Abstract: A method and system for the secure delivery of data to a remote device that has been registered and which requires authentication through the use of a multifactor signature profile is disclosed, and in particular according to certain disclosed aspects, a method and system for ensuring that an authenticated remote device remains authenticated.

Abstract: Systems and methods are provided for controlling access to online services. For example, the system may include an application running on a user computer (130) that collects platform data (e.g. physical device parameters) and generates a machine fingerprint (stage 602). The computer (130) may send the machine fingerprint to the authentication server (110). The server (110) may associate the received machine fingerprint with the appropriate online account information received from a host server (120) or the like (stage 604). The authentication server (110) may send the appropriate registration status signal to the host server (120), which in turn may update the online profile information to include the user's registration status (stage 606).

Abstract: In conjunction with establishment of a session between an access network and user equipment of a communication system, session-specific information is transmitted from the access network to the user equipment. The session-specific information transmitted from the access network to the user equipment comprises information to be utilized in an authentication protocol carried out between the user equipment and an authentication server of the system. For example, the session-specific information transmitted from the access network to the user equipment may comprise an identifier of a gateway coupled between the access network and the authentication server.

Abstract: A method for issuing a digital residence certificate using a module associated with a counter. Data from the counter are continuously monitored, whereby the data are read and a consistency test is performed on the basis of a predetermined criterion. In addition, after receiving a residence certificate request, a decision is made as to whether or not the request should be fulfilled, based on the results of the continuous data monitoring.

Abstract: Systems and methods are disclosed which facilitate the evaluation of machine images. A machine image inspection component processes requests for evaluation of machine images hosted on a virtual machine instance. In response to the request, the machine image inspection component selects executable code that can evaluate the requested machine image prior to instantiating the virtual machine instance with the requested machine image. Based on execution of the selected executable code, the machine image inspection can then process the results of the evaluation of the requested machine image accordingly.

Abstract: System(s) and method(s) that employ deep packet inspection (DPI) of data flow relating to a requested service associated with a communication device to facilitate customizing the service or results provided by the service are presented. A service request can be received by a gateway identification of the service is attempted. If the service is identified, a privacy rule(s), which is contained in a user privacy profile of a user associated with the communication device, is analyzed to determine whether the privacy rule(s) applies to the service. If the privacy rule(s) is applicable, a DPI engine performs DPI on the data flow, in accordance with the privacy rule(s), to obtain information that can be used to customize the service or results provided by the service. The user can specify the level of DPI to be applied. A default rule can specify that no DPI is performed on the data flow.

Abstract: In one embodiment, the present invention is directed to the use of separate communication pathways over different types of networks to handle bearer and control signaling in connection with a license transaction.

Abstract: According to one embodiment, a method of authenticating a user includes receiving login credentials identifying a user. A plurality of pressure readings are received from a plurality of pressure sensors coupled to a biometric grip device. The plurality of pressure readings comprise a first biometric pressure reading from a first pressure sensor coupled to the biometric grip device and a second biometric pressure reading from a second pressure sensor coupled the biometric grip device. The first and second biometric pressure readings measure a first pressure exerted at the first pressure sensor and a second pressure exerted at the second pressure sensor. A neurological number is generated from the plurality of pressure readings. The user is authenticated by comparing the neurological number with a registered neurological number. If the neurological number matches the registered neurological number, the user is authorized to access a computer system coupled to the biometric grip device.

Abstract: The present invention relates to an electronic apparatus, an information processing method, and a program that allow a provision server of an application to be capable of easily causing an electronic apparatus having an IC chip to manage data. When a service-issuing command transmitted from a service-issuing terminal 11 is received, in a service-issuing function 21 of an IC card 2, information indicating a service data structure and a program describing a processing sequence that correspond to an identifier transmitted as a command parameter are acquired from a service definition database 23. In the service-issuing function 21, IC-card internal processing is performed, and a service data structure for managing data to be used for receiving the provision of a specific application is prepared in a file system 22. The present invention can be applied to an apparatus having an IC chip.

Abstract: This disclosure describes a secure and computationally-efficient method to establish a single authentication context for multiple identities. The method is implemented in an authentication system using a key exchange protocol, namely, the Diffie-Hellman key exchange. One or more entities that desire to authenticate (either individually or jointly) register with the authentication system and receive private Diffie-Hellman keys (the PINs). Later, during an authentication operation, each entity provides the PIN to the authentication system, preferably over a secure transport. The authentication system, using Diffie-Hellman key exchange artifacts, generates a Diffie-Hellman cryptographic value for each PIN, although the value need not be maintained private. The authentication system orders the Diffie-Hellman values as a “partially ordered set” to form a lattice. An authentication context is derived from the Diffie-Hellman values in the lattice.

Abstract: In extended Feistel type common key block cipher processing, a configuration is realized in which an encryption function and a decryption function are commonly used. In a cryptographic processing configuration to which an extended Feistel structure in which the number of data lines d is set to an integer satisfying d?3 is applied, involution properties, that is, the application of a common function to encryption processing and decryption processing, can be achieved. With a configuration in which round keys are permuted or F-functions are permuted in the decryption processing, processing using a common function can be performed by setting swap functions for the encryption processing and the decryption processing to have the same processing style.

Abstract: A multicast-capable firewall allows firewall security policies to be applied to multicast traffic. The multicast-capable firewall may be integrated within a routing device, thus allowing a single device to provide both routing functionality, including multicast support, as well as firewall services. The routing device provides a user interface by which a user specifies one or more zones to be recognized by the integrated firewall when applying stateful firewall services to multicast packets. The user interface supports a syntax that allows the user to define subsets of the plurality of interfaces associated with the zones, and define a single multicast policy to be applied to multicast sessions associated with a multicast group. The multicast policy identifies common services to be applied pre-replication, and exceptions specifying additional services to be applied post-replication to copies of the multicast packets for the one or more zones.

Abstract: A system, medium, and method compressing and/or restoring images. Such a data compression method may include selecting a mode from among a plurality of modes for compressing current data, according to predetermined criteria, and calculating a difference between the current data and reference data, according to the selected mode, and compressing the current data, or truncating a part of the current data and compressing the current data. Accordingly, it is possible to significantly lower the complexity of an image encoder/decoder system and exactly meet a picture-based CBR required by LCD DCC devices/systems.

Abstract: Provided is a data security method and apparatus using a characteristic preserving encryption. The data security apparatus includes an interface communicating with a user terminal or a database server, an input unit receiving information, an output unit outputting information, an encryption unit encrypting data in the data security method, a storage unit storing information, and a control unit controlling functions of the interface, the input unit, the output unit, the encryption unit or the storing unit.

Abstract: A system, method apparatus, and computer readable medium for managing renewal of a dynamic set of data items. Each data item has an associated renewal deadline, in a data item management system. A renewal schedule allocates to each data item a renewal interval for renewal of the data item. On addition of a new data item, if a potential renewal interval having a duration required for renewal of the data item, and having an ending at the renewal deadline for that item does not overlap a time period in the schedule during which the system is busy, the renewal schedule is automatically updated by allocating the potential renewal interval to the new data item. If the potential renewal interval does overlap a busy period, the renewal schedule is automatically updated by selecting an earlier renewal interval for at least one data item in the set.

Abstract: Computer systems and methods are provided for authenticating a user seeking to conduct at least one interaction with a secured capability provided by a computer. The method includes receiving a first signal from the computer providing the secured capability. The first signal includes a reusable identifier corresponding to the secured capability. The method further includes receiving a second signal from an electronic device being used by the user. The second signal includes a copy of the reusable identifier and user verification information. The method further includes using a processor to evaluate, based at least on the first signal and the second signal, whether the user is authorized to conduct the at least one interaction with the secured capability.

Abstract: An image coding apparatus reduces arithmetic processing and includes an intermediate stream generating unit generating an intermediate stream, by generating an intermediate code from image data, coding header information among coding conditions for image coding, and synthesizing the generated intermediate code and the coded header information. The image coding apparatus also includes a coded stream generating unit outputting a coded stream, by performing variable length coding on the intermediate code included in the intermediate stream to generate coded image data, and synthesizing the generated coded image data and the header information, and includes a parameter information extracting unit extracting, from among the coding conditions, parameter information required for performing variable length coding on the intermediate code.

Abstract: A host device for a wireless network may be configured to implement at least two virtual access points for connecting client devices to the wireless network. A user virtual access point enables a client device to connect to the wireless network and transmit network traffic to other devices connected to the wireless network. In addition, a setup virtual access point provides an additional access point to connect to the wireless network when network credentials for the user virtual access point, such as a service set identifier (SSID) or a password, are changed by a user. When a client device cannot find the user virtual access point based on a stored SSID or password, the client device may be configured to automatically reconnect to the setup virtual access point to request a new SSID and network credentials for the user virtual access point.

Abstract: A method for encoding high dynamic range (HDR) images involves providing a lower dynamic range (LDR) image, generating a prediction function for estimating the values for pixels in the HDR image based on the values of corresponding pixels in the LDR image, and obtaining a residual frame based on differences between the pixel values of the HDR image and estimated pixel values. The LDR image, prediction function and residual frame can all be encoded in data from which either the LDR image of HDR image can be recreated.

Abstract: A key generation device according to the present invention hierarchically constructs a Y-ary tree structure where n reception devices are assigned to leaves, and forms subgroups where individual intermediate nodes existing between the leaves and a root of the Y-ary tree structure are defined as parent nodes. By providing new parameters to the individual intermediate parameters, the subgroups can be formed flexibly. In a case where no excluded customer exists or the number of excluded customers is small, the size of a header to be delivered and the calculation amount of an operation that a customer needs to perform can be reduced.