Abstract: A method for importing or moving a rights object (RO) is provided, a rights issuer (RI) receives a request message of importing or moving an RO to a target device, the request message including key information encapsulated by a public key of the target device; the RI generates the RO according to the request message, the RO including the key information encapsulated by the public key of the target device; and the RI provides the RO for the target device. An RI is also provided. In the present invention, the key information encapsulated by the public key of the target device is provided for the RI, and the real key is hidden from the RI, such that the un-trust RI cannot generate the illegal RO for other devices except the target device, thereby enhancing the security of importing or moving the RO through the RI.

Abstract: A computerized authorization system configured to authorize electronically-made requests to an electronic entity. The computerized authorization system comprises a store configured to store an indication of at least one predetermined electronic authorization device configured to authorize each electronically-made request. The computerized authorization system is further configured such that: in response to receiving an electronically-made request to the electronic entity, an indication of the request is output to the at least one predetermined electronic authorization device configured to authorize the request as indicated in the store; and in response to receiving an indication of authorization from the at least one predetermined electronic authorization device, an indication of authorization of the request is output to the electronic entity.

Abstract: When exchanging communication parameter setting information on a wireless network, a communications apparatus selects between a first operation mode in which communications parameter information is exchanged with a specific communications apparatus and a second operation mode in which communications parameter information is exchanged with an unspecified number of communications apparatus. Depending on the selected operation mode, the communications apparatus control security upon holding the communications parameter information exchanged with the specific communications apparatus and the communications parameter information exchanged with the unspecified number of communications apparatus.

Abstract: A host machine provisions a virtual machine from a catalog of stock virtual machines. The host machine instantiates the virtual machine. The host machine configures the virtual machine, based on customer inputs, to form a customer's configured virtual machine. The host machine creates an image from the customer's configured virtual machine. The host machine unwraps a sealed customer's symmetric key to form a customer's symmetric key. The host machine encrypts the customer's configured virtual machine with the customer's symmetric key to form an encrypted configured virtual machine. The host machine stores the encrypted configured virtual machine to non-volatile storage.

Abstract: A management station which manages the encryption devices in a SAN to set up encrypted LUNs. In setting up the encryption, the source and target ports are identified, along with the target LUN. LUN serial numbers used to identify unique LUNs. As paths to a given LUN are defined, the management station compares the path to existing paths and provides an indication if there is a mismatch in the encryption policies or keys being applied to the LUN over the various paths. This allows the administrator to readily identify when there is a problem with the paths to an encrypted LUN and then take steps to cure the problem. By determining the paths and then comparing them, the management station greatly simplifies setting up multipath I/O to an encrypted LUN or access by multiple hosts to an encrypted LUN.

Abstract: An apparatus comprising a controller circuit and an array. The controller circuit may be configured to read/write data in response to one or more input/output requests. The array may be configured to present/receive data to/from the controller circuit in response to the input/output requests. The data may be only transmitted to/from the array after a successful authentication between (i) a first code embedded within each of the input/output requests and (ii) a second code stored on a non-volatile memory within the controller circuit.

Abstract: A method and apparatuses for verifying Cryptographically Generated Address (CGA) signature are provided. The method includes: receiving a message sent by a CGA address owner, wherein a RSA public key, a first RSA public key signature, a second public key, and a second public key signature are carried in the message, the first RSA public key binds one or more second public keys, and a part protected by the first public key signature includes the one or more second public keys; verifying the first RSA public key signature according to the message; extracting the second public key, and verifying the second public key signature. According to the method and apparatuses of the embodiment, the effect of supporting other public key can be achieved, the change of the IP address can be omitted, and public key deployment and computing resources are saved.

Abstract: A multi-directional comb filtering in a digital video decoder is provided. Some embodiments of the present invention provide for a method of filtering, using a multi-directional comb filter, pixel data from a sequence of fields of pixel data, wherein the fields of pixel data comprise a previous field, a current field and a next field, and wherein each of said fields includes a previous line, a current line, a next line.

Abstract: Password generation and extraction is described. In one aspect, a user inputs multiple characters, including a user password, variable characters, and multiple terminator characters. Locations of the terminator characters are identified and used to extract the user password from the multiple characters input by the user.

Abstract: A method, an apparatus and a system for authorization-dependent access to multimedia contents. A first terminal produces a first request for a multimedia content for an output of the multimedia content via the first terminal. A first authorization information item is used to check that the output of the multimedia content is authorized. The first terminal produces a second request for an output of the multimedia content via a second terminal. A check is carried out to determine whether to output a first security note via the first terminal. The output of the multimedia content takes place via the second terminal if the first security note is not to be output, or an input of a confirming acknowledgement for the first security note is identified by the first terminal.

Abstract: In general, the subject matter described in this specification can be embodied in methods, systems, and program products for providing access to secured resources. A token providing system stores a primary authentication token that is used to obtain temporary authentication tokens. The token providing system provides, to application programs that are unable to access the primary authentication token, the temporary authentication tokens. The token providing system receives, from a first application program of the application programs, a first request to obtain a first temporary authentication token. The first request does not include the primary authentication token. The token providing system transmits a second request to obtain the first temporary authentication token. The second request includes the primary authentication token. The token providing system receives the first temporary authentication token.

Abstract: Cryptographic keys and, subsequently, the data they are intended to protect, are safeguarded from unwarranted attacks utilizing various systems and methodologies designed to minimize the time period in which meaningful versions of cryptographic keys exist in accessible memory, and therefore, are vulnerable. Cryptographic keys, and consequently the data they are intended to protect, can alternatively, or also, be protected from attackers utilizing systems and a methodology that employs a removable storage device for providing authentication factors used in the encryption and decryption processing. Cryptographic keys and protected data can alternatively, or also, be protected with a system and methodology that supports data separation on the storage device(s) of a computing device. Cryptographic keys and the data they are intended to protect can alternatively, or also, be protected employing a system and methodology of virtual compartmentalization that effectively segregates key management from protected data.

Abstract: Method and apparatus for behavioral detection of malware in a computer system are described. In some embodiments, a request by a process executing on a computer to change time of a clock managed by the computer is detected. The process is identified as a potential threat. At least one attribute associated with the process is analyzed to determine a threat level. The request to change the time of the clock is blocked and the process is designated as a true positive threat if the threat level satisfies a threshold level.

Abstract: A method for adapting use of a wireless link, such as a radio link, between a remotely controlled device and an operator control unit, and a remotely controlled device configured to perform the method, the method aimed at providing for more advantageous use of the wireless link in providing video to the operator control unit. In case of a radio link, a video-transmitting radio unit of the remotely controlled device provides a digital video feed over the radio link to a video-receiving radio unit of the operator control unit, and in so doing the remotely controlled device adapts the resolution and/or frames per unit time of the video feed based solely on measurements made by the remotely controlled device, measurements indicative of the quality of the radio link.

Abstract: A user interface and a processor coupled to the user interface wherein the processor receives access requests through the user interface and authorizes access through the user interface. The processor associates a rights request with a role based policy to determine access rights, modifies the determined access rights in accordance with an exception list related to particular users and records, and authorizes access to a record based upon the modified determined access rights.

Abstract: A method for data storage includes supplying data to and from a host to a storage memory via a secure data path. A first CPU is employed to control operation of the storage memory, and a second CPU is employed to control operation of the secure data path.

Abstract: The present invention relates to an information processing apparatus and method which make it possible to transmit image data with high quality and low delay in more versatile situations. A control unit 111 obtains negotiation information including a transmission-allowed bit rate of a transmission line 103, which is defined in a standard, information regarding a receiving apparatus, or a measured value of the transmission-allowed bit rate, controls whether or not to encode image data and transmit the encoded image data, and performs settings in encoding, such as a resolution, a bit rate, and a delay time. Also, an encoding unit 113 controls a decomposition number of a chrominance component in accordance with the format of image data to be encoded. The present invention is applicable to, for example, a communication apparatus.

Abstract: In a streaming media environment in which multiple channels of media content are available, the present invention reduces the time interval between a user requesting a new channel and the media content of the requested channel being made available to the user.

Abstract: A method for importing or moving a rights object (RO) is provided, which includes the following steps. A rights issuer (RI) receives a request message of importing or moving an RO to a target device, the request message including key information encapsulated by a public key of the target device; the RI generates the RO according to the request message, the RO including the key information encapsulated by the public key of the target device; and the RI provides the RO for the target device. An RI is also provided. In the present invention, the key information encapsulated by the public key of the target device is provided for the RI, and the real key is hidden from the RI, such that the un-trust RI cannot generate the illegal RO for other devices except the target device, thereby enhancing the security of importing or moving the RO through the RI.

Abstract: An apparatus can include a smart card based encryption key management system used to generate an encryption key using encryption key seed material, and an encryption key data store to store the encryption key seed material. An apparatus can include a smart card based password management system used to generate a password using password seed material, and a password data store to store the password seed material.