Abstract: A method that includes storing multiple, separate data sets where each data set is related to an access code that is based on a combination of data related to the user and data related to a service provider is described herein.

Abstract: Methods and systems for load balancing and failover among gateway devices are disclosed. One method provides for assigning communication transaction handling to a gateway. The method includes receiving a request for a license from a computing device at a control gateway within a group of gateway devices including a plurality of gateway devices configured to support communication of cryptographically split data. The method also includes assigning communications from the computing device to one of the plurality of gateway devices based on a load balancing algorithm, and routing the communication request to the assigned gateway device.

Abstract: A method and an apparatus that provides a hard problem based hashing mechanism to improve security of hash functions are described. The hashing mechanism can include a custom padding and/or a post processing to a hashed value strengthened via operations specifying a hard problem. In one embodiment, a new hash function may be provided or defined directly without introducing or relying on existing hash functions to embed security features based on this hard problem. The new hash functions can be used in usual constructions implying hash functions. For example, the standard HMAC construction could be applied on these hash functions, standard signature algorithms or authentication protocol, etc.

Abstract: A processing system to serve as a source device for protected digital content comprises a processor and control logic. When used by the processor, the control logic causes the processing system to receive a digital certificate from a presentation device. The processing system then uses public key infrastructure (PKI) to determine whether the presentation device has been authorized by a certificate authority (CA) to receive protected content. The processing system may also generate a session key and use the session key to encrypt data. The processing system may transmit the encrypted data to the presentation device only if the presentation device has been authorized by the CA to receive protected content. Presentation devices and repeaters may perform corresponding operations, thereby allowing content to be transmitted and presented in a protected manner. Other embodiments are described and claimed.

Abstract: A user authentication apparatus includes an information collection unit which collects user information from a plurality of personal devices of a user within a predetermined distance, and a control unit which identifies the user as a user corresponding to the collected information based on the amount of user information collected. Accordingly, user authentication can be easily performed using devices of a user, resulting in increased user convenience.

Abstract: A processing system to serve as a source device for protected digital content comprises a processor and control logic. When used by the processor, the control logic causes the processing system to receive a digital certificate from a presentation device. The processing system then uses public key infrastructure (PKI) to determine whether the presentation device has been authorized by a certificate authority (CA) to receive protected content. The processing system may also generate a session key and use the session key to encrypt data. The processing system may transmit the encrypted data to the presentation device only if the presentation device has been authorized by the CA to receive protected content. Presentation devices and repeaters may perform corresponding operations, thereby allowing content to be transmitted and presented in a protected manner. Other embodiments are described and claimed.

Abstract: A token-based centralized authentication method for providing access to a service provider to user information associated with a user's relationship with the service provider includes the steps of: authenticating a user presenting a user token at a user terminal, the user token having stored thereon a user ID; deriving a resource identifier using at least two data input elements, the at least two data input elements including the user ID of the user and a service provider ID of the service provider, wherein the user information is stored in a storage network and the resource identifier is associated with the user information; retrieving the user information from the storage network using the resource identifier; and providing the retrieved user information to the service provider.

Abstract: Modular authentication and session management involves the use of discrete modules to perform specific tasks in a networked computing environment. There may be a separate authentication server that verifies the identity of the user and an authorization client that grants various levels of access to users. There may also be an authentication client that receives an initial request from a requesting application and forwards the request to the authentication server to verify the identity of the use. The authorization client may then be invoked to provide the necessary level of access. The use of discrete modules allows multiple business applications to use the same modules to perform user authentication tasks, thus alleviating the unnecessary multiplication of code.

Abstract: Content access may be provided and processed by assigning responsibility for obtaining entitlement data to the client's browser. Thus, in one example, the client may be configured to synchronize and coordinate data lookups associated with a content request, rather than relying on the server to do so. The network architecture may use a mediator design pattern, in which the client's browser acts as the mediator (i.e., middleman) between a content server and an entitlement data server. Accordingly, synchronous calls between server-side services might not be required. Instead, data necessary for the content server to process a client request for access to protected content may be received in the incoming request from the client's browser.

Abstract: A processing system to serve as a source device for protected digital content comprises a processor and control logic. When used by the processor, the control logic causes the processing system to receive a digital certificate from a presentation device. The processing system then uses public key infrastructure (PKI) to determine whether the presentation device has been authorized by a certificate authority (CA) to receive protected content. The processing system may also generate a session key and use the session key to encrypt data. The processing system may transmit the encrypted data to the presentation device only if the presentation device has been authorized by the CA to receive protected content. Presentation devices and repeaters may perform corresponding operations, thereby allowing content to be transmitted and presented in a protected manner. Other embodiments are described and claimed.

Abstract: A distribution system and method for distributing digital information is provided, which has high recoverability from a security breach. The distribution system comprises a server (200) and a computing device (110). During an enrollment phase, the computing device obtains a first response from an integrated physically unclonable function (150) integrated in the computing device. The system comprises an enrollment module (130) for determining helper data from a decryption key and the first response to enable later reconstruction of the decryption key from the helper data and a second response obtained from the physically unclonable function. During a reconstruction phase, which occurs after the enrollment phase and typically after a security breach has occurred that revealed data and/or programming code of the computing device, the server may encrypt digital information using an encryption module (220) with a cryptographic encryption key corresponding to the decryption key.

Abstract: In certain embodiments, a method includes receiving, by a capture device, traffic flows transmitted by a plurality of client devices, each of the traffic flows being associated with one of the plurality of client devices and comprising encrypted data. The method further includes receiving, by the capture device, flow information communicated from a proxy server communicatively coupled to the capture device, the flow information comprising an identification of a particular traffic flow and a session key associated with the particular traffic flow. The method further includes storing, by the capture device, encrypted data of the particular traffic flow identified by the flow information supplied by the proxy server; storing, by the capture device, the session key associated with the particular traffic flow; and discarding, by the capture device, any of the plurality of received traffic flows not identified in the flow information received from the proxy server.

Abstract: A policy that governs access to a resource may be tested against real-world access requests before being used to control access to the resource. In one example, access to a resource is governed by a policy, referred to as an effective policy. When the policy is to be modified or replaced, the modification or replacement may become a test policy. When a request is made to access the resource, the request may be evaluated under both the effective policy and the test policy. Whether access is granted is determined under the effective policy, but the decision that would be made under the test policy is noted, and may be logged. If the test policy is determined to behave acceptably when confronted with real-world access requests, then the current effective policy may be replaced with the test policy.

Abstract: Content randomization techniques for thwarting malicious software attacks. In one example, a method comprises the following steps. Content is received at a randomizer module from a first computing device, the content having been retrieved by the first computing device in response to a content request by a second computing device. The content is randomly altered at the randomizer module to generate randomly altered content. Log information about the random alteration to the content is maintained at the randomizer module. The randomly altered content is sent from the randomizer module to the first computing device such that the first computing device is able to provide the randomly altered content to the second computing device in response to the content request by the second computing device. Further, the random alteration may be removed from reply content using the log information.

Abstract: Systems and methods for provisioning electronic devices. In some embodiments, a method may include receiving a first message at a provisioning server, the first message originated by a computing device, the first message including a device identifier associated with an automation device. The method may also include receiving a second message at the provisioning server, the second message originated by the automation device and including at least a device identifier portion. In response to the device identifier portion of the second message matching the device identifier of the first message and/or in response to the automation device not being associated with a provisioning account, the method may then include providing configuration information to the automation device.

Abstract: A system for preventing the transmission of known and unknown electronic contents to and from servers or workstations connected to a common network. The system includes devices for means for interpreting the contents of a messaging protocol or application network protocol, for checking compliance of the electronic contents with the messaging protocol specification or application network protocol specification and for filtering the electronic content based on its functions.

Abstract: A technology for defending a Distributed Denial-of-Service (DDoS) attack is provided. A system for determining an application layer-based slow DDoS attack may include a packet collecting unit to collect a packet in a network, a packet parsing unit to extract at least one header field from the collected packet, and a DDoS attack determining unit to determine whether a DDoS attack against the packet is detected, using a session table and a flow table.

Abstract: A system for providing learning according to global positioning information and a method thereof are provided. A server queries for a corresponding learning content according to global positioning information provided by a first client, so that a student can learn anytime and anywhere. The server records contents already learnt by the student. A corresponding test type and test content are provided for a second client, and selection is performed to generate a test paper, which is provided for the first client so that the student can take a test. Therefore, learning anytime and anywhere is enabled, thereby achieving the technical effect of optimal learning efficiency.

Abstract: According to an embodiment, an authority changing device includes a first determiner, a second determiner, and a changing unit. A first authority is defined by a first combination of first to third item values, and a second authority is defined by a second combination of the fourth to sixth item values. The first determiner uses a logical expression to determine whether the change from the first authority to the second authority is possible, not possible, or unknown. The second determiner uses a first table to determine the availability of change from the first authority to the second authority when the availability of the change is determined to be unknown. The changing unit changes the first authority to the second authority when the change is determined to be possible.

Abstract: A method for detecting unknown malicious code is provided. A data set is created, which is a collection of files that includes a first subset with malicious code and a second subset with benign code files, whereas the malicious and benign files are identified by an antivirus program. Subsequently, all files are parsed and a set of top features of all-n grams of the files is selected and reduced by using features selection methods. After determining the optimal number of features, they will be used as training and test sets.