Abstract: A plurality of user terminals or sensors transmit data encrypted by individual cryptographic key, a server receives the encrypted data items, and executes a data process according to a program defining a decryption process sequence. Bit slice expression data is generated by performing a bit slice process with respect to the plurality of encrypted data items which are decryption target, bit slice expression key based on the cryptographic key of each encrypted data item is generated, round key is generated based on a bit slice expression key, a decryption process including operation and movement processes of a block unit of the bit slice expression data, and an operation using the round key is executed, and a plurality of plain text data items corresponding to the plurality of encrypted data items are generated by a reverse conversion of the data with respect to the decryption process results.

Abstract: An information processing apparatus includes a storage unit capable of storing authentication information corresponding to a web service. Information is output in a web page corresponding to a first web service so as to cause a display unit to display, via a web browser, an indicator to receive an instruction to delete the authentication information stored in the storage unit. Upon receiving the instruction by the output indicator, deletion processing of authentication information corresponding to a second web service different from the first web service is executed in the storage unit.

Abstract: The present invention is for more optimally performing recording and reproduction of stereoscopic video. In the present invention, parallax information is utilized to store, in a recording medium, stereoscopic video including left-eye images and right-eye images. Particularly, for video content that contains stereoscopic images, information is obtained regarding the amount of variation in parallactic angle having a given or larger value, a variation time that the variation in parallactic angle takes, and the number of times that the variation in parallactic angle occurs. An evaluation value is calculated that corresponds to the degree of eye fatigue on the basis of the amount of variation, the variation time, and the number of times of the variation. According to the present invention, the video content is encoded in such a manner that the evaluation value is within a given range, and then recorded in the recording medium.

Abstract: Authentication data indicates a plurality of types of operation which a user should perform in a predetermined order via a touch panel and a number of fingers, as to each one of the plurality of types of operation, with which the user should touch the touch panel when performing an operation corresponding to the one of the plurality of types of operation. An authentication processing execution unit executes authentication processing by determining, based on a result of detection by the touch panel, whether or not an operation corresponding to each of the plurality of types of operation has been performed in the predetermined order by touching the touch panel with a number of fingers set for each of the plurality of types of operation.

Abstract: An architecture is provided for a widely distributed security system (SDI-SCAM) that protects computers at individual client locations, but which constantly pools and analyzes information gathered from machines across a network in order to quickly detect patterns consistent with intrusion or attack, singular or coordinated. When a novel method of attack has been detected, the system distributes warnings and potential countermeasures to each individual machine on the network. Such a warning may potentially include a probability distribution of the likelihood of an intrusion or attack as well as the relative probabilistic likelihood that such potential intrusion possesses certain characteristics or typologies or even strategic objectives in order to best recommend and/or distribute to each machine the most befitting countermeasure(s) given all presently known particular data and associated predicted probabilistic information regarding the prospective intrusion or attack.

Abstract: Systems and methods are described herein for authenticating a user device that uses a wireless local area network, determining the location of the device, and complying with wireless guidelines based at least in part on the location. The user device may communicate with a location server to determine the user device's location. The user device will determine which wireless guidelines are applicable to that location and configure the wireless system or any device feature to comply with the guidelines. For example, some locations prohibit the operation of wireless devices with a frequency of greater than 5 GHz. If the location of the user device dictates compliance with that guideline, the user device will not transmit wireless signals with a frequency of greater than 5 GHz.

Abstract: In various embodiments, techniques for federated role provisioning are provided. A federated role definition for a resource is constructed and distributed. The federated role definition includes a role hierarchy having role assignments and constraints for dynamically resolving and binding a resource to particular ones of the role assignments. A resource may have role assignments statically bound to its identity and dynamically bound to its identity. Furthermore, some role assignments may be inherited from the role hierarchy.

Abstract: The present invention provides for analysis of cyber-physical systems with relation to compliance requirements such as regulatory compliance, maintenance compliance and safety compliance. Generally, the invention provides for a set of paths from an initial state to an end state, and analyzing the paths to determine which ones contain a violation state. Based on the resultant paths test scripts are generated. Additionally, other compliance related procedures can be performed utilizing the path analysis.

Abstract: A Link device has a processor connected to an internal Link bus, a non-transitory memory, a digital device ID, one or both of firmware or software executing from non-transitory media, a first communication port enabled to communicate with a vehicle bus coupling computerized devices in a vehicle, and a second communication port enabled to communicate with one or more digital devices external to the vehicle. The firmware or software enables the Link device to communicate with the vehicle bus, and to accomplish a variety of tasks including pulling data from data stores in the vehicle and operating specific vehicle functions, and wherein the firmware or software manages communication with the one or more external digital devices, accepting only requests for cooperation with the Link device using the unique device ID with a request that is cryptographically secure.

Abstract: This present disclosure relates to systems and methods for providing a data plane processing tool chain for processing packets that can use OSI layers 4 and above in the data plane without using a hypervisor. The disclosure has multiple processing capabilities, including: packet filtering, resolving DNS packets, generating packets, packet forwarding, performing DNS look up, time-stamping DNS packets, writing packets to disk, load-balancing, and protecting against DDOS attacks.

Abstract: The invention proposes a method and device for protection of data for devices connected in a network such as a local area network or LAN. The method and device can for example be implemented on a gateway, which acts as an interconnecting device between the devices in the LAN network and that can offer these devices an access to an external network such as a wide area network or WAN. The method and device thus offers a protected environment for applications that are executed on the gateway, such as applications downloaded from the WAN. The method and device gives the applications executed on the gateway controlled access to the LAN resources in order to protect the data that the LAN devices share within the LAN, while giving the applications access to the WAN.

Abstract: A system and methodology that facilitates management and utilization of domain-specific anonymous customer references (ACRs) for protecting subscriber privacy across different domains is disclosed herein. In one aspect, on receiving user authorization, an ACR services (ACRS) component can generate an ACR that is to be inserted in a communication or message transmitted from a user equipment to an untrusted entity. The ACR can be generated based on address data associated with the untrusted entity and/or a unique subscriber identifier associated with the user equipment. As an example, the ACR creation component can generate the ACR based on a cryptographic hash, a static encryption key, and/or a dynamic encryption key. If the ACR is forwarded to a trusted entity, the trusted entity can calculate the unique subscriber identifier based on evaluating the ACR and/or exchange the ACR for the unique subscriber identifier via a secure communication with the ACRS component.

Abstract: Embodiments of the present invention are directed to methods and systems for generating and revoking, as well as validating, certificates used to protect communications within networks while maintaining privacy protection. In the context of a method, certificate generation and revocation with privacy preservation comprises determining a secret value to be used by a certificate authority and an entity; constructing a key tree based on the secret value, wherein the leaves of the key tree represent derived keys for the certificates for the entity; and generating certificates for the entity based in part on the key tree leaves. The method further comprises determining that one or more of the certificates should be revoked; determining a minimum key node set that covers the certificates to be revoked; adding the minimum key node set to a certificate revocation list; and providing the certificate revocation list to one or more entities. Corresponding apparatuses and computer program products are also provided.

Abstract: Methods, systems, and computer-readable media for providing an application store are presented. In some embodiments, a request for a software application may be received at an application store. Subsequently, the software application may be configured, at the application store, based on a single sign-on credential. The configured software application then may be provided, by the application store, to at least one recipient device associated with the single sign-on credential.

Abstract: The present application relates to a user accessing to a visited network in a wireless telecommunication network. After receiving an access request from the user for selecting a visited network and detecting the visited network selected by the user has changed, an AAA server device initiates a request for obtaining authentication and/or authorization information of the user from a HSS. In the process of obtaining the authentication and/or authorization information, the HSS checks whether the user is authorized to access to the visited network according to a list of authorized visited networks stored in the HSS.

Abstract: Systems and methods are disclosed for application identification and dynamic signature generation for managing network communication systems. Communication sessions and related packet flows are monitored within a network communication system. Application level information is extracted from session packets by unpacking one or more communication protocols associated with the network packets to obtain application level information encapsulated within the network packets. The extracted application level information is compared to a database of known application signatures in order to identify known applications. For unknown applications, the application level information is used to generate new dynamic application signatures. The application level information can also be used to identify and access external network-accessible resources to obtain additional identification information for the unknown application.

Abstract: Methods and systems for online authentication eliminate the common username plus password combination, using instead a novel two-factor authentication that employs a mobile phone number and a one-time, limited life password. The user provides the mobile phone number to a login dialog and receives, from a service provider, the one-time password, e.g., via a text message, at the mobile device to which the phone number belongs. If the user enters the one-time password before it expires, the user is authenticated and logged in. A method for authentication or authorization to a website includes: receiving a phone number from a user via a communication network in response to a login prompt displayed to the user; transmitting a one-time password to the phone number using text messaging; and in response to receiving the one-time password back from the user, authenticating the user for transactions with the website.

Abstract: The invention discloses a method and a system to decrypt private contents stored in a device and the invention belongs to the field of computer security. The method may include: receiving a contents ID and a decrypting password from a first user; decrypting the encrypted private contents corresponding to the contents ID using the decrypting password; displaying the decrypted private contents when the decryption is successful; and displaying preset contents when the decryption is not successful. The system may include: a receiving module, a decryption module, and a display module. The present invention can improve the security of the private contents.

Abstract: A method of securely communicating a data chirp signal from a transmitter to a receiver, the chirp signal comprising at least one symbol, each symbol comprising one or more identical chirps, each chirp encoding a symbol value, the method comprising: negotiating between the transmitter and the receiver encryption parameters of the chirp signal, the encryption parameters defining at least one property of each symbol of the chirp signal; at the transmitter, encrypting the chirp signal as negotiated; at the transmitter, encoding data in the chirp signal via the symbol value of each chirp; and transmitting the encrypted and encoded chirp signal from the transmitter to the receiver.

Abstract: A method is used in updating keys for use in authentication. A cryptographic operation is performed based on a stored representation of a higher-level key. The cryptographic operation results in a derived key. The derived key is used for authentication. A key update operation is applied to replace the derived key after authentication.