Abstract: A customer server receives a client request to access protected resources over the Internet. First factor authentication is performed and if it is successful a vendor authentication engine is invoked to undertake second factor authentication. The results of the second factor authentication are returned to the customer server, which grants access only if both first and second factor authentication succeeds.

Abstract: The present invention relates to security systems for communication networks. More precisely, the invention relates to a method for generating a shared key between a first node (D1) and a second node (D2) for secure communication in a network (1), the first node storing a first node keying material share based on a root keying material and the method comprising the following steps: a) the first node receiving an identifier of the second node, b) the first node evaluating the first node keying material share at a second node's identifier, to generate the shared key, wherein the first node keying material share is a polynomial-based keying material over a finite field Fq and step b) comprises: b1) the first node applying a Horner's rule to factorize the first node keying material under the form of a combination of monomials, b2) the first node computing the result of each monomial operation by evaluating at a predetermined point a polynomial of degree r?1 with coefficients in a sub-field of Fq.

Abstract: A driver management apparatus is installed in a system including an image forming apparatus and plural information processing apparatuses. The driver management apparatus sends the information processing apparatus a driver for the image forming apparatus with a first key incorporated. The driver is so set that printing processing conditions whose designation with the information processing apparatus is prohibited cannot be designated. Further, the driver management apparatus sends the first key to the image forming apparatus. The information processing apparatus uses the driver sent by the driver management apparatus to generate print data and encrypts the generated print data using the first key incorporated into the driver, and sends the encrypted print data to the image forming apparatus.

Abstract: A method and apparatus for preventing illegal reuse of Digital Right Management (DRM) content in a portable terminal is provided. The method includes performing user authentication when there is an attempt to restore a Right Object (RO) backup file, and identifying information on the RO backup file to be pre-restored in a terminal, and determining if the RO backup file can be restored according to the identified information.

Abstract: Embodiments of the invention described herein are directed to a mechanism for determining whether at least one operation will be effective in view of at least one security policy. In exemplary implementations, determining whether at least one operation will be effective in view of at least one security policy may comprise determining a merged security policy for a computer system by merging security policies for the computer system from two or more sources. The security policies may be security policies set by a user and/or an administrator of the computer system, may be security policies of a computer network to which the computer system is connected, or may be security policies of one or more other computer systems that are above the computer system in a computer network hierarchy.

Abstract: The disclosed technology provides a system and method of synchronizing cryptographic operation between a transmitter and a receiver. A transmitter can communicate encrypted data to a receiver according to a first communications protocol, and communicate a transmitter number and a portion of the encrypted data to the receiver according to a second communications protocol. The receiver can be in communication with a memory space containing locations that are each associated with an encrypted data and that can contain a previous receiver number. The receiver can receive transmitted encrypted data and an associated transmitter number and can search the memory space to find a location wherein the encrypted data associated with the location is entirely, or in part, the same as the transmitted encrypted data. When such a location is found, the receiver can compare the transmitter number with the previous receiver number stored in the location.

Abstract: A system, method, and computer program product are provided for performing an analysis on a plurality of portions of potentially unwanted data each requested from a different device. In use, a detection of potentially unwanted data (e.g., potentially malicious data) is identified based on a first analysis. Additionally, receipt of a plurality of portions of the potentially unwanted data is requested, where each of the plurality of portions is requested from a different device. Further, a second analysis is performed on the plurality of portions of the potentially unwanted data for determining whether the potentially unwanted data is unwanted (e.g., malicious).

Abstract: A multi-hop wireless network system and an authentication method thereof, wherein during initial mutual authentication between multi-hop nodes and a multi-hop wireless network, a shared key is acquired for hop-by-hop mutual authentication between the multi-hop nodes using a centralized authentication scheme. Using the acquired shared key, distributed authentication between the multi-hop nodes is performed.

Abstract: In some embodiments, techniques for data security may include encoding and decoding unreadably encoded data, such as data encrypted with a public key or tokenized. In some embodiments, techniques for data security may include distributing an encrypted private key. In some embodiments, unreadable data may be encrypted and/or decrypted using time-varying keys. In some embodiments, techniques for data security may include combining information and a policy, and encoding the combined information and policy, wherein encrypting the combined information and policy is performed using a public key, or via tokenization. In some embodiments, techniques for data security may include receiving data, wherein the data has been encoded, decoding the data, determining a first datum and a second datum, wherein the first datum and the second datum are associated with the decoded data, and determining a policy, wherein the policy is associated with the first datum.

Abstract: High-performance data encryption/decryption server and method for transparently encrypting/decrypting data. System and method for encryption and/or decryption cryptographic services that have applicability small and large databases and especially to encryption and/or decryption of bulk data. Method for transparently applying a cryptographic operation to application-specific data. Encryption server for transparent encryption and decryption of application specific data. Method for transparently encrypting application specific data. Computer program stored on a computer readable media for modifying the operation of a computer process implementing a method for transparently encrypting application specific data. System and appliance for transparently encrypting application specific data. System for transparently applying a cryptographic operation to application-specific data.

Abstract: A peer-to-peer communication method for NFC is provided. A link-level security is started by exchanging a link-level security request and a link-level security response between an initiator terminal and a target terminal, then transmission data are encrypted at link-level security layers of the initiator terminal and the target terminal, and the encrypted data are exchanged between the initiator terminal and the target terminal. The link-level security is released by exchanging a link-level security release request and a link-level security release response between the initiator terminal and the target terminal.

Abstract: A system, method, and computer program product are provided for allowing a non-chargeable event based on an authorization thereof. In use, an instruction to authorize events is received from an event threshold module based on a determination that an event threshold has been met. Additionally, in response to the instruction, a request is sent to an event processor to authorize an event, where the authorization is based on a determination of whether the event is chargeable or non-chargeable. Further, the event is allowed if the event is authorized by the event processor.

Abstract: A motion compensation method and apparatus that sequentially use global motion compensation and local motion compensation, a video decoding method, a video encoder, and a video decoder are provided. The motion compensation method includes extracting global motion information of a reference block, performing global motion compensation by applying the extracted global motion information to the reference block, extracting local motion information of the global motion-compensated reference block, and performing local motion compensation by applying the local motion information to the global motion-compensated reference block.

Abstract: A method for authenticating communication traffic includes receiving an initial incoming message, sent over a network from a source address to a destination address. In reply to the initial incoming message, an outgoing message containing an encoded token is sent to the client. Upon receiving a number of further incoming messages from the source address containing the encoded token, delivery of one or more of the further incoming messages to the destination address is inhibited when the number exceeds a predetermined threshold.

Abstract: A host firewall can determine and consider whether unsolicited traffic is inbound from beyond the edge of the network and allow or block such traffic based at least in part upon this characteristic. In one implementation, an edge traversal parameter can be set on a host firewall rule, which typically includes other parameters such as port, protocol, etc. If the unsolicited traffic received via an edge traversal interface matches a host firewall rule that has the edge traversal criterion, then the firewall does not block the traffic. On the other hand, if the unsolicited traffic received via an edge traversal interface fails to satisfy the edge traversal criterion on any firewall rule, then the firewall blocks the traffic.

Abstract: An IC card is recognized by an IC card reader. Data is obtained from the recognized IC card. Card ID included in the obtained data is compared with card ID stored in a user registration information DB. If it is determined that the same card ID exists, an IC card issue count included in the obtained data is compared with an IC card issue count stored in the user registration information DB, and it is determined whether the counts are the same. If it is determined that the issue counts are not the same, a PIN code entry window appears so that the entered PIN code is compared with a PIN code in the user registration information DB. If it is determined that the PIN codes are the same, authentication success is displayed.

Abstract: Certification/verification of authenticity and integrity of a digital document can be achieved, using meta information and content information and third-party certification thereof is achieved.

Abstract: An EAP-based authentication framework is provided that decouples credential acquisition from EAP methods that use credentials for authentication. An application may request from an EAP method parameters of credentials required by the EAP method. In response, the EAP method provides credential parameters, which may then be used by the application to acquire credentials consistent with the parameters from the user or other entity. The framework enables an application to request credentials in a context specific way. In addition, the application may simultaneously obtain credentials used in multiple authentication operations through a single user interface, or retain credentials for later use without further prompting a user such that a Single Sign-on user experience may be implemented. Additionally, the application can obtain credentials from a device so that the device may gain network access without requiring a user logon.

Abstract: Obscuring cryptographic computations may be accomplished by performing modular exponentiation of an exponent in a cryptographic computation such that memory accesses are independent of the exponent bit pattern, thereby deterring timing attacks.

Abstract: An industrial automation proxy server comprises an interface that receives data related to legacy software, where the data is associated with a legacy protocol. Additionally, the industrial automation proxy server includes a protocol transformation component that converts the data associated with the legacy protocol to a disparate protocol. Furthermore, the industrial automation proxy server can include a routing component that redirects the data to a remote device over an internet connection.