Abstract: Provided are a method and apparatus for providing a security mechanism guaranteeing transparency at a transport layer. The method includes: receiving a data packet from an application program, and searching key information corresponding to the data packet in key information database; determining whether to request a key exchange module of an application layer for a new key negotiation according to a result obtained by searching key information; and performing encrypting/decrypting based on key information when the key exchange module stores key negotiation information obtained by the new key negotiation in a kernel. The apparatus encrypts/decrypts the data packet at the transport layer of the kernel, thereby providing the application program with security transparency, effectively controlling and making it easily expansible.

Abstract: A terminal for controlling communication can include a receiving unit configured to receive a key to be assigned to a requesting terminal for communication, a processing unit configured to include an indication of assigned communication keys, and a transmission unit configured to transmit the communication request to a communication control functionality.

Abstract: A system is for identity management is provided. The system includes an identity management data store, a human resources input, an application registration component, and a security component. The identity management data store stores identity-related information for a user of an application. The identity-related information is mapped within the identity management data store to role information for the user of the application. The human resources input provisions the identity management data store with the identity-related information. The application registration component facilitates the application to provision the identity management data store with the role information for the user of the application. The security component authenticates the user and authorizes the user for access to the application based on the identity-related information. The security component retrieves the role information mapped to the identity-related information and delivers the role information to the application.

Abstract: In one embodiment, the present invention is a method and apparatus for adding signature information to electronic documents. One embodiment of the inventive method involves adding the signature information into a signature data field template corresponding to the electronic document, converting the signature data field template, including the added signature information, to an image file, and superimposing the image file over the electronic document to produce a signed electronic document. The inventive method substantially eliminates the potential for human error and security breaches in the signing of electronic documents.

Abstract: A method for disabling a process in a computer, particularly including processes such as viruses, spyware, adware, and malware generally. A file object (file or folder) is identified in the computer that is required by the process. An access control entry (ACE) is then stored in an access control list (ACL) for the file object. The ACE specifies an entity (user or group) and a permission needed by that entity to access or execute the file object. The ACE further specifies that the entity is denied the permission it needs. This disables the process by denying the entity the future ability to access or execute the file object.

Abstract: A method for connecting a user computer to a first computer network includes transmitting a connection request by the user computer, via a second computer network, requesting a connection to the first computer network. The second computer network is automatically solicited to authorize the user computer, responsively to a failure of the connection request. Upon authorization by the second computer network, a connection is established between the user computer and the first computer network via the second computer network.

Abstract: With each embodiment of the present invention, a content providing system comprises a content encrypting section which encrypts content by use of a session key and a header generating section which encrypts the session key by use of an encryption key in such a manner that the session key can be obtained by use of a decryption key assigned to a user system and generates header information including the encrypted session key and one or more values based on user identification information of each of the user systems that are permitted to obtain the session key. The content providing system transmits the encrypted content and the header information to each user system. Since the header information does not explicitly include user identification information of the user systems, information about whose decryption keys have been revoked is not leaked out in the block box tracing.

Abstract: A malicious access-detecting apparatus which is cable of grasping the whole aspect of an attack which can occur, before it actually occurs. A monitoring information-collecting section collects monitoring information including the network events detected by the monitoring devices on networks. A malicious apparatus group-deriving section retrieves a corresponding piece of the event information from an event information storage device, and derives, based on the retrieved piece of the event information, apparatuses that are involved in relevant detected network events which belong to the predetermined type of network events and of which addresses of senders or recipients are same, as a malicious apparatus group involved in the predetermined type of malicious access. A storage section stores information on each derived malicious apparatus group. An output section outputs a list of the each derived malicious apparatus group.

Abstract: A system and method for providing ad hoc controlled user access to wireless and wireline IP communication networks while maintaining privacy for users and traceability for network providers. The method includes an authentication interface accepting user credentials, and a validation entity for credential verification and access authorization. The credentials include a unique identifier and a system generated password. The unique identifier is associated with a personal entity of the user such as a cellular telephone. The password is transmitted to the user through a SMS message to his cellular telephone. The user's Internet session is monitored by the system and all records are indexed by his cellular telephone number. The system and method therefore permit fast and traceable access for guest users at networks where they are were not previously known. Alternatively, users do not provide their unique identifiers such as cellular telephone numbers which are instead already stored in the system.

Abstract: A source device and a method are provided for certifying and controlling A/V signals output from an A/V device through an output terminal of a digital visual interface (DVI) or a high definition multimedia interface (HDMI), using Digital Rights Management (DRM). The source device includes: a DRM module which decrypts encrypted multimedia contents included in DRM contents through certification of a source device, and generates a control message for controlling digital A/V channels connected between the source device and a sink device based on a DRM rule; an input controller which certifies A/V data input from a media decrypter, and outputs A/V data filtered according to a certifying result; an input interface which converts the filtered A/V data into pixel data and audio data; and a signal transmitter which encrypts and converts the pixel and audio data into high-speed serial digital A/V signals to be transmitted to the sink device.

Abstract: A Web service providing method of a Web service provider providing a Web service comprises a decoding request transmission step transmitting, in response to a request from a client, a decoding request of Web service use permission information related to permission of use of the Web service, to an authentication service provider that provides a service related to authentication, and a decode response reception step, receiving a decode response of the Web service use permission information issued in response to said decoding request of the Web service use permission information, from the authentication service provider.

Abstract: A computer is provided with an isolated computing environment. The isolated computing environment is adapted to allow initial programming for use in manufacturing, distribution and sales. The isolated computing environment further allows an authenticated source or authenticated code to update the isolated computing environment with code and configuration data for use in the end-user environment. To encourage final updating, the computer may be placed in a limited-function mode until authorized code is installed and operational. A method and apparatus are disclosed for the sanctioning and secure update of the isolated computing environment.

Abstract: Certain events, such as data input operating system calls, are likely to initiate a buffer overflow attack. A timing module generates timestamps that indicate when such possible initiating events occur. The timestamp is associated with a particular process and/or thread executing on the computer. If subsequent evidence of a buffer overflow attack is detected on the computer, the timestamps are consulted to determine if a possible initiating event occurred recently. If there is a recent initiating event, a buffer overflow attack is declared. Evidence of a buffer overflow attack can include receiving a signal from the processor indicating that the processor was asked to execute an instruction residing in non-executable memory. Evidence of a buffer overflow attack can also include detecting an action on the computer that malicious software is likely to perform, such as opening a file or network connection, being performed by an instruction residing in non-executable memory.

Abstract: In an Internet fax, to receive an electronic mail document for fax transfer, if a password related to a control command for indicating a facsimile communication function is encrypted and set in the destination field or the main body of the received electronic mail, the encrypted password is decrypted and using the decrypted password, facsimile transfer of the electronic mail document is executed following the control command.

Abstract: Tampering with pieces of software is inhibited. Software obfuscation inhibits reverse engineering by hackers by manipulating names of functions and adding jump instructions into various pieces of software. Profiles are stored in a central hierarchical database and such profiles are protected from tampering. The obfuscation of a software image so as to becloud the comprehension of hackers in reverse engineering pieces of software comprising the software image is provided.

Abstract: An apparatus, system, and method for constructing, transmitting, and authenticating a password utilized by an authentication device to authenticate an access device. The authentication device receives the password from the access device, authenticates the access device if the password matches stored information, and returns an acknowledgment message that includes an index value associated with a stored character set. The access device constructs and transmits the password. The access device receives from a user, a plurality of predefined characters forming a User ID. The access device also receives the acknowledgment message and index value from the authentication device. The index value is used to identify a character set from a plurality of character sets stored in a lookup table. The access device integrates the User ID and the identified character set to generate a password, and transmits the password to the authentication device.

Abstract: A dynamic multimedia fingerprinting system is provided. A user requests multimedia content from a Web cache server that verifies that the user is authorized to download the content. A custom fingerprint specific to the user is generated and dynamically inserted into the content as the content is delivered to the user. The custom fingerprint can be generated on the Web cache server or at the content provider's server. The system allows a content provider to specify where the custom fingerprint is inserted into the content or where the fingerprint is to replace a placeholder within the content.

Abstract: An image transmission device is disclosed. When a device user starts to use the device or logs in, authentication is done. If the device user is identified as a customer engineer, the system control part displays operations not permitted to be performed by the customer engineer in a manner different from permitted operations on an operations display part. For instance, the non-permitted operations are displayed at half brightness. The permitted operations may be specified in advance by a user registered as a manager.

Abstract: Tampering with pieces of software is inhibited. Service protection inhibits tampering by allowing various unauthorized services to execute. Profiles are stored in a central hierarchical database and such profiles are protected from tampering. The obfuscation of a software image so as to becloud the comprehension of hackers in reverse engineering pieces of software comprising the software image is provided.

Abstract: A method and system for providing virus detection. A virus detection system provides for the use of pattern matching techniques on data at a binary level for virus detection. Whenever an incoming data stream is received, the data stream is segmented into time-based data frames. The time-based data frames are processed to generate associated data frame images utilizing signal processing identification and filter techniques. One or more data frame images are compared to a stored virus image utilizing pattern analysis techniques. A pattern match value associated with each data frame image is generated based on the comparison and a determination is made as to whether or not the pattern match value exceeds a pattern match value threshold. When the pattern match value exceeds the pattern match value threshold, a pattern associated with the virus image is removed from the time-based frames to produce a filtered data stream.