Abstract: A system for authenticating computer users comprising a single active directory disposed in an intranet, a web server disposed in a DMZ associated with the intranet, and a web client coupled to the web server through an internet connection that is capable of signing on to the web server.

Abstract: The present invention provides a method of wireless communication involving at least one first base station associated with a first access serving network and at least one second base station associated with a second access serving network is provided. The method may include generating a first key associated with the first access serving network and the second base station, receiving information indicating that the first key is temporary, and establishing a communication link with the second base station using the first key.

Abstract: Techniques for protecting personally identifiable information are described. In an implementation, a method is described which includes analyzing heuristics which correspond to a communication to determine a likelihood that the communication relates to a fraudulent attempt to obtain personally identifiable information. A determination is made based on the determined likelihood of whether to perform one or more actions in conjunction with the communication.

Abstract: In an Internet fax, to receive an electronic mail document for fax transfer, if a password related to a control command for indicating a facsimile communication function is encrypted and set in the destination field or the main body of the received electronic mail, the encrypted password is decrypted and using the decrypted password, facsimile transfer of the electronic mail document is executed following the control command.

Abstract: The present invention provides a method for communication involving a supplicant, an authenticator, and an authentication server having an established security association based on a first key. The supplicant and the authenticator also have an established security association based on a second key. The method may include modifying the second key using the first key in response to determining that a challenge response from the supplicant is valid.

Abstract: A system and method comprising the steps of, delegating a capability from a first user to a second user, propagating information that includes evidence of the delegation to a plurality of security service modules, wherein each one of the plurality of security service modules is capable of protecting one or more resources, providing the evidence to a first security service module belonging to the plurality of security service modules, enforcing the delegation when the second user attempts to access a resource in the one or more resources wherein the resource is protected by the first security service module, and wherein the enforcement is carried out by the first security service module.

Abstract: Methods and apparatuses for determining the identity of the user detect a current user's electronic device activity pattern; compare the detected activity pattern against a plurality of user action identification profiles, wherein each user action identification profile is associated with a particular user; and use the comparing to identify the current user as being the particular user.

Abstract: The present invention provides a method for authenticating a user to a network by means of a temporary and/or one-time password. The temporary and/or one-time password is provided by a service provider that can be accessed by means of a mobile telecommunication device. The temporary password is provided on demand, when the user invokes a corresponding access request that is transmitted to the service provider by means of the mobile telecommunication device. The service provider checks and asserts a received access request and generates the temporary password by making use of a dedicated cryptographic method. The generated temporary password is finally transmitted to the personal mobile device of the user that is adapted to transmit the received temporary password to a gateway of a network in order to authenticate the user to the network. Moreover, the mobile telecommunication device provides establishing of an IP-based connection between a user's computing device and the network.

Abstract: Provided is a method, system, and program for generating and communicating information on locations of program sections in memory. Source code is generated for an agent program. The source code includes start and end variables for selected sections of the program, wherein the start and end variables for each selected section are used to indicate the start and end address in a memory at which the section is loaded. The selected sections are capable of including less than all the sections in the program. The source code is compiled and linked to generate an object file including the sections. The object file causes, in response to being loaded into the memory of a computer, a relocation of at least one of the start and end memory addresses of the selected sections into at least one of the start and end variables for the selected sections when memory addresses are assigned to sections as part of relocation operations. Other embodiments are disclosed and claimed.

Abstract: The present invention relates generally to digital watermarking and other forms of content identification. One claim recites a method including: receiving audio or video content, the audio or video content comprising at least two digital watermark payload layers, a first watermark payload layer comprising a content identifier which uniquely identifies the content, and a second watermark payload layer comprising a distributor identifier which identifies a distributor or distribution channel associated with the content; utilizing a processor or electronic processing circuitry, embedding a third digital watermark payload layer in the audio or video content, said act of embedding transforms at least some data representing the audio or video content to embed the digital watermark payload, where each of the first watermark payload layer, the second watermark payload layer and the third digital watermark payload layer are embedded in the audio or video content with different watermark protocols.

Abstract: A check of a processing device is performed. A device may receive a network access request to access a network from a first processing device. A security check may be caused to be performed on the first processing device. Whether to grant the network access request to the first processing device is based on a result of the security check.

Abstract: Requests for secure content are rewritten before delivering the secure content to a client. In one implementation, the rewritten requests include the information content from the original request with the addition of a predetermined domain. The domain may correspond to a trusted agent that acts as a proxy for all secure requests from the client. Because of the rewritten request, the trusted agent is contacted by the client for the secure content. The trusted agent may then transparently (from the point of view of the client) retrieve and forward the secure content to the client.

Abstract: Tampering with pieces of software is inhibited. The obfuscation of a software image so as to becloud the comprehension of hackers in reverse engineering pieces of software comprising the software image is provided. A process of verifying whether the pieces of software together constitute a software package that requires protection from tampering is also provided. Another process for determining whether the hardware resources, such as the central processing unit or the cache memory on a computing machine, belong to a class for which inhibiting software tampering is possible, is also provided.

Abstract: Tampering with pieces of software is inhibited. Software obfuscation inhibits reverse engineering by hackers by manipulating names of functions and adding jump instructions into various pieces of software. The obfuscation of a software image so as to becloud the comprehension of hackers in reverse engineering pieces of software comprising the software image is provided. Image verification ensures the originality of the pieces of software to be installed.

Abstract: A system, method, and article of manufacture is provided for updating content stored on a portable storage medium. Upon input of a portable storage medium into a machine by a user, the content stored on the portable storage medium is read. After reading the content of the portable storage medium, a separate storage medium is accessed and content is received therefrom. The content from the separate storage medium is an update of the content of the portable storage medium. This content of the separate storage medium is then displayed.

Abstract: A method and apparatus for group session key and establishment using a certified migration key are described. In one embodiment, the method includes exporting of a protected certified migration key (CMK) to a target platform. In one embodiment, exporting of the protected CMK requires that the target platform is authorized for participation in a group and has a storage key, including attributes that comply with the group security policy. Once the protected CMK is exported, in one embodiment, a group master key is encrypted with a public portion of the CMK to form a protected group master key. Subsequently, the protected group master key is transmitted to the target platform. In one embodiment, possession of the group master key enables the target platform to participate in a secure group communication session. Other embodiments are described and claimed.

Abstract: Disclosed herein are a recording medium, an apparatus for forming the recording medium, and an apparatus and method for reproducing the recording medium. CPI (Copy Protection-related Information), identification information (CPI_Flag) indicative of recording or non-recording of the CPI, and/or a plurality of contents specific information (CSI) with different formats are recorded in a PIC (Permanent Information & Control data) zone of a high-density optical disc such as a BD-ROM (Blu-ray Disc-ROM). A formatting operation and mastering operation are performed under the condition that control data including the CPI, CPI_Flag and/or CSI is separated from main data. An optical disc device judges whether the optical disc has been illegally copied, with reference to the CPI, CPI_Flag and/or CSI read from the optical disc, and compulsorily stops a data playback operation upon judging that the disc has been illegally copied.

Abstract: A method, system and apparatus for automated management and validation of access permissions to referenced shared resources. A method for access validation and management of access permissions to referenced shared resources in a networked environment can include incorporating a reference to an underlying shared resource within a primary shared resource configured for distribution in the networked environment and specifying a designated viewer for the primary shared resource. It can be determined whether the designated viewer is permitted to access the underlying shared resource. Before providing the primary shared resource to the designated viewer, however, an author of the primary shared resource can be notified when the designated viewer is determined not to be permitted to access the underlying shared resource.

Abstract: A method and system for preventing the detection of an operating system by an intruder, the operating system installed on a host in a network, is provided. The intruder transmits a network probe for operating system detection. The network probe is identified and a response is generated to the network probe, generated by the operating system, is modified. The modified response provides the intruder with false information related to the operating system, thereby misleading the intruder about the type of operating system.

Abstract: A method for ensuring security and a data storage apparatus that enable an efficient security check on a notebook PC or like that are taken outside are provided. By executing a program that is read from the data storage apparatus, the processing for determining whether or not a piece of security ensuring data is applied; reading the piece of security ensuring data that is determined to be applied; and applying the same to a predetermined program in a terminal is executed.