Abstract: One embodiment of the invention is a method utilizing a CAPTCHA to generate a human likeness score including blocks: a) receiving a user solution to the CAPTCHA; b) receiving a user interaction pattern descriptive of an interaction undertaken by the user, through a graphical interface of the CAPTCHA, to achieve the user solution; c) determining the accuracy of the user solution; d) comparing the user interaction pattern against an interaction model generated from interaction patterns of previous users; e) calculating the human likeness score based upon the determination of block c) and the comparison of block d), wherein the human likeness score lies within a continuum of human likeness scores.

Abstract: A system connected to an existing computer includes a unit for monitoring the screen and provides input, a storage unit that stores data that pairs screen buffer regions with authentication details, wherein the system learns new pairs via user training and presents stored authentication details when the screen buffer regions match a related stored region which is paired with a region of the screen, and a unit that determines which of stored passwords need to be presented to the system by a pattern matching of regions of screen pixels.

Abstract: A computer device includes means for receiving a request for at least one random number; means for generating a message authentication code from the identifier and at least one random number to be transmitted; and means for creating a message for transmission, including the random number in plain text and the message authentication code. A random number distribution system includes the computer device; a communication network; and a receiver device connectable to the computer device via the network to transmit requests for random numbers to the computer device and to receive messages from the computer device.

Abstract: A key delivery mechanism that delivers keys to an OS platform (e.g., iOS platform) devices for decrypting encrypted HTTP live streaming data. An HTTPS URL for a stateless HTTPS service is included in the manifest for an encrypted HTTP live stream obtained by an application (e.g., a browser) on an OS platform device. The URL includes an encrypted key, for example as a query parameter value. The application passes the manifest to the OS. The OS contacts the HTTPS service to obtain the key using the URL indicated in the manifest. Since the encrypted key is a parameter of the URL, the encrypted key is provided to the HTTPS service along with information identifying the content. The HTTPS service decrypts the encrypted key and returns the decrypted key to the OS over HTTPS, thus eliminating the need for a database lookup at the HTTPS service.

Abstract: In some embodiments, each client device in the network has a private key and a public key. For two client devices to securely exchange information, each computes a shared secret based on its own private key and the other's public key. The client devices use the shared secret to generate a shared secret key pair. The shared secret public key is used as a key by each client device to store data in a public key-value data store to share with the other client device. The shared data is signed using the shared secret key pair. The shared data may also be encrypted using the shared secret key pair. Each client device uses the shared secret public key to retrieve the data from the public key-value data store. Each client device uses the shared secret key pair to verify and decrypt the shared data.

Abstract: Certificates issued by a CA are distributed across multiple CRLs. Each certificate issued by the CA is assigned to a specific CRL, and the address of that CRL is written to the appropriate field of the certificate, such that an authenticating application can subsequently determine if the certificate is revoked. When the CA revokes a specific one of the issued certificates, it determines to which CRL the revoked certificate is assigned, and updates the specific CRL accordingly. In some embodiments, a single one of the multiple CRLs is active for assignment of certificates at any given time, and each certificate issued by the CA is assigned to the currently active CRL. In other embodiments, assignments of issued certificates are distributed between different ones of a pre-determined number of multiple CRLs by applying a statistical distribution formula to each issued certificate to determine a corresponding target CRL.

Abstract: A network adapter system and associated method are provided. The network adapter system includes a processor positioned on a network adapter coupled between a computer and a network. Such processor is configured for scanning network traffic transmitted between the computer and the network.

Abstract: A key manager provides a way to separate out the management of encryption keys and policies from application domains. The key manager may create cipher objects that may be used by the domains to perform encryption or decryption, without exposing the keys or encryption/decryption algorithms to the domains. A master key managed by the key manager may be used to encrypt and decrypt the domain keys that are stored under the control of the key manager. The key manager supports the rekeying of both the master key and the domain keys based on policy. Multiple versions of domain keys may be supported, allowing domains to access data encrypted with a previous version of a domain key after a rekeying.

Abstract: The present disclosure is directed to content protection for Data as a Service (DaaS). A device may receive encrypted data from a content provider via DaaS, the encrypted data comprising at least content for presentation on the device. For example, the content provider may utilize a secure multiplex transform (SMT) module in a trusted execution environment (TEE) module to generate encoded data from the content and digital rights management (DRM) data and to generate the encrypted data from the encoded data. The device may also comprise a TEE module including a secure demultiplex transform (SDT) module to decrypt the encoded data from the encrypted data and to decode the content and DRM data from the encoded data. The SMT and SDT modules may interact via a secure communication session to validate security, distribute decryption key(s), etc. In one embodiment, a trust broker may perform TEE module validation and key distribution.

Abstract: The embodiments of the present invention provide a secure establishment method, system and device of a wireless local area network. The method includes: acquiring, by a UE, a first key; the first key is a shared key of the UE and a network element equipment in a mobile communication network to which the UE is accessed when implementing air interface security, or is derived according to the shared key; deriving, by the UE, according to the first key and a derivation parameter to acquire a derivation key; establishing, by the UE, according to the derivation key, secure connection with a WLAN node acquiring a derivation key, wherein the derivation key acquired by the WLAN node is the same as the derivation key acquired by the UE.

Abstract: Digital Cameras configured to verify authenticity of digital photos taken with the digital camera and related methods and computer program products are provided. GPS information associated with a photograph taken with the digital camera is obtained. A checksum of pixels that make up the photograph and the obtained GPS information is generated. The generated checksum is encrypted using a private key associated with the digital camera so as to allow verification that the photograph has not been modified.

Abstract: In a general aspect, pseudorandom integers are generated for use in a cryptographic protocol. In some aspects, a first plurality of digits are obtained and converted to a second plurality of digits. The first plurality of digits (e.g., bits) represent an integer in a first number system (e.g., binary), and the second plurality of digits (e.g., trits) represent the integer in a second number system (e.g., trinary). A plurality of integers in the first number system are generated based on the second plurality of digits, and an array of integers is produced. Each integer in the array is less than a modulus, and the array includes the plurality of integers. The array of integers can be used in a lattice-based cryptographic protocol.

Abstract: A computer security architecture applies selected rules from among a set of rules defining one or more security policies to a given set of security context parameters to produce security verdicts, each representing whether a certain action requested by a subject entity is permissible. Each security policy is associated with a corresponding communication interface. A plurality of gateway engines are each associated with at least one of the subject entities and dedicated to interfacing with the security server. Each of the gateway engines carries out monitoring of requested actions by the associated subject entity and, for each requested action, identifies a security context. A security policy is determined for the requested action based on a corresponding security context, and a security verdict is obtained via a communication interface corresponding to the applicable security policy.

Abstract: A method and system for processing information. An apparatus divides target information into N pieces of divided data using a secret sharing scheme in which a predetermined number (K) of pieces of the N pieces of divided data is required to restore the target information, wherein N>K. The apparatus is an information processing device or an external storage device. The apparatus selects M pieces from the N pieces (K<M<N). After selecting the M pieces, the M pieces are stored in the external storage device which limits a totality of pieces of the N pieces being stored on the external storage device to the M pieces. After storing the M pieces, the target information is restored from at least K pieces of the N pieces after which D pieces of the M pieces in the external storage device are destroyed (D>M?K).

Abstract: Computer-readable media tangibly embodying computer-readable instructions stored in a memory and executable by a processor of a computer, wherein execution of the computer-readable instructions cause the computer processor to implement a method of encoding a fingerprint. The method comprises acquiring an image of a finger of a user; identifying a set of minutia points in the image; generating a code by a transformation of the minutia points, the transformation including: (i) creating a matrix from features of the minutia points; (ii) obtaining characteristic invariants of the matrix; and (iii) the code being formed based on the characteristic invariants of the matrix; and outputting the code in association with the user or the finger. The characteristic invariants may be the eigenvalues of the matrix.

Abstract: Various systems and methods for protecting privacy with secure digital signage in vehicle registration plates are described herein. A system with an electronic registration plate for protecting privacy with secure digital signage, the electronic registration plate attached to a vehicle, the system may include a data access module to: access, a data store of registration numbers, the data store including a plurality of unique registration plate numbers and assigned to the vehicle; and retrieve a registration plate number from the data store; and a display module to present the registration plate number on the electronic registration plate.

Abstract: Improper communication using modified software is inhibited without checking game data itself. A system according to one embodiment realizes provision of an online game to a login user with HTTP communication between the server and the client terminal. The HTTP communication includes transmitting, by a terminal device, a HTTP request to which a sequence number of the terminal side is attached; checking, by the server, validity of the HTTP request based on comparison between the sequence number of the login user stored in the server and the sequence number attached to the HTTP request; updating, by the server, the sequence number according to a predetermined update rule; transmitting, by the server, a HTTP response; and updating, by the terminal device, the sequence number in the terminal device according to the predetermined update rule.

Abstract: Systems and methods for controlling the use of audio, video and audiovisual content are provided. A data structure includes content usage rights for multiple release windows. The usage rights may be encoded in the content or otherwise bound to the content. Playback devices are configured to access the appropriate usage rights and control usage in accordance with the usage rights.

Abstract: A computer-implemented method for using reputation information to evaluate the trustworthiness of files obtained via torrent transactions may include (1) identifying a torrent file that includes metadata for facilitating a torrent transaction for obtaining a target file via a peer-to-peer file-sharing protocol, (2) identifying at least one entity involved in the torrent transaction, (3) obtaining reputation information associated with the entity involved in the torrent transaction, wherein the reputation information identifies a community's opinion on the trustworthiness of the entity, (4) determining, based at least in part on the reputation information associated with the entity involved in the torrent transaction, that the target file represents a potential security risk, and then (5) performing a security action on the target file. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The present disclosure describes a network appliance and associated access policy protocol (APP) that communicates and obeys access policies within a network. The network appliance (APP node) propagates access policies to other APP nodes that can utilize the policies most effectively. When an access policy reaches the network boundary, intra network bandwidth is optimized. The access policies may be distributed and executed in the cloud—e.g. proxy firewall, proxy policy execution.