Abstract: A method comprises storing, at the server computer system, user profile information for the remote user. The user profile information for the remote user (or a link to the user profile information) is encrypted using authentication information. The user profile information is associated with user identification information, at the server computer system, using the authentication information, which is selectively made available by the remote user via the network to the server computer system in order to enable the server computer system to associate the user profile information with the user identification information.

Abstract: Methods and systems for proximity-based access control include determining whether a distance from a first mobile device to each of one or more safe mobile devices falls below a threshold distance; determining whether a number of safe mobile devices within the threshold distance exceeds a safe gathering threshold with a processor; and activating a safe gathering policy in accordance with the safe gathering threshold that decreases a security level in the first mobile device.

Abstract: A collation system includes first through third nodes N1-N3. N1 includes: an evaluation formula generation unit generating an evaluation formula evaluating a distance with authentication data; an encryption unit encrypting coefficients of the evaluation formula by a public key and transmitting the encrypted coefficients to N3; and an evaluation value generation unit acquiring the encrypted coefficients from N3 when authentication target data to be collated with the authentication data is received, generating an evaluation value collating the authentication target data with the authentication data based on the authentication target data and the encrypted coefficients, and transmitting the evaluation value to N2. N2 includes: a key generation unit generating a public/secret key pair and transmitting the public key to N1; and a collation unit decrypting the evaluation value using the secret key, thereby collating the authentication target data with the authentication data.

Abstract: Autonomous devices and systems, methods, and program products for authorizing and performing autonomous devices transactions are disclosed. An autonomous device can be configured to generate a first hash value of a chain of hash values by applying a hash algorithm to first data including first new data and a first previous hash value of the chain of hash values, the first previous hash value computed by applying the hash algorithm to first previous data. The device can transmit to a transaction computer system the first hash value and the first new data. The device can generate and transmit to the transaction computer system a first signed electronic transaction request comprising first transaction data comprising a sending account identifier associated with the autonomous device, a destination account identifier, a transaction amount, and a timestamp. The device can digitally sign the transaction request using a private key of an asymmetric key pair.

Abstract: Assessing compromises of data security is achieved by establishing access control policies for data files in storage devices across an enterprise. A list is compiled of the data files that were accessed by processes executing on processors of the enterprise. A suspicion score is assigned to each of the processes based on deviations of in-memory behaviors of the processes from established criteria. In response to the suspicion score meeting a suspicious process criterion, the file system operations performed by the suspicious process are analyzed against the access control policies and the suspicion score is modified based on a degree to which the file system operations performed by the suspicious process violate the access control policies.

Abstract: A method and an apparatus for distinguishing humans from computers and for controlling access to network services. One intended application of the method is a CAPTCHA technique, deployed using a shared Trusted Computing technology over a trusted network of a user terminal, a network server, and a Trusted Party, any of which may be at a Decision Point. The method distinguishes a human user making a legitimate request for network access from a programmed computer making undesired requests, by detecting unusually high network access request frequencies made by an identifiable user and/or a trusted module from the user terminal. The CAPTCHA function is further used to improve the method for controlling access to network services. The information transmitted between the members of the trusted network may be encrypted.

Abstract: A system for detecting network intrusions and other conditions in a network is described. The system includes a plurality of collector devices that are disposed to collect data and statistical information on packets that are sent between nodes on a network. An aggregator device is disposed to receive data and statistical information from the plurality of collector devices. The aggregator device produces a connection table that maps each node on the network to a record that stores information about traffic to or from the node. The aggregator runs processes that determine network events from aggregating of anomalies into network events.

Abstract: Encrypted auxiliary information data DYAE/DCAE including no inhibited codes is generated based on auxiliary information data DYA/DCA including no inhibited codes, in an auxiliary data packet having an auxiliary data flag ADF formed of a first combination of a plurality of inhibited codes, the auxiliary data flag ADF is replaced with an auxiliary data flag EADF formed of a second combination of the inhibited codes, the second combination being different from the first combination, to form an encrypted auxiliary data packet having the auxiliary data flag EADF and including the encrypted auxiliary information data DYAE/DCAE, and the encrypted auxiliary data packet is transmitted.

Abstract: DRM-encrypted content is opened up to “trusted search”, without compromising copyright control, thus allowing end users to locate DRM-encrypted content alongside upon unencrypted content. The indexer (or crawler) (216) of a search engine (214) is provided with a DRM module (302) for communication with a DRM server (306) so that the indexer (216) can access even the encrypted content nominally as if it were a human end user of the content. The indexer (216) may be issued with a DRM-recognized “identity” so as to distinguish itself from other end users and DRM-enabled search engines. Thus, the search engine (214) can programmatically access the content, subject to being able to obtain permission from the DRM solution.

Abstract: In a secure content distribution system, the text is extracted and scrambled in content documents that include text. The scrambled content is made available for indexing by conventional search engines but is not available as plain text and thus is kept secure. The scrambling process breaks a text stream derived from the content document into two to five word phrases, randomizes the phrases and creates a text file from the randomized stream. Third party search engines are allowed to index the scrambled file so that search algorithms that search on particular words or phrases produce nearly the same number of hits as with the plain text file. A web server that provides the content returns either the scrambled content to a search engine or a link to the publisher by examining a user agent parameter that accompanies a content request. Alternatively the scrambled content also includes a script routine that links to the publisher.

Abstract: A video watermarking scheme is disclosed, which is designed for the digital cinema format, as it will be used on large projector screens in theaters. The watermark is designed in such a way that it has minimal impact on the video quality, but is still detectable after capture with a handheld camera and conversion to, for instance, VHS, CD-Video or DVD format. The proposed watermarking system only exploits the temporal axis. This makes it invulnerable to geometrical distortions generally caused by such a way of capturing. The watermark is embedded by modulating a global property of the frames (e.g. the mean luminance) in accordance with the samples of the watermark. The embedding depth is preferably locally adapted within each frame to local statistics of the respective image. Watermark detection is performed by correlating the watermark sequence with extracted mean luminance values of a sequence of frames.

Abstract: Embodiments of methods, apparatuses, devices, and/or systems for data copyright management are described.

Abstract: A parameter generation apparatus for generating parameters causing no decryption error for an NTRU cryptosystem so that an encrypted communication can be carried out between an encryption apparatus and a decryption apparatus in a secure and reliable manner. The parameter generation apparatus includes: a provisional parameter generation unit operable to generate a set of provisional parameters that do not cause any decryption errors, based on error condition information that is provided in advance, the error condition information indicating a condition for causing no decryption error; and an output parameter generation unit operable to generate an output parameter that does not cause any decryption errors, using the set of provisional parameters, based on a lattice constant that is calculated from the set of provisional parameters.

Abstract: For the determination of a result of a modular exponentiation, a randomization auxiliary number is employed for the randomization of the exponent on the basis of the product of the public key and the private key less “1”. This randomization auxiliary number may be derived from the private RSA dataset without special functionalities. Thus, low-overhead exponent randomization may be performed for each security protocol universally, to perform a digital signature secure against side-channel attacks.

Abstract: This invention discloses a method and system for processing logic modules, each having a separate functionality, into a unique functionality that is to be executed in an interlocked mode as a unique functionality. The method is based on taking logic modules (programs and data) with known functionality and transforming them into a hidden program by integrating modules to execute together into a logic which is partially obfuscated and/or encrypted and/or physically hidden. The hidden program is being updated dynamically to strengthen it against reverse engineering efforts. The program includes the functionality for generating security signals, which are unpredictable by observers, such as a pseudo random sequence of security signals. Only elements that share the means for producing the security signals can check their validity. The modules include operational tasks and performance parameters for this operation.

Abstract: Method and apparatus for protecting image content. In an embodiment, tags are used to identify how to alter image content. A graphics processor is configured to process the tags and to alter the image responsive to the tags. In another embodiment, a graphics processor is configured to alter image content unless a key is provided to the graphics processor.

Abstract: A method for initiating a security procedure within a building whereby a virtual key is generated by a certain event and transmitted to a selected person. If the selected person identifies himself by means of the virtual key, a security procedure, for example making an elevator available, is initiated within the building.

Abstract: When an electronic apparatus is forcibly put into an inoperable state by theft, the inoperable state is canceled using a code from a dealer, without carrying the electronic apparatus into the dealer. After electric power is supplied again, a CD reproduction apparatus is used to playback a CD, and TOC information is used as a code C1. When code C1 is identical to an authorized code A21, the electronic apparatus is made operable. To cancel the inoperable state after the number of inconsistencies becomes 10 or more, a code A22 is notified to the dealer. The dealer carries out a calculation using the code A22, and a result B2 of the calculation is notified to the user. An individual code calculating means carries out the same calculation as the above-mentioned calculation and obtains calculation result B3. When calculation result B2 coincides with calculation result B3, the inoperable state is canceled.

Abstract: A system architecture for thwarting denial of service attacks on a victim data center is described. The system includes a first plurality of monitors that monitor network traffic flow through the network. The first plurality of monitors is disposed at a second plurality of points in the network. The system includes a central controller that receives data from the plurality of monitors, over a hardened, redundant network. The central controller analyzes network traffic statistics to identify malicious network traffic. In some embodiments of the system, a gateway device is disposed to pass network packets between the network and the victim site. The gateway is disposed to protect the victim site, and is coupled to the control center by the redundant hardened network.

Abstract: An auditing framework for determining whether a database disclosure of information adhered to its data disclosure policies. Users formulate audit expressions to specify the (sensitive) data subject to disclosure review. An audit component accepts audit expressions and returns all queries (deemed “suspicious”) that accessed the specified data during their execution.