Abstract: A method of verifying a password and methods of encryption and decryption using a key generated from a one-time pad. In one embodiment, the method of verifying includes: (1) receiving a password attempt, (2) retrieving a pointer from memory, (3) searching a one-time pad based on the pointer to retrieve a password, (4) comparing the password attempt with the password and (5) generating a new pointer if the password attempt matches the password.

Abstract: A common-key blockcipher processing configuration with enhanced immunity against attacks such as saturation attacks and algebraic attacks (XSL attacks) is realized. In an encryption processing apparatus that performs common-key blockcipher processing, S-boxes serving as non-linear transformation processing parts set in round-function executing parts are configured using at least two different types of S-boxes. With this configuration, the immunity against saturation attacks can be enhanced. Also, types of S-boxes present a mixture of different types. With this configuration, the immunity against algebraic attacks (XSL attacks) can be enhanced, thereby realizing a highly secure encryption processing apparatus.

Abstract: A method for encoding high dynamic ränge (HDR) images involves providing a lower dynamic ränge (LDR) image, generating a prediction function for estimating the values for pixels in the HDR image based on the values of corresponding pixels in the LDR image, and obtaining a residual frame based on differences between the pixel values of the HDR image and estimated pixel values. The LDR image, prediction function and residual frame can all be encoded in data from which either the LDR image of HDR image can be recreated.

Abstract: Secure access in a computing environment is provided. One implementation involves a client generating a sequence for tapping server ports, and the client identifying itself to the server by tapping the server ports based on the sequence. The server verifies if the tapping sequence is correct. If the tapping sequence is correct, access is provided from the client to the server.

Abstract: An approach is provided for reducing communication traffic and cost by applying recipient criteria in identity-based encryption. A recipient criterion application selects one or more recipient criteria for data, and encrypts the data using the selected one or more recipient criteria as a public key of identity-based encryption.

Abstract: Apparatus, systems, and methods may operate to establish a secure communications tunnel between a server node and a client node, and to receive user requests from the client node at the server node via the secure communications tunnel. The user requests may be received in conjunction with a device verification token derived from nonces generated by the server node and transmitted to the client node as part of keep-alive response messages. The nonces may change according to a period of time established by the server node. Additional apparatus, systems, and methods are disclosed.

Abstract: The present invention provides a signature generation device and a signature verification device capable of countering a transcript attack that seeks a private key by analyzing a plurality of signed documents (pairs of a message and a signature) signed using the NTRUSign signature scheme. The signature generation device calculates a hash value vector H of message data, adds a vector based on a private distribution to the hash value vector H to calculate a converted hash value vector H?, and seeks, as a signature vector S, the closest lattice point to the converted hash value vector H? in a lattice defined by private key basis vectors. The signature verification device determines whether the distance between the hash value vector H of the message data and the signature vector S is equal to or less than L? and, if so, recognizes the message data as valid.

Abstract: A user request to display an application while the device is locked is received. In response to this user request, one or more images generated by the application are obtained and displayed while the device is locked. Additionally, an indication of an application to be displayed upon resuming operation from a power-saving mode can be received, and an image generated by the application is displayed in response to resuming operation from the power-saving mode.

Abstract: A security module determines cost characteristics reflecting costs incurred in developing and/or deploying a software application, and determines whether the software application is malicious based at least in part on the cost characteristics. The security module determines (1) cost characteristics reflecting costs associated with an installer tool used to generate an installation package of the software application, (2) cost characteristics reflecting costs associated with a development tool used to develop the software application, and (3) cost characteristics reflecting costs incurred in deploying the software application. If the cost characteristics indicate that substantial cost was incurred in developing and/or deploying the application, the security module determines that the application is legitimate. Otherwise the security module considers other traits of the application to determine whether it is malicious.

Abstract: A display controller 102 sequentially outputs at least two image signals, thereby allowing an image to be displayed on a liquid crystal display section 105 in accordance with the image signals, wherein among the image signals to be outputted, an image signal of a first output image and an image signal of a second output image have a relationship that provides an image having no correlation to the first output image when image brightness values of the respective signals are added for each pixel, and wherein a frame frequency when the image signal is outputted is an integral multiple of a frame frequency for an image signal of an input image, the integral multiple being two or more.

Abstract: A terminal device according to the present invention includes: a first domain configured to execute multiple software programs; and a second domain configured to operate independently of the first domain and to check whether or not the software programs are safe. The second domain includes: an execution sequence storage unit configured to store execution priority of the multiple software programs to be executed by the first domain; a software program checking unit configured to check whether or not the multiple software programs are safe, according to the execution sequence storage unit; and an execution restricting unit configured to restrict the first domain from executing a software program included in the multiple software programs and having a check result indicating that the software program is unsafe, before checking of all the multiple, software programs is completed.

Abstract: To prevent theft of protected content when IPTV services are provided, a conditional access device (CAD) is connected to a personal computer (PC). An application is launched on the PC from the CAD over universal serial bus (USB) interface. The application configures the PC to allow a user to receive secure internet protocol television (IPTV) services. The conditional access device and an IPTV service provider determine user access to the IPTV services via a network by using a trusted computing base (TCB) on the CAD and keys stored on the CAD. The application decrypts and decodes the IPTV services using the processing and storage capability of the PC. The CAD also receives and processes remote control signals received from a remote control interface. The remote control signals are requests or responses from the user interacting with the application. The application displays content requested by the user or indications of responses by the user via a user interface on the PC.

Abstract: In an image encryption apparatus for visually encrypting an input image, an encryption area selector selects an encryption area within an input image including an area to be encrypted. An image converter divides the encryption area into a plurality of blocks. The image converter divides each block of the encryption area into a plurality of sub-blocks. An image converter performs an image conversion including rotation and mirror-reverse in accordance with an encryption key on the image in each sub-block. The image converter scrambles the image on a block-by-block basis in accordance with the encryption key. A pixel value converter converts a pixel value of a minimal area in a block so that a position of the block may be detected.

Abstract: Disclosed herein are systems, computer-implemented methods, and computer-readable storage media for call path enforcement. The method includes tracking, during run-time, a run-time call order for a series of function calls in a software program, and when executing a protected function call during run-time, allowing or causing proper execution of a protected function call only if the run-time call order matches a predetermined order. The predetermined order can be an expected run-time call order based on a programmed order of function calls in the software program. The method can include maintaining an evolving value associated with the run-time call order and calling the protected function by passing the evolving value and function parameters corrupted based on the evolving value. The protected function uncorrupts the corrupted parameters based on the passed evolving value and an expected predetermined call order. A buffer containing the uncorrupted parameters can replace the corrupted parameters.

Abstract: A web browser client includes an aggregated web application runtime environment that controls access by a program fragment of an aggregated web application to a resource therein based upon the originating domain of the program fragment. To do so, the aggregated web application runtime environment appends an access attribute to the Document Object Model (DOM) node associated with the resource. This access attribute is associated with a plurality of access rights definitions where each access rights definition defines a set of access rights to the resource for program fragments originating from a domain with a specific access rights status. Accordingly, the aggregated web application runtime environment sets one or more access rights statuses of the originating domain of the program fragment, and thereafter, grants or denies the program fragment access to the resource based upon one or more sets of access rights defined for that program fragment.

Abstract: A play limit is set for a media file. The play limit can be, for example a date, or a number of times that the file has been played. When the file exceeds the play limit, the quality of the file playing is degraded.

Abstract: System(s) and method(s) that employ deep packet inspection (DPI) of data flow relating to a requested service associated with a communication device to facilitate customizing the service or results provided by the service are presented. A service request can be received by a gateway identification of the service is attempted. If the service is identified, a privacy rule(s), which is contained in a user privacy profile of a user associated with the communication device, is analyzed to determine whether the privacy rule(s) applies to the service. If the privacy rule(s) is applicable, a DPI engine performs DPI on the data flow, in accordance with the privacy rule(s), to obtain information that can be used to customize the service or results provided by the service. The user can specify the level of DPI to be applied. A default rule can specify that no DPI is performed on the data flow.

Abstract: One or more behavior-based features describing an execution of an application on a client are generated. One or more client-specific features are generated, wherein the client-specific features describe aspects of the client. A malware score is generated based on the behavior-based features and the client-specific features. Whether the application is a malware threat is determined based on the malware score and a result of the determination is stored.

Abstract: Various exemplary user interfaces, methods and computer program products describe enabling sharing of mobile communication devices. This process utilizes a shared mode for an owner of the mobile communication device to create a virtual environment for a borrower of the mobile communication device, which allows content information (e.g., certain applications and files) to be accessible and visual to the borrower. The process allows an owner of the mobile communication device to track and to manage data created or changed by the borrower. The owner may accept or reject the changes made in the content information. Furthermore, the process conceals non-shared resources to the borrower.

Abstract: Provided are a shared key transmission apparatus, an automatic teller machine (ATM), and a controlling method thereof. The shared key transmission apparatus may include: a reception unit receiving, from the ATM, a first cryptogram where a random number is encrypted; a decryption unit restoring the random number from the first cryptogram; an encryption unit encrypting the shared key using the restored random number; and a transmission unit transmitting the encrypted shared key to the ATM. The ATM may include: an encryption unit generating a random number and encrypting the random number to generate a first cryptogram; a transmission unit transmitting the first cryptogram to the shared key transmission apparatus; a reception unit receiving, from the shared key transmission apparatus, a shared key that is encrypted using the restored random number; and a decryption unit restoring the shared key from the encrypted shared key using the generated random number.