Abstract: A method of securing a telecommunication terminal that is connected to a module used to identify a user of the terminal is described. The method includes a step including executing a procedure in which the terminal is matched to the identification module, consisting in: securely loading a first software program including a data matching key onto the identification module; securely loading a second software program which can operate in conjunction with the first software program onto the telecommunication terminal; transmitting a data matching key that corresponds to that of the first software program to the second software program; storing the transmitted data matching key in the secured storage zone of the telecommunication terminal; and conditionally submitting every response from the first software program to a request from the second software program upon verification at the true value of the valid possession of the data matching key by the second program.

Abstract: A method determines an elliptical curve, suitable for a cryptographic method. An elliptical curve to be tested is prepared. The order of a twisted elliptical curve associated with the elliptical curve to be tested is determined. It is automatically checked whether the order of the twisted elliptical curve is a strong prime number. If the order of the twisted elliptical curve is a strong prime number, the elliptical curve to be tested is selected as an elliptical curve suitable for cryptographical methods.

Abstract: A system for transmitting a transport stream including a robust stream is provided. The transmitting system includes an adaptor for, when receiving a first stream, making a space in the first stream to insert a second stream; a Reed-Solomon (RS) encoder for RS-encoding the input second stream; a Cyclic Redundancy Check (CRC) processor for converting the RS-encoded second stream to a stream comprising an added CRC bit sequence; and a stuffer for inserting the stream to the space in the first stream and outputting a transport stream. Hence, the robust stream can be efficiently transmitted.

Abstract: A private stream aggregation (PSA) system contributes a user's data to a data aggregator without compromising the user's privacy. The system can begin by determining a private key for a local user in a set of users, wherein the sum of the private keys associated with the set of users and the data aggregator is equal to zero. The system also selects a set of data values associated with the local user. Then, the system encrypts individual data values in the set based in part on the private key to produce a set of encrypted data values, thereby allowing the data aggregator to decrypt an aggregate value across the set of users without decrypting individual data values associated with the set of users, and without interacting with the set of users while decrypting the aggregate value. The system also sends the set of encrypted data values to the data aggregator.

Abstract: A method may include detecting initiation of a power-management mode that suspends the functionality of at least one component of a computing device while maintaining the functionality of the device's memory. The method may also include, before the device enters the power-management mode, (1) identifying, within the device's memory, an encryption key that is required to access encrypted data stored in the device's storage device, and (2) removing the encryption key from the device's memory in order to protect against unauthorized access of the encrypted data during implementation of the power-management mode. The method may also include, upon detecting discontinuation of the power-management mode, (1) obtaining user credentials from a user of the device in order to authenticate the user and, upon successfully authenticating the user, (2) using the user credentials to regenerate the encryption key in order to enable access to the encrypted data stored in the storage device.

Abstract: A system for encoding a video stream into a processed video signal that includes at least one image, includes a pattern detection module for detecting a pattern of interest in the at least one image and identifying a region that contains the pattern of interest when the pattern of interest is detected. An encoder section, generates the processed video signal and wherein, when the pattern of interest is detected, a higher quantization is assigned to the region than to portions of the at least one image outside the region.

Abstract: There is provided a device for protecting a digital content. The device includes a digital content processing section that causes a digital content to be protected using security information; and an encrypting section that encrypts the security information, using a key acquired from a Digital Right Management system of an electronic ticket system.

Abstract: In a gaming environment, a method of periodically downloading dynamically generated executable modules at random intervals that perform system configuration integrity checks in a secure and verifiable manner is disclosed. The dynamically generated executable module returns the signature to a server from which it was downloaded and deletes itself from the system being checked. The next time such an executable module is downloaded, it will contain a different randomly chosen subset of hashing and encryption algorithms. The server that is performing the system configuration integrity check maintains a database of expected system configurations and performs subset of hashing and encryption algorithms as contained in the dynamically generated executable module. The result returned by the downloaded executable module is compared to that computed locally, and an error condition is raised if they do not match.

Abstract: The present invention relates to a method that uses a motion vector of a predictive video frame of a sub-layer to encode a video signal and decode encoded video data. The method encodes a video signal using a preset method to a bit stream of a base layer while encoding the video signal using a scalable MCTF method to a bit stream of an enhanced layer. When an arbitrary frame of the video signal is encoded, information, enabling at least one vector, derived from a first motion vector of a first block included in the bit stream of the base layer in the same direction as the first motion vector, to be used as a motion vector of an image block in the arbitrary frame, is recorded in the bit stream of the enhanced layer. The first motion vector is directed in the same direction as a temporal direction from the arbitrary frame to the first block.

Abstract: A printing system and printer with an electronic signature capability, and a method thereof are provided. To print security documents using an electronic signature stored in a portable memory, the printing system of the invention includes a portable memory for storing an electronic signature. A memory interface connects detachably to the portable memory. A printer receives the electronic signature from the memory interface, composes the received electronic signature with print data, and executes a print operation. Accordingly, a stamping or signature process on numerous documents can be facilitated, and excessive stamping or signature execution can be prevented. Moreover, the electronic signature of the invention can be executed on various types of forms or documents.

Abstract: Methods, systems, and computer program products for protecting information on a user interface based on a viewability of the information are disclosed. According to one method, a viewing position of a person other than a user with respect to information on a user interface is identified. An information viewability threshold is determined based on the information on the user interface. Further, an action associated with the user interface is performed based on the identified viewing position and the determined information viewability threshold.

Abstract: Systems, methods, and computer program products are provided for user authentication required for conducting online financial institution transactions. The disclosed embodiments leverage the capabilities of platforms other than conventional personal computers and laptops, such as gaming consoles and wireless devices. Unique intrinsic user activities, such as controller motions or activities, built-in hardware signatures or other input data are used as the authentication mechanism, so as to provide a higher degree of security in the overall authentication process by lessening the likelihood of password replication or interception during network communication.

Abstract: One embodiment relates to a method of connection-rate filtering by a network device. Address resolution protocol (ARP) request packets received from a sub-network are monitored, and a copy of the received ARP request packets are sent to an agent program. The agent program determines a rate of ARP request packets sent by a host in the sub-network. Other embodiments are also disclosed.

Abstract: A reach back secure communications terminal includes a digital PBX adapter that offers immediate and secure voice, data and video connectivity over any of various commercially available PBX systems. In addition to use with a PBX system, integrated components simplify access to varied networks allowing deployed users to select and connect quickly to a network that best supports their present mission. Commercial or optional NSA Type 1 encryption may be implemented. Networking options include any of PSTN, PBX, GSM (or CDMA or other cell telephone standard), SAT, IP and WiFi. The digital PBX adapter includes an audio mixer that converts a 4-wire input from a handset jack of a PBX handset base, into a 2-wire output destined for an encryption unit (FNBDT). The user determines a necessary gain of the audio mixer for the particular PBX system by trial and error using a multi-position switch.

Abstract: A method of controlling access to computing resources, comprising providing a first computing device with access to a database containing data indicative of computing resources access to which is controlled by the first computing device and a minimum security capability that a second computing device must possess to access the respective resources, assigning the second computing device a security capability, providing the second computing device with data indicative of the security capability, configuring the first computing device to respond to data indicative of the security capability and data indicative of a desired access from the second computing device by ascertaining the minimum required security capability corresponding to the desired access and by comparing the minimum required security capability with the security capability of the second computing device, and providing the desired access if the security capability of the second computing device meets the minimum security capability for the desired

Abstract: Application message payload data elements are transformed within a network infrastructure element such as a packet data router or switch. The network element has application message transformation logic for receiving one or more packets representing an input application message logically associated with OSI network model Layer 5 or above; extracting an application message payload from the input application message; identifying one or more first content elements in the application message payload; transforming the first content elements into one or more second content elements of an output application message; and forwarding the output application message to a destination that is identified in the input application message. Transformations performed in the network element can include field reordering, field enrichment, field filtering, and presentation transformation.

Abstract: A token calculates a one time password by generating a HMAC-SHA-1 value based upon a key K and a counter value C, truncating the generated HMAC-SHA-1 value modulo 10^Digit, where Digit is the number of digits in the one time password. The one time password can be validated by a validation server that calculates its own version of the password using K and its own counter value C?. If there is an initial mismatch, the validation server compensate for a lack of synchronization between counters C and C? within a look-ahead window, whose size can be set by a parameter s.

Abstract: A method of generating prevention and control data to verify validity of data to be transmitted, and an apparatus to perform the method, the method including generating the prevention and control data according to composing information of the data to be transmitted, and transmitting the prevention and control data along with the data to be transmitted to verify the validity of the data to be transmitted.

Abstract: A computer-implemented method may include establishing, within a parental-control software system, an academic-performance policy that defines how academic performance of a student affects at least one parental-control setting enforced on a computing system accessible to the student. The computer-implemented method may also include receiving, via an electronic communication from a school of the student, grade information that indicates the student's academic performance. The computer-implemented method may further include applying the academic-performance policy by updating the parental-control setting commensurate with the student's academic performance. In addition, the computer-implemented method may include detecting an attempt by the student to access a resource of the computing system and applying the updated parental-control setting to control the student's access to the resource of the computing system.

Abstract: A system and method for managing trusted platform module (TPM) keys utilized in a cluster of computing nodes. A cluster-level management unit communicates with a local TPM agent in each node in the cluster. The cluster-level management unit has access to a database of protection groups, wherein each protection group comprises one active node which creates a TPM key and at least one standby node which stores a backup copy of the TPM key for the active node. The local TPM agent in the active node automatically initiates a migration process for automatically migrating the backup copy of the TPM key to the at least one standby node. The system maintains coherency of the TPM keys by also deleting the backup copy of the TPM key in the standby node when the key is deleted by the active node.