Abstract: Method and apparatus to prevent hacking of encrypted audio or video content during playback. Hackers, using a debugging attachment or other tools, can illicitly access encrypted data in memory in a playback device when the data is decrypted during playback and momentarily stored in digital form. This hacking is defeated here by methodically “poisoning” the encrypted data so that it is no longer playable by a standard decoder. The poisoning involves deliberate alteration of certain bit values. On playback, the player invokes a special secure routine that provides correction of the poisoned bit values, for successful playback.

Abstract: A switcher device comprises a multiplexer coupled in-between at least one input and output cards. The multiplexer detects the presence of an event signal from an activated sink. In response to the detection of the event signal, the switch dynamically switches to a closed position in order to enable the at least one source to authenticate with the input card and the output card to authenticate with the at least one sink for security protocol encryption. In response to the non-detection of the event signal, the switch switches dynamically to an open position in order to disable the at least one source from authenticating with the input card, therefore the output card also does not attempt to authenticate with the at least one sink for security protocol encryption.

Abstract: A technique for providing computer security is described. The technique comprises providing network configuration information on a dynamic network; determining whether the network configuration information meets a criterion; and in the event the configuration information meets the criterion, configuring a decoy associated with the network.

Abstract: According to one embodiment, a storage stores secret data, first identification data, and a first random key. A generation module generates first authentication data from the secret data, first identification data, and second identification data of a removable medium. A first verification module determines whether the first authentication data and second authentication in the removable medium are identical. A second verification module determines whether the first random key and a second random key in the removable medium are identical, if the first and second authentication data are identical. An activation module activates the data processing apparatus if the first and second random keys are identical.

Abstract: An arrangement analyzes a data stream to identify particular token sequences known to be of interest or malware. A preprocessing step organizes the malware tokens into a “graph” in which overlapping token sequences are interconnected with logic splices. The preprocessing is performed only once for a given set of malware targets. The resulting graph can be traversed quickly in runtime operation to identify malware token strings in the data stream.

Abstract: Disclosed are a Radio Frequency Identification (RFID) personal privacy control system and a personal privacy protection method using the same which may dynamically process a privacy level according to peripheral circumstances of an RFID tagged object and an owner of the object, thereby securely protecting personal information associated with the RFID tag. The RFID privacy control server, the RFID privacy control server includes a context-aware information collecting unit to collect at least one context-aware information about a user; a privacy level adjusting unit to adjust a privacy level of the user based on the collected context-aware information; and a privacy control unit to determine, according to the adjusted privacy level, whether access of an RFID reader to RFID tag information is allowed, the RFID tag information corresponding to an RFID tag associated with the user.

Abstract: A switcher device comprises a multiplexer coupled in-between at least one input and output cards. The multiplexer detects the presence of an event signal from an activated sink. In response to the detection of the event signal, a processor changes an address of an HDCP receiver from a first address to a second address for enabling the at least one source to authenticate with the input card and enabling the output card to authenticate with the at least one sink for security protocol encryption. In response to the non-detection of the event signal, the processor changes the address of an HDCP receiver from the second address to the first address for disabling the at least one source from initiating a first authentication with the input card, therefore the output card also does not attempt to initiate a second authentication with the at least one sink for security protocol encryption.

Abstract: A system and method for authenticating a user in a secure computer system. A client computer transmits a request for a sign-on page, the secure computer system responds by transmitting a prompt for a first user identifier, and the client computer transmits a request including a first identifier, a second identifier stored in an object stored at the client computer and a plurality of request header attributes. A server module authenticates the first and second user identifiers, and compares the transmitted plurality of request header attributes with request header attributes stored at the computer system and associated with the first and second user identifiers. If the first and second user identifiers are authenticated, and if a predetermined number of transmitted request header attributes match stored request header attributes, the server software module transmits a success message, and the user is allowed to access the secure computer system.

Abstract: A method for improving the performance of data storage and transmission systems involves applying a transformation to one or a plurality of aligned data segment(s) prior to or subsequent to the execution of data management operations. The transformation effectively reduces the number of bits in the data segment that must be employed by the data management operation processing. Data management operations performed on a data segment may include but are not limited to cryptographic security operations and data comparison operations. Since the computation requirements of data management operations can decrease as the bit lengths of input data decrease, the transformation can reduce the latencies of data management operations in hardware or software. Furthermore, performing the transformation on a data segment does not reduce the number of bits needed to encode the data segment, thus maintaining the alignment of a plurality of data segments.

Abstract: An image processing apparatus includes a request determining unit receiving an operation event indicating a request to use an image processing function and determining whether the request is from a guest user based on the received operation event; a guest login processing unit generating guest login information including a guest user identifier and access right information of the guest user if the request is from the guest user and sending a login request to request a login process for the guest user based on the guest login information; an access control unit disabling access control on the image processing function in response to the login request based on the access right information in the guest login information; and a usage history recording unit recording a usage history of the image processing function in association with the guest user based on the guest user identifier in the guest login information.

Abstract: An apparatus and methods are disclosed for performing peer authentication without the assistance of a human “guard.” In accordance with the illustrative embodiments, a peer is selected from a non-empty set of candidates at authentication time based on one or more of the following dynamic properties: the current geo-location of the user to be authenticated; the current geo-locations of the candidates; the current time; the contents of one or more directories (e.g., a telephone directory, an organizational chart or directory, etc.), the contents of one or more call logs; and the candidates' schedules.

Abstract: Techniques for determining which resource access requests are handled locally at a remote computer, and which resource access requests are routed or “redirected” through a virtual private network. One or more routing or “redirection” rules are downloaded from a redirection rule server to a remote computer. When the node of the virtual private network running on the remote computer receives a resource access request, it compares the identified resource with the rules. Based upon how the identified resource matches one or more rules, the node will determine whether the resource access request is redirected through the virtual private network or handled locally (e.g., retrieved locally from another network). A single set of redirection rules can be distributed to and employed by a variety of different virtual private network communication techniques.

Abstract: A standardized vulnerability score is identified for a particular vulnerability in a plurality of known vulnerabilities, the standardized vulnerability score indicating a relative level of risk associated with the particular vulnerability relative other vulnerabilities. A vulnerability detection score is determined that indicates an estimated probability that a particular asset possess the particular vulnerability and a vulnerability composite score is determined for the particular asset to the particular vulnerability, the vulnerability composite score derived from the standardized vulnerability score and the vulnerability detection score. A countermeasure component score is identified that indicates an estimated probability that a countermeasure will mitigate risk associated with the particular vulnerability on the particular asset. A risk metric for the particular asset and the particular vulnerability is determined from the vulnerability composite score and the countermeasure component score.

Abstract: In one embodiment, the present invention includes a method for creating an instance of a virtual trusted platform module (TPM) in a central platform and associating the instance with a managed platform coupled to the central platform. Multiple such vTPM's may be instantiated, each associated with a different managed platform coupled to the central platform. The instances may all be maintained on the central platform, improving security. Other embodiments are described and claimed.

Abstract: Techniques for determining which resource access requests are handled locally at a remote computer, and which resource access requests are routed or “redirected” through a virtual private network. One or more routing or “redirection” rules are downloaded from a redirection rule server to a remote computer. When the node of the virtual private network running on the remote computer receives a resource access request, it compares the identified resource with the rules. Based upon how the identified resource matches one or more rules, the node will determine whether the resource access request is redirected through the virtual private network or handled locally (e.g., retrieved locally from another network). A single set of redirection rules can be distributed to and employed by a variety of different virtual private network communication techniques.

Abstract: A disclosed method for enabling a seamless authenticated access to an Aggregator's Wi-Fi network includes steps of receiving a request to establish a data session from a mobile device and at a public mobile service provider network, authenticating the mobile device in response to the request to establish the data session, and establishing the data session upon successful authentication. The method further includes steps of receiving an activation key associated with the mobile device from the mobile device and at the public mobile service provider network and recording the activation key against an identification of the mobile device such as a Mobile Directory Number assigned to the mobile device. The activation key is used to generate a password, which is used to authenticate the mobile device request to access the Aggregator's Wi-Fi network.

Abstract: A system is provided for employing an orchestrator to deploy and implement changes to a system. A change request may be a system build, upgrade, and patches for updating a subset of files within the system. The orchestrator may initially perform a security check and a validation check on a received change request. Upon receiving validation and approval, the change request may be deployed and propagated through a series of deployment scopes. The deployment scopes may become increasingly larger to extensively test the applied change before fully implementing the change on the target system. The orchestrator may submit the applied change to a validation component for getting validation of the change within the deployment scope after each applied change within a deployment scope. After the change request has been deployed through the deployment scopes and validated, the change request may be deployed to the target system and fully implemented.

Abstract: A system for facilitating persistent communications between entities in a network. In a specific embodiment, the system is adapted to facilitate fast reauthentication of a client performed by a server, such as an Authentication, Authorization, and Accounting (AAA) server, that is coupled to the client via a load balancer. The system includes a first message to be exchanged between the server and the client, wherein the first message includes a field identifying the server and/or the client. A matching module communicates with or is otherwise incorporated within the load balancer. The matching module includes one or more routines for employing the field to selectively route the first message to the client and/or server. In a more specific embodiment, the server a fast reauthentication module adapted to append the field in the message. The field includes sub-realm information identifying the server.

Abstract: The subject matter discloses a computerized apparatus having a processor configured for providing an access to an authentication token, the authentication token is generated by a remote computing device, wherein a link to the remote computing device is embedded in a message sent to the computerized apparatus. the apparatus comprises a message detecting module configured for detecting the message; a transmitting module configured for sending a request to the remote computing device for receiving the authentication token, wherein the request is according to the link being extracted; a downloading module configured for downloading the authentication token being returned from the remote computing device; a storing module configured for storing the authentication token downloaded by the downloading module in a storage of the computerized device; and an access module configured for accessing the authentication token, stored in the storage, according to predetermined rules.

Abstract: Information processing apparatus (100) ensures confidentiality of encryption and reduces overhead associated with processing not directly related to the encryption. The information processing apparatus (100) includes: application program (A158) that includes an instruction for encryption which uses a key; tampering detection unit (135x) that detects tampering of the program; CPU (141) that operates according to instructions and outputs a direction for encryption upon detecting the instruction for encryption; data encryption/decryption function unit (160) that controls switching to the protective mode according to the direction; and protected data operation unit (155) that stores a key in correspondence with the program, outputs the key in the protective mode, and controls switching to the normal mode, and the data encryption/decryption function unit (160) executes the encryption in the normal mode using the received key.