Abstract: A key generation method for self-configuration is provided which includes selecting existing nodes as many as a predefined reference number t from nodes which configure a network; transmitting a partial key request message to the selected existing nodes; and generating a node key based on randomized partial keys received in response to the partial key request. Accordingly, when a new node intends to join the network, the existing nodes forming the network can allocate a node key to the new node by themselves. Also, whether the node key of the new node is compromised or not can be verified using the error-checking witness.

Abstract: A comprehensive security architecture for a virtual organization (VO) is disclosed. The comprehensive security architecture uses the same security mechanism or substantially similar security mechanisms to control access to VO infrastructure services as it uses to control access to resource services. Infrastructure services are services used to change the state of the VO and to change membership in the VO. Resource services (e.g. processing a purchase order) are services used in furtherance of achieving the objectives of the VO (e.g. build an aircraft). A security mechanism prevents a service call from accessing the service called until the security mechanism has decided to authorize or deny the service call. A security mechanism may decide to authorize or deny the service call based on details of the service call, a set of role-based access policies, and attributes from the caller's credentials including the caller's role in the VO.

Abstract: An image processing apparatus, a session managing method, and a session managing program allow an operator to change his or her role flexibly. The image processing apparatus comprises a session managing unit for managing information about an operator who is logged in as a session, and a role determination unit for determining a role of the operator. The session managing unit includes a login session unit that is generated upon login of the operator, and a subject unit that generates information indicating the operator, a group to which the operator belongs, and an existing role of the operator. Upon request for a role change from the operator, the login session unit requests initialization of the subject unit. The subject unit then generates information indicating a role after role change based on the role after role change that is confirmed by the role determination unit.

Abstract: A number of devices co-located at a geographic location can broadcast and receive tokens. Tokens can be exchanged using a communication link having limited communication range. Tokens that are received by a device can be stored locally on the device and/or transmitted to a trusted service operating remotely on a network. In some implementations, the tokens can be stored with corresponding timestamps to assist a trusted service in matching or otherwise correlating the tokens with other tokens provided by other devices. The trusted service can perform an analysis on the tokens and timestamps to identify devices that were co-located at the geographic location at or around a contact time which can be defined by the timestamps. A group can be created based on results of the analysis. Users can be identified as members of the group and invited to join the group.

Abstract: Embodiments of the disclosed invention include a system and method for recording television content in the event of a power loss. For example, in one embodiment, an optical network terminal associated with providing video service to the digital video recorder is utilized to backup and store a scheduled television program that occurs during the duration of a power outage affecting the digital video recorder.

Abstract: Provided is a method and apparatus for managing authentication information in a home network, the method includes the operation of receiving Product Identification Number (PIN) information that is externally input and is an identifier allocated to a control device or a controlled device at the time of manufacture; and transmitting authentication information to the control device or the controlled device via a Secure Authenticated Channel (SAC) generated by using a Transport Layer Security Pre-Shared Key ciphersuites (TLS-PSK) protocol implemented by using the PIN information, wherein the authentication information is necessary for a user to control the controlled device via the control device.

Abstract: In a transmitter, data is encrypted by use of a data key, the data key is encrypted based on a first modification key, and the first modification key is encrypted based on a second modification key such that the first and second modification keys are different keys. The encrypted data, the encrypted data key, and the encrypted first modification key are transmitted to a receiver. In the receiver, the encrypted first modification key, the encrypted data key, and the encrypted data are received from the transmitter. The encrypted first modification key is decrypted based on the second modification key, the encrypted data key is decrypted based on the decrypted first modification key, and the encrypted data is decrypted by use of the decrypted data key.

Abstract: Annotation by search is described. In one aspect, a data store is searched for images that are semantically related to a baseline annotation of a given image and visually similar to the given image. The given image is then annotated with common concepts of annotations associated with at least a subset of the semantically and visually related images.

Abstract: Techniques are described for blocking unidentified encrypted communication sessions. In one embodiment, a device includes an interface to receive a packet, an application identification module to attempt to identify an application associated with the packet, an encryption detection module to determine whether the packet is encrypted when the application identification module is unable to identify an application associated with the packet, and an attack detection module to determine whether the packet is associated with a network attack, to forward the packet when the packet is not associated with a network attack, and to take a response when the packet is associated with a network attack, wherein the encryption detection module sends a message to the attack detection module that indicates whether the packet is encrypted, wherein when the message indicates that packet is encrypted, the attack detection module determines that the packet is associated with a network attack.

Abstract: An image processing system capable of enhancing the reliability of secret leakage prevention, which includes an image processing apparatus, an access control apparatus that issues authority information on each user, and a job history management apparatus that manages job histories. Authority information on a user logging in the image processing apparatus is acquired. With reference to the authority information, whether or not a job for which an execution instruction is given by the user is executable is determined. If executable, the job is executed. If the job is not executable, whether or not the job is executable on condition that a job history is transmitted to the job history management apparatus is further determined. If conditionally executable, the job is executed, and a history of the executed job is acquired and transmitted to the job history management apparatus.

Abstract: Disclosed herein is a receiving apparatus for sending received contents to a recording apparatus and for getting the recording apparatus to record the contents in accordance with preset recording reservations, the receiving apparatus including: a recording ready time information acquisition section configured to acquire from the recording apparatus information about a recording ready time; a continuous recording determination section configured to determine whether two chronologically successive broadcast contents are reserved for recording based on the preset recording reservations; and an end time setting section configured such that if the two chronologically successive broadcast contents are found reserved for recording, then the end time setting section sets the time at which to end processing for recording the earlier of the two contents based on a broadcast start time of the latter of the two contents and on the acquired information about the recording ready time.

Abstract: The video and audio reproduction apparatus according to the present invention is a video and audio reproduction apparatus that decodes a video and audio stream and reproduces the decoded video and audio stream and that includes a reconstructing unit which reconstructs a packet in an inputted video and audio stream; a decoding unit which decodes the video and audio stream having the reconstructed packet, the video and audio stream being received from the reconstructing unit; and an output unit which outputs the decoded video and audio stream, wherein, when the packet to be reconstructed contains a plurality of payloads in the inputted video and audio stream, the reconstructing unit reconstructs the packet in the video and audio stream so that each packet contains one payload.

Abstract: Method and system for protecting content in a programmable system is provided. The system is connectable to an external device through one or more access ports. Content protection method/manager is implemented by assigning one or more access modes to the access port and switching the access modes. In response to a current access mode, the content protection method/manager restricts visibility of the system to the external device via the access port.

Abstract: A system and method for sending encrypted messages to a distribution list that facilitates the sending of such messages only to individuals or other entities associated with the distribution list that will be able to read the message.

Abstract: A method for secure cryptographic communication comprises transmitting information that identifies a group key from a first device to a second device. The method further comprises, in the first device, using the group key to encrypt an input vector, transmitting the encrypted input vector, encrypting privacy-sensitive information using a device key, an encryption algorithm, and the input vector, and transmitting the encrypted privacy-sensitive information to the second device.

Abstract: A method may include authenticating a node over layer 2 in a network based on authentication rules; sending a node authentication code to the node; and providing layer 3 network access based on the node authentication code.

Abstract: A storage device has a storage medium, a set of credentials stored on the storage medium, and a controller. The controller within the storage device is coupled to the storage medium, and adapted to identify security status of the storage device. The controller is adapted to alter one or more credentials of the set of credentials responsive to the security status.

Abstract: The present invention relates to a method and a system of securely computing a measure of similarity for at least two sets of data. A basic idea of the present invention is to securely compare two sets of encrypted data to determine whether the two sets of data resemble each other to a sufficient extent. If the measure of similarity complies with predetermined criteria, the two sets of data from which the encrypted sets of data originate are considered to be identical.

Abstract: A method for protecting the integrity of a set of memory pages to be accessed by an operating system of a data processing system, includes running the operating system in a virtual machine (VM) of the data processing system; verifying the integrity of the set of memory pages on loading of pages in the set to a memory of the data processing system for access by the operating system; in response to verification of the integrity, designating the set of memory pages as trusted pages and, in a page table to be used by the operating system during the access, marking non-trusted pages as paged; and in response to a subsequent page fault interrupt for a non-trusted page, remapping the set of pages to a region of the data processing system memory which is inaccessible to the virtual machine.

Abstract: A data transmission interface apparatus is provided for communicating with another data transmission interface apparatus through a digital transmission means specified for multimedia data transmission. The data transmission interface apparatus has at least a processor for processing multimedia data; and a data converting circuit, coupled to the processor, for converting a plurality of first multimedia data sets into a plurality of second multimedia data sets; and for converting a plurality of first auxiliary data sets into a plurality of second auxiliary data sets.