Abstract: The present invention provides a system and method of facilitating compliance to one or more information sharing regulations. The present invention provides a computer system equipped with a processing unit capable of receiving input information and extracting one or more data sharing guidelines. The present invention utilizes the relationship between the parties and the data at issue to construct a data sharing arrangement. Each data sharing arrangement may be cross-referenced to one or more data sharing guidelines designed to assist the user to determine what privacy regulations apply and how to comply with same.

Abstract: Provided is a storage apparatus capable of encrypting data without affecting the business performance. This storage apparatus includes a cache memory, a first controller for controlling the writing of data in the cache memory pursuant to the write command, a second controller for controlling the writing of the data written in the cache into the storage devices, and an encryption engine for encrypting data pursuant to the write command. When the second controller reads the data from the cache memory and writes the data in said storage devices, the encryption engine encrypts the data, and the second controller writes the encrypted data in said storage devices.

Abstract: Circuits, methods, and apparatus that store and prevent modification or erasure of stored encoding keys, serial identification numbers, or other information. An encoding key stored with an embodiment of the present invention may be used to decode a configuration bitstream on an integrated circuit, such as an FPGA. A serial number may be used to track or authenticate an integrated circuit. Embodiments of the present invention store this information in a memory such as an SRAM, DRAM, EPROM, EEPROM, flash, fuse array, or other type of memory. In order to prevent its erasure or modification, write enable circuitry for the memory is then permanently disabled, and if the memory is volatile, a continuous power supply is provided. Further refinements verify that the write enable circuitry has been disabled before allowing the device to be configured or to be operable.

Abstract: A computer-implemented method for securely managing multimedia data captured by a mobile computing device is disclosed. The method may comprise: 1) identifying multimedia data captured by the mobile computing device, 2) identifying an asymmetric public key stored on the mobile computing device that is associated with an asymmetric private key stored on a server, 3) encrypting the multimedia data using the asymmetric public key so that the encrypted multimedia data may only be decrypted using the asymmetric private key stored on the server, and 4) transmitting the encrypted multimedia data to the server. Corresponding systems and computer-readable media are also disclosed.

Abstract: System and methods for injecting content into a response for improving client-side security. The system includes a content injection service external to network edges of at least one system. The content injection service receives a request from a client within the at least one system and identifies or anticipates a potential threat associated with the response. The content injection service is configured to determine an appropriate counter for the identified or anticipated potential threat and in response injects content into the response according to the potential or anticipated threat identified.

Abstract: Disclosed is a virtual universal decryption (VUD) service that provides a mechanism for allowing users of camera enabled mobile devices to use their camera to decrypt messages. The VUD service can provide a mechanism for a user of a VUD enabled device to authorize one or more other users of VUD enabled and camera enabled devices to use their cameras to decrypt messages sent by the authorizing user. The VUD service may then provide mechanisms for the authorized users to decrypt messages, which have been encrypted by the authorizing users, by simply capturing an image/video of the encrypted text with a camera of their VUD enabled devices.

Abstract: An article of manufacture is provided for securing a region in a memory of a computer. According to one embodiment, the article of manufacture comprises a machine-accessible medium including data that, when accessed by a machine, causes the machine to: halt all but one of a plurality of processing elements in a computer, where the halted processing elements enter into a special halted state; load content into the region only after the halting of all but the one of the plurality of processing elements and the region is protected from access by the halted processing elements; place the non-halted processing element into a known privileged state; and cause the halted processing elements to exit the halted state after the non-halted processing element has been placed into the known privileged state.

Abstract: A system and method for preventing propagation of malicious content associated with an electronic message are disclosed. An electronic message and content associated with the electronic message is simulated in a virtual machine which emulates the destination computing device of the electronic message. A virtual firewall receives one or more commands as the electronic message or content associated with an electronic message is executed. Initially, the virtual firewall establishes a network connection and determines the type of action associated with the commands. If the type of action comprises a connection maintenance or configuration command, the network connection is maintained. If the type of action comprises a data transmission command, the network connection is terminated. This allows the virtual machine to simulate performance of a networked computer by transmitting a subset of the data through a network connection.

Abstract: One embodiment provides a system that detects sensitive passages. During operation, the system receives a document and disassembles the document into a plurality of passages. For a respective passage, the system performs a search through a non-sensitive-passage database to determine whether the passage is a known non-sensitive passage. If so, the system marks the passage as non-sensitive, and if not, the system determines whether the passage triggers a cut-and-paste attack detection. If so, the system forwards the passage to an administrator and allows the administrator to determine whether the passage is non-sensitive and, further, to add the passage to the non-sensitive-passage database responsive to the administrator determining the passage to be non-sensitive.

Abstract: A method of generating a key stream for a precomputed state information table. The method comprises initializing a counter and an accumulator with non-zero values; combining state information identified by the counter with the accumulator; swapping state information identified by the counter with state information identified by the accumulator; combining the two pieces of state information; outputting the state information identified by the combination as a byte of the key stream; adding a predetermined number odd number to the counter; and repeating the above steps to produce each byte of the key stream.

Abstract: Embodiments of the present invention address deficiencies of the art in respect to distributed computing for large data sets on clusters of computers and provide a novel and non-obvious method, system and computer program product for detecting and correcting malicious nodes in a cloud computing environment (e.g., MapReduce computing). In one embodiment of the invention, a computer-implemented method for detecting and correcting malicious nodes in a cloud computing environment can include selecting a task to dispatch to a first worker node, setting a suspicion index threshold for the selected task, determining a suspicion index for the selected task, comparing the suspicion index to the suspicion index threshold and receiving a result from a first worker node. The method further can include applying a recovery action when the suspicion index exceeds the selected suspicion index threshold.

Abstract: According to one embodiment of the present invention, a system, method, and computer program product is provided for rebinding title keys in clusters of devices with distinct security levels in broadcast encryption systems. The method includes receiving a new management key and unbinding an encrypted title key with a previously used management key, the title key having a security class and residing in a title key block for a device having a security class, the device being in a cluster of devices including devices having a plurality of security classes. If the device security class is lower that the title key security class, the unbound title key is partially rebound with the new management key. the partially rebound title key is then saved in the title key block for the device.

Abstract: A method and apparatus for preventing sensitive data leakage due to input focus misappropriation is described. In one embodiment, a method for restricting a change in an input focus to protect sensitive data comprising identifying a visual representation component used to receive sensitive data, wherein the virtual representation component having an input focus of a computer and preventing a change in the input focus from the visual representation component.

Abstract: A picture start code detecting section 131 detects the input timing of the leading data of a picture from TS packets inputted to a buffer 11. A counter 132 outputs a timing signal at the time when the leading data of the picture has been inputted 30 times, thereby detecting the input timing of data of one second. A counter 133 counts the data amount of TS packets inputted to the buffer 11 during the period of time from the reception of a timing signal from the counter 132 to the next reception. The count value is read via a DFF 134 and inputted to a read control section 135. The read control section 135 sets the input value from the DFF 134 as the reading speed of TS packets from the buffer 11.

Abstract: A method and apparatus is provided for securing a region in a memory of a computer. According to one embodiment, the method comprises halting of all but one of a plurality of processors in a computer. The halted processors entering into a special halted state. Content is loaded into the region only after the halting of all but the one of the plurality of processors and the region is protected from access by the halted processors. The method further comprises placing the non-halted processor into a known privileged state, and causing the halted processors to exit the halted state after the non-halted processor has been placed into the known privileged state.

Abstract: A calculating apparatus, or system, having a plurality of stages, such as in a pipeline arrangement, has the clocking rail or conductor positioned alongside the stages. With a large number, i.e., hundreds, of stages arranged in parallel sub-arrays, the clocking conductor is snaked alongside the sub-arrays. In individual stages it is arranged that the shortest of the two calculations taking place in a stage, takes place in the return path. An array can be divided into separate sections for independent processing.

Abstract: An electronic document comparison system and method converts a test file into a compressed file having a specific format. A public key of the CA certificate of a user is obtained and a random key is generated using a random function. Furthermore, the compressed file is symmetrically encrypted using the random key, and the random key is asymmetrically encrypted using the public key to generate an asymmetric encryption key. A header of the compressed file is attached with the asymmetric encryption key and data length of the asymmetric encryption key.

Abstract: Embodiments are directed towards detecting and reporting use by a domain of a message authentication mechanism, such as DomainKeys (DK), and/or DomainKeys Identified Mail (DKIM), and enabling subsequent blocking of messages based, in part, on its usage. When a message is received by an inbound message server, a message source is determined for the message. In one embodiment, the message source is a domain name associated with the sender of the message. Statistics are recorded about the message, including the message source, whether the message is suspect, includes a forged source identifier, employs DK/DKIM message authentication, and the like. The reports may then be sent to various message sources to enable them to determine the extent of use of DK/DKIM message authentication, and to selectively block, re-direct, or forward the messages based, in part, on the use of DK/DKIM message authentication mechanism.

Abstract: A technique for efficient encryption for use with devices such as smartcards restricted in memory resource, including a calculation unit for reconstructing a large number of small primes, a sieving unit for checking the divisibility of an integer by small primes, a recoding unit for changing the representation of an integer, and a primality testing unit. The sieving unit eliminates “bad” candidates by checking their divisibility by small primes reconstructed by the calculation unit. The primality of the remaining candidates is tested using the primality testing unit. The primality testing unit uses the recoding unit to change the representation of prime candidates. The primality testing unit performs a primality test using the representation after change.

Abstract: A data processing system, recording device, data processing method and program providing medium are provided to execute authentication processing and content storing processing between apparatuses. Program localization is employed to restrict access to program content. A plurality of key blocks store key data for authentication processing. Key block designation information is set in a recorder/reproducer, which is configured for executing authentication processing with the recording device by designating a key block. The recorder/reproducer can set a key block for each product, model or the like. In addition, data stored according to a selected key block cannot be utilized in a recorder/reproducer in which a different key block is set. Furthermore, an encryption processing controlling section of a recording device executes control in accordance with a pre-defined setting sequence.