Abstract: A method of monitoring levels of security conformity and preparedness of a plurality of network connected computing machines, obtains a report by remotely scanning the machines in segments. The machines might already be connected to commercial security software and a patch dispenser. The report includes definition dates and any files quarantined by the commercial security software, patch-management-software communication present and the patches received. The method uses the report and software (not installed on the scanned machines) to produce a Network Security Scanner for Enterprise Protection output to perform a security-preparedness audit of the scanned machines. The audit non-intrusively ascertains. If the scanned machines conform to user-defined fields and policies, and assists in selective security updating of the machines. The scanning, unrecognized by the scanned machines may be configured to suit their OS, and done periodically as desired. A computer readable medium executing the method is included.

Abstract: A processing device comprising a processor coupled to a memory is configured to determine a risk of simultaneous theft of a primary device and at least one satellite device associated with the primary device, and to identify said at least one satellite device as an appropriate authentication factor for use in an authentication process involving the primary device, based at least in part on the determined risk. The identified satellite device may serve as an additional or alternative authentication factor relative to one or more other authentication factors. The processing device may comprise the primary device itself, or another separate device, such as an authentication server that also participates in the authentication process. Information associated with the identified satellite device is utilized in the authentication process to authenticate a user of the primary device.

Abstract: A method for identifying a user of a Voice over Internet Protocol (VoIP) phone in a network, the VoIP phone connected to a computing device via a communication link, includes receiving a request for an authorization token from a computing system on the network; sending a request to the computing device to generate an authorization token in response to the request, the authorization token generated by the computing device based on authentication data associated with the user; receiving the authorization token from the computing device; sending a message containing the authorization token to the computing system for validating an identity of the user; and sending, in response to validating the identity, a subsequent message containing the authorization token to the computing system.

Abstract: Systems and methods are disclosed for providing personnel communications management within an enterprise or group of related enterprises during crisis situations. In particular, the systems and methods provide event management, shared situational awareness, personnel status tracking, and unified crisis notification management to multiple users.

Abstract: A personal basic service set (PBSS) includes a first device configured to communicate in the PBSS and a second device configured to communicate in the PBSS. The first device is configured to establish a robust security network association (RSNA) with the second device (i) without associating with a PBSS control point (PCP) and (ii) without associating with the second device.

Abstract: The present invention relates to method for operating a trust center for distributing key material to at least one radio station, comprising the steps of at the trust center, dividing an identifier of the radio station, said identifier being a code word consisting a first number of bits, into a plurality of subidentifiers, and generating for each subidentifier, an keying material function selected out of a set of keying material functions on the basis of the considered subidentifier at the trust center, transmitting to the radio station the identifier and the key material comprising the generated encryption functions.

Abstract: An optical disc used for storing content includes a theft control area selected to render the disc unreadable. The disc must be exposed to radiation of a specific wavelength before it can be read by a regular device. The theft control area may include an area that contains data that instructs the device not to read the disc. This area includes a coating that changes its optical characteristics when exposed to the radiation. The material could be radiochromic or thermochromic. Alternatively, the theft control area includes an RFID device that includes an element that is radiation sensitive. In this embodiment, when the disc is irradiated, the element changes its electrical characteristics.

Abstract: A method for locally authenticating a vehicle diagnostic tool with a vehicle using a challenge-response authentication scheme includes: receiving a pairing request from the vehicle diagnostic tool; presenting a user with a challenge through at least one of an audio system and an LCD display associated with the vehicle; receiving a response to the challenge from a user; and authenticating the vehicle diagnostic tool if the response from the user is identical to an expected response.

Abstract: A computer-implemented method includes receiving, by one or more servers associated with an application marketplace, a policy that includes data that identifies one or more users, and a restricted permission. A request is received, by the servers associated with the application marketplace, to access one or more applications that are distributed through the application marketplace, wherein the request includes data that identifies a particular one of the users. One or more of the applications that are associated with the restricted permission are identified by the servers associated with the application marketplace, and access by the particular user to the applications that are associated with the restricted permission is restricted by the servers associated with the application marketplace.

Abstract: Aspects of the present disclosure may provide a location-based multimedia experience to a user. In one example, a method includes receiving location information corresponding to a physical location of the first computing device, and outputting the location information from a first computing device to a second computing device in order to authenticate the first computing device. The method includes receiving an authentication response indicating that the first computing device has been successfully authenticated. The method may further include responsive to receiving the authentication response, receiving, one or more video communication sessions based on the location information, wherein each of the one or more video communication sessions enables communication between computing devices associated with users. The method may also include generating for display, by the first computing device, a representation of the one or more video communication sessions.

Abstract: A system and a method are disclosed for enabling fast switching in a multimedia interface system having content protection. By using a partial port receiver to decode a portion of the input at input ports that are not being output to a multimedia sink, the design of the switching system is simplified and silicon costs are reduced. Additionally, the switching system and method reduces the switching delay by maintaining content protection signaling with all of the input ports. This eliminates the need for re-authentication when a new multimedia source is selected.

Abstract: Aspects of the invention relate to a customer authentication system for authenticating a customer making a request related to a customer account. The customer authentication system may include multiple application level data receiving and processing mechanisms for receiving customer requests and collecting customer data. The customer authentication system may additionally include a central authentication system for receiving the customer requests and customer data from the multiple application level data receiving and processing mechanisms, the central authentication system determining, based on authentication policy, whether the collected customer data is sufficient to authenticate each customer in order to fulfill the customer request. The central authentication system may return its conclusions and instructions to the multiple application level data receiving and processing mechanisms.

Abstract: The present invention describes an automated process that enables dynamic provisioning (both creation and deletion) of administrative accounts based upon a real-time need as defined by service desk processes and procedures. This invention enhances current provisioning of administrative account processes that are typically handled by service desk personnel that constantly turnover through firings and hirings. By creating an on-demand provisioning process on a strictly as-needed basis an enhanced security structure is created. In addition, audit ability of access can be added to the processes that provides accountability and traceability of activities that can be directly related back to actual business justifications (the initial problem report) for actions (important not only in ITIL but also regulatory requirements).

Abstract: Dynamic key cryptography validates mobile device users to cloud services by uniquely identifying the user's electronic device using a very wide range of hardware, firmware, and software minutiae, user secrets, and user biometric values found in or collected by the device. Processes for uniquely identifying and validating the device include: selecting a subset of minutia from a plurality of minutia types; computing a challenge from which the user device can form a response based on the selected combination of minutia; computing a set of pre-processed responses that covers a range of all actual responses possible to be received from the device if the combination of the particular device with the device's collected actual values of minutia is valid; receiving an actual response to the challenge from the device; determining whether the actual response matches any of the pre-processed responses; and providing validation, enabling authentication, data protection, and digital signatures.

Abstract: Various systems and methods distribute enforcement of browser rules. For example, one method can involve receiving, from a browser control client, information indicating that a user is accessing the Internet via a browser. The information received from the client can include a login name submitted by the user via the browser. The browser is installed on a computing device, and the browser control client is also installed on the computing device. The method can then send, to the browser control client, a set of one or more browser rules associated with the login name for enforcement on the computing device, in response to receipt of the information.

Abstract: A server storing a pool of unassigned access credentials selects an access credential from the pool, assigns it to an individual, identifies a mobile communication device associated with the individual, and pushes the access credential to the mobile communication device over a secure and authenticated channel such that the access credential is receivable by the mobile communication device. If the mobile communication device supports a proximity technology and is proximate to an access node that supports the proximity technology, the mobile communication device employs the proximity technology to present the access credential to the access node.

Abstract: If the user of a first portable terminal intends to let a second portable terminal try out a certain content, the user sends to a distribution server trial permission information including the user's own user ID, a content ID of the content of interest, and a digital signature. The distribution server authenticates the received information before distributing a streaming data of a trial-oriented content with the content ID and user ID attached to it as search keys. This allows the content that can be used on a given user terminal to be tried out on another user terminal without the latter user having recourse to the steps of searching for the content in question.

Abstract: Accelerated computation of combinations of group operations in a finite field is provided by arranging for at least one of the operands to have a relatively small bit length. In a elliptic curve group, verification that a value representative of a point R corresponds the sum of two other points uG and vG is obtained by deriving integers w,z of reduced bit length and so that v=w/z. The verification equality R=uG+vQ may then be computed as ?zR+(uz mod n) G+wQ=O with z and w of reduced bit length. This is beneficial in digital signature verification where increased verification can be attained.

Abstract: A scan engine receives a request to perform a particular scan on at least a portion of a computing environment. The scan engine identifies a particular language interpreter in a set of available language interpreters for use in performing the particular scan and performs the particular scan using the particular language interpreter. The scan engine returns results of the particular scan. In some implementations, the scan engine is implemented on an agent enabling communication between the scan engine and an asset management system.

Abstract: A method of authorizing use of a computer program only able to be used when an authorized message is received from an authorizing system includes providing an authorization system, making a request to use a computer program, signalling the request to the authorization system, the authorization system recording the use of the computer program and providing the authorization message to the computer program upon receipt of the authorization message the computer program may be used.