Abstract: A system for software license control is described that is particular useful for use in a virtualized system, such as a cloud computing system. A module can be made available for use within the virtualized network, wherein a license fee is payable for use of the module. The module includes a license file that can be located wherever it is required. In addition, a central license file is provided at an administration node. The central license file is configured such that it can only be operated from that administration node, thereby preventing the copying of that file. The license file operating in the virtual network communicates with the central license file. The central license file controls the use of the licensed module.

Abstract: Apparatuses, integrated circuits, and methods are disclosed for testmode security systems. In one such example apparatus, a data storage is configured to store data. A testmode security system is configured to allow a user to access one or more testmodes of the apparatus at least partially responsive to the data storage not storing sensitive data and disallow the user from accessing the one or more testmodes of the apparatus at least partially responsive to the data storage storing sensitive data.

Abstract: A fully homomorphic method and system for randomizing an input, wherein all computations are over a commutative ring is described. Equivalent methods for performing the randomization using matrices and polynomials are detailed, as well as ways to mix the matrix and polynomial functions. Addition, multiplication, and division of the matrix and polynomial functions is further described. By performing computations of the functions modulo N over a ring ZN, the functions are usable as encryption functions. The method and system can also be used for verifying that a returned result of a calculation performed by a third party is valid for any of the calculations described herein. Related methods, systems, and apparatus are also described.

Abstract: A method and system for detecting and mitigating attacks performed using a cryptographic protocol are provided. The method comprises establishing an encrypted connection with the client using the cryptographic protocol, upon receiving an indication about a potential attack; receiving an inbound traffic from a client, wherein the inbound traffic is originally directed to a protected entity; analyzing application layer attributes of only the inbound traffic received on the encrypted connection to detect at least one encrypted attack; and causing to establish a new encrypted connection between the client and the protected entity, if the at least one encrypted attack at the application layer has not been detected.

Abstract: An apparatus, program product, and method are disclosed for receiving a password entered by a user, the password not conforming to one or more requirements of a password policy, manipulating the password to create one or more compliant passwords conforming to the one or more requirements of the password policy, and presenting a list of the one or more compliant passwords to the user wherein a compliant password is selectable by the user.

Abstract: Methods and apparatus for control of data and content protection mechanisms across a network using a download delivery paradigm. In one embodiment, conditional access (CA), digital rights management (DRM), and trusted domain (TD) security policies are delivered, configured and enforced with respect to consumer premises equipment (CPE) within a cable television network. A trusted domain is established within the user's premises within which content access, distribution, and reproduction can be controlled remotely by the network operator. The content may be distributed to secure or non-secure “output” domains consistent with the security policies enforced by secure CA, DRM, and TD clients running within the trusted domain. Legacy and retail CPE models are also supported.

Abstract: According to an embodiment, a communication device is connected to a key generating device which generates an encryption key. The communication device includes a querying unit, an encryption processor, and a selecting unit. The querying unit is configured to send a query to the key generating device about capability information which indicates capability of the key generating device to generate the encryption key. The encryption processor is configured to implement a plurality of encryption functions. The selecting unit is configured to select, from among the plurality of encryption functions, an encryption function according to the capability information. The encryption processor implements the encryption function thus selected.

Abstract: In validation of an analyzing apparatus, in the case where the system configuration is not standard or where a reference value required for the validation is different from a standard value, the validation work cannot be automatically performed, which requires time and effort. For a validation target analyzing apparatus system, first, a parameter acquiring unit acquires parameters for qualification implementation of the analyzing apparatus system on a basis of an electronically supplied qualification plan document and an electronically supplied qualification implementation procedure manual. Then, a validation executing unit executes validation of the analyzing apparatus system using the acquired parameters for qualification implementation.

Abstract: Methods and circuits for undiscoverable physical chip identification are disclosed. Embodiments of the present invention provide an intrinsic bit element that comprises two transistors. The two transistors form a pair in which one transistor has a wide variability in threshold voltage and the other transistor has a narrow variability in threshold voltage. The wide variability is achieved by making a transistor with a smaller width and length than the other transistor in the pair. The variation of the threshold voltage of the wide variability transistor means that in the case of copies of intrinsic bit elements being made, some of the “copied” wide variability transistors will have significantly different threshold voltages, causing some of the intrinsic bit elements of a copied chip to read differently than in the original chip from which they were copied.

Abstract: An audio/video content delivery system includes a content source linked by an internet data connection to a content receiver, the content receiver configured to receive access-controlled encoded broadcast content from a content source by a separate broadcast data path. The content source includes an encryptor sending encrypted content to the content receiver according to a content encryption key. The content receiver includes: a host module including a decryptor decrypting encrypted content received from the content source; and a removable conditional access module (CAM) including an access control unit decoding the access-controlled encoded broadcast content, the host module and removable CAM configured to provide an encrypted communication link therebetween for decoded access-controlled encoded broadcast content. The content source and the CAM are configured to communicate to establish the key required by the decryptor in the host module to decrypt the encrypted content received from the content source.

Abstract: An example system causes a computer of an information processing device including a restriction unit for restricting use of functions and a handwritten input receiving unit to carry out functions of requesting an input of a handwritten signature, sending, to a server, a result of a handwritten input which has been input in response to the request of the signature input, and receiving the input of authorization information which has been issued by the server that has received the handwritten input result and which shows that the use of the functions is authorized, and moreover cancelling the restriction by the restriction unit when the input of the authorization information is received.

Abstract: A system for authorizing data to be provided to a mobile computing device is provided. The system includes the mobile computing device and a server computer that includes a processor and a memory coupled to the processor, the memory including processor-executable instructions for performing the steps of storing, in the memory, parameters for authorizing data to be provided to the mobile computing device and determining at least one contextual cue associated with at least one of a task to be performed, the mobile computing device, and a user of the mobile computing device, wherein the at least one contextual cue is associated with the parameters. The processor-executable instructions also perform the steps of authorizing data to be provided to the mobile computing device when the at least one contextual cue aligns with the parameters and providing the data to the mobile computing device.

Abstract: A computer uses the information included within a digital certificate to obtain a current date and time value from a trusted source extrinsic to the computer. The computer requests and receives the trusted current date and time value and compares the trusted current date and time value to a validity period included in the digital certificate, to determine if the digital certificate is expired. The information included within the digital certificate specifying an extrinsic source for the current date and time value can be included in an extension of the digital certificate, and the information can specify a plurality of extrinsic sources.

Abstract: Disclosed herein are an apparatus and method for anonymity-based authentication and key agreement capable of providing a communication message binding property. The apparatus includes a signature verification unit and a binding checking unit. The signature verification unit receives a plurality of messages, each carrying a signature including link information of a sender, and verifies the signature of each of the plurality of messages. The binding checking unit, if it is determined by the signature verification unit that the signature is valid, determines whether the plurality of messages has been sent by an identical sender based on the link information of the signature.

Abstract: A method and system for login authentication is disclosed. The method comprises the steps of: sending, by a first client, a first login request to a login server and receiving a mapping relationship between original characters and post-mapping characters returned by the login server according to the first login request; and sending, by a second client, a second login request to the login server according to the mapping relationship, with the second login request including post-mapping information corresponding to user information determined according to the mapping relationship. The solution in the present invention is to realize joint login by two clients, such that even if one of the clients is infected with a computer virus, no particular user information can be obtained through the infected client. Thus, the security of login authentication and the security of user information can be improved.

Abstract: A method of ad-hoc network communications comprises a computer server transmitting a communications session request to a primary logical communications device of a logical ad-hoc communications network. The logical ad-hoc communications network comprises the primary logical communications device and at least one secondary logical communications device that is registered to the primary logical communications device. The communications session request requests a communications session with one of the at least one secondary logical communications devices. Upon receipt of the communications session request, the primary logical communications device transmits to the one secondary logical communications device a session initiate message requesting the one secondary logical communications device initiate the communications session with the computer server.

Abstract: In a memory of non-volatile memory cells, a random number is generated by programming non-volatile memory cells, reading the programmed non-volatile memory cells using a random number read voltage selected in accordance with a characteristic of the non-volatile memory cells to generate random read data, and generating the random number from the random read data.

Abstract: A mechanism for preventing injection attacks of scripting languages is provided. There is a mechanism of transforming user-input data in a scripting language included. The mechanism comprises a step of tracing a script instruction to separate instruction related variables and user-input related variables; and a step of encoding the user-input related variables into data belonging to safe-character-set area which do not include reserved character, and passing the encoded user-input related variables to a statement of the script instruction.

Abstract: The present invention discloses a mobile terminal and an application program login method thereof. The method includes acquiring the to-be-authenticated fingerprint information inputted by a user when the user is required to log into an application program; determining whether the to-be-authenticated fingerprint information is the same as a correct fingerprint information which is locally preset and corresponds to the application program; if yes, then acquiring, according to the identifying fingerprint information, a user name and a password corresponding to the application program from a login information file which is locally preset; and logging into the application program according to the user name and the password. By logging into the application program via fingerprint, the present invention not only ensures the security of personal information, but also allows the user to quickly log into the application program, thereby improving user experience.

Abstract: A system and method for enabling, on any website, a unified user login that supports login through multiple known identity providers and, if necessary, the website's legacy login are disclosed. In one example, the system comprises a login receiver module, an identity provider determination module, a legacy account module, a federated account module and a login module. The login receiver module receives a login request associated with a user identifier. The identity provider determination module determines whether the login request is associated with a known identity provider. The legacy account module performs legacy account creation and/or legacy login verification when the address is not associated with any known identity provider. Otherwise, the federated account module performs federated account creation and/or federated login verification. The login module logs the user into the account responsive to one or more of verification and account creation.