Abstract: Disclosed is an electronic device including a processor that receives an input signal for requesting an authentication, determines whether a mobile oriented (MO) server is available based on at least one of an international mobile subscriber identity (IMSI) or network Internet Protocol (IP) information of the electronic device, and if it is determined that the MO server is available, creates an authentication code, and a communication module that transmits the created authentication code to the MO server.

Abstract: Systems and methods are disclosed for secure messaging and content sharing. In one implementation, a processor receives a message associated with a recipient, provides, to the recipient, a notification pertaining to the message, and, based on a determination of a performance of one or more authentication actions with respect to the message, provides the recipient with access to the message. In another implementation, a processor receives a message including one or more content segments, receives inputs in relation to at least one of the content segments, processes the inputs to determine that an authentication action is being performed with respect to the one of the one or more content segments, and based on a determination that the authentication action is being performed with respect to the one of the one or more content segments, presents the at least one of the one or more content segments.

Abstract: A method and computing system for handling a page fault while executing a cross-platform system call with a shared page cache. A first kernel running in a first computer system receives a request for a faulted page associated with raw data from a second kernel running in a second computer system. In response to the request for the faulted page: (i) a first validity flag is updated to denote that the faulted page is unavailable to the first computer system in a first copy of the shared page cache and (ii) the faulted page is transmitted to the second kernel for insertion of the faulted page in a second copy of the shared page cache and for updating a second validity flag to denote that the faulted page is available to the second computer system in the second copy of the shared page cache.

Abstract: A method is provided in one example embodiment and includes receiving a reputation value based on a hash of a file making a network connection and on a network address of a remote end of the network connection. The network connection may be blocked if the reputation value indicates the hash or the network address is associated with malicious activity. In more specific embodiments, the method may also include sending a query to a threat analysis host to request the reputation value. Additionally or alternatively the reputation value may be based on query patterns in particular embodiments. In yet more specific embodiments, the network connection may be an inbound connection and/or an outbound connection, and the reputation value may be based on a file reputation associated with the hash and a connection reputation associated with the network address of the remote end of the network connection.

Abstract: Embodiments of the invention are directed to systems, methods and computer program products for providing user information to a merchant. Embodiments may receive and store user information in a user file, receive a request from a merchant for some or all of the user information stored in the user file in response to the merchant reading a readable indicia presented by a user using a mobile device; and, in response to the request for some or all the user information, retrieve the requested information and transmit the requested information to the merchant. Embodiments may receive and store a plurality of profiles, where each profile is associated with some or all the user information stored in the user file. Some embodiments may receive user input, through the merchant, selecting one of the profiles; where retrieving the requested information comprises retrieving the user information associated with the selected profile.

Abstract: Example secure desktop applications for an open computing platform are disclosed. An example secure desktop method for a computing platform disclosed herein comprises establishing a secure communication connection between a secure desktop provided by the computing platform and a trusted entity, the secure communication connection being accessible to a trusted application authenticated with the secure desktop, the secure communication connection being inaccessible to an untrusted application not authenticated with the secure desktop, and securing data that is stored by the secure desktop in local storage associated with the computing platform, the stored data being accessible to the trusted application and inaccessible to the untrusted application.

Abstract: An apparatus for secured playback is presented. In one embodiment, the apparatus includes a controller that includes a key derivation module to manage authentication and key derivation. In one embodiment, the apparatus provides a video decryption key to a graphics engine if video data portions in a data stream are retrievable without having to decrypt the data stream. In one embodiment, the apparatus also includes a decryption module to decrypt a part of data in conjunction with an encryption key to generate video information and video data. The controller then writes an encrypted version of the video data to a video buffer of a graphics engine.

Abstract: A data conversion method for an information processing device to generate data for copying of defined format data of a clip including playback segment data includes the steps of: performing data input for a data input unit to input copy source data; obtaining copy source clip configuration data including streaming data to be copied from the copy source by a clip adjusting unit; and clip setting for the clip adjusting unit to set one clip including multiple copy source clip configuration data corresponding to a play item in the playlist file defined with a copy source format, as a copy destination clip.

Abstract: A system generates a randomized hash value and/or verifies data against a randomized hash value. A hashing circuit can respond to data by randomly selecting a hashing algorithm parameter among a defined set of different hashing algorithm parameters, and by applying a hashing algorithm that uses the selected hashing algorithm parameter to hash the received data to generate a randomized hash value. Another hashing circuit randomly selects a hashing algorithm among a defined set of different hashing algorithms, and applies the selected hashing algorithm to hash the received data to generate a randomized hash value. Another hashing circuit applies a hashing algorithm to hash received data to generate an intermediate hash value that occupies a defined memory space, and randomly selects a partial segment of the hash value from a segment of the defined memory space to generate a randomized hash value.

Abstract: A semiconductor chip may be operable to block the debug interfaces when the semiconductor chip boots up from the boot read-only memory (ROM). The semiconductor chip may be operable to authenticate a debug certificate received by the semiconductor chip and enable one or more debug interfaces in the semiconductor chip based on the information resulting from the authentication of the debug certificate. The debug certificate may be in a form of a cryptographic public key certificate. A unique device ID which may be generated at boot and stored in the memory may be used by the semiconductor chip to authenticate the debug certificate. The device ID may be generated using the cryptographic public key that is stored in the one-time programmable (OTP) memory in the semiconductor chip and a cryptographic hash algorithm.

Abstract: A method and system for public key infrastructure key and certificate management provides anonymity to certificate holders and protects the privacy of certificate holders from the compromise of a certificate authority. Functional separation is provided in the authorization of a certificate request and the assignment of certificates and key pairs. The authorizing certificate authority approves or denies each certificate request from a requestor whose identity is not made available to the assigning certificate authority. The assigning certificate authority, upon approval from the authorizing certificate authority, issues one or more certificates and optionally generates and provides the associated key pairs to the requester without disclosing these certificates and key pairs to the authorizing certificate authority.

Abstract: A data processing system having a processor and a target device processes decorated instructions (i.e. an instruction having a decoration value). A device of the data processing system such as the processor sends transactions to the target device over a system interconnect. The transactions include an indication of an instruction operation, an address associated with the instruction operation, a decoration value (i.e. a command to the target device to perform a function in addition to a primary function of the executed instruction), and access permissions associated with the address. The target device (e.g. a memory with functionality in addition to storage functionality) determines whether a decoration operation specified by the decoration value is permissible based on the received access permissions. The target device performs the decoration operation if appropriate permissions exist.

Abstract: A security zone key is used to secure data traffic/control messages in a multi-hop wireless relay network. In one embodiment, the security zone key is generated by a base station and passed to relay stations and optionally mobile stations that are to be associated with the security zone. A given base station may implement multiple security zones on the wireless network. The members in each zone share a unique group security association. One or more connections may be assigned to a particular security zone. Data traffic/control messages directed to relay stations in a security zone are processed using the security zone key to enable all relay nodes within the security zone to verify the authenticity of the management message and optionally decode the messages.

Abstract: The authentication of identities within a realm in which some identities are authenticated using direct authentication, and some identities are authenticated using federated authentication. Requests for service from valid identities in the realm that are to be authenticated by direct authentication are responded to with a direct authentication interface. Requests for service from valid identities in the realm that are to be authenticated by federated authentication are responded to with a federated authentication interface. Requests for service from invalid identities are responded to pseudo-randomly with either the direct authentication interface or the federated authentication interface.

Abstract: A method, system and computer program product for providing a secure connection between a client and a remote server to run a Virtual Environment (VE), including (a) establishing a repository for VE content on the remote server; (b) creating a data necessary for the VE to function; (c) generating a two key pairs that includes a VE key pair and a client key pair, wherein the VE key pair includes encryption and decryption keys, the client key pair includes decryption and encryption keys corresponding to encryption and decryption keys of the corresponding VE key pair and the two key pairs are used to provide a full duplex secure network channel between the client and the repository; (d) storing the data necessary for the VE to function as the VE content using data from the VE key pair in the repository; (e) receiving the address for accessing the stored data; and (f) from the client side, using the VE address and the client key pair to start the VE from the data necessary for the VE to function.

Abstract: A method and system for a platform-based trust verifying service for multi-party verification. In one embodiment, the method includes a client platform accessing an service provider over a network. Upon accessing the service provider, the client platform receives a request from the service provider for platform measurement and verification. The client platform collects platform information and performs measurement and verification, including performing an integrity manifest comparison. If the integrity manifest comparison indicates a good client platform posture, then the client platform signs the client platform posture and sends an approval notification to the service provider indicating that the client platform has not been compromised. The client platform may then receive the service of the service provider.

Abstract: Systems, methods, and other embodiments associated with row level security for a database table are described. One example method includes detecting an access statement seeking access to a row in a database table for which row level security is active. The method includes adding a predicate to the access statement. The predicate is based on an access control expression associated with the row. The access control expression depends on an instance of an expression data type associated with the row. The method includes populating an attribute of the predicate, and controlling access to the row based on a computed value for the predicate.

Abstract: The present invention provides methods and systems to protect an organization's secure information from unauthorized disclosure. The present system uses protect agents installed across various egress points (e.g., email server, user's computer, etc.) to monitor information disclosed by a user. The present system also provides the use of lightweight fingerprint databases (LFD) to maintain a database of fingerprints associated with the organization's secure data. In one embodiment, the LFD is stored locally at the site of each protect agent such that the organization's secure information can be protected even when a protect agent is disconnected from the network. Methods and systems to compress fingerprints to achieve the lightweight fingerprint databases are also provided.

Abstract: Files received by a mobile device are sampled for malware tracking. The method includes configuring file transfer mechanisms that use short-range communication technology on the mobile device to appear, to other devices, to be open for accepting all attempts to transfer files. The method further comprises intercepting files transferred via the short-range communication technology to the mobile device from another device. The method also comprises quarantining the files transferred to the mobile device and logging identifying information about each of the files quarantined and about the other devices from which each of the files originated. The method further includes providing the logged identifying information for the files received to a security server.

Abstract: There are methods and apparatus, including computer program products, for managing hierarchical reference data. There is a Web page for access by a user, where the Web page includes (i) data representing a hierarchy and (ii) rules defining modifications that are permitted to be made to data. The user is enabled to make a real-time modification to the data based on the rules.