Abstract: Systems and techniques for selecting and delivering entertainment content. User preference information for entertainment content to accompany user activities is collected and associated with a user. Upon indication by a user of a desire to receive content and designation of an activity to be accompanied by the content, content items are selected and assembled into a package so that the content items may be played in sequence using a user device. The content items comprising the package are delivered to the user device.

Abstract: A method and system for use in managing secure communications with software environments is disclosed. In at least one embodiment, the method and system comprises maintaining, in a Java operating environment, a regulatory compliant communications facility that is accessible to a Flex operating environment. The Flex and Java operating environments are caused to use the regulatory compliant communications facility for network communications with a data storage system.

Abstract: A method and system for preserving privacy related to networked media consumption activity. Source privacy zones are defined and associated with privacy standards. Privacy standards include frequency criteria governing the storage of datasets including information associated with networked media consumption activity collected from the source privacy zone. Transaction requests including a networking protocol address are received over a network from a client device. The source privacy zone associated with the client device is identified. Using the networking protocol address to access characteristics having characteristic value(s), a dataset can be created including associating the networked media consumption activity with the characteristic and characteristic value(s). The dataset is pre-processed to comply with the privacy standards. The networking protocol address is discarded.

Abstract: A system may receive an enhanced media stream that includes media content and interactive content relating to the media content, present the media content for display on a video display device, detect initiation of a trick mode during presentation of the media content, and present information, relating to the interactive content, superimposed on the media content presented for display on the video display device during the trick mode.

Abstract: A method and system for remote viewing of multimedia content using a multimedia content distribution network (MCDN) is configured to duplicate multimedia content displayed on a first MCDN terminal device and route the duplicate multimedia content to a second MCDN terminal device. The MCDN terminal devices may be coupled to a local network at an MCDN client premises. The MCDN terminal devices may also include wireless telephony devices for mobile remote viewing functionality. The method may include transcoding of the multimedia content into a format suitable for the second MCDN terminal device.

Abstract: Self-authorizing tokens are disclosed. Typical embodiments employ a secure element and a secure element interrogator. Such tokens may be used for authorization of financial payments and other secure transactions. In some embodiments the secure element is provisioned with information about a particular payment card holder account. A secure element reader interrogates the smart element and derives information needed to authorize a transaction. In some embodiments the secure element and the secure element interrogator communicate using communications formatted according to ISO 7816-4.

Abstract: A method for protecting an electronic device against malware includes consulting one or more security rules to determine a processor resource to protect, in a module below the level of all operating systems of the electronic device, intercepting an attempted access of the processor resource, accessing a processor resource control structure to determine a criteria by which the attempted access will be trapped, trapping the attempted access if the criteria is met, and consulting the one or more security rules to determine whether the attempted access is indicative of malware. The attempted access originates from the operational level of one of one or more operating systems of the electronic device.

Abstract: A method and apparatus for protecting an application layer in a computer network system. The method includes creating a session between a client and a data provider in response to a session connection request from the client, and determining the client as an application layer attacking client when the client generates a session termination request before the data provider transmits to the client a response packet to a data request from the client under the created session.

Abstract: In accordance with embodiments of the present disclosure, systems and methods for facilitating network transactions include user authentication over a network by providing strong mutual authentication of client web application to server side application server, providing session encryption key negotiation after authentication to continue encryption during communication, and providing a high-level encryption technique referred to as an effective zero knowledge proof of identity (eZKPI) algorithm. In various implementations, the eZKPI algorithm is adapted to couple something the user Knows (e.g., a password or personal identification number) with something the user Has (e.g., a secure identification card) to create a stronger identity authentication proof for access to a mobile device and applications running on the mobile device.

Abstract: An information processing system and a method for use therewith, an information processing apparatus and a method for use therewith, and a program which are capable of decrypting desired portions of encrypted data are provided. Of packets 211 through 216 constituting a bit stream of layered-encoded image data 201 according to JPEG 2000, the packets 211 through 213 are each encrypted independently of the packets 214 through 216 which are also encrypted each. This produces encrypted split data 262 with the resolution at level zero (corresponding to R0) and encrypted split data 263 with the resolution at level one (corresponding to R1). The header (ranging from SOC to SOD) of layered-encoded image data 201 is appropriated for a header 261, followed by encrypted split data 262 and 263 and an EOC 264, in that order, the whole data array constituting data 251 that is output as the definitive encrypted data. This invention is particularly applicable to image delivery apparatus.

Abstract: Efficient secure password protocols are constructed that remain secure against offline dictionary attacks even when a large, but bounded, part of the storage of a server responsible for password verification is retrieved by an adversary through a remote or local connection. A registration algorithm and a verification algorithm accomplish the goal of defeating a dictionary attack. A password protocol where a server, on input of a login and a password, carefully selects several locations from the password files, properly combines their content according to some special function, and stores the result of this function as a tag that can be associated with this password and used in a verification phase to verify access by users.

Abstract: A system and a method are disclosed for managing applications on a mobile computing device. A command message is received at the mobile computing device specifying a command and a target application. The command message may have been sent by a application provider server. The command may be a removal command, an enable command, or a disable command. A removal or disable command may be used to remove or disable a problematic target application. The specified command is performed on the target application.

Abstract: A protocol for anonymous access to a database where the different records have different access control permissions is described. The permissions can be attributes, roles or rights that an authorized user needs to have to access the record. The database provider does not learn which record the user accesses and which attributes or roles the user has when she accesses the database. The database provider publishes the encrypted database where each record is encrypted with a key that is derived from at least the index of the record, its access control attributes and a secret key of the database provider. The user obtains a credential from an issuer for each access control attribute (ACL) that is associated with the user. Then the user retrieves the key for a particular record from the database provider and uses this key to decrypt the encrypted record.

Abstract: Detection and deterrence of device tampering and subversion may be achieved by including a cryptographic fingerprint unit within a hardware device for authenticating a binding of the hardware device and a physical structure. The cryptographic fingerprint unit includes an internal physically unclonable function (“PUF”) circuit disposed in or on the hardware device, which generate an internal PUF value. Binding logic is coupled to receive the internal PUF value, as well as an external PUF value associated with the physical structure, and generates a binding PUF value, which represents the binding of the hardware device and the physical structure. The cryptographic fingerprint unit also includes a cryptographic unit that uses the binding PUF value to allow a challenger to authenticate the binding.

Abstract: Methods and systems for a transport single key change point for all package identifier channels are disclosed and may include descrambling a received transport stream comprising multiple package identifier (PID) channels with multiple key change points, and synchronizing at least a portion of the multiple key change points to occur at a common time. The transport stream may be conditional access or copy protect scrambled. The timing of the key change points may be synchronized by modifying one or more scrambling control bits for the descrambled received transport stream. At least one PID channel in said descrambled received transport stream may be re-scrambled utilizing one or more of the scrambling control bits, and a portion of the PID channels may bypass the re-scrambling. The re-scrambling may include one or more of CP re-scrambling and CA re-scrambling. Each PID channel may be de-scrambled and/or re-scrambled utilizing a separate key.

Abstract: Disclosed is a key management system including plural terminal devices and a server. Each of the terminal devices includes: authentication means for authenticating a user and acquiring user information; delivery key registration means for registering a delivery key linked to the user information based on corresponding information, transmitted from the server, between the user information and the delivery key; encryption key receiving means for receiving an encryption key using the delivery key. The server includes terminal information storage means for storing the terminal identification information, user information on the user utilizing the terminal device and the delivery key, wherein the terminal identification information, the user information and the delivery key are linked to each other; and encryption key delivering means for transmitting the encryption key using the delivery key linked to the user information on the user performing secret communication.

Abstract: The present disclosure is directed to a system and method for managing communications with robots. In some implementations, a computer network, where operators interface with the network to control movement of robots on a wireless computer network includes a network arena controller and a plurality of robot controllers. The network arena controller is configured to provide firewall policies to substantially secure communication between robot controllers and the associated robots. Each controller is included in a different robot and configured to wirelessly communicate with the network arena controller. Each robot controller executes firewall policies to substantially secure wireless communication.

Abstract: A system, method, and computer-readable medium that facilitate key rotation without disrupting database access are provided. Generation identifiers that specify a particular encryption key are stored in association with cipher text of encrypted columns in database tables. When data is to be read from an encrypted column, the cipher text is read along with the associated generation identifier. An encryption key corresponding to the generation identifier is then read to decrypt the cipher text. When data is to be written to the encrypted column, a most recent encryption key is retrieved from the key repository to encrypt the data. The cipher text is then written to the encrypted column in association with the generation identifier of the key used to encrypt the data. Advantageously, the key rotation may be performed without requiring that the table or database to be taken offline or otherwise unavailable during key rotation.

Abstract: A wireless LAN relay device connecting an outer device to a network includes a communication section for controlling wired communication and wireless communication performed between the wireless LAN relay device and the outer device using a packet. The communication section performs, in an initial state, wireless communication without encrypting the packet, and encrypts, upon reception of a setting instruction from the outer device, the packet by using a predetermined encryption key and a predetermined encryption method which are preliminarily defined in the wireless LAN relay device.

Abstract: An approach is provided that receives a user identifier from a user of the information handling system. The user identifier can include a username as well as a user authentication code, such as a password. Hardware settings that correspond to the user identifier are retrieved from a nonvolatile memory. Hardware devices, such as ports (e.g., USB controller), network interfaces, storage devices, and boot sequences, are configured using the retrieved hardware settings. After the hardware devices have been configured to correspond to the identified user, an operating system is booted.