Abstract: Provided is a cryptographic device implementing an S-Box of an encryption algorithm using a many-to-one binary function. The cryptographic device includes: arrays of first logic gates including I first logic gates which each receive 2 bits of an input signal; 2N second logic gates which each receive corresponding J bits from among I bits output from the arrays of the first logic gates; and L third logic gates which each receive K bits from among 2N bits output from the second logic gates, wherein there is a many-to-one correspondence between the N bits of the input signal and the K bits input to each of the third logic gates, and wherein the N, I, J, K, and L are positive integers. Because a signal output from each array includes only one active bit, current is always consumed constantly to prevent internal data from leaking out to a hacker.

Abstract: In embodiments, the present invention provides a method and system for managing playback of content delivered to a mobile device with a pause and resume functionality. The method and system including receiving delivered content on a mobile device, initiating playback of the delivered content, pausing playback of the content being delivered to the mobile device in response to an action and resuming delivery of the content upon a request.

Abstract: An apparatus for generating a key for access control of content in a distributed environment network is provided. The apparatus includes a first key distributor configured to generate first encrypted keys by encrypting a first key corresponding to a key for write authorization using each public key of members having write authorization among members included in an access control list including information of at least one user and distribute the access control list and information about access authorization and the first encrypted keys to the members having write authorization, and a second key distributor configured to generate second encrypted keys by encrypting a second key corresponding to a key for read authorization using the first key using each public key of members having read authorization among members included in the access control list and distribute the access control list and second encrypted keys to the members having read authorization.

Abstract: Instructions of an application program are emulated such that they are carried out sequentially in a first virtual execution environment that represents the user-mode data processing of the operating system. A system API call requesting execution of a user-mode system function is detected. In response, the instructions of the user-mode system function called by the API are emulated according to a second emulation mode in which the instructions of the user-mode system function are carried out sequentially in a second virtual execution environment that represents the user-mode data processing of the operating system, including tracking certain processor and memory states affected by the instructions of the user-mode system function. Results of the emulating of the application program instructions according to the first emulation mode are analyzed for any presence of malicious code.

Abstract: A computer implemented system for facilitating configuration, data tracking and reporting for data centric applications and a method for performing the same have been disclosed. The system enables an enterprise to quickly move from paper based tracking to web based mode by configuring metadata. Also, the system hosts multiple tenants on a single server and enables creation of workspace to enable users within a tenant to securely view the data based on his/her permission levels. Additionally, the system classifies the resources as ‘Human’ and ‘Non-Human’ resources and further as static resources which are shared metadata across tenants and non-static resources which are applicable only to a particular tenant. Thus, the system enables common information to be shared easily across various organizations while securing the data via workspaces. Furthermore, the system includes report creation and dashboard generation capability using data from within the system as well as from external databases.

Abstract: An aspect of the present invention simplifies signing-off from multiple domains. In an embodiment, upon receiving a sign-off request from a user signed-on to multiple domains, the user is signed-off from at least two, but not all, the signed-on domains in due course. According to another aspect, the domains of an enterprise are organized as groups of domains. In response to receiving a request for signing-off from a first domain, the user is signed-off from each of a group of domains corresponding to the first domain (in addition to the first domain). In an embodiment, an administrator of the enterprise specifies a master domain for each group, to facilitate identification of the group to be signed-off. According to another aspect, a user selects a set of domains to sign-off from. The user is signed-off from only the selected set of domains.

Abstract: A method for controlling personal content on a media device includes establishing, at the media device, a wireless connection with a mobile user device using a wireless communication circuit of the media device; receiving, from the mobile user device, account information for an account associated with personal content, the personal content of the account accessible by the media device from a server computer over a communication network or from a memory of the media device; receiving, from the mobile user device, a usage term for accessing or using the personal content of the account; and controlling access to or usage of the personal content of the account by the media device based on the received account information and the usage term.

Abstract: Systems, methods, and computer program products are provided for performing content management operations. At least one memory stores data, and a central security domain manages instructions on behalf of one or more service provider security domains. The instructions are received, over a network, from a trusted service manager. The instructions are processed in at least one of the one or more determined service provider security domains, using the data stored in the at least one memory. The data includes one or more generic applications, each of which can be instantiated for one or more service providers.

Abstract: The invention relates to a method for securing a user interface that comprises a user interface including one or more peripheral hardware devices of the user interface for interaction with said interface, said peripheral hardware devices being driven by driver software, and one or more applications using the user interface. The invention also relates to a method for securing such an interface. The system of the invention is characterised in that the same further comprises a hypervisor and one or more virtual machines, the drivers of the peripheral hardware devices of the user interface being divided into two portions, i.e. a main portion of said drivers under the control of the hypervisor and a front-end portion of said drivers under the control of the virtual machines, wherein the front-end portion of the securing software component is in charge of managing the front-end portion of the drivers and the main portion of the securing software component is in charge of managing the main portion of the drivers.

Abstract: A comprehensive platform for merchandising intellectual property (IP) and conducting IP transactions is disclosed. A standardized data collection method enables IP assets to be characterized, rated and valuated in a consistent manner. Project management, workflow and data security functionality enable consistent, efficient and secure interactions between the IP Marketplace participants throughout the IP transaction process. Business rules, workflows, valuation models and rating methods may be user defined or based upon marketplace, industry or technology standards.

Abstract: Techniques for providing a self-contained electronic signature are disclosed. In some embodiments, techniques for providing a self-contained electronic signature include recording an audit trail for a plurality of events associated with an electronic signature of an electronic document; embedding the audit trail in the electronic document; and digitally signing the electronic document, in which the electronic document including the embedded audit trail and the electronic signature are secured by the digital signature. In some embodiments, the audit trail is embedded in metadata of the electronic document, a body of the electronic document, or both the metadata and body of the electronic document. In some embodiments, digitally signing the electronic document includes a certifying signature provided by a service provider of an electronic signature service.

Abstract: Integrity validation of a network device may be performed. A network device comprising a secure hardware module, may receive a root key. The secure hardware module may also receive a first code measurement. The secure hardware module may provide a first key based on the root key and the first code measurement. The secure hardware module may receive a second code measurement and provide a second key based on the first key and the second code measurement. The release of keys based on code measurements may provide authentication in stages.

Abstract: Disclosed is a method for transitioning a remote station from a current serving network node having an enhanced security context to a new serving network node. In the method, the remote station provides at least one legacy key, and generates at least one session key based on an information element associated with the enhanced security context. The remote station forwards a first message having the information element to the new serving network node. The remote station receives a second message, from the new serving network node, having a response based on either the legacy key or the session key. The remote station determines that the new serving network node does not support the enhanced security context if the response of the second message is based on the legacy key. Accordingly, the remote station protects communications based on the legacy key upon determining that the enhanced security context is not supported.

Abstract: Aspects of the present invention provide a solution for verifying the integrity of a transaction. In response to receipt of a confirmed electronic transaction from a user, a one time password is forwarded to the user. The user then initiates a telephonic communication with a verifier on the user's wireless device and provides the one time password to the verifier. The verifier authenticates the mobile telephonic device based on the device's caller identification number and determines whether the one time password provided by the user matches the one forwarded to the user. After the user is authenticated, the verifier communicates the details of the transaction that were received and the user confirms whether the details match those originally entered.

Abstract: A hardware- and software-efficient class of cryptanalytically-safe pseudorandom number generators is disclosed. Embodiments of the class can be implemented with only a modest use of program space and as few as 512 bytes of non-volatile data space, such embodiments suitable to a wide range of computer architectures, ranging from resource-constrained microcontrollers to high-end, multi-core processors.

Abstract: Techniques are disclosed for tracking locations of data objects in a computing network. In one example, a method comprises the following steps. Contextual data is received. The contextual data is associated with a given data object and transmitted from one or more computing devices. The one or more computing devices created the given data object and/or accessed the given data object. At least a portion of the received contextual data is used to track one or more locations of the given data object. A chain of custody report and/or a provenance report may be generated from the one or more tracked locations of the given data object. Also, a policy can be applied.

Abstract: Multiphase adaptive bitrate streaming systems and methods in accordance with embodiments of the invention are disclosed. One embodiment of the invention includes a processor configured to request portions of files. In addition, the processor streams encoded media in a first operational phase utilizing a first set of stream switching conditions. When at least one phase transition criterion is satisfied, the client application configures the processor to transition to a second operational phase utilizing a second set of stream switching conditions.

Abstract: A system and method for automatically selecting a procedure for resetting an authentication data, such as a password, a PIN, a secret key, or a private key, according to the value of the user data protected by the authentication data and/or the likelihood for the user to forget or otherwise lose the authentication data. The user's preference is also considered in selecting the procedure for resetting the authentication data.

Abstract: According to the application, a method for transmitting an encrypted aircraft related message is disclosed. A message is provided at one of a ground computer system or an aircraft computer system. The aircraft related message is arranged into data packets and at least one of the data packets is encrypted with an encryption key to obtain at least one encrypted data packet. The at least one encrypted data packet is transmitted from a sender to a recipient, wherein the sender is one of the ground computer system or the aircraft computer system, the recipient is the other one of the ground computer system or the aircraft computer system. The at least one encrypted data packet is received by a computer system of the recipient. A step of deciding whether the message is intended for the recipient's computer system is provided. The step of deciding comprises an attempt to decrypt the at least one encrypted data packet with an decryption key, and the decryption attempt comprises analyzing of the message content.

Abstract: In general, the invention provides a computer architecture designed for enhanced data security. In embodiments, the architecture comprises two sub-systems, each with their own processing units and memories, and a defined set of interfaces that interconnect the two sub-systems and the external world. One sub-system is designed to provide a familiar environment for running computer applications. The other sub-system is designed to provide a secure bridge between the first sub-system and users via input and output devices.