Abstract: There are provided methods and systems for providing a plurality of protected segments from a contiguous media content segment, and selectively providing a user access to at least a portion of one of the protected segments in response to accessing a gating media segment associated with the protected segment.

Abstract: A system for authenticating personal use of contents by using a portable storage medium includes: a portable personal use authentication device configured to store domain authentication information; and a contents personal use authentication apparatus configured to extract playback information for playing a provided content based on the domain authentication information and provide the extracted playback information to a player.

Abstract: Malware detection systems and methods for determining whether a collection of data not expected to include executable code is suspected of containing malicious executable code. In some embodiments, a malware detection system may disassemble a collection of data to obtain a sequence of possible instructions and determine whether the collection of data is suspected of containing malicious executable code based, at least partially, on an analysis of the sequence of possible instructions. In one embodiment, the analysis of the sequence of possible instructions may comprise determining whether the sequence of possible instructions comprises an execution loop. In a further embodiment, a control flow of the sequence of possible instructions may be analyzed. In a further embodiment, the analysis of the sequence of possible instructions may comprise assigning a weight that is indicative of a level of suspiciousness of the sequence of possible instructions.

Abstract: A data conversion method for an information processing device to execute format conversion processing from AVCHD (Advanced Video Codec high Definition) format to BDAV (Blu-ray Disc Audio Visual) format includes the steps of: performing data input for a data input unit to input AVCHD format data; and performing format conversion for a format converter to select a playback control information file included in the input AVCHD format data, perform format conversion, and generate playback control information according to BDAV format; wherein conversion processing is not performed for a stream file included in the input AVCHD format data, and BDAV format data made up of a converted playback control information file and non-converted stream file is generated.

Abstract: A cryptographic processing apparatus includes: at least one register configured to store data for operation; a first operation block configured to execute an operation in accordance with data stored in the register; a second operation block configured to execute a logic operation between one of a register-stored value and a key and an operation result of the first operation block; and a decode block configured to decode binary data in units of the predetermined number of bits to convert the binary data into decode data having the number of bits higher than the number of bits of the binary data.

Abstract: A computer-implemented method for detecting the insertion of poisoned DNS server addresses into DHCP servers may include: 1) identifying a DNS server address provided by a DHCP server, 2) determining that the DNS server address provided by the DHCP server differs from a prior DNS server address provided by the DHCP server, 3) determining, due at least in part to the DNS server address differing from the prior DNS server address, that a DNS server located at the DNS server address provided by the DHCP server represents a potential security risk, and then 4) performing a security operation in an attempt to remedy the potential security risk.

Abstract: The present invention relates to a method or system of generating a surrogate key using cryptographic hashing. One embodiment of the method of the present invention may have steps such as selecting a field or group of fields that is or are unique among all records in the database, for each record, extracting the data from the fields, concatenating the extracted data into an input message, running the input message through a hash generator, either in batches or one at a time, for testing purposes perhaps, and outputting a surrogate key.

Abstract: A portable secure data file includes an encrypted data portion and a metadata portion. When a request associated with a current user of a device to access a portable secure data file is received, one or more records in the metadata portion are accessed to determine whether the current user is permitted to access the file data in the encrypted data portion. If a record indicates the user is permitted to access the file data, a content encryption key in that record is used to decrypt the encrypted data portion.

Abstract: The present invention provides systems and methods for allowing an Email User to create a Public Key Infrastructure (PKI) Email Account and thereafter to digitally sign, send, verify and receive PKI encrypted emails over a computer network, such as the Internet. The systems and methods preferably include a Web-based Email System and a Certificate Authority that coordinate their actions to make the process of creating, maintaining and using the PKI Account as easy as possible for the Email User. In a preferred embodiment, a Keystore System may also be used to enhance the management and use of digital keypairs.

Abstract: Rather than managing a certificate chain related to a newly issued identity certificate at a terminal to which a wireless device occasionally connects, a certificate server can act to determine the identity certificates in a certificate chain related to the newly issued identity certificate. The certificate server can also act to obtain the identity certificates and transmit the identity certificates towards the device that requested the newly issued identity certificate. A mail server may receive the newly issued identity certificate and the identity certificates in the certificate chain and manage the timing of the transmittal of the identity certificates. By transmitting the identity certificates in the certificate chain before transmitting the newly issued identity certificate, the mail server allows the user device to verify the authenticity of the newly issued identity certificate.

Abstract: An electronic mail transmission/reception system is provided, capable of maintaining the confidentiality of restricted attachments desired to be limited in destination, thereby ensuring the security of the restricted attachments.

Abstract: A method and arrangement for utilising a generally available personal data terminal as a secure and reliable authentication factor for user authentication is described. Also, a method for secure transfer of data between two parties, a user and a service provider, where the user generates a unique authentication factor adapted for user authentication (104), called a user code, and the service provider registering the user's user code as an authentication factor is disclosed. The method is useful for various security services involving a user and a service provider in electronic channels where service providers are faced with the challenges of authenticating the users of their services.

Abstract: In a method for compatibility checking of a measuring system including a measurement transmitter and a sensor, a first signature is externally created for an identifying data set and is stored in the measurement transmitter. After transmission of the identifying data set from the measurement transmitter to the sensor, a second signature is calculated for the identifying data set in the sensor. If the signatures match, then the measurement transmitter and the sensor are compatible and the measurement transmitter can access data and/or functions of the sensor.

Abstract: Tools and techniques related to time window based canary solutions for browser security are provided. These tools may receive requests to generate canary values in connection with providing content maintained on server systems, and compute canary values in response to these requests. These canary values may be based on identity information associated with different users, site-specific values associated with websites accessed by these users, and representations of time windows associated with the requests.

Abstract: A method and system for configuring a valid duration period for a digital certificate. The method includes assigning a positive numeric value for each certificate term. The positive numeric value assigned to each certificate term is representative of the valid duration period. The method continues by prompting a user of the client device to request one certificate term. The method may include transmitting the requested certificate term to a server. The certificate term requested is sent via a certificate request. The server is configured to convert the positive numeric value associated with the requested certificate term into a duration counter. The method may also include a certificate server receiving from the server, the certificate request including the duration counter. The certificate server is configured to digitally sign the certificate request.

Abstract: A system for more secure, more efficient, more widely applicable backup, retention, and retrieval of data. An apparatus comprising improved means for de-duplication of data and securely storing data remotely with efficient retention and recovery. A method comprising disassembling data objects, efficiently de-duplicating, securely storing and retrieving backups in shared servers on a public network, and controlling retention.

Abstract: We present an apparatus which can be used so that one party learns the value of a string distance metric applied to a pair of strings, each of which is held by a different party, in such a way that none of the parties can learn anything else significant about the strings. This apparatus can be applied to the problem of linking records from different databases, where privacy and confidentiality concerns prohibit the sharing of records. The apparatus can compute two different string similarity metrics, including the bigram based Dice coefficient and the Jaro-Winkler string comparator. The apparatus can implement a three party protocol for the secure computation of the bigram based Dice coefficient and a two party protocols for the Jaro-Winkler string comparator which are secure against collusion and cheating. The apparatus implements a three party Jaro-Winkler string comparator computation which is secure in the case of semi-honest participants.

Abstract: A system and method for generating a disguised password are provided. The method presets a real password via an input device, selects one or more characters from the real password as a verification code. The method further generates an encryption code corresponding to the verification code according to an encryption algorithm, generates a character string based on the encryption code, and displays a verification box on a display screen to receive an input key from the input device. In addition, the method determines whether the input key matches the encryption code of the character string, and generates a disguised password by replacing the verification code with the encryption code in the real password if the input key matches the encryption code of the character string.

Abstract: In a secure communication system, a first communication device includes a first list of numbers and a first number selector for periodically selecting a different number in the first list. The first communication device further includes a first encryption key generator for generating a first encryption key based on the selected number for generating an encrypted message. A second communication device includes a receiver for receiving the encrypted message, a second list of numbers identical to the first list of numbers, and a second number selector synchronized with the first number selector so as to select the same number as the first number selector, and a second encryption key generator for generating a second encryption key identical to the first encryption key. The second communication device decrypts the encrypted message using the second encryption key. An associated method for providing secure communication of a message between parties is also provided.

Abstract: An approach is described for controlling access to a data item using one or more access graphs. The approach entails distributing a compact package of access-related information to a recipient that pertains to the access graphs. The recipient can use the access-related information to access the data item through the access graphs in an off-line mode of operation. In one implementation, the access-related information includes markers associated with edges between nodes in the access graphs. One type of marker can link the data item to two or more nodes of the access graphs. This type of marker can be used to implement a logical AND operation among two or more policy factors.