Abstract: A wireless personal area network (WPAN) system includes a plurality of WPAN devices using encrypted wireless communication therebetween when in an enabled state and not wirelessly communicating when in a disabled state. At least one of the WPAN devices includes a WPAN identity reader for reading at least one identifying parameter of a user, for confirming that the user is an authorized user based upon reading the at least one identifying parameter, and for wirelessly communicating with at least one other WPAN device to switch the at least one other WPAN device from the disabled state to the enabled state based upon confirming the user is an authorized user.

Abstract: Systems and methods for providing content items to users. A computer system may provide to a first user an indication of a plurality of available content items. The computer system may receive from the first user an indication of a first content item selected from the plurality of content items. The computer system may determine whether a content provider service associated with the computer system is authorized to stream the first content item to the first user. When the content provider service is not authorized to stream the first content item to the first user, the computer system may identify an alternate source for the first content item. The computer system may initiate playback of the first content item to the first user from the alternate source.

Abstract: An apparatus and method to provision and distribute a traffic key amongst a plurality of radios enables secure communication, for a predetermined group or a predetermined event. Each radio has a controller, a radio transceiver for electromagnetic radio communications, and a near-field transceiver for near-field communications (NFC). The traffic key (or traffic keys) is provisioned locally at one radio and distributed to the remaining radios utilizing the NFC over a non propagating link. The same traffic key is distributed amongst all radios, and additional restrictions may be applied if desired. The same radios can later be re-provisioned for a different group or event. The local provisioning and distribution is highly advantageous for markets that do not require permanent assignment of radios.

Abstract: A content protection management system that enables interoperability with other Content Protection and DRM technologies. A managed security domain provides a simple, consistent and reliable experience to whole-home network subscribers. The architectural concept for the whole-home network includes an underlying control plane with an overlaying content security control plane running a particular DRM technology.

Abstract: A third party provides an analysis of an analog signal property derived from an electronic device. A data set describing an analog signal property is obtained. The data set is derived from at least one measurement on the signal. A permission set based on data received from a supplier entity is maintained. A consumer entity having permissions are permitted access to information computed from the data set. A consumer input from the consumer entity is received. The consumer input represents a request for the analysis result. A determination is made based on permissions that the consumer entity is permitted access to the computed information. An analysis result from the data set is computed after receiving the consumer input. The analysis result is provided to the consumer entity. This abstract is not to be considered limiting, since other embodiments may deviate from the features described in this abstract.

Abstract: Apparatus, method and program product detect an attempt to tamper with a microchip by determining that an electrical path comprising one or more connections and a metal plate attached to the backside of a microchip has become disconnected or otherwise altered. A tampering attempt may also be detected in response to the presence of an electrical path that should not be present, as may result from the microchip being incorrectly reconstituted. Actual and/or deceptive paths may be automatically selected and monitored to further confound a reverse engineering attempt.

Abstract: A management device for managing states of components. The management device includes a reading unit to read management information from each of plural components; a determining unit to refer to license information associated with management information of each component stored in a license storage unit, and to determine, based on the referred license information, whether each component is usable or not; and an operation control unit to make a component determined to be usable operate but to inhibit an operation of a component determined to be unusable.

Abstract: Concepts and technologies are disclosed herein for a peer applications trust center. A trust client can execute on a client computer and a trust service can execute on a server computer to provide the peer applications trust center. The trust client or trust server can register applications. During registration, the trust server or the trust client can generate a public key or other identifier for identifying the registered application. If another application requests access to the registered application, the trust server or the trust client can determine if the request specifies a registered application by name. If the requestor is granted access to the application, the requestor can be issued a token. Tokens can be revoked, updated, replaced, or renewed for various purposes.

Abstract: Methods and systems are disclosed a digital investigation tool capable of recovering and decrypting content. The tool combines digital techniques with decryption capability for a wide range of encryption algorithms. In one implementation, the tool identifies the type and/or vendor of the encryption algorithm used to protect the content. The tool then automatically obtains the decryption information needed to decrypt the content. Depending on the encryption algorithm used, the information may include a master key, user-specific keys, user IDs, passwords, and the like. The decryption information may be accumulated in a local or remote storage location accessible by the tool, or it may be acquired in real time on an as-needed basis from a third-party encryption vendor, a key server, and the like. Such an arrangement allows law enforcement agencies as well as corporate security personnel to quickly recover and decrypt content stored on a computer system.

Abstract: A system for retroactively detecting malicious software on an end user system without performing expensive cross-referencing directly on the endpoint device. A client provides a server with information about files that are on it together with what it knows about these files. The server tracks this information and cross-references it against new intelligence it gathers on clean or malicious files. If a discrepancy is found (i.e., a file that had been called malicious, but that is actually benign or vice versa), the server informs the client, which in turn takes an appropriate action based on this information.

Abstract: A method and system for graduated security in an identity management system utilize differing levels of time sensitivity, channel security and authentication security to provide a multi-dimensional approach to providing the right fit for differing identity requests. The differing levels of security can be selected by user preference, membersite request or homesite policy.

Abstract: A key updating method and system are provided. In the method, (1) a back-end authentication system receives a current dynamic password generated by a dynamic token and authenticates the current dynamic password, and if the authentication succeeds, generates key updating information and goes to (2); (2), the back-end authentication system generates a first updating key according to the key updating information and a first initial key stored therein and copies the first updating key to a buffer of the first initial key; the dynamic token obtains and authenticates the key updating information, and if the authentication succeeds, generates a second updating key according to the key updating information and a second initial key stored in the dynamic token and copies the second updating key to a buffer of the second initial key; or if authentication fails, quits the key updating. The solution avoids risk incurred by accidental key leakage.

Abstract: A plurality of system entities described in an asset repository are identified, the asset repository defining a particular hierarchical organization of the plurality of system entities within a computing environment. A particular system entity in the plurality of system entities is tagged with a particular tag. The particular system entity is associated with a particular security policy based on the particular system entity being tagged with the particular tag. The particular security policy is applied to system entities in the asset repository tagged with one or more tags in a particular set of tags including the particular tag.

Abstract: An additional service that authenticates personal information of a second person by using the mobile identification service in response to a first person requesting authentication is provided. As a result, the authenticated personal information of the second person is shown to the first person.

Abstract: A method and a system for monitoring a threat are described. The system has a gateway, a web server, and a client device. The gateway detects, identifies, and tracks a threat at a location associated with the gateway. The gateway is coupled to a security device. The web server has a management application configured to communicate with the gateway. The client device communicates with the gateway identified by the web server. The gateway aggregates monitoring data from the security device and from other security devices respectively coupled to other gateways correlated with the gateway. The client device receives the aggregated monitoring data and controls the security device coupled to the respective gateway from a web-based user interface at the client device.

Abstract: Technologies are generally described for providing an encryption method using real-world objects. In some examples, a method may include capturing, by a first electronic device, an external object, generating an object signal associated with the external object, generating an encryption key based on the object signal, and transmitting data encrypted by the encryption key to a second electronic device.

Abstract: Embodiments of the invention are generally directed to performing processing of content through partial authentication of secondary channel. An embodiment of a method includes performing a first authentication between a source transmitting device and a sink receiving device for communication of data streams, and performing a second authentication between the source transmitting device and a bridge device such that the second authentication is independent of the first authentication and the sink receiving device remains uninfluenced by the second authentication. The bridge device includes an intermediate carrier device coupled to the source transmitting device and the sink receiving device. The method further includes transmitting a data stream having encrypted content from the source transmitting device to the bridge device.

Abstract: A URL, to launch a license contract registration process, in software which requires license registration is informed to a license contract information input server which executes a process of inputting information necessary for license registration. After input of the necessary information, the license contract information input server transfers a request for license registration to the informed URL. The information necessary for license registration is inputted in accordance with a format arbitrarily created by the license contract information input server. A Web browser used by a user to operate a license contract registration process and license management target software can run on different hosts. After distribution of the target software for a license contract, information to be input by the user at the time of license contract can be changed.

Abstract: Methods, systems, and computer-readable storage media for preventing a clickjacking attack on a web page. Implementations include inhibiting rendering of content of the web page, receiving a message from an embedding web page, the embedding web page having called the web page, the message including metadata, and determining whether the embedding web page is trusted based on the metadata, wherein rendering of content of the web page remains inhibited if the embedding web page is untrusted, and rendering of content of the web page is executed if the embedding web page is trusted.

Abstract: An Advanced Encryption Standard (AES) key generation assist instruction is provided. The AES key generation assist instruction assists in generating round keys used to perform AES encryption and decryption operations. The AES key generation instruction operates independent of the size of the cipher key and performs key generation operations in parallel on four 32-bit words thereby increasing the speed at which the round keys are generated. This instruction is easy to use in software. Hardware implementation of this instruction removes potential threats of software (cache access based) side channel attacks on this part of the AES algorithm.