Abstract: Described is a technology by which a transient storage device or secure execution environment-based (e.g., including an embedded processor) device validates a host computer system. The device compares hashes of host system data against valid hashes maintained in protected storage of the device. The host data may be a file, data block, and/or memory contents. The device takes action when the host system data does not match the information in protected storage, such as to log information about the mismatch and/or provide an indication of validation failure, e.g., via an LED and/or display screen output. Further, the comparison may be part of a boot process validation, and the action may prevent the boot process from continuing, or replace an invalid file. Alternatively, the validation may take place at anytime.

Abstract: Aspects of the subject matter described herein relate to identity technology. In aspects, even though a cloud operator may control one or all of the entities with which a user device interacts, the employees and computers controlled by the cloud operator may still have insufficient data to determine a natural identity of the user based on interactions of the user device with the cloud operator's computers. Privacy boundaries on the user device control transmission of natural identity information to other entities such that, without user consent, computers outside of the user device have insufficient data singly or combined to determine a natural identity of the user.

Abstract: Receiving a video stream in a transport stream comprising a plurality of compressed pictures, wherein information in the video stream includes plural data fields comprising: a first data field corresponding to a location in the video stream of a potential splice point, wherein the first data field identifies a location in the video stream after the location of the received information; a second data field corresponding to decompressed pictures yet to be output (DPYTBO) by a video decoder at the identified potential splice point (IPSP) when the video decoder decompresses the video stream, wherein the second data field is a number corresponding to the DPYTBO by the video decoder at the IPSP; and a third data field corresponding to pictures with contiguous output times (WCOT), wherein the third field corresponds to a set of pictures WCOT of the DPYTBO by the video decoder at the IPSP.

Abstract: A computer is configured to receive an authentication request that identifies one or more authentication form factors, and for each form factor identified, further identifies at least one parameter. The computer is further configured to generate a risk score for the authentication request using the parameter, the risk score being based at least in part on a complexity associated with each of the one or more authentication form factors. The computer is further configured to provide the risk score to a requester.

Abstract: A system and method for the secure storage of executable code and the secure movement of such code from memory to a processor. The method includes the storage of an encrypted version of the code. The code is then decrypted and decompressed as necessary, before re-encryption in storage. The re-encrypted executable code is then written to external memory. As a cache line of executable code is required, a fetch is performed but intercepted. In the interception, the cache line is decrypted. The plain text cache line is then stored in an instruction cache associated with a processor.

Abstract: A system and apparatus for data delivery facilitates secure and controlled delivery of digital information, particularly in the context of an event, but also in the context of commercial and educational forums and the like. Preferably an administrator is positioned between parties wishing to share digital information and parties wishing to obtain such information. The administrator ensures that the digital information falls within certain security and formatting criteria so that parties may obtain the information without fear of damage to or abuse of their computing devices.

Abstract: In order to further develop a method for summarizing at least one data stream (12) as well as a corresponding data summarization system (100) comprising at least one receiving means (10) for receiving at least one data stream (12) in such way that at least one summary is available immediately after receiving of the data stream (12), in particular immediately after content acquisition and/or recording and/or encoding and/or decoding of the data stream without any post-processing operation, it is proposed to provide—at least one selecting means (30) for selecting part (32, 32?) of the data stream portions and at least one processing means (70) for generating at least one summary by summarizing at least part of the selected data stream portions (32?) in particular until at least one predetermined summary volume is obtained, wherein the summary is generated during the receiving of the data stream (12).

Abstract: The present invention is directed to perform high-reliable authentication using a one-way function that a communication is a communication which was performed with the same apparatus to be authenticated by storing a password only in an apparatus to be authenticated (it is unnecessary to store a password in both of an authentication apparatus and an apparatus to be authenticated) without transmitting a challenge code. When a setting is updated in a setting management server, authentication is performed by using a one-time password obtained last time. A sound communication terminal performs a process using a hash function once on a one-time password transmitted this time, and performs authentication by determining whether the processed one-time password matches a one-time password obtained last time or not. Whether the information at the time of the change in the setting is proper or not is determined by a sound terminal.

Abstract: A method for classifying a signal is disclosed. The method can be used by a station or stations within a network to classify the signal as non-cooperative (NC) or a target signal. The method performs classification over channels within a frequency spectrum. The percentage of power above a first threshold is computed for a channel. Based on the percentage, a signal is classified as a narrowband signal. If the percentage indicates the absence of a narrowband signal, then a lower second threshold is applied to confirm the absence according to the percentage of power above the second threshold. The signal is classified as a narrowband signal or pre-classified as a wideband signal based on the percentage. Pre-classified wideband signals are classified as a wideband NC signal or target signal using spectrum masks.

Abstract: A system and method for processing video data is disclosed. In one embodiment, the method includes receiving a first video frame and a second video frame, where the video frames comprise a plurality of blocks of pixels. The method further includes obtaining motion vector information identifying positions of a plurality of matching blocks between the first frame and the second frame, and calculating a measure related to an angle between a first motion vector for a first block in the first frame and a second motion vector for a second block in the first frame, where the second block is located at a frame position in the first frame within a neighborhood of the frame position in the second frame identified by the first motion vector.

Abstract: A computer forensic accelerator engine designed to speed up the forensic analysis process is disclosed. It is a device for use with an analysis device to analyze data on a suspect computer device, and includes a first interface for connecting to the suspect computer device, a second interface for connecting to the analysis device, and a processing unit programmed to read data from the suspect device via the first interface, perform analysis on the data, transmit the data to the analysis device via the second interface, and transmit results of the analysis to the analysis device via the second interface. A drive write protect module may be integrated in the computer forensic accelerator engine. The computer forensic accelerator engine allows data read from the suspect drive to be analyzed while acquiring the data. Also disclosed is a computer forensic analysis system and method using the computer forensic accelerator engine.

Abstract: Methods and apparatus, including computer program products, related to relationship-based authorization. In general, data characterizing a request for authorization to a computer-based resource is received, and the authorization may be provided based on one or more relationships of a requesting principal. A determination may be made as to whether a requesting principal is authorized, which may include determining whether the requesting user has a relationship with a principal that has management rights of the computer-based resource and determining whether the relationship allows for an access, such as a use of the computer-based resource, if the requesting principal has a relationship with the other principal. If there is no such relationship, a determination may be made as to whether an organization of the requesting principal has a relationship with the other principal that allows for the access.

Abstract: In a method for scaling up/down security (non-functional) components of an application, determine (a) types of interactions and a number of each type of interaction each non-security (functional) component has with security components for a plurality of requests. Determine, based on (a) and an expected number of incoming requests to the application, (b) types of requests to and interactions with the security components involving the non-security components and (c) a number of requests to and interactions with the security components involving non-security components for each type of request to the security components involving non-security components. Determine, for each security component, a capacity required for each type of request involving the non-security components and a capacity required for each type of interaction involving the non-security components. Change the capacities of the security components to new capacities, wherein the new capacities are based on (a), (c) and the determined capacities.

Abstract: The invention provides encoded moving image data having good image quality even in a scene having a high difficulty level. A unit counts a number of pictures to determine a break between scenes. A unit encodes block by block in an inputted picture. A unit calculates a block distortion between a decoded picture and a picture before being encoded. A unit calculates a surplus encoded data amount with respect to an encoded data amount equally allocated to each scene from the encoded data amount of each picture and a preset sequence target bit rate. A target encoded data amount is calculated based on an average block distortion of a scene and the surplus encoded data amount. The encoded data amount of the first picture of a scene is compared with a threshold, and the initial parameter is corrected to determine the parameter for encoding the second and subsequent pictures.

Abstract: A secure data processing method includes the following steps: padding (E206) a memory area (MAC?) with a pad value (A); writing (E208) a first datum in the memory area (MAC?); in the area, reading (E210) a second datum with at least one part of the first datum as it was written in the memory area (MAC?); and executing an operation (E210) using the second datum.

Abstract: A method of booting an electronic device includes verifying communicable connection of a sender input/output terminal of the electronic device to a receiver input/output terminal of the electronic device, using a first boot loader executing on a computing processor of the electronic device. The method further includes reading a signature of a unique identifier of the electronic device from a removable storage device received by the electronic device, verifying the signature of the unique identifier of the electronic device, and allowing installation of a second boot loader on the electronic device when the signature is valid.

Abstract: A private browsing function of a web browser application program may be triggered for a browser by a browser or by a URL provider. Upon receipt of the URI by a web browser, the URI is inspected for the presence of a private browsing indicator. When the URI is found to contain a private browsing indicator, operation of the private browsing function for the web browser application program is triggered.

Abstract: A robust computational secret sharing scheme that provides for the efficient distribution and subsequent recovery of a private data is disclosed. A cryptographic key may be randomly generated and then shared using a secret sharing algorithm to generate a collection of key shares. The private data may be encrypted using the key, resulting in a ciphertext. The ciphertext may then be broken into ciphertext fragments using an Information Dispersal Algorithm. Each key share and a corresponding ciphertext fragment are provided as input to a committal method of a probabilistic commitment scheme, resulting in a committal value and a decommittal value. The share for the robust computational secret sharing scheme may be obtained by combining the key share, the ciphertext fragment, the decommittal value, and the vector of committal values.

Abstract: A system and a related method are disclosed for authenticating an electronic transaction. Input behavioral data is captured related to measured interactions with at least one input device. The input data is compared to probability distribution representations for a demographic group and for a wide population, performing the measured interaction(s). The system is configured to authenticate the electronic transaction based on the comparing.

Abstract: One or more online configuration settings are received prior to deployment and execution of a software appliance. Once the configuration settings have been received, the online configuration settings can be utilized to configure a software appliance image prior to executing the image at a host computer. Once the application of the configuration settings to the image has been completed, the image may executed at a host computer.