Abstract: In a method and appliance for authenticating, by an appliance, a client to access a virtual network connection, based on an attribute of a client-side certificate, a client authentication certificate is requested from a client. A value of at least one field in the client authentication certificate received from the client is identified. One of a plurality of types of access is assigned responsive to an application of a policy to the identified value of the at least one field, each of the plurality of access types associated with at least one connection characteristic.

Abstract: A two-way access authentication method comprises: According to the system parameters pre-established by the third entity, the first entity sends the access authentication request packet to the second entity, then the second entity validates whether the signature of first entity is correct, and if yes, the share master key of second entity is calculated; the second entity generates the access authentication response packet and sends it to the first entity, then the first entity validates whether the signature of access authentication response packet and the message integrity check code are correct; if yes, the share master key of first entity is calculated; the first entity sends the access authentication acknowledge packet to the second entity, then the second entity validates the integrity of the access authentication acknowledge packet, if passing the validation, the share master key of first entity is consistent with that of the second entity, and the access authentication is achieved.

Abstract: The subject matter of this specification can be embodied in, among other things, a method that includes receiving at a computing device that is in a locked state, one or more user inputs to unlock the device and to execute at least one command that is different from a command for unlocking the device. The method further includes executing in response to the user inputs to unlock the device an unlocking operation by the device to convert the device from a locked state to an unlocked state. The method further includes executing the at least one command in response to receiving the user inputs to execute the at least one command. The at least one command executes so that results of executing the at least one command are first displayed on the device to a user automatically after the device changes from the locked state to the unlocked state.

Abstract: Systems and methods for managing access to a computer account of a computer system that is not associated with a human user. The system comprises a password repository for storing a password for the computer account. The password is preferably encrypted with at least two secrets. The system also comprises a first data storage device for storing the first secret and a second data storage device for storing the second secret. The system additionally comprises a computer device in communication with the password repository and the first and second data storage devices for managing access to the computer account. The computer device is programmed to, in response to a request to perform an action under the computer account: (i) retrieve the first secret from the first data storage device; (ii) retrieve the second secret from the second data storage device; and (iii) decrypt the password with the first second secrets.

Abstract: A content delivery system includes an upload module, a content delivery module, and a monitoring module. The upload module is configured to receive content from a content provider, detect content containing malicious software or proprietary information, and provide information about the content to a monitoring module. The content delivery module is configured to detect content containing malicious software or unauthorized changes, detect operational changes to the content delivery module, provide information about the content and the operational changes to the monitoring module, receive a request for the content from a client system, and provide the content to the client system. The monitoring module is configured to monitor a network for potentially malicious traffic, receive information from the content delivery module and the upload module, correlate the information and the potentially malicious traffic to identify a security event, and trigger a response to the security event.

Abstract: A method and system for searching and collecting electronically stored information are described. Consistent with an embodiment of the invention, configuration and execution of a search are separated in time and location. For example, a search configuration application executing at a first computer system is utilized to generate a search configuration file, which controls the operation of a search agent when the search agent is executing at a target computer system and performing a search of storage devices act of the target computer system. Encryption is utilized to prevent unauthorized access to the search configuration file as well as the search results file generated by the search agent.

Abstract: Methods, devices, and systems for creating and using a trusted host list for Transport Layer Security (TLS) sessions are provided. The proposed solutions described herein provide a mechanism of specifying authorization policy for TLS sessions where such authorization was traditionally implied by the possession of a certificate issued by a mutually trusted third party. The proposed solutions also provide for wildcard use and regular expression matching to simplify administration of the trusted host list.

Abstract: Methods and apparatuses for providing DRM interoperability are provided. Proxy re-encryption technique using bilinear map is used, and the same content can be used in different devices. According to the method of providing DRM interoperability includes in proxy agent with respect to digital rights management (DRM) service providers and device which supports predetermined DRM, first DRM service provider, second DRM service provider, the proxy agent, and the device identify each other, and proxy re-encrypt an interoperable content (IC) and provide the IC to the device. The IC is second-level encrypted by using a key of the first DRM service provider, and the proxy re-encryption is performed by using a proxy key generated from proxy key information provided from the first DRM service provider and the second DRM service provider. Therefore, a problem in which interoperability cannot be guaranteed since a DRM technique depends on a service provider is resolved.

Abstract: The present application is directed towards systems and methods for aggressively probing a client side connection to determine and counteract a malicious window size attack or similar behavior from a malfunctioning client. The solution described herein detects when a connection may be under malicious attach via improper or unusual window size settings. Responsive to the detection, the solution described herein will setup probes that determine whether or not the client is malicious and does so within an aggressive time period to avoid the tying up of processing cycles, transport layer sockets and buffers, and other resources of the sender.

Abstract: A data conversion algorithm achieving efficient data diffusion is achieved. For example, in a configuration where a various processes are executed on two data segments which are resultants of dividing a rectangular matrix of data containing arranged one-byte data blocks into two parts to perform data conversion, efficient data scrambling with less operation cost is achieved by executing a linear conversion process on one of the data segments, an exclusive OR operation between the two data segments, a shift process on one of the data segments, and a swap process between the two data segments. Moreover, cryptographic processing with a high security level is achieved by including nonlinear conversion or key application operation on the data segments.

Abstract: In general, a digital video player is described that has a form factor that allows the video player to be built into or otherwise attached to another enclosure. The digital video player may be built into or otherwise attached to the other enclosure such as any physical packaging around or accompanying a product, a Point of Sale (POS) structure near the product in a store, or attached to the product itself.

Abstract: A training model for malware detection is developed using common substrings extracted from known malware samples. The probability of each substring occurring within a malware family is determined and a decision tree is constructed using the substrings. An enterprise server receives indications from client machines that a particular file is suspected of being malware. The suspect file is retrieved and the decision tree is walked using the suspect file. A leaf node is reached that identifies a particular common substring, a byte offset within the suspect file at which it is likely that the common substring begins, and a probability distribution that the common substring appears in a number of malware families. A hash value of the common substring is compared (exact or approximate) against the corresponding substring in the suspect file. If positive, a result is returned to the enterprise server indicating the probability that the suspect file is a member of a particular malware family.

Abstract: A system and methods of incrementally updating a recording schedule in response to changes in user requests and changes in availability of requested content. Changes to the recording schedule may be prompted by a user request to record new content, a change in the parameters of an existing request, removal of a request, and the like. Before changing the recording schedule, an algorithm generates new possible recording schedules by combining recording assignments for a given program with the existing recording schedule. In one embodiment, the algorithm reduces the new possible recording schedules to a final recording schedule and applies the final recording schedule to a digital recording device. In another embodiment, the final recording schedule is presented to a user for approval before the schedule is applied to the digital recording device.

Abstract: A present novel and non-trivial decryption system and methods are disclosed for reducing latency associated with the decryption and execution of stored, encrypted instructions. The system comprises a storage device, a processor, a controller, a key generator, a plurality of memory banks, a plurality of bus switches, and a combiner. Upon receiving a processor command, the controller changes the switch positions of a plurality of switches, where a first switch is operatively coupled to a key generator, a second switch to a combiner for performing a combinatory decryption process, and both switches to plurality of memory banks. When a partition is switched, the processor executes data of an instruction immediately upon completion of the combinatory decryption process using at least one character retrieved from one memory bank while the next decryption key is generated and loaded into another memory bank at the same time.

Abstract: A biometric authentication method for a computer system, the computer system comprising: a computer; and an authentication server, the biometric authentication method including steps of: extracting a first feature from the captured biometric information; generating a template polynomial for enrollment; extracting a second feature from the captured biometric information; generating a template polynomial for authentication; generating a correlation function for calculating a correlation between the template polynomial for authentication and the enrolled template polynomial; calculating a correlation value between the template polynomial for authentication and the enrolled template polynomial by using the generated correlation function, and determining based on the calculated correlation value whether or not the biometric information at the time of authentication coincides with the biometric information enrolled.

Abstract: A method for constructing a secure Internet transaction, the method includes: receiving a user identification (userid) and user password on a client device for filling out a form generated by a secure web site; concatenating the user's Internet Protocol (IP) address with a separate password that is maintained on the secure web site that the user is authenticating to; encrypting the concatenated user IP and separate password to form an Internet Protocol password (IPPW); wherein the encrypting is carried out with asymmetric public-key cryptography using a public key; building a transaction consisting of the IPPW and userid; transmitting the transaction and form via a network towards the secure web site; wherein in response the secure website performs the following: decrypts the IPPW, and determines if the IP portion of the decrypted IPPW is equal to the user's IP address.

Abstract: A system and method for controlling a flow of data from a network interface controller (NIC) to a host processor coupled to the NIC. Data such as IP packets are received by the NIC and may be transmitted to the host processor for further processing such as firewall processing. The NIC is in communication with the host processor using, for example, a software driver running on the host processor. The NIC may monitor the processing load on the host processor as it handles packet data received from the NIC. As the processing load increases, the NIC may begin to throttle the quantity of packets being sent to the host processor in order to avoid overloading the host processor. The throttling may be governed by a heuristic throttling function.

Abstract: Disclosed is a buffer-based adaptive media playout method in a receiver side of a network media streaming system. The method includes: calculating a playout interval for playing out a current j-th frame (where j is a natural number) of a received media stream; and playing out the current j-th frame after the calculated playout interval has elapsed from the reception of the current j-th frame. The calculation of the playout interval for playing out the current j-th frame of the received media stream includes: calculating a buffer level of a (j+w)-th frame (where w is a natural number); estimating a playout pause or a playout skip on the basis of the calculated buffer level; and calculating the playout interval for playing out the current j-th frame for the predicted one of the playout pause and the playout skip.

Abstract: This invention relates to a transmission method for conditional access content, in which said content is broadcast in the form of data packets (DP). These data packets contain at least one marker having a known value and a useful part (PL). This method includes the following steps: extraction of said marker (Mc) from the data packet (DP) and replacement of this marker with an encryption key identification information (PAR); encryption of said useful part (PL) by an encryption key (K1) that can be identified by said encryption key identification information (PAR); formation of an encrypted data packet containing at least said encryption key identification information (PAR) and the encrypted useful part (PLK1); transmission of said encrypted data packet to at least one receiver.

Abstract: An electronic control device and method for operating an electric roller shutter include establishing a wireless connection between the electronic control device and an electronic device if a preset login password is input. The electronic control device provides an operation interface to the electronic device, and receives a function instruction from the electronic device if a function key on the operation interface is pressed. The electric roller shutter is operated by the electronic control device according to the received function instruction.