Abstract: Facilitating single sign-on on a device having sandboxed applications. A method includes identifying a plurality of associated applications. Criteria are evaluated to identify a primary application. Authentication state is stored at the primary application. One or more portions of the authentication state can be used by the applications in the plurality of associated application for authentication.

Abstract: Provided are a method, a system, and a computer program product in which a secondary storage controller copies a file stored in a primary storage controller. The secondary storage controller performs an anti-virus scan on the copied file. A result of the anti-virus scan is transmitted to the primary storage controller.

Abstract: A method includes performing operations as follows on a processor: associating content stored on a data processing system with an event associated with a user, determining when the event is to occur, and pushing the content from the data processing system to a mobile device associated with the user not later than the occurrence of the event for storage on the mobile device.

Abstract: A card including a data transmission mechanism using annex transmission channels. A method is described for the transmission of data by a chip card at an end of its life using hidden communication channels different from standard communication channels of the card. The data are transmitted by modulating a binary signal that results from a modification of a hardware parameter of the card.

Abstract: A method for confirming identity of a user of a mobile electronic device, the method including: receiving touch data from a touch-screen of the mobile electronic device; receiving acceleration data from an accelerometer of the mobile electronic device; correlating between the touch data and the acceleration data; based on the correlating, generating a user-specific trait indicative of said user. The method further includes storing a reference value of the user-specific trait, indicative of said user; in a subsequent usage session of the mobile electronic device, generating a current value of the user-specific trait correlating between touch data and acceleration data; and based on a comparison between the current value of the user-specific trait and the reference value of the user-specific trait, determining whether or not a current user of the mobile electronic device is an authorized user of the mobile electronic device.

Abstract: A computer system and method for determining the legitimacy of a website determines the presence of a relationship between a received website and at least one known illegitimate website. When such a relationship is detected, the received website is determined to be illegitimate and corresponding action may be taken.

Abstract: Devices, systems, and methods of detecting user identity, differentiating between users of a computerized service, and detecting a cyber-attacker. An end-user device (a desktop computer, a laptop computer, a smartphone, a tablet, or the like) interacts and communicates with a server of a computerized server (a banking website, an electronic commerce website, or the like). The interactions are monitored, tracked and logged. Communication interferences are intentionally introduced to the communication session; and the server tracks the response or the reaction of the end-user device to such communication interferences. The system determines whether the user is a legitimate human user; or a cyber-attacker posing as a legitimate human user but actually utilizing a Virtual Machine.

Abstract: Systems, methods, and other embodiments associated with layer two (L2) encryption for data center interconnectivity are described. One example system includes a receive logic to receive an unencrypted L2 switched frame (UL2SF). The UL2SF may include a payload and an L2 header. The example system may also include an encryption logic to selectively encrypt the UL2SF into an encrypted frame if the UL2SF is to be sent through an L2 virtual private network (L2VPN) requiring encryption. The example system may also include a delivery logic that adds a header to the encrypted frame. The header may include data to identify a decryption function to decrypt the encrypted frame and routing information for the encrypted frame. The delivery logic may also provide the encrypted frame to the L2VPN, where the providing includes selectively sending the encrypted frame as one of, a point to point packet, and a multipoint packet.

Abstract: To facilitate implementing a user operation control in a picture reproducing apparatus for reproducing contents recorded on a disk or the like. A picture reproducing apparatus selects and reproduces a plurality of prerecorded picture streams in the disk. A reproduction control unit is configured to reproduce the picture streams in either of two reproduction modes, i.e., a normal mode for accepting particular key inputs pertaining to picture reproduction and a menu mode for not accepting the particular key inputs. The mode in which the picture streams are reproduced may be written by contents creators in a script file which is recorded on the disk.

Abstract: A method to efficiently detect, store, modify, and recreate fully or partially duplicate file forks is described. During archive creation or modification, sets of fully or partially duplicate forks are detected and a reduced number of transformed forks or fork segments are stored. During archive expansion, one or more forks are recreated from each full or partial copy.

Abstract: A method for enabling access to software security data is provided. The method includes accessing data associated with software vulnerabilities from a plurality of on-line sources. The method further includes aggregating the data from the plurality of on-line sources and identifying attributes associated with the data. The method also includes enabling access to the aggregated data through a graphical user interface that can be used to analyze the data according to the attributes.

Abstract: Systems and methods are provided for data protection across connected, disconnected, attended, and unattended environments. Embodiments of the inventions may include differential encryption based on network connectivity, attended/unattended status, or a combination thereof. Additional embodiments of the invention incorporate “trust windows” that provide granular and flexible data access as function of the parameters under which sensitive data is accessed. Further embodiments refine the trust windows concept by incorporating dynamic intrusion detection techniques.

Abstract: An information processing apparatus for controlling use of a content recorded on a disc. The information processing apparatus includes: in reference to a certificate revocation list including invalidation information of a content owner providing the content, a data verification section verifying whether content-owner identification recorded in a content-owner certificate recorded on the disc as a certificate corresponding to the content owner is included in the certificate revocation list, and if included, the data verification section comparing a content-certificate time stamp which is stored in the content certificate recorded on the disc as a certificate corresponding to the content and a CRL time stamp which is invalidation date-and-time information corresponding to the content owner stored in the certificate revocation list; and a content-use control section prohibiting or restricting use of the content if the content-certificate time stamp has date-and-time data not earlier than the CRL time stamp.

Abstract: Techniques are provided for securely managing, using smart cards, the usage of a peripheral device. In one embodiment, both the peripheral device and the smart card have digital certificates and a means for authenticating each other. Each device requires authentication of the other device before access to the device's resources is granted. In one embodiment of the invention, the smart card executes a local Java application for managing usage data. The application provides quota and prior usage data to the peripheral device, and updates on the smart card usage data provided by the peripheral device. The usage data on the smart card is used to limit, audit, or track access to resources and operations on the peripheral device. In another embodiment, the authentication and usage management functions of the smart card is implemented on a remote server.

Abstract: A key generating device according to an embodiment of the present invention includes: a parameter determining unit that randomly determines a plurality of parameters that are needed when generating a secret key and a public key; a bilinear group selecting unit that selects a plurality of bilinear groups and bilinear mapping on the basis of the plurality of parameters; and a key generating unit that generates the secret key and the public key on the basis of the parameters and the plurality of bilinear groups.

Abstract: An authoring device includes: a separator for separating a video stream and an audio stream from the input stream; a multiplexer for multiplexing the video stream and the audio stream to generate content information and further generating control information for managing stream reproduction, generating, from content information and control information, incomplete disc image data which is a series of data basically based on a predetermined format and in which a part of reproduction control information defined by a predetermined format is missing, and further generating analysis information required for generating the missing part of the reproduction control information; and a disc image completing section for completing the incomplete disc image data by referencing the analysis information after generation of the incomplete disc image data.

Abstract: A system for controlling abnormal traffic based on a fuzzy logic includes: an intrusion detection module for analyzing packets incoming from a network interface by means of a membership function defined based on a specific period of time, and outputting a fuzzy value representing a degree of a port scan attack; a fuzzy control module for recognizing the degree of the port scan attack based on the fuzzy value and outputting a control signal for traffic control according to the recognized degree of the port scan attack; and an intrusion blocking module for receiving the control signal and controlling the traffic with the network interface.

Abstract: When authentication processing has succeeded between different authentication domains in an information processing apparatus, authentication information between the different authentication domains is registered in association with user-related information. When a data conversion is performed between the different authentication domains, the data conversion of the user-related information is carried out based upon the registered authentication information.

Abstract: The message authentication code with blind factorization and randomization is a computational method for improving the security of existing Message Authentication Code (MAC) methods through the use of blind integer factorization. Further, blind randomization is used as a countermeasure to minimize collision attacks where different plaintexts produce the same MAC.

Abstract: Application protection systems and methods. The system comprises a security platform device comprising a storage unit and a processing unit. The storage unit comprises a root security key and an application security key. The security platform device receives a unique key from an application. The processing unit encrypts the unique key using the root security key, and determines whether the encrypted unique key conforms to the application security key. If so, the application is allowed to execute.