Abstract: A system is provided comprising at least one processor, a memory, and an application stored in the memory that, when executed, receives a first request from a client device for access to a first web service and accesses a policy associated with the first web service. The system also selects a second plurality of data elements from a first plurality of data elements based on the first request and based on the policy wherein the second plurality of data elements is associated with the first web service. The system also provides the second plurality of data elements to the client device and receives a second request from the client device for a first set of data values associated with the second plurality of data elements. The system also authenticates the second request and provides the first set of data values in response to the second request.

Abstract: System and method for re-adjustment of a security application to various application execution scenarios. Application execution scenarios for each of a set of software applications are created, each representing a specific subset of functionality of a corresponding application. Sets of security application configuration instructions are stored, each corresponding to at least one of the application execution scenarios. A current one or more of the application execution scenarios that is being executed in the computing device is determined and, in response, a set of security application configuration instructions corresponding to each current application execution scenario are carried out, such that the security application is adjusted to perform a specific subset of security functionality that is particularized to the current one or more of the application execution scenarios.

Abstract: Methods and systems for encrypting and decrypting are presented. In one embodiment, the method comprises encrypting one or more segments of a data with a key. The data is associated with at least one encryption attribute and having a plurality of segments. The encryption attribute includes information to identify one or more segments of the data to encrypt. The method further comprises encrypting the encryption attribute and storing the data including the partly encrypted data and the encrypted encryption attribute.

Abstract: Examples of systems and methods are provided for rendering a composite view of an application. A system may display a local graphical user interface (GUI) and a remote application view associated with a remote application running at a remote server. The system may provide a message directed to a remote server to launch a remote application at the remote server. The system may receive a configuration file from the remote server. The system may register a GUI event listed in the configuration file. The system may display a local GUI based on the configuration file. The system may receive display output data of the remote application running on the remote server. The system may render a composite view including the local GUI based on the configuration file and a remote application view based on the display output data.

Abstract: Examples of systems and methods are provided for communication and for facilitating establishing a remote session between a client device and a remote server. The system may facilitate establishing a trusted relationship between the client device and a host device. The system may be configured to receive login information from the host device for a first remote session established between the host device and the remote server. The system may facilitate continuing the first remote session previously established between the host device and the remote server as a continued remote session between the client device and the remote server.

Abstract: Methods and systems provide indirect and temporary access to a company's IT infrastructure and business applications. The methods/systems involve establishing an access control center (ACC) to control the access that technical support personnel may have to the company's IT infrastructure and business applications. Thin client terminals with limited functionality may then be set up in the ACC for use by the technical support personnel. The thin client terminals connect the technical support personnel to workstations outside the ACC that operate as virtual desktops. The virtual desktops in turn connect the technical support personnel to the IT infrastructure and business applications. An ACC application may be used to automatically establish the connection between the thin client terminals to the virtual desktops, and the virtual desktops to the IT infrastructure and business applications.

Abstract: A method and apparatus for performing an automatic wireless connection with a second digital device by a first digital device is provided. The method includes acquiring, by the first input device, random information used for the wireless connection; checking a status of a Wireless Local Area Network (WLAN); storing the checked status; setting the WLAN to an Ad-hoc mode; setting a Service Set Identifier (SSID) of the WLAN using the random information; setting a security key of the WLAN using the random information; and setting an Internet Protocol (IP) address of the WLAN using the random information.

Abstract: Methods and computing devices enable code and/or data software on computer devices to be verified using methods and signatures which can be updated by a signing server after distribution. Updated verification methods and signatures may be provided in a second signature file. When a computing device unpacks an application for execution it may check whether a second signature file is associated with the application file. If not it may connect to a signing server to request a second signature file for the software. The signing server then may request information related to the software sufficient to determine if the software is trustworthy. If determined to be trustworthy, the signing server can send a second signature file to the computer device for use in verifying the software henceforth. The second signature file may include new or modified verification methods and a new signature.

Abstract: An information management system provided with an encrypting means for encrypting an original file to prepare an encrypted file, a data storage memory which stores the encrypted file, a decrypting means, a general memory, an information managing means for decrypting the encrypted file to an editable display file etc. and storing it in the general memory in a regular operational processing cycle, performing the required editing in the form of the display file etc., converting the display file etc. after editing to an encrypted file by the encrypting means, and storing this in the data storage memory, and an information management file which controls processing of or operations on the encrypted file by the information managing means. This standardizes information management at the different levels of an organization, managers, etc.

Abstract: The claimed subject matter relates to architectures that can construct a hierarchical set of decryption keys for facilitating user-controlled encrypted data storage with diverse accessibility and hosting of that encrypted data. In particular, a root key can be employed to derive a hierarchical set of decryption keys and a corresponding hierarchical set of encryption keys. Each key derived can conform to a hierarchy associated with encrypted data of the user, and the decryption capabilities of the decryption keys can be configured based upon a location or assignment of the decryption key within the hierarchy. The cryptographic methods can be joined with a policy language that specifies sets of keys for capturing preferences about patterns of sharing. These policies about sharing can themselves require keys for access and the policies can provide additional keys for other aspects of policy and or base-level accesses.

Abstract: A method and system for dynamically managing entity membership in a role, using role configurations that comprise one or more dynamic role filters, which are linked to data sources such as databases or web services. The role filters are dynamic because, each time a role membership is queried, the role configuration and its component role filters must be evaluated with respect to the current information in the linked data sources. The roles may be used in role-based access control systems or entity identification systems.

Abstract: Devices and methods use digital certificates and digital signatures to enable computing devices, such as mobile devices, to trust a server attempting to access a resource on the computing device. The server may present the computing device with a digital certificate issued by a trusted third party which includes information so that the computing device can determine which resources the server should be trusted to access. The computing device can determine that the digital certificate was issued by a trusted third party by examining the chain of digital certificates that may link the server with an inherently trusted authority.

Abstract: Digital image storage and management systems capable of producing encrypted DICOM volumes on different types of media (e.g., Blu-ray, CD, DVD, memory stick, USB flash drive, etc.), with or without the automatic generation of labels, systems and mechanisms to generate and manage passwords for the encrypted volumes, and systems and mechanisms to manage access to encrypted data on such volumes are disclosed. Generated encrypted DICOM volumes, which can comprise confidential patient data, can be securely interchanged, archived, and distributed to users. The disclosed systems and methods can permit authorized users to access encrypted data, even if the users do not have access to the original encryption mechanism. Encrypted data stored on the volume can be easily and securely accessed by a variety of authorized users.

Abstract: Methods and systems provide indirect and temporary access to a company's IT infrastructure and business applications. The methods/systems involve establishing an access control center (ACC) to control the access that technical support personnel may have to the company's IT infrastructure and business applications. Thin client terminals with limited functionality may then be set up in the ACC for use by the technical support personnel. The thin client terminals connect the technical support personnel to workstations outside the ACC that operate as virtual desktops. The virtual desktops in turn connect the technical support personnel to the IT infrastructure and business applications. An ACC application may be used to automatically establish the connection between the thin client terminals and the virtual desktops and the virtual desktops and the IT infrastructure and business applications.

Abstract: A programmable display device includes a communication driver, a file system process unit that accesses the portable storage medium storing backup/restore target information that includes a target control device and target setting information respectively specifying the control device on which the backup/restore process is performed out of the control devices connected to the programmable display device and setting information, and a setting-information obtaining/writing process unit that accesses the control device via the communication driver based on the backup/restore target information and performs the backup/restore process of the setting information by accessing the portable storage medium via the file system process unit.

Abstract: A method and apparatus for encrypting an electronic document involves a computer having a first monitor and a signature capture apparatus configured to capture a handwritten signature on a second monitor. A hash sum of the electronic document generated in the computer is transmitted to the signature capture apparatus. The electronic document and the first hash sum thereof are displayed on the first monitor. The first hash sum is also displayed on the second monitor. After electronically capturing the handwritten signature, the signature data are encrypted using the first hash sum. A digital signature image is generated in the signature capture apparatus and the first hash sum is embedded therein. The embedded first hash sum is then extracted in the computer. If the extracted hash sum is identical to the first hash sum generated in the computer apparatus, the encrypted signature data and the signed document are stored.

Abstract: One aspect of the present invention can include a system, a method, a computer program product and an apparatus for federating policies from multiple policy providers. The aspect can identify a set of distinct policy providers, each maintaining at least one policy related to a service or a resource. A federated policy exchange service can be established that has a policy provider plug-in for each of the distinct policy providers. The federated policy exchange service can receive requests for policies from a set of policy requesters. Each request can include a resource_id or a service_id used to uniquely identify the service or resource. The federated policy exchange service can dynamically connect to a set of the policy providers to determine policies applicable to each request. For each request, results from the policy providers can be received and processed to generate a response. The federated policy exchange service can provide the response to each policy requestor responsive in response to each response.

Abstract: An apparatus for detecting malicious shell codes using a debugging event includes an alert setting unit configured to set a mother program to run a non-executable file to trigger the debugging event when a mother process created by the mother program tries to execute a code with no execution attribute; and an information storage unit configured to store information on an address range in which modules to be used by the mother process are loaded in a memory. Further, the apparatus includes a malicious code determination unit configured to determine whether the non-executable file is malicious using the information on the address range when there occurs the debugging event.

Abstract: A data processing apparatus is provided. The data processing apparatus includes a plurality of ports, a memory, a determining unit, and a processing unit. The plurality of ports are configured to input and output video data. The memory is configured to store the video data when the video data is recorded onto a recording medium and when the video data is played back from a recording medium. The determining unit is configured to determine whether video data, for which a video data playback request designating one of the plurality of ports has been issued, is stored in the memory, using data identification information for identifying video data and usage management information. The processing unit is configured to have the video data stored in the memory outputted from the designated port, when the determining unit determines that the video data is stored.

Abstract: Systems and methods for combating and thwarting attacks by cybercriminals are provided. Network security appliances interposed between computer systems and public networks, such as the Internet, are configured to perform defensive and/or offensive actions against botnets and/or other cyber threats. According to some embodiments, network security appliances may be configured to perform coordinated defensive and/or offensive actions with other network security appliances.