Abstract: A password may be provided along with a validation code, which can help prevent the password from being sent to the wrong recipient. When a password is created, a validation code may be created based on (a) the password, and (b) the identity of the target of authentication (TA) to which the password is intended to be sent. When a user is requested to provide a password, validation component intercepts the request and asks the user to enter both the password and validation code. The validation component then re-calculates the validation code based on the entered password and on the TA that is requesting the password. If the re-calculated validation code matches the validation code entered by the user, then the password is released to the user agent that the user uses to communicate with the TA, and the user agent sends the password to the requesting TA.

Abstract: A centralized account reputation system differentiates between illegitimate users and legitimate users using reputation scores associated with the users' online accounts. The system restricts the access of illegitimate users to certain network services while minimizing its negative effects on legitimate users. The system can manage the life cycle of an online account, considering data about the account that is obtained throughout the account network to compute the online account reputation score and allocating access to network services based on the online account reputation score. For example, a reputation score may be embedded in a security token that can be accessed by multiple services on the account network, so that each service can determine the appropriate level of access to be granted to the associated user account based on the reputation score. Various types of online account behavior over time can improve or diminish the online account's reputation.

Abstract: A system including a providing unit that provides a virtual-desktop-service selected on the basis of an identification information acquired from the terminal apparatus, and sends a message that includes an address of the providing unit and an address of an application program booted by a process of the virtual-desktop-service, a storage unit that stores the identification information associated with the address of the providing unit and an access control information associated with a set of a identification information and an address of an application program, and a relay unit that receives a message sent by the providing unit, acquires an identification information associated with a source address included in the received message, acquires an access control information associated with a set of the acquired identification information and a destination address included in the received message, and controls relaying the message depending on the acquired access control information.

Abstract: The present invention relates to a playback apparatus and a playback method which allow setting of picture-in-picture display, a program, a program storage medium, a data structure, and a recording-medium manufacturing method. Pip_metadata states information required for the picture-in-picture display. Pip_horizotal_position indicates, on the frame of a primary video, an X coordinate at the upper left corner of a sub display screen on which a secondary video is displayed. Pip_vertical_position indicates, on the frame of the primary video, a Y coordinate at the upper left corner of the sub display screen on which the secondary video is displayed. Pip_scale states information indicating the size of the sub display screen on which the secondary video is displayed.

Abstract: A web application security scanner (WASS) includes a login manager configured to perform an automated login to a web site. The automated login may be performed when the login manager detects that a login session has ended. The login manager is configured to determine credentials for the web site to allow the WASS to access the web site. The WASS may then use the credentials to continue scanning the web site. Thus, previously unscannable web pages may be accessed in the web site because of the automated login process.

Abstract: A method for accessing data safely, which is suitable for the electronic tag with low performance, is provided. The method comprises the following steps: when performing a data writing process, the first read-write device encrypts the message MSG and then writes the message in the electronic tag; when performing a data reading process, the second read-write device sends a data request packet to the electronic tag; the electronic tag sends a data response packet to the second read-write device according to the data request packet; the second read-write device sends a key request packet to a trusted third party; the trusted third party verifies the validity of the identity of the second read-write device according to the key request packet, and sends a key response packet to the second read-write device upon the verification is passed; the second read-write device obtains the plain text of the electronic tag message MSG according to the key response packet.

Abstract: A system for and method of automatically enforcing a configuration change process for change requests of one or more configurable element within one or more configurable computation systems. The system comprises means for managing a configuration change process for one or more configurable elements within a corresponding configurable computation system, means for generation a configuration request, means for applying a set of authorization rules to the configuration change requests to generate selective authorization of the CEs, and means for selectively locking and unlocking changes to configurable elements within the configurable computational systems.

Abstract: A method, apparatus, and system are directed towards employing transferable entitlements using EMMs for enabling a purchase of content using a mobile device, and redeeming for access the content using a different network device. An existing billing infrastructure may be used during a purchase transaction to identify the purchasing device. Upon billing authorization, a transferable EMM (XEMM) may be sent to the purchasing device. The purchasing device may then provide the XEMM to another network device. The other network device may send the XEMM to a redeeming service when requesting access to the content. Upon authorization, an EMM with an access key to the content may be sent to the other network device.

Abstract: Methods and apparatus for implementing input data security processing on user input data are disclosed. The user input data is entered on a webpage that contains a destination specification for an intermediary security service and an encrypted destination specification for a receiving module of the application program. The user input data is first sent to the intermediary security service for performing input data security processing on the user input data. If the user input data is deemed acceptable, the user input data is sent to the receiving module by decrypting the encrypted destination specification for the receiving module to obtain the destination specification for the receiving module and transmitting the user data to the receiving module using the destination specification for the receiving module.

Abstract: A log file is secured. One implementation involves maintaining a log file including one or more log entries in a storage device connected to a computer, and entering a new log entry by generating a new message authentication code based on a preceding log entry including a preceding message authentication code, and applying the message authentication code to the new log entry.

Abstract: Methods and architectures for automatic filter generation are described. In an embodiment, these filters are generated in order to block inputs which would otherwise disrupt the normal functioning of a program. An initial set of filter conditions is generated by analyzing the path of a program from a point at which a bad input is received to the point at which the malfunctioning of the program is detected and creating conditions on an input which ensure that this path is followed. Having generated the initial set of filter conditions, the set is made less specific by determining which instructions do not influence whether the point of detection of the attack is reached and removing the filter conditions which correspond to these instructions.

Abstract: Systems and methods are provided for providing secure transmission of software code, which includes a mathematical function, from a first computer to a second computer so that the mathematical function's content cannot be determined at the second computer. A method includes generating a secure container, where the secure container includes an encrypted representation of the mathematical function and metadata identifying the mathematical function encrypted in the secure container. The method further includes providing the secure container from the first computer to the second computer over a communication transmission medium, where the secure container is accessed at the second computer using the metadata to identify the mathematical function, and where the mathematical function contained within the secure container is decrypted and incorporated into program code in a compiled form so that the mathematical function can be used but the mathematical function's content cannot be determined at the second computer.

Abstract: A network level virus monitoring system capable of monitoring a flow of network traffic in any of a number of inspection modes depending upon the particular needs of a system administrator. The system includes a network virus sensor self registration module coupled to a network virus/worm sensor arranged to automatically self register the associated network virus/worm sensor. The monitoring provides an early warning of a virus attack thereby facilitating quarantine procedures directed at containing a virus outbreak. By providing such an early warning, the network virus monitor reduces the number of computers ultimately affected by the virus attack resulting in a concomitant reduction in both the cost of repair to the system and the amount of downtime. In this way, the inventive network virus monitor provides a great improvement in system uptime and reduction in system losses.

Abstract: An incoming network traffic manager circumstantially blocks incoming network traffic (103) containing code (107). The incoming network traffic manager (101) monitors (201) incoming network traffic (103) addressed to a target computer (105). The network traffic manager (101) detects (203) incoming network traffic (103) containing code (107). The network manager (101) blocks (205) incoming traffic (103) containing code (107) from reaching the target computer (105), responsive to circumstances being such that it is undesirable to allow incoming traffic (103) containing code (107) to reach the target computer (105).

Abstract: To aim to provide an information security device capable of reducing a period necessary for performing a power operation used for secret communication or authentication. The information security device performs secret communication or authentication by calculating an exponentiation X^d based on target data X and a secret value d using the window method. In the process of calculating the exponentiation X^d, immediately after square of a random value R acquired for multiplication is repeatedly performed a predetermined number of times, for example 256 times, a result of square of the random value R is cancelled using a cancellation value S (=R^(?2^256)). This makes it unnecessary to perform cancellation processing that has been conventionally performed.

Abstract: Temporarily sensitive information can be stored in the non-volatile storage of a TPM, from which it can be securely, and irretrievably, deleted. Additionally, information stored in a TPM can secure information stored on communicationally disconnectable storage media such that, when communicationally disconnected, the information stored on such media is inaccessible. A whole volume encryption service key can be protected by a key stored in a TPM and, even if the protector remains accessible, the secure deletion of the key from the TPM prevents unauthorized disclosure of the whole volume encryption service key. Additionally, TPM stored data can be released only when a computing device is in a particular state, as determined by the PCRs. A hibernation image can be encrypted and the key stored with the TPM such that it is released to decrypt the image and restore active computing only if the state has not materially changed during hibernation.

Abstract: The present invention relates to a recoding apparatus and a recording method, a playback apparatus and a playback method, a recording/playback apparatus and a recording/playback method, and a program, whereby processing relating to a file can be readily performed. With a video camera wherein with regard to H.264/AVC for example, which is a coding method arranged to encode or decode data, a codec class arranged to classify the performance of a codec configured to encode or decode data, and a codec level serving as a group of said one or more codec classes whose upper compatibility is ensured, are based on stipulated specifications, data is encoded into, for example, coded data of a codec class #2, for example, within a codec level AVC_A by H.264/AVC. The coded data is recorded in a recording medium, for example, as a file “AVCA0001.MP4” whose file name represents the codec level AVC_A of the coded data.

Abstract: An apparatus, system, and method are disclosed for sharing referenced content through collaborative business applications. The method includes detecting referenced content in an electronic communication. The referenced content references content stored in an external repository. The referenced content identifies a registered external repository connector. The method also includes determining that an Access Control List (“ACL”) for the referenced content lacks an entry for a recipient of the electronic communication. The method includes generating an ACL entry for the recipient in response to the recipient lacking an entry in the ACL for the referenced content. The ACL entry controls access to the referenced content for the recipient. The ACL entry is defined based on a security policy associated with the recipient.

Abstract: An authentication method based on the use of an inanimate physical object that includes storing first object data in a storage medium, wherein the first object data is generated based on a first image of at least a portion of the physical object, capturing a second image of the at least a portion of the physical object, and generating second object data based on the second image. The method further includes searching the storage medium and determining that the second object data and the first object data are a match, and authenticating an individual associated with the physical object in response that determination. Also provided are embodiments of an authentication system that may be adapted to implement the method.

Abstract: Certain embodiments of the invention provide a method and system for memory to bus interface data encryption and decryption. A method for memory to bus interface data encryption and decryption may include encrypting data by a encryption/decryption engine or processor and transferring the encrypted data across a first bus interface to a data processing and/or storage device coupled to the first bus interface. The encryption engine may receive encrypted data from a device coupled to the first bus interface and decrypt the received encrypted data. In this regard, unencrypted data never traverses across the first bus interface, and is thereby not accessible to devices coupled to the first bus interface. An encryption function and a decryption function associated with the encryption/decryption engine may be integrated within a bus adapter, for example, an IDE bus adapter.