Abstract: A multimedia device or other type of processing device comprises a memory, a processor coupled to the memory, and playback circuitry coupled to the processor. In one aspect, the processor is operative to control the storage in the memory of at least one multimedia file containing a one-time password or other type of password, where the password is generated externally to the processing device, and to control the playback of the multimedia file via the playback circuitry to make the password apparent to or otherwise accessible to an associated user or other entity. The multimedia file may comprise, for example, an audio file, with the password being presented to the user in an audible form upon playback of the audio file. As another example, the multimedia file may comprise a video file, with the password being presented to the user in a visible form upon playback of the video file.

Abstract: The relay method for relaying an encryption communication in a gateway server between a client device and a content server includes the steps of receiving an encryption communication connection message to the content server from the device; producing a temporary encryption communication permit and a private key of its counterpart for the content server of a destination server name included in the connection message; sending the permit to the device; performing an End-End encryption communication with the device, receiving an encrypted access request message sent by the device, and decrypting and converting the request message to an access request message of a plain text; performing an End-End encryption communication with the content server, and acquiring content information instructed by the access request message; and performing value added processing for the acquired content information and its communication header, encrypting the information and the header, and sending them to the device.

Abstract: Techniques for variable security access information are presented. The complexity levels associated with access secrets drive the assigned access rights to target resources. A single target resource may have varying sets of access rights, where each set is associated with a particular complexity level for a given access secret. A requesting principal can custom establish the principal's desired access secret complexity level for a target resource; this in turn drives the set of access rights for the target resource, which the principal may use when accessing the target resource.

Abstract: Methods and apparatus detecting attempts to obtain IP addresses by faking a MAC address in a data portion of an IP address request message are described. In accordance with the present invention, rather than use standard address allocation protocols, e.g., ARP, the DNS DCHP contacts the requesting edge router via a private secure network. The MAC address received in the address request is compared to the MAC addresses stored in the edge routers port/MAC address resolution table. If the MAC address received in the request message cannot be found in the edge router's table which was created from the MAC address included in the message's header, a fraudulent attempt to obtain a MAC address is declared. The fraudulent attempt to obtain an IP address can be reported and steps taken to identify the perpetrator of the fraud.

Abstract: An interactive system for managing access via a communications network by one or more Device-Users and Database-Users with regard to at least one secured Location and an entry control Device assignable for use in gaining access to the Location by the one or more Device-Users. The system comprises a searchable database configured to store information on at least one of the secured Location, the one or more Device-Users, the one or more Database-Users, or the entry control Device, and Software stored on a readable medium and configured to search the database and report one or more conflicts concerning the information.

Abstract: A method for synchronization of a media signal computes features of the media signal and determines redundancy of the features to establish synchronization. The synchronization method is adapted for both temporal and spatial synchronization. For spatial synchronization, spatial redundancy is used to detect geometric distortion of a signal using an autocorrelation method to detect peaks caused by the redundancy of features of the signal. These peaks are then analyzed with a histogram method to detect rotation and scaling of the host media signal. The spatial synchronization process is applied for both intra-coded frames of video (I-frames) as well as still images.

Abstract: A secure software package for original equipment manufacturers to run in electronic devices in order to access and dynamically decrypt encrypted audio video or other content from a memory storage device such as a memory card, optical or hard disk such that the user interface of the device need only send simple commands and the decrypted content is output.

Abstract: A client device transmits service identification information to an authentication device at the time of a service request, prompts selection of one or more authentication entity devices which execute one or more authentication subprocesses from among all the authentication entity devices adaptive to profile information received from the authentication device, based on “function list information defining an execution environment of each of the authentication entity devices”, transmits a request for executing an authentication subprocess to such selected each authentication entity device, and transmits to the authentication device “authentication context information including an execution environment and an execution result of an authentication subprocess” received from such each authentication entity device.

Abstract: Disclosed herein is a content distribution system including: a content distribution server; a sender terminal; and a receiver terminal; wherein the content distribution server including a communication block; a recording block; a content management block; a content encryption block; and a key management block; wherein the sender terminal including a communication block; a terminal detection block; a recording block; and an extraction block; wherein the receiver terminal including a terminal detection block; a recording block; a decryption block; and a content reproduction block; wherein, if the sender terminal is located inside a communicable range in which data can be transmitted and received with the receiver terminal, the sender terminal distributes the content and the receiver terminal, if located inside the communicable range, reproduces the decrypted content.

Abstract: In accordance with a particular embodiment of the present invention, a method of detecting kernel level rootkits includes requesting first information from a kernel level process, the first information including first contents. The first information is received at a user level process. The method also includes compiling second information at kernel level, the second information including second contents corresponding to an expected first contents of the first information. The first contents are compared to the second contents.

Abstract: To provide a microelectronic circuit arrangement (100) and a method for protecting at least one electronic component against illicit manipulation and/or unauthorized access, in which circuit arrangement (100) and method there are no opportunities for manipulation even during or in connection with the start-up procedure, it is proposed that there be arranged at least activating unit (Ai; i=1, 2, 3, 4, 5) for checking whether at least one activating condition is met and for activating at least one preventing unit (Vj; j=1, 2, 3, 4, 5, 6, 7) that is also associated with the circuit arrangement (100) and that is connected to the activating unit (Ai), by means of which preventing unit (Vj) the component (200) can be at least partly de-activated and/or at least partly destroyed in the event of illicit manipulation and/or unauthorized access.

Abstract: One illustrative method involves the steps of receiving a ciphering mode information message from a wireless network; identifying and processing valid radio bearer downlink ciphering activation time information in the ciphering mode information message when it is part of a security mode command message; and refraining from processing any valid radio bearer downlink ciphering activation time information in the ciphering mode information message when it is part of a message that is different from the security mode command message (i.e. when it is part of a radio network subsystem relocation procedure).

Abstract: A mechanism is disclosed for enabling an attribute provider service (APS), which provides access to one or more attributes, to control access to the attributes at the attribute level. In one implementation, a request is received, which specifies a particular attribute that is desired to be accessed from an attribute repository. In response to this request, a policy that applies to the particular attribute is accessed. The policy is then processed to determine whether access to the particular attribute is to be allowed or denied. With the above mechanism, it is possible to control access to attributes at the attribute level rather than at the service level. Because access control is exercised at such a low level, an administrator can exercise much tighter and precise control over how attributes provided by an APS are accessed.

Abstract: In one embodiment, local software code present in a computer system enables real-time detection of whether the computer system is properly protected against malicious attacks from harmful software. For example, software code such as one or more agents executing in the computer system support real-time protection validation based upon detection of the behavior of the computer system (as opposed to mere detection of the presence of resources or applications in the computer system). In response to detecting that the computer system or an application accesses or provides a particular type of resource and should be protected via one or more appropriate protection policies, if the computer system is not already protected, an agent of the computer system can provide immediate remediation (e.g., a security measure) to temporarily protect the computer system until the appropriate protection policy can be activated to protect the computer system against malicious software threats.

Abstract: An exemplary method is provided for managing and mitigating security risks through planning. A first security-related information of a requested product is received. A second security-related information of resources that are available for producing the requested product is received. A multi-stage process with security risks managed by the first security-related information and the second security-related information is performed to produce the requested product.

Abstract: A method and system for distributing and enforcing security policies is provided. A firewall agent executing at a host computer system that is to be protected receives security policies for the enforcement engines responsible for enforcing the security policies on the host computer system. A security policy has rules that each provide a condition and action to be performed when the condition is satisfied. A rule also has a rule type that is used by the distribution system to identify the security components that are responsible for enforcing the rules. To distribute the security policies that have been received at a host computer system, the firewall agent identifies to which enforcement engine a rule applies based in part on rule type. The firewall agent then distributes the rule to the identified enforcement engine, which then enforces the rule.

Abstract: A secure LSI device 1 includes an encryption section 2 for encrypting a program, and an external I/F 50 for inputting/outputting a program or data from/to an external memory 100. In the encryption section 2, the operation of a private key arithmetic processing section 20 is prohibited with respect to a sequence whose execution is determined by a key-generation/update sequencer 30 to be impermissible. In the external I/F 50, a program processing section 51 and a data processing section 55 are structured independently from each other.

Abstract: A communication network encrypts a first portion of a transaction associated with point-to-point communications using a point-to-point encryption key. A second portion of the transaction associated with end-to-end communications is encrypted using an end-to-end encryption key.

Abstract: Methods and systems for reducing the spread of malware in communication between an instant message (IM) client and an IM server are described. An IM filter module (IM FM) is configured to examine incoming messages from an IM server to an IM client and outgoing messages from the IM client to the IM server. The IM filter module is further configured to analyze relationship among the incoming and outgoing messages and determine whether one or more messages contain malware based on the analysis of relationship among the incoming and outgoing messages.

Abstract: A communication apparatus and authenticating method prevent mistaken authentication at initial authentication in a connection between communication apparatuses. The communication apparatus includes an authentication processing unit which manages each state of the communication apparatus. The states include an authentication initiation permissible state, an authentication initiation impermissible state, an authentication initiation state, an authenticating state, an authentication successful state, an authentication unsuccessful state and an authentication completed state. Additionally, the authentication processing unit performs authentication with another communication apparatus, and stops the authentication when a plurality of authentication messages is received while in the authentication initiation state and the authenticating state.