Abstract: According to one embodiment, a method for removing authentication of a supplicant includes monitoring communication between the supplicant and an authenticator. The method also includes determining, based on the monitored communication, the MAC address for the supplicant and an attachment port of the supplicant to the intermediate network device disposed between the supplicant and the authenticator through which the monitored communication occurs. The method also includes determining that the supplicant no longer has a link connection with the intermediate network device, and in response, sending via the intermediate network device a logoff message having a spoofed source address of the supplicant to the authenticator.

Abstract: There is described an image forming apparatus, which makes it possible to securely prevent the secret information from leaking out to unauthorized personnel. The apparatus includes: a display section to display a first document that includes secret information; an operating section to designate a concealing position in the first document and establish a disclosable range of the secret information, therefrom; a storage control section to store document data, designation positional information and disclosable range information, while correlating them with each other; an authenticating section to determine whether or not a user coincides with the disclosable range, based on identification information of the user; and a printing section to print either at least a copy of the first document, when the user coincides with the disclosable range, or copies of a second document, when the authenticating section determines that the user does not coincide with the disclosable range.

Abstract: A packet relay apparatus keeps only packets specified as authentication target packets of MAC address authentication, to reduce the number of packets to be transferred from H/W to a CPU. In addition to a source MAC address, the authentication target packet of MAC address authentication is specified by an Ethernet type, a destination IP address, a protocol, a source port number and a destination port number of TCP/UDP, and the like. In this way, the packet relay apparatus excludes a terminal not transmitting authentication target packets of MAC address authentication, from the MAC address authentication target, while allowing selection from other authentication methods such as Web authentication and IEEE802.1X authentication.

Abstract: A broadcast stateless protocol by which a client broadcasts a request to a server group is described. In one embodiment, the client broadcasts the request to a server group. A tamper-evident challenge including the request is received from any one server of the server group. A response to the tamper-evident challenge is broadcast to any one server of the server group, the response including the request. A result to the request is received upon any one server of the server group verifying the response being valid and the request being unmodified.

Abstract: An apparatus and methods of securely communicating a message between a first device and a second device using a message specific identifier is disclosed. The method begins by receiving an encryption key request from a sending device, where the encryption key request is based upon the message specific identifier, which is associated with a plurality of attributes associated with the message and the sending device. In more detail, the message specific identifier may be an information-based indicator that is unique with respect to the message and the sending device. The method parses the encryption key request and the message specific identifier to provide an intermediate argument used to enter a current random character set that is periodically generated and stored into memory. The intermediate argument helps identify which type of encryption method is desired for use in encryption key generation.

Abstract: To prevent piracy or leakage of data content, a cryptography technique and electronic watermark technique are combined together and used. In a data content supplied to a user, a user data is entered as electronic watermark by a data management center, and the data content with an electronic watermark entered in it is encrypted using a crypt key and is supplied. The encrypted data content is decrypted using a crypt key distributed from the data management center and is used. In case it is to be stored, it is encrypted using another crypt key. In case the data content is copied and transferred to other user, a user data of the other user is entered as electronic watermark, and a scenario to enter the user data of the other user as electronic watermark is registered at the data management center, and the data content with electronic watermark entered in it is encrypted using another crypt key and is supplied.

Abstract: A watermark-based age verification system is provided in one implementation. The verification system may also verify a biometric template against a biometric sample. Shelf-life identification documents are provided in another implementation. Another aspect of the present invention analyzes image data to identify a face region or silhouette associated with a human subject depicted in the image data. The image data is adjusted, e.g., to center or align a face region within an image frame. A digital watermark is embedded after realignment. Another aspect authenticates or handles digital images that are captured at a first location and transferred to a second location via watermarking. In another implementation, first machine-readable code on an identification document layer is cross-correlated with second machine-readable code on the identification document.

Abstract: The method of quantifying risk, implemented as a computerized program, quantifies the risk of releasing security sensitive words, data objects, characters or icons which may be part of data subject to analysis (target data). Security words, etc. are categorized, pre-existing data for each category is obtained and the categories (and subsumed pre-existing data) are ranked by risk. The target data is compared to the compiled pre-existing data and a risk output is generated. For unknown or undefined words, an indeterminable category is created and is ranked. The method may include inference engines, and contextual routines to add semantic equivalents and opposites to the critical list. Search engines may be employed to add to the list. A differential rank quantifier is assigned to the security words, etc. which has a different rank than the associated category. Frequency analysis, source analysis and stochastic analysis is also used. The risk output is altered.

Abstract: A method of certifying a correspondent in a data communication system by a certifying authority. The certifying authority includes a cryptographic unit. The method includes generating a random number and implicit certificate components based on the random number using the cryptographic unit. The implicit certificate components have a first component and a second component. The method also includes providing the implicit certificate components for use in the data communication system and providing a public key of the certifying authority for use in derivation of a public key of the correspondent from the first component. The certifying authority recertifies the correspondent by providing implicit certificate components using a changed value for the random number.

Abstract: Systems and methods for providing compressed video with layered graphics to at least one screen are described herein. An On Screen Display (OSD) system receives a command from a remote set top box coupled to a screen. The command instructs the OSD system to process the input video stream according to various processing functions including layering at least one graphics plane on top of the video stream. The OSD system processes the input video stream to generate an output video stream with the layered graphics planes and outputs, in a compressed format, the output video stream to the screen. The system advantageously provides a central OSD processing unit that can output video with layered graphics in a compressed format to multiple displays.

Abstract: An approach for managing the privacy and disclosure of location information associated with a computer system. For one aspect, a request is received from a requestor for a location property associated with a location of a computer system. It is then determined whether a privacy preference associated with the requestor has been specified. If not, a user may be prompted to supply privacy preferences associated with the requester. The privacy preferences are then applied to determine whether or not to provide the requested information. A user setting, such as a basic input-output system memory location setting, may also be implemented to enable and/or disable location-aware computing.

Abstract: Means for checking the correctness of a cryptographic operation on an elliptic curve E(Z/pZ), including fault-resistant computation of Q=kP on elliptic curve E(Z/pZ). Elliptic curve E^(Z/pr2Z)?E(Z/pZ)×E(Z/r2Z) is given by Chinese remaindering and where r is an integer. A point P^=CRT(P (mod p), R (mod r2)) is formed in E^(Z/pr2Z); P^ reduces to P in E(Z/pZ), and to R in E1(Z/r2Z). Q^=kP^ in E^(Z/pr2Z) is computed (130). It is then verified whether Q^?kR (mod r2) in E1(Z/r2Z), and if so, Q=Q^ mod p is output, whereas “error” is returned if this is not the case. Also provided are an apparatus and a computer program product.

Abstract: A video watermarking scheme is disclosed, which is designed for the digital cinema format, as it will be used on large projector screens in theaters. The watermark is designed in such a way that it has minimal impact on the video quality, but is still detectable after capture with a handheld camera and conversion to, for instance, VHS, CD-Video or DVD format. The proposed watermarking system only exploits the temporal axis. This makes it invulnerable to geometrical distortions generally caused by such a way of capturing. The watermark is embedded by modulating a global property of the frames (e.g. the mean luminance) in accordance with the samples of the watermark. The embedding depth is preferably locally adapted within each frame to local statistics of the respective image. Watermark detection is performed by correlating the watermark sequence with extracted mean luminance values of a sequence of frames.

Abstract: Policy-based, delegated limited network access management places day-to-day control of network access in the hands of authorized users, referred to as resource access administrators, selected for their business knowledge and ability to respond quickly to business events. Resource access administrators have the ability to respond, in the form of access decisions proposed by individuals with knowledge or, or responsibility for business processes and business partner relationships and shaped and pre-approved by network security specialists, referred to as network access administrators. This approach, therefore, reduces the cost, complexity, and delay (latency) associated with managing external network access without compromising network security.

Abstract: Method and system of providing an association between a system's meta-tagged data objects and a list of terms, the association indicating which objects are and are not covered by a given policy, in one aspect, may comprise obtaining a list of terms and a policy that includes one or more of the terms; identifying a plurality of meta-tags used in a system; developing one or more mappings between the terms and the meta-tags; identifying system data objects in the system having one or more meta-tags; creating for each meta-tag of each system data object identified, an association between the system data object and the one or more terms to which the meta-tag is mapped, the association indicating whether the system data object is or is not covered by the policy.

Abstract: Disclosed herein are systems, computer-implemented methods, and computer-readable storage media for obfuscating a function call. The method receives a computer program having an annotated function and determines prolog instructions for setting up a stack frame of the annotated function and epilog instructions for tearing down the stack frame. The method places a first portion of the prolog instructions in the computer program preceding a jump to the annotated function and a second portion of the prolog instructions at a beginning of the annotated function. The method places a first portion of the epilog instructions at an end of the annotated function and a second portion of the epilog instructions in the computer program after the jump. Executing the first and second portions of the prolog instructions together sets up the stack frame. Executing the first and the second portions of the epilog instructions together tears down the stack frame.

Abstract: In a coding apparatus for performing motion-compensated coding, N (M>N?2)-arized images are converted from a coding target image and reference image as M-arized images, and a motion search is conducted using the N-arized images. During this process, the coding apparatus applies low-pass filter processing to the coding target image and the reference image before conversion of the N-arized images.

Abstract: Techniques for credential strength analysis via failed intruder access attempts are presented. Intruders attempting to access a secure network with failed credentials are monitored. The failed credentials are retained and evaluated in view of previously recorded failed credentials. Credential policy is updated in response to the evaluation and intruder trends and sophistication levels are also predicted in response to the evaluation.

Abstract: Methods and apparatus involve the voluntary transfer or sharing of item(s), such as files or other data, based upon the automatic discovery of recipients, including sender pushing of the items and recipient approval. During use, computing devices advertise their availability for potential receipt of the items and recipients are automatically discovered. The sender attaches the items to a selected recipient, and a size, description, etc. of the items is calculated. Upon a connection between the sending and recipient computing devices, the sending device pushes to the recipient an identifier of the sender and the size, description, etc., so the recipient can determine whether they want to accept transfer. If so, the items are transferred, including display of the progress. If not, the sender is notified of the refusal. Other features contemplate attaching techniques, visual information display, authentication of parties, computer program products, and systems, to name a few.

Abstract: A method, system and computer program product for preventing execution of pirated software. A file is loaded on an end user's computer containing a binary image that is generated by removing one or more code bits from an executable code. A request is sent to a remote server to return a software key required for execution of the executable code from the binary image. The software key is downloaded to the end user's computer on which the binary image is loaded. One or more bits from the software key is inserted into the appropriate location of the binary image to regenerate the executable code. The executable code is enabled for execution on the end user's computer only following the embedding of the one or more bits.