Abstract: Method and system using a designated known secure computer for real time classification of change events in a computer integrity system are disclosed. In the embodiment of the invention, the known secure computer, having only inbound connection, is dedicated for providing permissible change events, which are compared with change events generated on client operational computers. An alert is generated when the change event at the client operational computer and the respective permissible change event provided by the known secure computer mismatch.

Abstract: A method of communicating in a secure communication system, comprises the steps of assembling a message at a sender, then determining a security level, and including an indication of the security level in a header of the message. The message is then sent to a recipient.

Abstract: A garbled circuit is generated for a client in a leakage-resilient manner with a reduced memory requirement. The garbled circuit is used for secure function evaluation between the client and a server. The garbled circuit is generated with a reduced storage requirement by obtaining a token from the server; querying the token gate-by-gate, wherein for each gate of the garbled circuit, the token generates new wire garblings and stores them with the client using a Stream Cipher and interacts with the leakage-protected area to generate a garbled table for the gate; and receiving the garbled circuit from the token. The token comprises a leakage-protected area. The Stream Cipher is leakage-resilient and can be a symmetric-key cryptographic primitive that has a secret key as an input and generates an unbounded stream of pseudorandom bits as an output. The number of evaluations of the Stream Cipher is kept to a substantial minimum.

Abstract: A common interface for managing cryptographic keys is provided. A request to manage a cryptographic key may be received in a first interface format, translated to a common interface format, and then executed remotely from the first interface. Return arguments may then be translated from the common interface format to a format compatible with the first interface and communicated securely to the first interface. The cryptographic keys may be used in connection with a secure data parser that secures data by randomly distributing data within a data set into two or more shares.

Abstract: A system for fingerprinting audiovisual content. The system includes a content receiver and a display device in communication with the content receiver. The content receiver is configured to receive a video signal, where the video signal includes audiovisual content. The content receiver may then be configured to generate a matrix barcode that includes identification data. The content receiver is also configured to create a fingerprinted content that includes the audiovisual content from the video signal and the matrix barcode. The content receiver may then be configured to output the fingerprinted content. The display device is configured receive the fingerprinted content form the content receiver. Also, the display device is configured to display the fingerprinted content.

Abstract: An information processing apparatus includes a decryption processing unit, a backup unit, and a control unit. The decryption processing unit is configured to decrypt encrypted data read from a first storage unit storing the encrypted data. The backup unit is configured to back up the encrypted data stored in the first storage unit to a second storage unit. When the backup unit backs up the encrypted data stored in the first storage unit to a second storage unit, the control unit is configured to control the decryption processing unit to store the encrypted data read from the first storage unit, in the second storage unit without performing decrypting processing.

Abstract: In one kind of DoS attack, malicious customers may try to send a large number of filter requests against an innocent customer. In one implementation, a Filter Request Server (FRS) may allow a customer against who a filter request is made to dispute the implicit accusation of the filter request or stop sending malicious traffic. If the customer claims innocence, the FRS may log destination addresses of data packets sent by the customer and identify and ignore false filter requests if these filter requests come from customers who do not correspond to one or more of the destination addresses that have previously been logged by the FRS.

Abstract: A method and system for authenticating an account holder using multi-factor authentication. An account holder is associated with a token device configured to supply the account holder with a dynamic password. The dynamic password has a current value that is synchronously stored at an aggregator service and at the token device. The dynamic password is changed periodically. The aggregator service also associates the account holder with at least one account maintained by the account providers. The aggregator service receives an authorization request from either the user or from one of the account providers. The aggregator service performs an authorization operation for determining if a proffered dynamic password submitted by the user during an attempt to login matches the current value of the dynamic password stored at the aggregator service.

Abstract: The method for archiving a document includes a step of encryption of the document with a symmetric key, a step of transmission of said encrypted document to an archiving operator, and a step of transmission of the symmetric encryption key of said document to an escrow operator distinct from the archiving operator. The method may also include a step of encrypting of the symmetric key with a key consisting of a dual key comprising asymmetric keys. Depending on whether it is applied to personal archiving or to document transmission, during the step of encryption with the asymmetric key, the asymmetric key is that of the user having transmitted said document or that of the recipient of the document.

Abstract: In a system, there is communication between an electric circuit and a terminal within a scope of a terminal session, wherein the electric circuit has a current consumer for causing additional current consumption, and the terminal has a current consumption meter detecting the current consumption of the electric circuit and coupled to a checker checking authenticity of the electric circuit if the current consumption of the electric circuit has additional current consumption.

Abstract: A method includes assessing a trustworthiness level of a user computer by communication between the user computer and a first server. A record indicating the trustworthiness level is sent from the first server to the user computer, for storage by the user computer. A request is sent from the user computer to a second server, different from the first server, for a service to be provided to the user computer by the second server. The record is provided from the user computer to the second server by communicating between the user computer and the second server. At the second server, the trustworthiness level is extracted from the record, and the requested service is conditionally allowed to be provided to the user computer depending on the extracted trustworthiness level.

Abstract: A network of devices permits data to be stored on the devices and subsequently searched and accessed from any other one of the devices. A plurality of channels are defined to distribute a plurality of access points throughout the network. A mechanism securely assigns authorizations to users to read or write from or to specified ones of the channels, which authorizations are capable of being checked by each of the access points. To write into a channel, a request is made to one of the access points which checks if the requesting user is authorized to write onto the requested channel. If appropriate, the data is associated with the requested channel. To search for data from a particular channel or group of channels, a search request is made to one of the access points which first checks the requesting user is authorized to read from the requested channel or group of channels.

Abstract: A method herein is for authenticating a device connection for website access without using a website password. In the method, a web server receives an access request over the device connection from a device requesting access to a website based on a pre-established identity. The web server, in response to the access request, forwards an access cookie to the device over the device connection and forwards an activation URL to an address associated with the pre-established identity. The web server receives a request for the forwarded activation URL and, using the access cookie, grants access to the device over the device connection.

Abstract: A system and method is described that enables autonomic discovery of wireless network security mechanisms by mobile devices. Stateful monitoring of wireless devices facilitates identification of pending network connectivity loss, enabling a handoff server to proactively advertise new points of access and their associated security mechanisms to devices before connectivity is lost. As a result, devices may seamlessly transition between secure networks. Stateful monitoring of device reachability may be used together with device certificates and/or tokens to decrease the potential of MAC spoofing and further secure the network. Stateful monitoring of device connectivity status during network transitions facilitates the identification of rogue access points. The token or certificate on the device may be used to authenticate the device while transitioning between networks by a centralized entity, managing the initiation and the execution of the handover for the device.

Abstract: In a binary patching system for alleviating security vulnerabilities in a binary representation of a software application, a binary code portion determined to be associated with a security vulnerability is replaced with a replacement binary code that can avoid such vulnerability without substantially changing the functionality of the code portion that was replaced. The replacement binary code can be selected based on properties and/or context of the code portion to be replaced.

Abstract: A dual bypass module for managing an integrated secured network environment is provided. The module includes network ports that receive and transmit data traffic flowing through the network. The module also includes a set of monitoring ports that is configured for transmitting the data traffic between the dual bypass module and a set of monitoring systems. The module further includes a set of relays configured for controlling the flow of data through the dual bypass module. The module yet also includes a configurable integrated circuit. The configurable integrated circuit includes at least one of a first logic arrangement for determining conditions of the set of monitoring systems, a second logic arrangement for redirecting the data traffic through a secured alternate path when a monitoring system is unavailable, and a third logic arrangement for redirecting the data traffic through a secured alternate path when a communication path becomes unavailable.

Abstract: The present invention relates to a method of identifying a user, the method being implemented by means of a database containing personal data of users and containing for each user at least one unmodified biometric characteristic (E1,i), at least one biometric characteristic (E2,i) that has been modified and that is accessible from the unmodified biometric characteristic, and at least one item of identification data (D) that is accessible from a code identifying the modification that has implemented on the second biometric characteristic. The method comprises the steps of comparing first and second biometric characteristics (e1,i) read from the user with the characteristics in the database in order to determine (5) what modification has been implemented and to deduce therefrom the code identifying the modification; and extracting (6) the identification data by means of the code as deduced in this way. The invention also provides a database for implementing the method.

Abstract: Systems and methods are provided for delivering e-mail, typically with time relevant content, to users, whose e-mail addresses are encrypted. Specifically, the e-mails are administered by a host or home server that is transparent to the e-mail addresses of the computers and e-mail clients, that electronic communications are being sent to and received from.

Abstract: A local area network server may issue security certificates to client devices on the network for two-way authentication across the network. The certificates may be issued through a transaction performed over the network and, in some cases, may be automated. The server may have a self signed or a trusted security certificate which may serve as a basis for issuing certificates to various clients. After a certificate is issued, future communications on the network may be authenticated by both the server and client, and the communications may be encrypted using the certificates.

Abstract: Various techniques are described to protect secrets held by closed computing devices. In an ecosystem where devices operate and are offered a wide range of services from a service provider, the service provider may want to prevent users from sharing services between devices. In order to guarantee that services are not shared between devices, each device can be manufactured with a different set of secrets such as per device identifiers. Unscrupulous individuals may try to gain access to the secrets and transfer secrets from one device to another. In order to prevent this type of attack, each closed computing system can be manufactured to include a protected memory location that is tied to the device.