Abstract: A “third-party watermark” is inserted into a file or files uploaded by a client to a “storing party” such as a file backup server. The third-party watermark may contain information about the upload itself, such as time and date of the upload and the identity of the client. The third-party watermark may also contain authentication information received from the client or elsewhere that establishes that the client is in proper possession of the file, e.g., it is not a “bootlegged” copy.

Abstract: A method is provided which defends a computer program against attacks independently of the complexity of the program. A request to invoke the application is received. A process execution state is set to indicate a first execution. The application is executed in response to the request, and application data and control information calculated by the application is stored while the application is executed. The process execution state is set to indicate a subsequent execution. At least part of the application is executed for at least one subsequent time. Application data and control information calculated by the application during subsequent executions is compared with the data/information stored during first execution. The comparison is done by operation system services which are responsive to the process execution state. When the comparison shows a discrepancy in the compared application data and control information, appropriate error handling takes place.

Abstract: A computer-implemented method for aiding parental-control-policy decisions may include identifying a computer resource. The computer resource may include any content subject to a parental-control-policy decision. The method may also include identifying a community usage repository. The community usage repository may include information relating to a plurality of children's usage of the computer resource. The method may further include analyzing the community usage repository to generate statistical data relating to the computer resource. The method may additionally include presenting the statistical data to a user. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The invention relates to a method for protecting a sensitive operation by checking the integrity of at least a subset of the data manipulated by the sensitive operation. Data to be checked are divided into blocks, an intermediate integrity check value being computed for each block, the intermediate integrity check values being computed in random order. The invention also relates to a cryptographic device wherein at least one sensitive operation of the cryptographic device is protected by a method according to the invention.

Abstract: Various embodiments of a system and method for a single request—single response protocol with mutual replay attack protection are described. Embodiments may include a system that receives multiple single request messages, each of which may include a respective nonce, timestamp, and digital signature. The system may create a record of previously received nonces that, at any given time, may include multiple message nonces received within a valid period of time prior to that given time. To validate a given single request message the system may verify the digital signature of the that message, determine that the timestamp of that message indicates a time within the valid period of time prior to the current time, and determine the nonce of the that message is not present within the record of previously received nonces. The system may send a single response message that includes the same nonce as the validated message.

Abstract: A method of scrambling a stream of data includes obtaining from the stream a succession of first sequences of blocks of data. The order of the blocks is reversed in each of the first sequences of blocks to form respective second sequences of blocks of data. The blocks in each second sequence of blocks are encrypted using a cipher in block chaining mode, initialized with a respective initialization vector for each second sequence of blocks. For a succession of first sequences of blocks included in a unit of data within the stream, at least one initialization vector for encrypting a second sequence of blocks formed from a first sequence of blocks in the unit is generated in dependence on at least one block in a preceding first sequence of blocks of the unit.

Abstract: When a user makes a remote log-in to a server apparatus from a terminal apparatus, a password managing apparatus, which manages the name of a user of the server apparatus, his/her direct log-in password and transformation rule, displays an authentication purpose symbol sequence on a display apparatus. The user transforms the displayed sequence by his/her transformation rule and supplies, via the terminal apparatus, his/her user name and the post-transformation symbol sequence to the server apparatus, which then sends them to the password managing apparatus. If the result of applying the user's transformation rule to any authentication purpose symbol sequence generated in the past coincides with the post-transformation symbol sequence, the password managing apparatus sends the direct log-in password to the server apparatus to pass the remote log-in to the server apparatus by the terminal apparatus as a success.

Abstract: Authentication data indicating authenticity of a client is distributed into a plurality of function data as distributed data, the plurality of function data including function data specifying a function and rule data specifying the authentication data from the function. The client and a server shares a portion of the plurality of function data. The client calculates verification data from the function data unshared with the server, by performing a calculation process difficult for a third party to calculate the function data, and transmits the verification data to the server. The server verifies authenticity of the client based on the authentication data and distributed data per client stored therein, and the verification data received from the client.

Abstract: Methods and systems for binding a removable trusted platform module (TPM) subsystem module to an information handling system to provide a core root of trust for the information handling system without requiring soldering down or other hard and permanent (non-removable) attachment of a TPM device to the information handling system planar (e.g., motherboard). The removable TPM subsystem module may be a plug-in module that may be removed from the information handling system planar (e.g., motherboard), while at the same time maintaining the transitive chain of trust, and being capable of remotely attesting its trusted state. An information handling system platform may be provided that has the capability and flexibility of supporting multiple TPMs on the same system planar.

Abstract: Methods for managing privacy settings for a social network using an electronic computing device are presented including: causing the electronic computing device to receive a triggering event on the social network; and causing the electronic computing device to determine a number of privacy indices in response to the triggering event, where the number of privacy indices correspond with at least one target user, where the number of privacy indices are normalized from a summation of a number of privacy scores, where the number of privacy scores are each derived from a sum of attribute scores, and where the sum of attribute scores are each derived from a weighted sensitivity value of an attribute and a user relationship distance value of a user and the target user.

Abstract: A method for detecting a SQL injection attack comprises a training phase and a detection phase. In the training phase, a plurality of SQL queries is transformed into a respective plurality of SQL token domain queries which are processed using a n-gram analysis to provide a threshold and an averaging vector. In the detection phase, each newly arrived SQL query is transformed into a new SQL token domain query, and the n-gram analysis is applied together with the averaging vector and the threshold to each new SQL token domain query to determine if the new SQL query is normal or abnormal. The detection may be online or offline.

Abstract: A management apparatus comprising memory to store owner information, dependence relationship information, and authorized user information are associated with file information identifying the secret file, an authorized user determination unit to determine whether a source user of the browse request is registered as the authorized user of the browse request file, a dependent file specifying unit to specify a dependent file having a dependence relationship with the browse request file by referring to the dependence relationship information when the source user is authorized; and a browse permission response transmitting unit to transmit the browse permission response to the source user based on whether or not the source user is registered as the authorized user of the dependent file by referring to the authorized user information.

Abstract: Methods and systems for authenticated mode control in controlled devices are disclosed. A method for changing a mode in a controlled device from a current mode includes selecting one of several available key derivation functions based on a target mode, generating a target mode specific root key using a global root key and the selected key derivation function, and the use of that root key to affect a change of the controlled device to a target mode. Corresponding devices and systems are also disclosed. In one embodiment, the methods are applicable to a cable television distribution system and the changing of the operating mode of a set top box from one conditional access provider to another.