will operate. The user may have a limited number of attempts to provide the encryption key. If the user makes too many attempts, the electronic device is disabled and the data thereon destroyed. If the device security module is uncoupled during operation, the electronic device is shut down.

Abstract: An improved technique involves searching for emails having a particular template generated by a phishing kit. Such a template typically includes field names corresponding to credentials that a customer inputs into a spoofed web site as part of a phishing attack. The phishing kit used in a phishing attack is typically configured to construct an email so that it arranges the credentials in a regular, tabular fashion. Accordingly, an administrator configures a receiver to search an email server for emails having a sequence of keywords in a format that matches the particular template.

Abstract: The claims based identity model provides a model which associates security identities with claims. The model represents information contained in the claims, as well as, captures relationships between the security identities described in the claims. Finally, the data model can be easily translated to the existing .NET environment without breaking the backward compatibility for existing .NET applications.

Abstract: A computer program product having a computer readable medium tangibly recording computer program logic for use in a secure computer system with a first human user and a second human user being authorized users of the secure computer system, the computer program product including code to receive input from the first human user to select the second human user for authentication, code to electronically generate a secure code in response to the input from the first human user, code to display the secure code to the first human user, code to allow the second human user access to the secure computer system after the second human user has been verified by the secure computer system, and code to display the secure code to the second human user as the second human user accesses the secure computer system.

Abstract: Various aspects of the disclosure relate to configuring and providing policies that manage execution of mobile applications. In some embodiments, a user interface may be generated that allows an IT administrator or other operator to set, change and/or add to policy settings. The policy settings can be formatted into a policy file and be made available for download to a mobile device, such as via an application store or to be pushed to the mobile device as part of a data push service. The mobile device, based on the various settings included in the policy file, may perform various actions to enforce the security constraints that are represented by the policy. The various settings that can be included in a policy are numerous and some examples and variations thereof are described in connection with the example embodiments discussed herein.

Abstract: A security system, method, and computer program product are provided. In use, code is stored in a protected area of memory. In addition, the stored code is utilized for securing a system associated with the protected area of memory.

Abstract: Improved techniques for managing enterprise applications on mobile devices are described herein. Each enterprise mobile application running on the mobile device has an associated policy through which it interacts with its environment. The policy selectively blocks or allows activities involving the enterprise application in accordance with rules established by the enterprise. Together, the enterprise applications running on the mobile device form a set of managed applications. Managed applications are typically allowed to exchange data with other managed applications, but are blocked from exchanging data with other applications, such as the user's own personal applications. Policies may be defined to manage data sharing, mobile resource management, application specific information, networking and data access solutions, device cloud and transfer, dual mode application software, enterprise app store access, and virtualized application and resources, among other things.

Abstract: Implementing security access includes receiving a request to perform an activity over a network and administering a cognitive test responsive to the request. The administering includes randomly selecting a set of related images from a database of images, randomly selecting one image that is unrelated to the set of related images, displaying the set of related images along with the image that is unrelated to the set of related images, and prompting a user to identify the image that is unrelated to the set of related images. Implementing the security access also includes processing results of the cognitive test, and executing the activity when it is determined from the processing that the cognitive test has been successfully completed.