Abstract: According to embodiments of the present invention, host platform device includes an embedded firmware agent that may detect an attempt by the host platform device to fully connect to a network. The firmware agent may restrict traffic between the host platform device and the network to bootstrap traffic, test the device to determine device vulnerability, may temporarily stop access to other peripheral devices, and transmit a report of the device vulnerability to a remote policy server. After the test(s) are performed, the firmware agent may receive an indication from the remote policy server as to whether the device is permitted to fully connect to the network and, if so, whether there are any further restrictions on traffic flow, for example, and if the peripheral device access may be allowed.

Abstract: Disclosed is a graphics processing unit comprising an instruction decoder and sum-of-absolute-differences (SAD) accleration logic. The instruction decoder is configured to decode a SAD instruction into parameters describing an M×N and an n×n pixel block in U,V coordinates. The SAD accleration logic is configured to receive the parameters and compute SAD scores. Each SAD score corresponds to the n×n block and to one block contained within the M×N pixel block and horizontally offset within the n×n block. Also disclosed is a GPU comprising a host processor interface receiving video acceleration instructions and a video acceleration unit. The unit is responsive to the instructions and comprises SAD accleration logic configured to receive the parameters and compute SAD scores. Each SAD score corresponds to an n×n pixel block and to one block contained within an M×N block and horizontally offset within the n×n block. M, N, and n are integers.

Abstract: Methods and systems for handling on an electronic device a secure message to be sent to a recipient. Data is accessed about a security key associated with the recipient. The received data is used to perform a validity check related to sending a secure message to the recipient. The validity check may uncover an issue that exists with sending a secure message to the recipient. A reason is determined for the validity check issue and is provided to the mobile device's user.

Abstract: In one or more embodiments, a license associated with a first piece of content can grant rights with respect to a second and/or additional pieces of content. That is, language that is included in a first license can express a policy that is interpreted by a client-side device. This policy can establish rights with respect to additional pieces of content. Accordingly, policy enforcement with respect to licensed content can take place on the client-side device and can establish how different content is to be played relative to one another.

Abstract: An exemplary graphics processing unit (GPU) comprises a decoder and a video processing unit. The decoder is configured to decode a first and a second deblocking filter acceleration instruction. The first and second deblocking filter instructions are associated with a deblocking filter used by a particular video decoder. The video processing unit is configured to receive encoded by the deblocking filter acceleration instructions, and to determine first and second memory sources specified by the received parameters as one of a plurality of memory sources located on the GPU. The video processing unit is further configured to load a first block of pixel data from the first memory source, and to apply the deblocking filter to the first block of pixel data, and to load a second block of pixel data from the second memory source, and to apply the deblocking filter to the second block of pixel data.

Abstract: The music data (output-prohibited music data) downloaded to the client terminal 2 cannot be output until it is formally purchased. In addition, this music data can be reproduced only while the user of the client terminal 2 is being registered to pay the predetermined fixed charges. Therefore, this prevents from hurting the interests of copyright owners or the like. And the client terminal 2 can acquire music data more efficiently, since it does not have to repeat a process of downloading music data.

Abstract: A method of generating a pair of public key and secret key, includes the steps of selecting a public key; selecting a secret key; computing a heavy prime number in responsive to the public key and the secret key; factoring the heavy prime number by selecting first and second prime numbers in condition that a sum of said first and second prime numbers equals to the heavy prime number; and pairing the secret key with the public key in term of the heavy prime number as a bridge to generate a unique combination between the secret key with the public key. Therefore, the secret key is definitively undetermined by conjecturing the public key even though the public key is known.

Abstract: The present invention provides a system and methods for computer user profiling based on behavioral biometrics. The approach consists of establishing distinctive profiles for computer users based on how they use a motion-based input device such as, but not limited to, a mouse and/or a keyboard. The profiles computed in the present invention are more accurate than those obtained through the traditional statistical profiling techniques, since they are based on distinctive biological characteristics of users.

Abstract: A wireless mesh network provides secure communication by encrypting data using one or more encryption keys. A configuration device in communication with a security manager of the network provides a temporary secure communication path between the security manager and a new field device to be added to the mesh network. Cryptographic material and other configuration data can then be transferred between the security manager of the network and the new field device securely via the configuration device.

Abstract: A group management apparatus which manages a group in which one or a plurality of information processing apparatuses connect to each other by wireless communication detects the position of an information processing apparatus and determines whether the information processing apparatus exists in a predetermined range. When determining that the information processing apparatus exists in the predetermined range, the group management apparatus notifies the information processing apparatus of an encryption key to be used in the group. Upon detecting, based on the position detection result, that the number of information processing apparatuses existing in the predetermined range has changed, the group management apparatus updates the encryption key.

Abstract: Provided is a method, medium and system for storing image data for fast memory access. The method includes setting a storage range over neighboring macroblocks of a macroblock to allow for storage with the macroblock in a storage region of a memory, and storing first image data of the macroblock and second image data corresponding to the storage range over the neighboring macroblocks in the storage region of the memory, wherein the second image data includes data of portions of the neighboring blocks that fall within the storage range.

Abstract: A protocol for providing secured IO device and storage controller handshake protocol; IO device controlled cipher settings, and secured data storage and access in memory. An IO device requesting data transfer with encryption and/or decryption, requests session keys from the processor. The processor generates a fresh public-private key pair for the session. The public key is sent to the requesting IO device; the private key is momentarily saved by the processor for the session. The requesting IO device generates a secret key and its desired cipher setting; furthermore, encrypts the secret key and cipher setting using the public key, and sends secret key and cipher setting to the processor. The processor uses the private key to decrypt the secret key and cipher setting. The cipher setting is used for configuring the data processing core. The secret key is used for encryption and/or decryption of the data being transferred. All keys are not permanently saved.

Abstract: A system and method for protecting sensitive information, for example, a user's personal information, stored on a database where the information is accessible via a communications network such as the Internet. An exemplary embodiment stores the sensitive information on an off-line server. The off-line server is connected to an on-line server. The on-line server is connected to the user via the Internet. The user interfaces with the on-line server, and at a scheduled time window, the sensitive information is made available to the on-line server by the off-line server. Outside of the time window, none of the sensitive information is kept on the on-line server. Thus by placing the sensitive information on-line for only limited periods of time the risk of compromise to the sensitive information is greatly reduced.

Abstract: One embodiment of the present invention provides a system that facilitates dynamically providing privacy-policy information to a user to facilitate compliance with privacy laws. The system operates by receiving a request from the user to access digital content at a client. Upon receiving a request, the system sends a notification to a server, including information about the request. Next, the system receives a response from the server at the client, wherein the response includes privacy-policy instructions. Alternatively, the response could include the entire privacy policy. The system then allows the user to access the digital content at the client in accordance with the privacy-policy instructions.

Abstract: A method and system for verifying identification of an electronic mail message. An electronic mail message including a signature and a key is received, the signature identifying a domain from which the electronic mail message originated and the key for verifying the signature. A key registration server of the domain is accessed to verify the key. The key registration server provides for verifying that a key used to sign an electronic mail message is valid and that the sender is authorized by the domain to send the electronic mail message from the return address.

Abstract: A method and system for continuously serving the authentication requests of networked computers is disclosed. The authentication requests of computers are served and the services for the computers are reserved for a predefined time interval. The authentication service for a computer is reserved by an authentication server, which receives authentication requests of the computer.

Abstract: The present invention relates to a policy resolution method and system, access network and terminal device for enabling modular network-assisted policy resolution, wherein the policy resolution is divided into separate stages each handling specific types of trigger events and performing specific types of policy actions. The separate stages are processed in a chronological order during a policy resolution round, and trigger events which occur during a policy resolution round are frozen until the start of the next policy resolution round. Thereby, modular policy resolution with reduced delays and oscillations can be achieved. Moreover, policy processing can be divided into a policy decision point functions in the network and a policy enforcement point function in the network or terminal device, so that terminal resources used for policy resolution can be saved.

Abstract: Security information such as fixed or dynamically received camera location information, laser signature information, timestamp information, and network information, may be used to secure the transport and storage of surveillance video. Where the surveillance video is to be transported on a communication network, the round trip time from a video data storage server to the surveillance camera and back to the video data storage server may be monitored and periodically added to the secured video data. By checking to see whether the round trip time has changed, it may be possible to determine whether the video has been tampered with. The secured video data may also be transported over two or more paths on the network to two or more video data storage servers so that redundant copies may be stored at different primary locations. By comparing copies of the data, alteration of one of the copies may be detected.

Abstract: An authentication system is provided that includes a portable device and a decryption node. An individual uses the portable device, such as a portable device like a cell phone to compute a challenge and a response. The challenge and response is sent to a decryption node. In response, the decryption node computes a presumed response and compares the presumed response to the response of the portable device, in order to authenticate the individual associated with the portable device.

Abstract: A method of storing data that is accessible by a specific user includes issuing authentication information for confirming that a user other than the specific user has a right to use a storage area that is temporarily available within a data processing device, obtaining a data registration request sent from a terminal operated by the other user and the authentication information issued, registering data sent from a terminal of the other user in the storage area that is temporarily available, when the authentication information obtained in the obtaining step is confirmed as valid, and storing data registered in the storage area that is temporarily available, in the storage area to which an access right is given to the specific user.