Abstract: an apparatus comprises a data display unit which causes a display device to output display data that indicates a drawing screen complying with the display request, a reliability decision unit which decides a legality of a transmission source of the display request, and which makes an output request for information capable of confirming a reliability of the display data that the data display unit causes the display device to output, on the basis of a result of the decision, and an output unit which outputs the information capable of confirming the reliability of the display data as complies with the output request from the reliability decision unit, separately from the display data that is caused to be outputted by the data display unit.

Abstract: The invention, at the first frame, records the background, as the threshold of detection-constant image with the predeterming minimum threshold, and with each subsequent frame, corrects the background and threshold with formulas while producing the adaptation of a renewal-constant in each pixel depending on the presence of the detected object, defines the difference between the current frame and background, compares it with the threshold, combines elements exceeding a threshold into detection zones, performs rejection of the detection zones, divides the zones in order to separate shadows, forms a tracking zone, searches already-detected segment of objects, forming clusters of the tracking zones. The coordinates of the obtained rectangles are assumed as the coordinates of the objects located in the frame.

Abstract: A computer system can be configured to identify when it has been infected with or otherwise compromised by malware, such as viruses, worms, etc. In one implementation, a computer system receives and installs one or more decoy contacts in a contact store and further installs one or more malware reporting modules that effectively filter outgoing messages. For example, a malware reporting module can redirect messages with a decoy contact address to an alternate inbox associated with the decoy contact. The same malware reporting module, or another module in the system, can also generate one or more reports indicating the presence of malware, either due to detection of the decoy contact address, or due to identifying messages in the decoy contact inbox. The host computer system that sent the message to the decoy contact can then be flagged as infected with malware.

Abstract: Releasing pending messages is provided. An electronic message is received via a network from a sending client device. The electronic message includes a request to place the electronic message in a pending file and an authorization to release data. The electronic message is placed in the pending file and the authorization to release data is stored in a storage device. An authorization is received to release the electronic message from the pending file. Then, it is determined whether the authorization to release the electronic message matches the stored authorization to release data. In response to determining that a match is found, the electronic message is released from the pending file. Then, the released electronic message is sent to a receiving client device via the network.

Abstract: An authenticating system according to the present invention has a characteristic structure of which an authenticating section 32 of a note type PC 10 and an authenticating section 42 of a battery 20 are directly connected through I/O ports 51 and 61, respectively. Thus, the authenticating system according to the present invention can be relatively easily accomplished using a conventional system. The present invention can be applied to a system that is composed of a plurality of electronic devices that perform an authenticating process.

Abstract: A method and system for protecting users from accidentally disclosing personal information in an insecure environment. In one embodiment, the method includes monitoring I/O device input data associated with a guest operating system on a virtualization platform. The guest operating system has less privilege than a privileged operating system on the virtualization platform. The method further includes determining whether the I/O device input data corresponds to personal information of a user, and delaying or blocking the transfer of the I/O device input data to the guest operating system if the I/O device input data corresponds to the personal information of the user.

Abstract: A security zone key is used to secure data traffic/control messages in a multi-hop wireless relay network. In one embodiment, the security zone key is generated by a base station and passed to relay stations and optionally mobile stations that are to be associated with the security zone. A given base station may implement multiple security zones on the wireless network. The members in each zone share a unique group security association. One or more connections may be assigned to a particular security zone. Data traffic/control messages directed to relay stations in a security zone are processed using the security zone key to enable all relay nodes within the security zone to verify the authenticity of the management message and optionally decode the messages.

Abstract: When image data is outputted in a special image processing apparatus which has printed confidential data before, a server confirms whether the user who has instructed output is a permitted user or an unpermitted user. If the user is a permitted user, the server permits printing. If the user is an unpermitted user, the server confirms whether a predetermined period has elapsed after the special image processing apparatus was used last. If the predetermined period has elapsed, the server permits printing. If the predetermined period has not elapsed, the server restricts output by stopping printing or by document filing for storing image data. Thus, by restricting use by an outside user, leakage of confidential data is prevented.

Abstract: Claim based identities are transformed to a set of credentials and securely stored in a secure data store using a number of encryption schemes. The credentials are then used to authenticate applications requiring specific credential types. For each call to the secure store system, a client application may provide a claims token issued by a trusted source, which is used to search for corresponding credentials in the secure data store if the credentials have been created previously for the user.

Abstract: Managing user access to application-specific capabilities of a system includes maintaining data correlating application-specific capabilities for each of the applications of the system, where the application-specific capabilities of different applications are independent of each other. Managing user access also includes maintaining data correlating user identifiers with user roles, maintaining data correlating user roles with application-specific capabilities, and managing the data using a security module that accesses the data correlating application-specific capabilities, data correlating user identifiers, and the data correlating user roles. The system may have a plurality of tenants and wherein each of the tenants subscribes to one or more of the applications. Each of the users may correspond to a particular one of the tenants. Each tenant may subscribe to a particular set of applications/features.

Abstract: A data processing device for processing stream data composed of a plurality of frames generated with encoded contents data, which includes a protected storage unit for storing data, being protected from external access, a non-protected storage unit for storing data, a receiving unit for receiving stream data, a separating unit for separating the stream data into protected data including frames necessary for decoding of other frames, and non-protected data not including frames necessary for decoding of other frames, and storing the protected data in the protected storage unit and storing the non-protected data in the non-protected storage unit, and a combining unit for restoring the stream data by combining the protected data stored in the protected storage unit and the non-protected data stored in the non-protected storage unit.

Abstract: A record/reproduction apparatus capable of performing record-reproduction with high definition and standard definition appropriately records information, and includes: at least one of a display unit and an output unit to an external display device; a hard disk drive; and a disc drive corresponding to record-reproduction using a disc for record-reproduction in a high definition mode and a disc for record-reproduction in a standard definition mode. With the configuration, the record/reproduction apparatus performs a display on the display unit in the high definition mode or a display-output to the output unit in the high definition mode at activation, recognizes one of the hard disk drive and the disc drive as a record medium after the display-outputting, and sets a record mode to one of the hard disk drive and the disc drive based on a result of the recognition.

Abstract: An anti-attacking method for a private key is provided. The method includes using a plurality of storage areas for storing the same security information. The method also includes selecting one of the storage areas as a currently-used storage area for accessing the security information and synchronously updating the security information stored in the other storage areas while updating the security information stored in the currently-used used storage area when generating a digital signature by using a signature rule and the private key. The method further includes selecting one of the other storage areas as the currently-used storage area for correctly accessing the security information when detecting an attack on the security information stored in the currently-used storage area during generation of the digital signature. Therefore, it is possible to prevent the attacker from stealing the private key.