Abstract: Instrumented networks, computer systems and platforms having target subjects (devices, transactions, services, users, organizations) are disclosed. A security orchestration service generates runtime operational integrity profiles representing and identifying a level of threat or contextual trustworthiness, at near real time, of subjects and applications on the instrumented target platform. Methods and systems are disclosed for calculating security risks by determining subject reputation scores. In an embodiment, a system receives a query for a reputation score of a subject, initiates directed queries to external information management systems to interrogate attributes associated with the subject, and analyzes responses. The system receives a hierarchical subject reputation score based on a calculus of risk and returns a reputation token.

Abstract: A method of and system for digital rights management, in which access to a piece of content is granted in accordance with a license owned by a license owner to a client who is a member of a domain. This requires successfully verifying that a membership relation exists between the client and the domain as reflected in a first state variable, and that an association relation exists between the license owner and the domain as reflected in a second state variable. Both relationships are revoked by executing an online protocol between the parties in the relationship after which both remove the corresponding state variable. The domain controller propagates the state administration relating to the domain is propagated to the client so that the client can update its state administration.

Abstract: A technique that enables a portable device to be automatically associated with a plurality of computers. Information that a computer can use to authenticate a portable device and establish a trusted relationship prior to creating an association with the portable device is created and stored in a data store that is accessible by a plurality of computers and is associated with a user of the portable device. When a computer discovers such a portable device with which it is not yet associated, the computer can identify a user logged into the computer and use information identifying the user to retrieve authentication information that is device independent and is expected to be presented by the portable device to authenticate it and allow automatic association.

Abstract: A programming recorder receives information after receiving at least two programming event recording requests, detects a conflict between the programming event recording requests based on the received information, creates a ranked list of alternative sources for the programming event recording requests, and resolves the conflict by fulfilling at least one of the at least two programming event recording requests utilizing an alternative source. The alternative source may be automatically selected or selected by a user. The ranked list of alternative sources may be ordered utilizing a set of one or more priority criteria. The programming event recording requests and/or the received programming information may include metadata and determining alternative sources may comprise comparing the metadata. The programming recorder may display an indication that the conflict between the at least two programming event recording requests was detected and resolved.

Abstract: A biometric authentication method for a computer system, the computer system comprising: a computer; and an authentication server, the biometric authentication method including steps of: extracting a first feature from the captured biometric information; generating a template polynomial for enrollment; extracting a second feature from the captured biometric information; generating a template polynomial for authentication; generating a correlation function for calculating a correlation between the template polynomial for authentication and the enrolled template polynomial; calculating a correlation value between the template polynomial for authentication and the enrolled template polynomial by using the generated correlation function, and determining based on the calculated correlation value whether or not the biometric information at the time of authentication coincides with the biometric information enrolled.

Abstract: Provided are an apparatus and method for controlling program conversion according to program protection information. The method for controlling conversion of a broadcasting program includes: demultiplexing a broadcasting program into broadcasting program data and program protection information; encrypting the broadcasting program data based on distribution condition of the program protection information when recordation of the broadcasting program data is requested; and recording the encrypted broadcasting program data.

Abstract: According to one embodiment, an apparatus may receive a first data token indicating a request for data associated with the resource, a subject token indicating that at least one form of authentication has been completed, and a network token indicating that at least one form of encryption has been performed. The apparatus may determine at least one token-based rule based at least in part upon the first data token, the subject token, and the network token. The apparatus may determine, based at least in part upon the at least one token-based rule, that a second data token representing the data should be generated. The apparatus may generate a message indicating the determination that the second data token should be generated and then transmit the message.

Abstract: An information processing apparatus (100) is provided with a memory unit (130) for storing digital broadcast content for which a number of copies that can be made is set, a writing unit (160, 162) for writing the content on external recording medium, an IC medium reader/writer (150) for reading an IC medium (300) and recording the number of copies that can be made of the content on the IC medium (300) in association with an identifier of the content, and a control unit (170) for determining whether an identifier of the content is recorded on the IC medium (300) when the content is copied to the external recording medium and, when it is determined that the identifier is recorded, controlling the writing unit (160, 162) to write the content on external recording medium (210, 220) as well as controlling the IC medium reader/writer (150) to update the number of copies that can be made of the content.

Abstract: In a network connecting device connectable to a network, a connection approval/disapproval determination section determines approval/disapproval of connection to a network in accordance with a connection approval/disapproval determination rule managed by a connection approval/disapproval determination rule management section. When there is a security problem in a content of the connection approval/disapproval determination rule if a connection is to be formed, the security problem is solved by having a user re-input authentication information in the content of the connection approval/disapproval determination rule.

Abstract: A data processing apparatus includes a volatile memory, a random number generator adapted for generating random numbers from which one or more keys are generated, and a memory encryption unit (MEU). The MEU is configured to receive an N-bit block of data and to divide the N-bit block of data into two more sub-blocks of data, where each sub-block contains fewer than N-bits. The MEU is further configured to encrypt each sub-block of data using the one more keys, to combine the encrypted sub-blocks into an N-bit block of encrypted data, and to write the encrypted N-bit block of data to the volatile memory.

Abstract: A networked computer device can be customized to contain provisioning and/or authorization logic in its firmware or the firmware of one of its subcomponents. The computer device is thus configured to provision itself from a provisioning server that is identified within the firmware, and to periodically query an operations authority for continued authorization to operate with the received provisioning. Upon failure to receive authorization, the firmware may implement various security measures, such as storage protection, boot protection, communications protection, and so forth. The firmware may also implement remote reporting, to assist an investigator when a device has been lost or stolen.

Abstract: An information processing apparatus of the present invention converts user authentication information based on a second one-way function into a second converted value if authentication with a first converted value obtained by converting the user authentication information based on the first one-way function is successful.

Abstract: In an embodiment, a method includes permitting a wireless client to wirelessly access an internal network of a Wi-Fi capable device. The method also includes presenting a reduced set of device functions to the client when the device operates in an open mode, and presenting an increased set of device functions to the client when the device operates in a secure mode.

Abstract: A privacy region-masking device of an automobile black box system includes a masking region configuration module for constructing a masking region on an internal image of a vehicle and a key management module for creating and managing a masking key which is used for masking the masking region on the internal image of the vehicle. The privacy region-masking device further includes a masking execution module for masking the masking region on the image using the masking key, thereby generating a masked image adaptable to protect the privacy of a passenger.

Abstract: The invention described herein provides a method and system for foiling a keylogger by creating a custom keyboard driver and passing the keystrokes directly to the browser in an encrypted format. The browser (which is used to access the Internet) has a component that decrypts the keystroke before it is sent to the website. Thus the present invention enables the user to go to any website and enter sensitive information (passwords, credit card numbers, etc.) without the keystrokes being intercepted by Keyloggers. In general terms, the invention described herein provides a method and system for (1) modifying the keyboard driver, (2) encrypting the keystrokes between the keyboard driver and the browser, and (3) notifying the user if the invention has been compromised.

Abstract: A method of managing content related to a plurality of social networking websites. The method comprises accessing a first account that stores user's authentication information of the plurality of the networking websites and connecting to the plurality of social networking websites. Content associated with a second account is obtained from each of the plurality of social networking websites and service capabilities of each of the plurality of social networking websites are tracked. The obtained content from all the social networking websites is displayed on a single page and service information applicable to content is provided.

Abstract: A system and method for access control key administration in a virtual world that includes identifying an action to be performed on a key provided to a user controlling an avatar in a virtual world. The key provides the avatar access to a virtual space, a service, or an item in the virtual world. The action is applied to the key. The action is applied to the key to modify one or more access parameters on the key. The action applied to the key may be, for example, an update action, a revalidate action, or a remove action.

Abstract: A method for capturing a user's view of an electronic screen having an error message in a health management application without showing private information of the user includes receiving an error message from a web service responding to a request for a web page by the user. The method includes receiving an electronic file of the web page with the error message, redacting private information of the user from the electronic file to create a redacted electronic file, and storing the redacted electronic file in a support log module.

Abstract: The invention relates to a method for identifying compromised nodes in a ZigBee network comprising a general trust center, divided in at least two security domains, each security domain corresponding to a spatial or temporal area, and being associated with a different root keying material, and each node being identified by an identifier, the method comprising: upon detection of a node (U1) entering into a security domain (SD), the general trust center (TC) distributing to the node at least one keying material share corresponding to the entered security domain, and upon detecting corruption of at least two security domains, determining, for each security domain, based on information registered by the base station (BTS), a respective set of nodes having received keying material corresponding to said security domain,—comparing the respective sets of nodes and identifying the common nodes as being compromised.

Abstract: Techniques for providing storage for electronic records are described herein. According to one embodiment, a command is received from a client through an interface of a storage system. An approval is received from an authorization agent associated with the storage system for the received command. In response to the approval received from the authorization agent for the received command, an operation associated with the received command is performed. Other methods and apparatuses are also described.