Abstract: A device receives an encrypted key generating value from a first device and decrypts the encrypted key generating value. A temporary session key associated with the first device is generated based on the key generating value. A secure session invitation message is received from the first device. A master session key is generated and encrypted using the temporary session key associated with the first device. The encrypted master session key is transmitted to the first device.

Abstract: Private information can be displayed using alternate frame sequencing to prevent unauthorized viewing. The private information can be ascertained by an authorized user using an active shutter viewing device synchronized to the alternate frame sequencing display. Private information can be displayed on a portion of the display, while public information, including a basic user interface, can be displayed on a second portion visible to authorized and unauthorized users. For enhanced security, alternate frame sequencing synchronization parameters can be encrypted and exchanged between a display device and the viewing device. When and where to display private information using alternate frame sequencing can be determined using environmental sensors. A single display screen can be configured to simultaneously present private information to multiple users, each user permitted to view a portion of the private information according to the unique synchronization parameters employed by a user's viewing device.

Abstract: Some implementations provide techniques and arrangements to aggregate data from multiple issuers. An aggregator server may receive data associated with a user from an issuer. The data may include an issuer identifier associated with the issuer, account access data associated with the user, and a storage location identifier. The aggregator server may authenticate an identity of the issuer based on the issuer identifier and determine whether the issuer is authorized to provide the data for the user. In response to determining that the issuer is authorized to provide the data for the user, he aggregator server may identify an account associated with the user based on the account access data and store the data in the account associated with the user based at least partially on the storage location identifier.

Abstract: The invention relates to a motor vehicle electronics device comprising a first interface (116) for establishing a first connection to a first ID token (134) in order to read data from the first ID token, —a memory (104) for storing a certificate, —means (122) for the cryptographic authentication with respect to the first ID token using the certificate, —means (130) for actuating at least one display apparatus (136, 138) for reproducing the data, and —a second interface (118) for storing the certificate in the memory.

Abstract: In an example, a method for secure publication of content is described. The method may include encrypting content with a media key. The method may also include providing the encrypted content to a client device associated with a private key and a public key. The private key may be stored at the client device. The method may also include encrypting the media key with the public key. The method may also include providing the encrypted media key to the client device.

Abstract: A technique of authenticating a person involves obtaining, during a current authentication session to authenticate the person, a first authentication factor from the person and a second authentication factor from the person, at least one of the first and second authentication factors being a biometric input. The technique further involves performing an authentication operation which cross references the first authentication factor with the second authentication factor. The technique further involves outputting, as a result of the authentication operation, an authentication result signal indicating whether the authentication operation has determined the person in the current authentication session likely to be legitimate or an imposter. Such authentication, which cross references authentication factors to leverage off of their interdependency, provides stronger authentication than conventional naïve authentication.

Abstract: A mechanism is provided for directing users to preferred software services. An indication from a user for a software service that provides a function identified by the user is identified. One or more software services that provide the function identified by the user are identified and a determination is made as to whether an existing subscription is in place for a subset of the one or more software services. Responsive to the existing subscription being in place for the subset of the one or more software services, the subset of software services that have existing subscriptions are presented to the user.

Abstract: A system and method for implementing password gates for entities and/or content is disclosed. A password gate may determine whether a select group of users are allowed to access a particular entity and/or content in order to rate and/or provide commentary with respect to that particular entity/content. The select group of users may be permitted access based on the ability to satisfy the password gate. A password gate may comprise a question that only a select group of users can correctly answer. Users may be able to create password gates and/or vote on existing password gates associated with entities and/or content. The highest rated password gate may be presented to a user attempting to gain access to a particular entity/content.

Abstract: A configuration is provided wherein usage restrictions of an application are determined in accordance with timestamps. A certificate revocation list (CRL) in which the revocation information of a content owner who is a providing entity of an application program recorded in a disc is recorded is referred to verify whether or not a content owner identifier recorded in an application certificate is included in the CRL, and in the case that the content owner identifier is included in the CRL, comparison between a timestamp stored in a content certificate and a CRL timestamp is executed, and in the case that the content certificate timestamp has date data equal to or later than the CRL timestamp, utilization processing of the application program is prohibited or restricted. According to the present configuration, a configuration is realized wherein an unrevoked application is not subjected to utilization restriction, and only a revoked application is subjected to utilization restriction.

Abstract: The present invention provides a new method for user centered privacy which works across all 3rd party sites where users post content, or even for encryption of emails. Users have an identity with a Hyde-It Identity provider (HIP) which authenticates the user to a Hyde-It Service (HITS) which performs key distribution. The functionality can be invoked through a user toolbar, built into the browser or be downloaded on demand via a bookmarklet.

Abstract: A method for providing at least one credential to access a service includes receiving an image from a camera that is included in a user device that also includes a processor and a communications device. The image is analyzed using an optical character recognition engine coupled to the processor. The analyzing the image includes determining that the image includes potential credential information that includes at least one credential including at least one character string. The at least one credential from the potential credential information is provided, using the communications device, to a service in order to access the service. In an embodiment, the user device may include a limited input device that is free of a physical keyboard having alphanumeric characters, and the determination and use of the at least one credential from the image simplifies the accessing of the service by minimizing or eliminating the need to use the limited input device.

Abstract: A method is provided for obtaining a certificate revocation list (CRL) for a vehicle in a vehicle-to-vehicle communication system. A portable security unit is provided to access secured operations for the vehicle. The portable security unit is linked to a device having access to a communication network. The communication network is in communication with a certificate authority for issuing an updated CRL. The updated CRL is downloaded from the certificate authority to the portable security unit. At a later time, when a user enters the vehicle, a communication link is established between the portable security unit and a vehicle processor unit. Mutual authentication is exchanged between the portable security unit and the vehicle processing unit. The updated CRL stored in the portable security unit is downloaded to a memory of the vehicle communication system in response to a successful mutual authentication.

Abstract: A method in one example implementation includes extracting a plurality of data elements from a record of a data file, tokenizing the data elements into tokens, and storing the tokens in a first tuple of a registration list. The method further includes selecting one of the tokens as a token key for the first tuple, where the token is selected because it occurs less frequently in the registration list than each of the other tokens in the first tuple. In specific embodiments, at least one data element is an expression element having a character pattern matching a predefined expression pattern that represents at least two words and a separator between the words. In other embodiments, at least one data element is a word defined by a character pattern of one or more consecutive essential characters. Other specific embodiments include determining an end of the record by recognizing a predefined delimiter.

Abstract: Methods for anonymous authentication and key exchange are presented. In one embodiment, a method includes initiating a two-way mutual authentication between a device and a remote entity. The device remains anonymous to the remote entity after performing the authentication. The method also includes establishing a mutually shared session key for use in secure communication, wherein the initiating and the establishing are in conjunction with direct anonymous attestation (DAA).

Abstract: A data processing apparatus comprising: a data processor for processing data in a secure and a non-secure mode, said data processor processing data in said secure mode having access to secure data that is not accessible to said data processor in said non-secure mode, and processing data in said secure mode being performed under control of a secure operating system and processing data in said non-secure mode being performed under control of a non-secure operating system; and a further processing device for performing a task in response to a request from said data processor, said task comprising processing data at least some of which is secure data; wherein said further processing device is responsive to receipt of a signal to suspend said task to initiate: processing of said secure data using a secure key; and storage of said processed secure data to a non-secure data store; and is responsive to receipt of a signal to resume said task to initiate: retrieval of said processed secure data from said non-secure da

Abstract: Methods and systems consistent with the invention provide a hash process for use in password authentication. For instance, in one embodiment, a method may include receiving password data and combining the password data with a salt value. The salt value may, for example, be a random number. The method may also include calculating a first hash value based on the combined password data and salt value. The method may further include calculating, in a second iteration, a second hash value based on the first hash value and the password. In exemplary implementations, the method may also iteratively calculate a new hash value by applying the output hash value of a previous iteration, in combination with the password data, to the hash function. The number of iterations may be determined by an iteration count.

Abstract: A computerized authentication method of an electronic document, in particular a file designed to be on-board an aircraft. The method includes generating a digital signature of the electronic document using a private key corresponding to a public key certified by a certifying authority, and sending via the Internet a time stamp request of the electronic document to a time stamping authority and receiving in response thereto a time-stamp signed by the certifying authority. The method includes sending via the Internet a request to an Online Certificate Statute Protocol (OCSP) server and receiving in response thereto a statute of the certificate of the public key, and adding to the electronic document of the digital signature, the time-stamp and the statute of the certificate to create an authenticated electronic document.

Abstract: A system is provided comprising a computer system and a dynamic network interfaces application that executes on the computer system. The dynamic network interfaces application activates a virtual local area network (VLAN) by associating subnet interface information and a virtual local area network tag, wherein the virtual local area network tag is unrelated to and randomly combined with the subnet interface information, and by transmitting the association of the subnet interface information and the virtual local area network tag to a firewall component and to a network access component.

Abstract: Embodiments are directed towards providing interoperability by establishing a trust relationship between a provider of a media player usable by a consumer and a content provider. A trust relationship is verified through using a public-private key certification authority. When a request for content is received from a consumer, the request might indicate what content protection mechanisms are available in the consumer's device. When a trust relationship is determined to exist between the content provider and the media player providers, the content provider encrypts a license separately for each of a plurality of different content protection mechanisms available at the consumer's device. The encrypted licenses are provided to the consumer's device, where the media player may be selected to play the content based on a self integrity check the media player may perform, and its ability to use a private key associated with a corresponding public key to decrypt the license.

Abstract: Methods, systems, and computer readable media for accelerating stateless IPsec traffic generation by performing ESP rehashing of ESP packets are disclosed. A first ESP packet is generated by encrypting a portion of the packet and adding ESP headers and trailers to the encrypted portion, hashing the encrypted portion and the ESP header to compute a first ESP integrity check value (ICV), and adding the ESP ICV as a trailer to the ESP packet. At least one second ESP packet is generated by modifying parameters in the first ESP packet. The first and second ESP packets are transmitted to a device under test.