Abstract: Provided are a harmful site collection device and method for determining a harmful site by analyzing a connection between harmful sites. The harmful site collection device includes a harmful site database configured to store a URL of a harmful site; a web page collection and extraction unit configured to collect a web page indicated by the URL of the harmful site and extract a linked URL; and a harmful site connection analysis unit configured to calculate a connection with other web pages referenced within a web page of the linked URL to determine whether the web page is a harmful site. Accordingly, the harmful site collection device can determine a harmful site more easily only with information regarding the URL linked to the web page.

Abstract: Provided are a harmful site collection device and method for determining a harmful site by analyzing a connection between harmful sites. The harmful site collection device extracts a URL linked to a web page of a harmful site; checks a link circulation on the basis of link information on a web page of the URL linked to the harmful site to determine whether the web page of the URL linked to the harmful site is a harmful site; and, when a URL of a prestored non-harmful site is extracted while the link circulation is checked, stops checking the link circulation that includes the URL of the non-harmful site. Accordingly, the harmful site collection device can more easily determine a harmful site merely with information on a URL linked to a web page and can reduce the amount of computation using information on a URL of a prestored non-harmful site.

Abstract: A content management system manages documents such that a document is received and stored in the content management system. Access privileges (e.g., an Access Control List) to the document are defined for one or more users of the content management system. An occurrence of a document life cycle event with respect to the document is detected and a distribution list is generated for notifying the one or more users of the document life cycle event based on the access privileges of the one or more users.

Abstract: A cryptographic system comprises a white-box implementation of a function; an implementation of a cryptographic algorithm; and an implementation of a combining operation for establishing cryptographically processed data in dependence on an outcome of the function and in dependence on an outcome of the cryptographic algorithm. The combining operation comprises combining an outcome of the cryptographic algorithm with an outcome of the function. Alternatively, the combining operation comprises combining an outcome of the function with a received data element to obtain a combination outcome and applying the cryptographic algorithm to the combination outcome.

Abstract: Provided is a network equipment and an authentication and key management method for the same. The network equipment generates a Network Key (NK); the network equipment performs authentication protocol interaction with opposite communication equipment, and calculates a Basic Session Key (BSK) according to parameters for the authentication protocol interaction and the NK; and the network equipment calculates link Encryption Keys (EKs) used respectively for Media Access Control (MAC) and Physical (PHY) layers using various access technologies according to the BSK, and provides the EKs for respective MAC and PHY layer function modules. With the disclosure, the legality of the equipment is verified by performing an authentication process on the heterogeneous network equipments in one pass, and keys in various MAC layer technologies are managed in a unified way.

Abstract: A content management system manages documents such that a document is received and stored in the content management system. Access privileges (e.g., an Access Control List) to the document are defined for one or more users of the content management system. An occurrence of a document life cycle event with respect to the document is detected and a distribution list is generated for notifying the one or more users of the document life cycle event based on the access privileges of the one or more users.

Abstract: An interactive streaming media and application service provider system can securely stream high resolution, multiple formats of video and data. Different data sets can be included in a single stream. A rights management system controls matrix manipulation and other aspects of user control of the data, including one or more of rendering in various different 2D, 3D, or other media formats, reconstruction and modeling, zooming, frame grab, print frame, parental controls, picture in picture, preventing unauthorized copying, adapting to different data transmission formats, adapting to different resolutions and screen sizes, and actively control functionality contained in embedded data, encryption/decryption. Control can be exerted by an external entity through a user-side virtual machine. Control codes can optionally be embedded in the media, embedded in the user's device, and/or sent separately to the device.

Abstract: A secure activity workspace including a monitoring device connected to a power source and a managed router and a monitoring router connected to a communication channel, and the managed router and a power source wherein the monitoring device controls the managed router.

Abstract: A secret sharing system transforms shares in ramp secret sharing to shares in homomorphic secret sharing. On a data distribution apparatus, a division part divides information a into N shares fa(n) using an arbitrary ramp secret sharing scheme S1. On each of distributed data transform apparatuses, a random number selecting part generates a random number vector ri whose elements are L random numbers ri1. A first random number division part divides the random number vector into N shares fri(n) using a ramp secret sharing scheme S1. A second random number division part divides each of the L random numbers ri1 into N shares gri,1(n) using an arbitrary secret sharing scheme S2. A disturbance part generates a share Ui by using a share fa(i) and shares fr?(i). A reconstruction part reconstructs L pieces of disturbance information c1 from shares U? by using the ramp secret sharing scheme S1.

Abstract: A system and computer based method are provided for identifying active content in websites on a network. In one aspects, a method for classifying web content includes determining a first property associated with static content of a web page, determining a second property associated with the content of the web page based at least in part on active content associated with the web page, evaluating a logical expression relating the first property and the second property, at least in part by evaluating whether a constant value matches at least a portion of the content of the web page, associating the web page with a category based on a result of the evaluation, and determining whether to allow network access to the web page based on the category.

Abstract: A method for calculating a partial risk score for a data object may include identifying a request to calculate a partial risk score for a data object, the request including a partial risk score filter, and the data object being associated with one or more policies. The method may further include for each policy associated with the data object, determining whether characteristics associated with the policy match a parameter in the partial risk score filter, and when the characteristics associated with the policy match information in the partial risk score filter, including a data object risk score associated with the policy in the partial risk score for the data object.

Abstract: A method, an apparatus, a host, and a network system for processing a packet. The method includes receiving, by a physical host through a virtual bridge in the physical host, a network packet sent by a source virtual machine in the physical host, where the network packet carries a source media access control (MAC) address and a target MAC address; obtaining, by the physical host according to the source MAC address and the target MAC address by querying correspondence between each virtual machine MAC address and a security domain, a security domain to which the source virtual machine corresponds and a security domain to which a target virtual machine corresponds; and controlling, by the physical host, the virtual bridge to discard the network packet, when the security domain to which the source virtual machine corresponds is different from a security domain corresponding to the virtual bridge.

Abstract: Embodiments of the present invention provide a method and a device for identity authentication. The method for identity authentication includes: according to a selected user digital certificate, generating, by a browser kernel unit, a login request carrying a selected user digital certificate according to the selected user digital certificate, and sending the login request to an application server; receiving, by the browser kernel unit, a response indicating authentication success which is returned by the application server after performing identity authentication according to the selected digital certificate, extracting a webpage file from the response, parsing the webpage file, generating a webpage and sending the webpage to a browser interface unit; and displaying, by the browser interface unit, the webpage. The method and the device for identity authentication provided by embodiments of the present invention improve the convenience and security of identity authentication.

Abstract: A monitoring system is continuously coupled to and in communication with a selected network. The system monitors characteristics of the network and characteristics of assets of the network. Removal of assets can be detected and alarm indicating messages can be generated locally at the monitoring system or at a wireless communication device.

Abstract: A computer system and associated methods for verifying user identities online. Identity claims made by a requestor of an online access and/or a trusted transaction may be verified by associating digital credentials to verified personal identification information (PII) retrieved from real world events. PII item(s) may be retrieved from third-party verified identity information sources. Verified personal attributes related to PII items may be identified and correlated with the requestor's digital credentials, and stored to a verified identity record. Additional digital credentials for the same requestor may be similarly identified, correlated, and stored to the verified identity record. A subsequent transaction request by a person claiming the requestor's identity may be compared with the verified identity record. An identity match indicator and/or a match confidence score may be created and used to determine the risk that the identity claim by the person requesting the transaction is false.

Abstract: A method for replacing the operating software of a limited-resource portable data carrier at a terminal includes controlling the operation of the data carrier and executing at least one function provided by the data carrier. The terminal includes new operating software, a bootstrap loader for loading new operating software, and a terminal certificate providing authorization for transmitting a loading key. In authentication of the terminal, the terminal certificate is transmitted to the data carrier and verified there and a loading key is transmitted to the data carrier. The operation control of the data carrier changes over to the bootstrap loader which deletes the present operating software of the data carrier and transmits the new operating software using the loading key from the terminal. The new operating software is then verified and activated by the bootstrap loader which transfers the control of the data carrier to the new operating software.

Abstract: A method for executing a secure application on an untrusted user equipment having storage means with at least one protected region includes establishing a secure or authenticated communication channel between a trusted device and the user equipment. Secure application information of the secure application is provided via the communication channel to be executed on the user equipment. Correctness of the secure application information is checked. Execution of the secure application is initiated on the user equipment via the communication channel such that the secure application is stored in the protected region of the storage means.

Abstract: A method for authenticating a user to a document escrow service includes steps of logging a mobile phone onto a mobile network, wherein the mobile phone has a biometric sensor, a display, an input apparatus, and a non-transient memory in communication with a processor, and opening a signature application on the mobile device. The method further includes reading the biometric sensor and sending, via the mobile network, biometric data collected from the reading of the biometric sensor to a document execution server or a manufacturer application server. The method further includes receiving, at the mobile phone a permission signal and, dependent upon the permission signal received, using the mobile device to either allow or not allow a web ready document to be signed and returned to the document execution server.

Abstract: Techniques for detecting an intranet spoofing attack are disclosed. In one embodiment, the techniques may be realized as a system and method for detecting an intranet spoofing attack. For example, the system may comprise one or more processors communicatively coupled to a network. The one or more processors may be configured to: identify an attempt to access an intranet website at a user device; determine that the intranet website is a spoofed intranet website; and perform an action in response to the determination of the spoofed intranet website to protect user.

Abstract: An HDCP receiver device that receives frames from an HDCP transmitter device. The receiver device has a frame counter that is updated for each frame that is received from the transmitter device and that includes encrypted content, while the receiver device is in a pre-authorization mode. During the pre-authorization mode, the receiver device does not decrypt any received frame bearing encrypted content. While the receiver device waits to transition from the pre-authorization mode to a post-authorization mode in which the receiver device can begin to decrypt any received frames that include encrypted content, the frame counter is updated for each frame received that includes encrypted content. In the post-authorization mode, the frame counter has a nonzero value if frames including encrypted content were received by the receiver device during the pre-authorization mode.