Abstract: A method for accessing content at a device, wherein the device is arranged to execute a digital rights management (DRM) client of a DRM system and wherein the device is arranged to receive a broadcast signal comprising a plurality of encrypted portions of content for an item of content, each encrypted portion being packaged in a format of a conditional access system and being decryptable using a corresponding decryption key, wherein the method comprises an application executing on the device performing the steps of: for each of one or more of the encrypted portions: converting said encrypted portion from being packaged in the format of the conditional access system to being packaged in a format of the DRM system; providing said encrypted portion is packaged in the format of the DRM system to the DRM client; and either (a) providing a rights object according to the DRM system to the DRM client or (b) triggering the DRM client to obtain a rights object according to the DRM system; wherein the rights object corr

Abstract: A device and a method for processing an image by a multimedia device that supports encryption and decryption are provided. The device includes a thumbnail image of an original image is obtained and the original image is encrypted using a first encryption scheme. An encrypted image frame is generated such that the encrypted image frame includes an identity field in which marker information is recorded between a first image field in which the obtained thumbnail image is recorded and a second image field in which the encrypted original image is recorded. The marker information indicates whether the encrypted image frame includes the second image field.

Abstract: An object of the present invention is to prevent an attack from or via a communication device on an information apparatus in a communication system including the information apparatus, the communication device coupled to the information apparatus in the aftermarket, a server that authenticates the communication device, and a communication unit between the communication device and the server. A communication device includes a first interface that performs first communications with a server, a second interface that performs second communications with an information apparatus, and an information processing unit that performs an information process including a communication protocol process accompanied by the first and second communications.

Abstract: In one embodiment, a computing device provides a feature vector as input to a random decision forest comprising a plurality of decision trees trained using a training dataset, each decision tree being configured to output a classification label prediction for the input feature vector. For each of the decision trees, the computing device determines a conditional probability of the decision tree based on a true classification label and the classification label prediction from the decision tree for the input feature vector. The computing device generates weightings for the classification label predictions from the decision trees based on the determined conditional probabilities. The computing device applies a final classification label to the feature vector based on the weightings for the classification label predictions from the decision trees.

Abstract: A container that manages access to protected resources using rules to intelligently manage them includes an environment having a set of software and configurations that are to be managed. A rule engine, which executes the rules, may be called reactively when software accesses protected resources. The engine uses a combination of embedded and configurable rules. It may be desirable to assign and manage rules per process, per resource (e.g. file, registry, etc.), and per user. Access rules may be altitude-specific access rules.

Abstract: In the communications system, a user equipment UE accesses a core network via a first network-side device by using a first air interface and connects to the first network-side device via a second network-side device by using a second air interface to access the core network. The method includes: acquiring, by the network-side device, an input parameter; calculating, by the network-side device, an access stratum root key KeNB* according to the input parameter and an access stratum root key KeNB on the first air interface, or using, by the network-side device, the KeNB as the KeNB*; and generating, by the second network-side device, an access stratum key on the second air interface according to the KeNB*, or sending, by the first network-side device, the KeNB* to the second network-side device.

Abstract: An online identity verification application may be provided. According to an exemplary embodiment, an online identity verification application may utilize photographic, biometric, and documentation identification protocols. The verification application may use a multi-tier verification process based on identification protocols to verify the owner of a verification account and subsequently verify any linked accounts.

Abstract: Virtual workspaces can be provided using shared resources and network-attached storage. A workspace accessed under a customer account has a unique key generated using a combination of a customer master key and an encryption context. The encryption context is specific to the workspace, such as may include a hash of specific values for the workspace. When a new instance is generated, a first data volume is generated using a machine image and data snapshot encrypted under a current encryption key. The snapshot is copied to a new snapshot, and a new encryption key obtained that is based on the customer master key and the current encryption context. The snapshot is used to create a new data volume encrypted under the new encryption key. The new volume is attached to the workspace instance such that data transmitted between the workspace and the new volume is encrypted under the volume-specific encryption key.

Abstract: A data processing apparatus includes a memory storing a program and a processor configured to execute the program to implement a process of reading signed data including a predetermined number (n) of secret sharing data sets generated for each section of time series data and a signature value calculated for the each section of time series data based on a secret sharing protocol. The n secret sharing data sets include n units of data acquired from each section of time series data and parameter information for a polynomial of a predetermined degree calculated based on the acquired n units of data. The processor further implements processes of acquiring the predetermined degree, and editing the signed data by extracting a specific number of the secret sharing data sets from the n secret sharing data sets for the each section of time series data according to the acquired predetermined degree.

Abstract: In one embodiment, a device in a network receives a set of known user identifiers used in the network. The device receives web traffic log data regarding web traffic in the network. The web traffic log data includes header information captured from the web traffic and a plurality of client addresses associated with the web traffic. The device detects a particular one of the set of known user identifiers in the header information captured from the web traffic associated with a particular one of the plurality of client addresses. The device makes an association between the particular detected user identifier and the particular client address.

Abstract: Systems and methods include implementing a remote machine learning service that collects digital event data; collecting incumbent digital threat scores generated by an incumbent machine learning model and successor digital threat scores generated by a successor digital threat machine learning (ML) model; implementing anomalous-shift-detection that detects whether the successor digital threat scores of the successor digital threat ML model produces an anomalous shift; if the anomalous shift is detected by the machine learning model validation system, blocking a deployment of the successor digital threat model to a live ensemble of digital threat scoring models; or if the anomalous shift is not detected by the machine learning model validation system, deploying the successor digital threat ML model by replacing the incumbent digital threat ML model in a live ensemble of digital threat scoring models with the successor digital threat ML model.

Abstract: The present invention relates to a system and method for issuing an OTP application in a face-to-face confirmation manner, and the system includes at least one or more service provider devices for transmitting OTP application issuance request information, including information on recognition of a terminal device tagged on a reader provided for each service provider or entering a previously set service area, to an integrated service device; and the integrated service device for registering secure storage medium identification information as medium identification information for OTP authentication and transmitting an OTP installation guide to the terminal device if the recognition information is the secure storage medium identification information, and transmitting the OTP installation guide to the terminal device if the recognition information is terminal device identification information, in which the terminal device can be a terminal device of a user seeing a service provider face-to-face.

Abstract: As disclosed herein is a tool for enabling dynamic watermarking on a client, including a computer determining a negotiated watermarking algorithm that identifies at least one location on a web page for a placed watermark, and initiating a web communication by requesting a web page. The computer receives the web page, and verifies the authenticity of the web page using the negotiated watermarking algorithm prior to displaying of the web page. Also disclosed herein is a tool for enabling dynamic watermarking on a server which includes determining a negotiated watermarking algorithm that identifies at least one location on a web page for a placed watermark, receiving a request for a web page from a client, and identifying the client.

Abstract: A system, method, and computer program product are provided for secure peer to peer transactions. In use, a peer to peer secured transaction is initiated between a first device and a second device. A request is prepared with signed keys at the first device, and the request may be received at the second device. Next, signed keys at the second device are validated and a response is prepared with signed keys at the second device and sent to the first device. Further, the response is cleared via issuer/broker/clearing house at the first device. Lastly, a receipt is prepared and signed at the first device, and the signed receipt is sent to the second device. Additional systems, methods, and computer program products are also presented.

Abstract: Disclosed herein is a device and method for validating users, such as for entry into a given area. The method includes transmitting a plurality of access control tokens from an access control system to a portable device, and detecting proximity a user portable device associated with one of the plurality of access control tokens to the portable device. A symbolic representation of the access control token associated with the user portable device is generated by and displayed on the portable device. Selection of the displayed symbolic representation is accepted at the portable device. The access control system is notified of selection of the displayed symbolic representation, thereby indicating identification of a user associated with the access control token symbolically represented by the symbolic representation. The venue symbolic representation includes at least one pictograph.

Abstract: In an image forming system including a storage machine, an authentication server machine, and an output machine, when the output machine performs printing of print data stored in the storage machine, the output machine transmits a device token to the storage machine to request the storage machine for the print data. The storage machine transmits the device token to the authentication server machine to determine whether the device token is valid. When the device token is determined to be valid, the print data is transmitted to the output machine.

Abstract: Method and server for issuing a cryptographic key. One method includes distributing a first group key to a first communication device and a second communication device. The method also includes distributing a security request to the first communication device. The method further includes receiving a security status from the first communication device responsive to transmitting the security request. The method also includes determining when security of the first communication device is compromised based on the security status. The method further includes distributing, via a server, the cryptographic key to the first communication device when the security of the first communication device is not compromised. The method also includes distributing, via the server, a second group key to the second communication device when the security of the first communication device is compromised and the first communication device cannot be fixed or deactivated.

Abstract: A device may require one or more updates to its software. However, the device may be inaccessible due to a variety of circumstances. Troubleshooting the device may be difficult. Therefore, the device may be configured to automatically run a script after it has been validated to perform one or more functions on the control panel. In one embodiment, a method to automate a script on a device is described. The method may include searching an attached external storage device for a script, identifying a script based at least in part on the searching, validating the authenticity of the identified script, and executing, automatically, the validated script.

Abstract: A method for updating a public key is provided. The method includes: acquiring, by a transmitting-end device, a first hash value calculated based on a first current public key; generating a first update public key and a first update private key; generating an update string such that a hash value of a hash function calculated based at least on the first update public key and the update string is equal to the first hash value; calculating, by a receiving-end device, a second hash value based at least on the first update public key and the update string according to the hash function; and verifying the first update public key by comparing the first hash value and the second hash value.

Abstract: A system uses a multi-level encryption and tokenization mechanism to allow for fields of a larger object to be individually tokenized and encrypted. Protected data is encrypted using an encryption key and a generated token is displayed in its place. The encryption key is then encrypted using a secondary key. To dereference a token, a requesting application provides the token and associated context to a token service, which searches a token store for a record having both the token and the context. If such a record is located, the token service generates a secondary key and decrypts the encryption key. The decrypted encryption key then decrypts the protected data and transmits the data to the requesting application.