Abstract: A two-level authentication system is described supporting two-factor authentication that offers efficient protection for secure on-line web transactions. It includes a global unique identity (UID) provided either by an institute-issued/personal trusted device, or based on client computing platform hardware attributes, and generated using institution authorized private software, institution-authorized authentication proxy software, and an institution-generated credential code which is pre-stored in the token and only accessible by the institute-authorized authentication proxy software. The institution-authorized authentication proxy software uses the user's PIN and the trusted device's UID as input and verifies the user and device identities through institution-generated credential code which was pre-stored in the trusted device.

Abstract: Embodiments are generally directed to systems, methods, and apparatuses for suppressing power supply noise using data scrambling in double data rate memory systems. In some embodiments, an integrated circuit includes a transmit data path to transmit data to one or more memory devices. The transmit data path may include scrambling logic to generate, in parallel, N pseudo random outputs that are uncorrelated with each other. The output data and the pseudo random outputs are input to XOR logic. The transmit data path transmits the output the of XOR logic which has a substantially white frequency spectrum. Other embodiments are described and claimed.

Abstract: An apparatus, software encoded in tangible media, and a method at an encoder. The method includes sending compressed video data including a reference frame message to create a long term reference frame to a plurality of decoders at one or more destination points, receiving feedback from the decoders indicative of whether or not the decoders successfully received the reference frame message, and in the case that the received feedback is such that at least one of the decoders did not successfully receive the reference frame message or does not have the indicated recent frame, repeating sending a reference frame message to create the long term reference frame. Using the method can replaces I-frame error recovery with long term reference frames, even in the case where the reference frame management messages are lost to at least one decoder.

Abstract: Methods and systems for performing an authenticated boot (310); performing a continuous data protection (350); performing automatic protection and optionally a consolidation; and performing other defenses and protection of a protected computing device (110a, 110b, 110c) (such as a computer system) are provided. The aspects include integrating security mechanisms (which may include a “call home” function (330), role and rule-based policies (225), validating technologies, encryption and decryption technologies, data compression technologies, protected and segmented boot technologies, and virtualization technologies. Booting and operating (either fully or in a restricted manner) are permitted only under a control of a specified role-set, rule-set, and/or a controlling supervisory process or server system(s). The methods and systems make advantageous use of hypervisors (220) and other virtual machine monitors or managers.

Abstract: Systems and methods are provided for protecting and managing electronic data signals. In one embodiment a strong watermark is inserted in a data signal that is divided into a sequence of blocks, and a digital signature for each block is embedded in the signal via a watermark. The signal is then stored and distributed. When attempts are made to use or access the signal, the signal is checked for the presence of a watermark containing the digital signature for the desired portion of the signal. If the watermark is found, the digital signature is extracted and used to verify the authenticity of the desired portion of the signal. If not found, the signal is checked for the presence of the strong watermark, which if found causes the system to inhibit further use of the signal, and if not found further use of the signal is allowed.

Abstract: Business to business secure mail may be provided. Consistent with embodiments of the invention, a protected message may be received. The recipient may request a token from a trust broker, submit the token to an authorization server associated with the sender, receive a user license from the authorization server; and decrypt the protected message using the user license. The protected message may restrict actions that may be taken by the recipient, such as forwarding to other users.

Abstract: A system and method for securing information associates a party with a node that communicates messages over one or more channels based on a channel access privilege. One or more authorities sign a cryptographic authorization permit (CAP) to authorize the channel access privilege, which can be a write privilege or a read privilege. In one embodiment, the authorization for the channel access privilege is based on a public key issued by an authority and the CAP comprises a cryptographic certificate digitally signed by the authority.

Abstract: An ID vault computer control program detects when a user's browser navigates to a third-party website that requires a user ID and password. If it hasn't done so already, it automatically requests a decryption key for a local encrypted vault file from a network server by supplying a personal identification number (PIN) from the user through the input device, a copy of the GUID, and a signature of GUID using a private key for the root certificate. If a decryption key is returned from the network server, the local encrypted vault file is unlocked and automatically supplies a corresponding user ID and password to log-on to the third-party website without the user.

Abstract: A method for introducing devices with simple user interfaces into a network community. A user pushes a button on a first device that listens for messages from central points for two seconds and, if no such message is received, becomes a central point and starts sending broadcast ID messages. The user the pushes a button on a second device to be insert, which after interaction with the central point enters a selected state. Noticing this on the user interface of the second device, the user pushes the button on the first device again, and after further communication between the devices, they enter an associated state, which can be verified on the user interface of the first device. Also provided is a first device.

Abstract: A computer-implemented system and method for verifying access to a network account are provided. A first user communication portal is associated with a user network account. A request to access the user network account is received from a second user communication portal. Security criteria related to the second user communication portal is determined. Access to the user network account is enabled upon receipt of a communication associated with the first user communication portal when the security criteria is of a predetermined value.

Abstract: In the presently preferred embodiment of the invention, every time a user submits a form the client software tries to match the submitted information with the stored profile of that user. If a match is discovered, the program tags the field of the recognized data with a corresponding type. The resulting profile can be used after that to help all subsequent users to fill the same form.

Abstract: A method includes receiving a status update from a client device, the status update reflects at least one change associated with the client device, updating a model of the client device based on the status update, receiving data to be screened for a virus, the data is received after an updating of the model of the client device, and screening the model of the client device for the virus. Systems and articles of manufacture are also disclosed.

Abstract: A data security appliance intercepts out-of-band control traffic directed to a data storage device, wherein the out-of-band control traffic includes a command to change a configuration of the data storage device. The data security appliance is reconfigured in accordance with the command in order to conform with a new configuration of the data storage device.

Abstract: Methods and systems to allow an authorized user to remotely awaken, boot, and login to a computer in a secure manner. The user and computer may communicate using a short message service. (SMS). The user may communicate with the computer using a mobile device, such as a smart phone. The user may initially provide a wake-up message to the computer, which may then respond by asking for one or more boot passwords. In an embodiment, these boot passwords may be basic input/output system (BIOS) passwords that are required for the loading and operations of the computer's BIOS. The user may then provide these one or more passwords to the computer. The computer may further request an operating system (OS) login password. The user may then provide this password to the computer. In an embodiment, all passwords may be provided to the computer in encrypted form. Moreover, authentication measures may be used to provide assurance that the user is legitimate.

Abstract: Provided is a method for transmitting contents with limited system permissions. In the method, a content request is received from a client terminal. A download descriptor is transmitted to the client terminal in response to the content request, the download descriptor including information about the authentication and permission of the client terminal system that can be managed in the contents. A content transmission request is received from the client terminal that has received the download descriptor. Contents are transmitted to the client terminal in response to the content transmission request.

Abstract: Mechanisms are provided to prevent information leakage between components implemented on a programmable chip such as a Field Programmable Gate Array (FPGA). An automated routing algorithm is effective at enforcing security restrictions with minimal input form the user while providing efficient utilization of the device. Compatible sets of signals are identified and locked, and reservations of routing resources are generated. Remaining signals are rerouted until all signal constraints are met. Specified security constraints with one or more security levels and one or more secure regions may be applied through iterations of the automated routing mechanism.

Abstract: Phishing attacks succeed by exploiting a user's inability to distinguish legitimate websites from spoofed websites. Most prior work focuses on assisting the user in making this distinction; however, users must make the right security decision every time. Unfortunately, humans are ill-suited for performing the security checks necessary for secure site identification, and a single mistake may result in a total compromise of the user's online account. Fundamentally, users should be authenticated using information that they cannot readily reveal to malicious parties. Placing less reliance on the user during the authentication process enhances security and eliminates many forms of fraud. We disclose using a trusted device to perform mutual authentication that eliminates reliance on perfect user behavior, thwarts Man-in-the-Middle attacks after setup, and protects a user's account even in the presence of keyloggers and most forms of spyware.

Abstract: The present disclosure relates to a portable storage device that can communicate with different types of host devices. In some embodiments, the portable storage device receives digital media content via a multi-mode device port and exports a derivative of the digital media content (for example, a media stream) via the same multi-mode device port. In some embodiments, the device port has at least one selectively active pin which is active when receiving digital media content and is dormant when exporting a derivative of the digital media content. Alternatively or additionally, the device port includes at least one selectively active pin which is dormant when receiving digital media content and is active when exporting a derivative of the digital media content. In some embodiments, the portable storage device selects a device mode and/or communications protocol in accordance with at least one detected feature of a complementary port and/or a host.

Abstract: Provided are a method and an apparatus for generating pseudo random sequence to generate pseudo random sequences which have larger sizes and are different from each other in a wireless communication system; a method for generating pseudo random sequence in a wireless communication system, comprising generating a first output sequence, generating a second output sequence, and generating a third output sequence; and an apparatus to generate pseudo random sequence in a wireless communication system, comprising a first linear feedback shift register (LFSR), a second LSFR, and a third LFSR, a first initial value mapper, a second initial value mapper, a third initial value mapper, and an N delay operator.

Abstract: Systems and methods are disclosed for enhancing anti-terrorism public safety measures, by more securely determining whether explosives or other contraband have been inserted into notebook computer batteries or other large, replaceable subsystems of electronic devices. Because notebook computers typically require large, heavy batteries, they present attractive containers for smugglers and terrorists attempting to bring explosives onto an airplane. The disclosed security testing system provides more reliable results than many current tests, and does not require that the device under test be powered on. The systems and methods disclosed use out-of-band authentication for added security.