Abstract: Member profile information for a control set of one or more control members and for a fraudulent set of one or more fraudulent members are obtained. Each member in the control set is at least believed to be legitimate and each member in the fraudulent set is at least suspected of being fraudulent. A test associated with identifying fraudulent members is generated using the member profile information for the control set and for the fraudulent set; the test inputs one or more pieces of member profile information for a member being tested.

Abstract: This disclosure describes techniques for controlling a perceived quality of multimedia sequences to try to achieve a desired constant perceptual quality regardless of the content of the sequences. In particular, an encoding device may implement quality control techniques to associate a sequence segment with a content “class” based on the content of the segment, determine a perceptual quality metric of the sequence segment, and adjust at least one encoding parameter used to encode the segment is encoded such that for the perceptual quality of the sequence segment converges to the desired quality.

Abstract: A unique identifier which substantially prevents product counterfeiting, wherein the unique identifier can be produced in a very cost-effective manner. The unique identifier is suitable not only for use as a product identifier but also for authorization, for example for securing physical or electronic accesses, such as doors, computer programs or the like.

Abstract: Systems and methods are provided for preventing unauthorized modification of an operating system. The system includes an operating system comprised of kernel code for controlling access to operation of a processing unit. The system further includes an enforcement agent executing at a higher privilege than the kernel code such that any changes to the kernel code are approved by the enforcement agent prior to execution.

Abstract: A receiving unit receives authentication information unique to a terminal device with identification information from the terminal device. An authenticating unit authenticates the terminal device based on the authentication information. An acquiring unit acquires setting information for relaying a communication between a plurality of terminal devices, which is associated with the identification information of an authenticated terminal device from the storing unit. A transmitting unit transmits the setting information to the relay apparatus via a number of communication paths determined in advance, which is smaller than the number of terminal devices.

Abstract: According to some embodiments, a registration request is received from a user, the user providing information identifying an account. A transaction database is queried using the information identifying an account, and a set of transactions conducted using the account are identified, each of the transactions having at least one transaction detail field. The set of transactions is presented to said user with at least one of the transaction detail fields being redacted. The user is prompted to provide the at least one of the redacted transaction detail fields, and a determination is made whether to authenticate the user based on a response of the user.

Abstract: A system and method for managing access to a Wi-Fi system include redirecting an access request, comprising a user credential, from a wireless user device to an authentication server, obtaining, from a first database, a list of a plurality of authentication databases from which users may be authenticated, the list including a protocol required for communication with each of the authentication databases, transmitting a request to each of the listed authentication databases using the identified protocol, and permitting the user access to the Internet through the Wi-Fi system if the user is authenticated by at least one of the listed authentication databases.

Abstract: A system is disclosed which facilitates authentication processes with web-enabled wireless devices, including those that do not support the use of cookie files. To facilitate such authentication, a web server analyzes an HTTP request file from a communication device for the presence of security token data. Where none is found, a client is directed to a login page for input of authentication data, such as a user name and password information. Upon proper authentication, the client's communication device is issued a security token using standard HTML-INPUT tags. Thereafter, the web server determines if each additional HTTP request file received from the client includes a security token before responding to the request.

Abstract: An approach to handling integrated security roles is presented. An upstream application includes one or more role-mapping requirements that correspond to an upstream security role and a downstream security role. The upstream security role is expanded by adding an upstream security role identifier in a downstream application's role-mapping table or by adding upstream user-to-role mappings to a downstream application's role-mapping table. When an upstream security role is expanded, a user assigned to the upstream security role automatically has access to role-mapped downstream applications.

Abstract: An integrated circuit including a multiplication function configured to execute a multiplication operation of two binary words x and y including a plurality of basic multiplication steps of components xi of word x by components yj of word y is described. The multiplication function of the integrated circuit is configured to execute two successive multiplications by modifying, in a random or pseudo-random manner, an order in which the basic multiplication steps of components xi by components yj are executed.

Abstract: Embodiments of the present invention are directed toward authentication systems, devices, and methods. Obfuscated executable instructions may encode an authentication procedure and protect an authentication key. The obfuscated executable instructions may require communication with a remote certifying authority for operation. In this manner, security may be controlled by the certifying authority without regard to the security of the electronic device running the obfuscated executable instructions.

Abstract: A packetized transport stream for protecting viewing content from unauthorized access and methods for manufacturing and using same. The transport stream includes a plurality of content frames, each having a frame header and a frame payload. Each frame header includes information for handling the content frame; whereas, the frame payload includes selected viewing content for which protection from unauthorized access is desirable. By encrypting only the frame payload, the header remains unencrypted and can be applied to prepare the encrypted frame payload for presentation. The viewing content thereby can be stored in an encrypted format and can be decrypted on-the-fly as the viewing content is needed for presentation. The combination of the unencrypted frame header and the encrypted frame payload advantageously enables the viewing content to be protected against unauthorized use, copying, and dissemination without impairing the presentation of the viewing content.

Abstract: In an embodiment, a server determines to update at least one group session key (GSK) parameter for a given multicast group, the at least one GSK parameter configured to permit encryption, decryption and/or authentication of multicast messaging exchanged between members of the given multicast group during a multicast communication session. The server sends a notification to a plurality of multicast group members of the given multicast group that an update of the at least one GSK parameter for the given multicast group is available. At least one of the multicast group members receives the notification and sends a provisioning request to retrieve the updated at least one GSK parameter, the provisioning request including information specific to the given multicast group member. The server generates and encrypts the updated at least one GSK parameter and sends the encrypted at least one GSK parameter to the at least one multicast group member.

Abstract: A system, method, computer program product, and carrier are described for obtaining a resource authorization dependent upon apparent compliance with a policy of causing an emulation environment to isolate a first software object type from a second software object type and signaling a decision whether to comply with the policy of causing the emulation environment to isolate the first software object type from the second software object type.

Abstract: The invention concerns a terminal (T) comprising an agent (AS) for processing a secure content encrypted with a key (KCN) and transmitted by a first server (SCN). In order to manage a secure access to the secure content, an application (AG) of a portable communicating object, such as a chip card, associated with a terminal stores one type of related digital right (TDN) and a certificate and transmitted by the agent and stores an access right (DA) and the key (KCN) related to the secure content transmitted from a second server (SAD). The application adapts the access right and the key and modifies the secure content, based on the type of right, and produces a secure access file based on the adapted access right and the key and on the certificate, the produced file being accessible by the terminal so that the agent may process the modified content.

Abstract: In one embodiment, an antivirus uses a secure call path that includes an antivirus system call table containing a reference to an operating system kernel routine. The call path may also include an antivirus device driver that has access to the antivirus system call table. The antivirus may send a service request to the operating system kernel routine by way of the call path to perform file manipulations for virus scanning, for example. Advantageously, the call path gets around possible rootkit infestations.

Abstract: A method for verifying the authenticity and integrity of an ordered sequence of digital video frames, without having access to the original recording, by embedding therein a respective series of digital signatures based on a secret key, or keys, and on the video content of respective frames. Signatures are camouflaged by embedding in transform coefficients of a transformed representation of the video data in parts of the frame corresponding to motion. If there is sufficient motion to contain all of the signature bits, a supplementary technique embeds in high-texture areas of a frame. A final fall-back is to embed in a pre-defined default zone. A method of predicting when supplementary embedding is needed enables the process to be applied in a single pass allowing real-time operation. Verification is done during decoding by comparing, for identity, embedded signatures with signatures calculated anew using the method employed to embed.

Abstract: A system and method is provided to facilitate secure communications for a server-application executing on a resource-constrained device. A request, from a client application executing on a client device to access a server application executing on the resource-constrained device is received on an application-specific secure port of a resource-constrained device. The request is authenticated using a security token stored in an application context of the server application. The authentication is performed by a transport security layer protocol executing within the application context of the server application. The security token is specific for the server application. A secure connection is established directly between the secure port and the client application upon the authentication being successful.

Abstract: A method of protecting an integrity of a data processing system. The method comprises determining (902) a data string to be protected, an integrity of the data string being an indication of the integrity of the data processing system. Computing (904) a set of parameters representing a predetermined data processing function, using a redundancy in the set of parameters to incorporate the data string into a bit representation of the set of parameters. Enabling (906) the system to process data according to the set of parameters. The set of parameters represents at least part of a cryptographic algorithm including a cryptographic key. The set of parameters represents a network of look-up tables. The network of look-up tables comprises a plurality of look-up tables of a white-box implementation of a data processing algorithm. The data processing algorithm comprises a cryptographic algorithm.

Abstract: Methods and system for behavioral sandboxing are described. In one example embodiment, a system for behavioral sandboxing can include a network and a computer. The network communicatively coupled to a source of an executable application. The computer communicatively couple to the network and including a behavioral analysis module and a plurality of execution environments. The behavioral analysis module is configured to perform behavioral analysis on the executable application downloaded over the network. The plurality of execution environments including a standard execution environment and a protected execution environment. The behavioral analysis module is configured to evaluate a plurality of behavioral characteristics of the executable application to determine whether the executable application should be executed within the protected execution environment prior to execution of the executable application.