Abstract: An online home improvement document management service includes a host server having a web-based interface adapted to facilitate secure customer access to the host server. The host server is configured to receive home improvement data communicated from the customer through use of a computing device. A processing module is in operative communication with the host server and is configured to process the home improvement data communicated from the customer. A processing software application is trained to classify the processed home improvement data and selectively extract data therefrom based on the classification. The processing software application is configured to selectively present the processed home improvement data for a customer verification via the web-based interface upon at least one of an unsuccessful classification and an unsuccessful extraction of data.

Abstract: A file server receives a request from a client to mount an encrypted file system. The file server informs the client that the requested file system is encrypted and, in turn, receives a session ticket from the client that includes a security protocol mounting selection. The file server decrypts the client's user's encrypted private key, and then decrypts the requested encrypted file system using the private key. In turn, the file server sends the decrypted file system to the client over a secure channel, which is based upon the security protocol mounting selection. In one embodiment, a key distribution center server receives a request from the client for the client's user to access the encrypted file system at the file server. The key distribution center server retrieves an intermediate key; includes the intermediate key in a session ticket; and sends the session ticket to the client.

Abstract: A method and apparatus for processing information. First information is received from a first number of devices at a first number of interfaces configured to receive the first information in a first section of a programmable integrated circuit. The first information is sent to a second section in the programmable integrated circuit. Second information is received at a second number of interfaces in the second section from a second number of devices that generates the second information with a plurality of security levels. The first and second sections are partitioned from each other such that communication between the first and second sections is controlled by the second section. The first and second information are processed to form processed information that is sent to a number of network interfaces in which an identification of a security level within a plurality of security levels is associated with the processed information.

Abstract: A device supports the processing of multiple active applications in a processor through a mapping system that securely identifies and differentiates commands issued by clients. An entity selection signal is generated by the mapping system to signal the processor to process an algorithm and provide services for a specific client using the commands identified for that client and data permitted by a client tracking system for that client. Other data accesses and commands identified for other clients are restricted when processing the algorithm.

Abstract: A file server receives a request from a client to mount an encrypted file system. The file server informs the client that the requested file system is encrypted and, in turn, receives a session ticket from the client that includes a security protocol mounting selection. The file server decrypts the client's user's encrypted private key, and then decrypts the requested encrypted file system using the private key. In turn, the file server sends the decrypted file system to the client over a secure channel, which is based upon the security protocol mounting selection. In one embodiment, a key distribution center server receives a request from the client for the client's user to access the encrypted file system at the file server. The key distribution center server retrieves an intermediate key; includes the intermediate key in a session ticket; and sends the session ticket to the client.

Abstract: A selector daemon can run in the background of a computer. Applications that are capable of processing information cards directly, without requiring the use of a card selector, can request the selector daemon to list information cards that satisfy security policy. Upon receiving such a request, selector daemon can determine the information cards available on the computer that satisfy the security policy, and can identify these information cards to the requesting application. The applications can then use the identified information cards in any manner desired, without having to use a card selector: for example, by requesting a security token based on one of the information cards directly from an identity provider.

Abstract: Apparatus for ciphering, including a non-volatile memory, which stores a number from which a private cryptographic key, having a complementary public cryptographic key, is derivable, wherein the number is shorter than the private cryptographic key, and a processor, which is configured to receive an instruction indicating that the private cryptographic key is to be applied to data and, responsively to the instruction, to compute the private cryptographic key using the stored number and to perform a cryptographic operation on the data using the private cryptographic key. Related apparatus and methods are also described.

Abstract: A print system which are capable of inhibiting simultaneous use of the encrypted print and the box storage to thereby increase the security of print data. A host computer has an encryption function of encrypting print data, and issues a print job for the print data encrypted by the encryption function. A print server receives the issued print job, and has a decryption function of decrypting the encrypted print data of the received print job. A printer has a storage function of storing the print data decrypted by the decryption function, and outputs the stored print data. At least one of the host computer and the print server inhibits simultaneous use of the encryption function and the storage function.

Abstract: A method for key distribution includes steps or acts of: deprecating a first key on a server; receiving a request from a client wherein the client request includes the deprecated key; verifying the client request by using the deprecated key provided in the client request to decrypt the client request; and sending a communication to the client advising that the first key has been updated. An additional step of sending instructions to the client on obtaining the updated key may also be provided. Additionally, instructions on obtaining the updated key may be sent to the client.

Abstract: In a method for improving client's login and sign-on security in accessing services offered by service providers over shared network resources such as Internet and particularly working within the framework of the www, a password is created for the client at a first attempt to access the service provider. The client's password is generated either at an authentication authority in trust relationship with the service provider and transmitted to the client, or the client is allowed to create his or her password on the basis of random character sequences transmitted from the authentication authority. For subsequent access to the service provider the authentication authority presents a client for characters in ordered sequences or in a diagram containing in an appropriate order a single occurrence of each password character.

Abstract: A storage controller includes a command pointer register. The command pointer register points to a chain of commands in memory, and also includes a security status field to indicate a security status of the first command in the command chain. Each command in the command chain may also include a security status field that indicates the security status of the following command in the chain.

Abstract: An encrypted program received in an MPEG transport stream is decrypted by receiving an address in the MPEG transport stream, reading a key from a memory in accordance with the received address, and decrypting the encrypted program based on the key.

Abstract: Detection of user accounts associated with spammer attacks may be performed by constructing a social graph of email users. Biggest connected components (BCC) of the social graph may be used to identify legitimate user accounts, as the majority of the users in the biggest connected components are legitimate users. BCC users may be used to identify more legitimate users. Using degree-based detection techniques and PageRank based detection techniques, the hijacked user accounts and spammer user accounts may be identified. The users' email sending and receiving behaviors may also be examined, and the subgraph structure may be used to detect stealthy attackers. From the social graph analysis, legitimate user accounts, malicious user accounts, and compromised user accounts can be identified.

Abstract: Described in detail herein are systems and methods for managing connections in a data storage system. For example, the systems and methods may be used to manage connections between two or more computing devices for purposes of performing storage operations on the data of one of the computing devices. The data storage system includes at least two computing devices. A first computing device includes an unauthorized connection data structure and a connection manager component. The connection manager component receives a connection request from a second computing device. If the second computing device is not identified on the unauthorized connection data structure, the connection manager component can request that an authentication manager authenticate the second computing device and/or determine whether the second computing device is properly authorized. If so, the connection manager component can allow the second computing device to connect to the first computing device.

Abstract: A device creates a group for accessing a front door program that enables access to a secure resource, assigns, to the group, one or more permissions to perform one or more tasks associated with the secure resource, and adds a user to the group using identification information associated with the user, wherein the user is permitted to perform the one or more tasks based on the addition of the user to the group.

Abstract: A method and system for collecting account access statistics from information provided by client certificates. In one embodiment, the method comprises requesting client certificates from remote terminals that request to access a computing resource. The method further comprises updating the account access statistics based on information provided by presence or absence of the client certificates and contents of the client certificates for the client certificates that are present.

Abstract: An encrypted program received in an MPEG transport stream is decrypted by receiving a message in the MPEG transport stream, wherein the message contains a key, decrypting the encrypted program based on the key, and replacing the message in the MPEG transport stream with a null packet.

Abstract: Security risk for a single IT asset and/or a set of IT assets in a network such as an enterprise or corporate network may be estimated and represented in a visual form by categorizing risk into different discrete levels. The IT assets may include both computing devices and users. The risk categorization uses a security assessment of an IT asset that is generated to indicate the type of security problem encountered, the severity of the problem, and the fidelity of the assessment. The asset value of an IT asset to the enterprise is also assigned. Security risk is then categorized (and a numeric risk value provided) for each IT asset for different problem types by considering the IT asset value along with the severity and fidelity of the security assessment. The security risk for the enterprise is estimated using the numeric risk value and then displayed in visual form.

Abstract: The invention provides a method, system, device and computer program product for setting up a secure session among three or more devices or parties of a communication group, including authenticating a key agreement between the devices or parties of the communication group, wherein the devices of the group start, preferably after a key is computed or agreed, a protocol, preferably a multi-party data integrity protocol, for authenticating the key agreement.

Abstract: A method for storing visual information on a storage medium is disclosed, whereby the method includes receiving a first visual information corresponding to a left eye and a second visual information corresponding to a right eye. The method further includes storing the first visual information in a first stream and the second visual information in a second stream on the storage medium, wherein the first stream and the second stream are each stored at full resolution. An information handling system (IHS) is further disclosed including a storage medium operable to store, at full resolution, a first stream of visual information corresponding to a left eye and a second stream of visual information corresponding to a right eye, wherein the first stream and the second stream are each stored at full resolution. The system may further include a playback device operable to read the storage medium and display the visual information.