Abstract: Technologies are generally described for automatically reconnecting a security principal to cloud services through correlation of security principal identifier attributes. A new security principal for a user may be detected and automatically reconnected to the user's cloud based services. An administrator for the security domains may specify a value of a unique security principal metadata attribute for the original security principal in a customizable security principal metadata attribute in the new security principal in the same or new security domain. A secondary verification metadata attribute may optionally be specified to ensure the correct security principal is reconnected to the user's cloud based resources. The correlation between the original security principal for the user and the new security principal may be used to reconnect the user's cloud resources.

Abstract: Computer-implemented systems and methods for identifying illegitimate messaging activity on a system using a network of sensors.

Abstract: A method of one-way access authentication is disclosed. The method includes the following steps. According to system parameters set up by a third entity, a second entity sends an authentication request and key distribution grouping message to a first entity. The first entity verifies the validity of the message sent from the second entity, and if it is valid, the first entity generates authentication and key response grouping message and sends it to the second entity, which verifies the validity of the message sent from the first entity, and if it is valid, the second entity generates the authentication and key confirmation grouping message and sends the message to the first entity. The first entity verifies the validity of the authentication and key conformation grouping message, and if it is valid, the authentication succeeds and the key is regarded as the master key of agreement.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for providing contextual data aided security protection. In one aspect, a method includes automatically parsing an electronic message associated with a user that includes location information, and extracting the location information from the electronic message. The location information can be added to a database (e.g., white list) associated with the user. The location information in the database can be used to authenticate the user's request for access to electronic mail.

Abstract: The present invention provides a method, system, and program product for preventing unauthorized changes to an electronic document (or a portion thereof). Specifically, under the present invention, an electronic document having a user interface control (UIC) is obtained. It is then determined whether a portion of the electronic document for which the user interaction is being attempted is protected by examining at least one of: a signature status of data associated with the UIC, or an archival status of the UIC. Based on this determination, the user interaction will be denied if it affects at least one of: the data, or a presentation property that affects an interpretation of the data is prevented. A notice indicating the denial of the user interaction can then be communicated to a user/party attempting the user interaction.

Abstract: Access-control and information-flow integrity policies are enforced in a computing system by detecting security-sensitive sinks in software code for an application running on the computing system and retrieving an access-control policy from a database accessible to the computing system. The access-control policy maps a set of access permissions within the computing system to each one of a plurality of principals. For each detected security-sensitive sink, all principals that influence that security-sensitive sink are detected and an overall access permission is assigned to each security-sensitive sink by taking the intersection of the access permission sets for all influencing principals of that security-sensitive sink. If this permission set is inadequate, an integrity violation is reported. In addition, permission labels are assigned to each value of variables used in the security-sensitive sinks. Each permission label is a set of permissions.

Abstract: Provided is an apparatus and method for updating an Authorization Key (AK) of a mobile station in an idle mode in a wireless communication system. The method includes transmitting a first location update request to a base station, receiving a response to the request from the base station, the response to the first location update request including a NONCE_BS, wherein the NONCE_BS is a random number associated with the base station and used for updating the AK, generating a NONCE_MS, wherein the NONCE_MS is a random number used for updating the AK, generating the AK using the NONCE_BS and the NONCE_MS, transmitting a second location update request to the base station, receiving a response to the second location update request from the base station, the response to the second location update request including the NONCE_BS and the NONCE_MS, and confirming the AK based on the NONCE_BS and the NONCE_MS.

Abstract: The invention described herein provides a method and system for foiling a keylogger by creating a custom keyboard driver and passing the keystrokes directly to the browser in an encrypted format. The browser (which is used to access the Internet) has a component that decrypts the keystroke before it is sent to the website. Thus the present invention enables the user to go to any website and enter sensitive information (passwords, credit card numbers, etc.) without the keystrokes being intercepted by Keyloggers. In general terms, the invention described herein provides a method and system for (1) modifying the keyboard driver, (2) encrypting the keystrokes between the keyboard driver and the browser, and (3) notifying the user if the invention has been compromised.

Abstract: One embodiment, among others, includes a method for editing video. The method comprises receiving a plurality of media files and receiving specified special effects corresponding to each of the plurality of media files. Based on the received plurality of media files and the specified special effects for each of the plurality of media files, a single output is generated whereby the special effects are incorporated and where the plurality of media files are unmodified.

Abstract: Generation of user and avatar specific content in a virtual world may include generating a local attribute object. The local attribute object may comprise attributes identifying at least one of the user's real world location and the user's avatar's virtual world location. Access to the local attribute object by virtual world operators may be controlled by the user and/or user's avatar. Specific content, based on the local attribute object, is presented to the user's avatar.

Abstract: A method of identity authentication and fraudulent phone call verification uses an identification code of a communication device and a dynamic password. The “dynamic password” is directly sent to an Internet user via a dynamic web-page of a specific website instead of by means of a traditional telephone short message. Thus, the “dynamic password” cannot be copied from the spyware infected communication device of the Internet user. Furthermore, even if the “dynamic password” is intercepted or otherwise discovered by a hacker or intruder, authentication is still secure because the dynamic password must be sent back to the specific website via a short message or the like from the same communication device having the corresponding identification code that was initially input by the Internet user in order to generate the dynamic password.

Abstract: A system and method for enabling access to a computer server operating within a private network, in which the computer server is isolated by access restrictions that prevent incoming connections from a public network. In one embodiment, the method includes identifying a remote client operating in a public network outside the private network, initiating a secure communication channel with the remote client, and instructing the remote client to initiate a Point-to-Point Protocol (PPP) session with the computer server via the secure communication channel.

Abstract: Methods and apparatus for providing a single-sign-on service are disclosed. An example method includes receiving, at a computing device, a username and a password. The example method further includes providing the username and the password to a cloud-based credential server. The example method also includes receiving, from the cloud-based credential server, authentication information corresponding with the username and the password. The example method still further includes granting or denying access to the computing device and one or more cloud-based services based on the authentication information.

Abstract: A system, method, and computer program product are provided for mounting an image of a computer system in a pre-boot environment for validating the computer system. In use, an image of a computer system is mounted in a pre-boot environment of the computer system, where the image includes a file system structure and initialization data of the computer system. Furthermore, at least one task is performed on the mounted image for validating the computer system.

Abstract: A method for securely sharing electronic documents on a document storage system. The method includes receiving an electronic document from a creating user, generating an encryption key unique to the electronic document, encrypting the electronic document using the encryption key to create an encrypted electronic document, and communicating the encrypted electronic document to a document repository for storage/ The method also includes identifying a resource locator for uniquely identifying the storage location of the encrypted electronic document and communicating the encryption key and the resource locator to the creating user. The method also includes receiving the encryption key and the resource locator from a requesting user, retrieving the encrypted electronic document from the document repository using the resource locator, decrypting the encrypted electronic document using the encryption key, and communicating the decrypted electronic document to the requesting user.

Abstract: A device for maintaining an address translation table, placed in series between a user terminal and a third-party entity of a telecommunications network, is disclosed. The device is adapted to verify the existence in the address translation table of an entry specific to the exchange of application signaling messages using said protocol between the terminal and the third-party entity and, if there is no entry specific to the exchange of application signaling messages using said protocol between the terminal and the third-party entity, to create a specific entry in the address translation table associating with a private address and a private port of the terminal in a private network connecting it to said device a public address and a public port of the terminal in the telecommunications network and an indication of the validity of the entry, this validity indication taking into account the first reception time.

Abstract: In a method for managing use information of a measurement device, an operating interface of the device is locked before the device is operated. When a user starts to use the device, the method provides a login interface to verify whether the user is authorized to login the operating interface. If the user is authorized to login the operating interface, the operating interface is unlocked and the method records first information of starting to operate the device. After finishing the operation or when an elapsed time of the device not in use is greater than a predetermined time, the method controls the user to log out the operating interface, records second information of finishing the operation, and the operating interface is locked. The first information and the second information are saved in a text file.

Abstract: A method and an apparatus for editing Digital Rights Management (DRM) content in a portable terminal are provided. The method includes if an event for editing a DRM file occurs, allowing a user to set use purposes of the DRM content of the DRM file; and specifying the use purposes of the DRM content in an editable box of the DRM file. Thus, use purposes of DRM content of a multi-DRM file can be specified using an editable box of the multi-DRM file.

Abstract: According to one embodiment, an electronic apparatus comprises a communication module and a connection control module. The communication module is configured to execute close proximity wireless transfer. The connection control module is configured to start an operation of establishing a connection between the communication module and an external device which is in close proximity to the communication module if an identifier of the external device wirelessly transmitted from the external device is included in a connection permission list. The connection control module is configured to display a password entry screen if the identifier is not included in the connection permission list, and to add, if a password entered on the password entry screen matches with a registered password, the identifier to the connection permission list and start the operation of establishing the connection between the communication module and the external device.

Abstract: A method is presented for distributing cryptographic keys in a hierarchized network including at least one device in charge of a higher group of devices, wherein at least one of the devices of the higher group of devices is also in charge of a lower group of devices. The method includes the steps of: a) storing a set of identifiers particular to the higher group, an identifier particular to the device in charge, an identifier per device in charge of a lower group, each identifier being unique; storing a root cryptographic key; c) providing a root cryptographic key to each device in charge of a lower group using a first non-reversible cryptographic function; d) providing at least one transport cryptographic key to each member of said higher group of devices using a second non-reversible cryptographic function.