Abstract: The present document relates to techniques for authentication of data streams. Specifically, the present document relates to the insertion of identifiers into a data stream, such as a Dolby Pulse, AAC or HE AAC bitstream, and the authentication and verification of the data stream based on such identifiers. A method and system for encoding a data stream comprising a plurality of data frames is described. The method comprises the step of generating a cryptographic value of a number N of successive data frames and configuration information, wherein the configuration information comprises information for rendering the data stream. The method then inserts the cryptographic value into the data stream subsequent to the N successive data frames.

Abstract: A device receives capability information associated with a next hop device of a wireless local area network (WLAN). The device also determines, based on the capability information, whether the next hop device is capable of implementing security for traffic, where the security includes a media access control (MAC) security standard and a layer 2 link security standard. The device further creates, via the MAC security standard, a secure channel with the next hop device when the next hop device is capable of providing security for traffic.

Abstract: To provide hardware protection against timing based side channel attacks, a processor's microarchitecture enables an OS to determine which applications have the privilege to read timestamp and performance counters. Using a white list of applications, and an authentication mechanism to authenticate applications, a legitimate Protection Required Application (PRA) may temporarily prevent other applications from reading timestamp and performance counters while it executes (or excutes sensitive operations).

Abstract: Techniques for notification of reassembly-free file scanning are described herein. According to one embodiment, a first request for accessing a document provided by a remote node is received from a client. In response to the first request, it is determined whether a second request previously for accessing the document of the remote node indicates that the requested document from the remote node contains offensive data. If the requested document contains offensive data, a message is returned to the client, without accessing the requested document of the remote node, indicating that the requested document is not delivered to the client.

Abstract: The invention relates to a method for personalizing a secure processor in a NFC system to execute a secure application, comprising steps of obtaining by a server identification data of a user memorized in a secure storage medium, personalization data corresponding to the user identification data, and identification data of a NFC system of the user, comprising an encryption key of the secure processor, encrypting by the server personalization data using the encryption key, transmitting to the NFC system encrypted personalization data, receiving by the secure processor encrypted personalization data, deciphering personalization data, and memorizing in a secured way personalization data by the secure processor.

Abstract: Systems and methods of searching a plurality of data items which include selected data items with respective access tags defining access criteria for those data items. A search request token including search criteria and data identifying a user from an entity associated with the user is received. The user by verified by seeking confirmation that the user is a subscriber with a communications network. Data items from the plurality of data items which are potentially relevant to the search criteria are identified. For any identified data items having access tags, determining whether the verified user has permission to access the identified data items with reference to the data of the search request token. Search results including an indication of identified data items but excluding any such data items for which it is determined that the user does not have permission to access are generated.

Abstract: Selectively obfuscating, or obscuring, a portion or portions of information in a multi-party transmission. A user participating in a multi-party exchange signals a communication device (or proxy) that he will provide private information that is to be perceptible only to a subset of the other participants. This user also identifies that subset, preferably by providing a group identifier for a group in which that subset of participants are members. The communication device transmits a member-specific descriptor comprising an encrypted version of a group key, and uses this group key to encrypt the private information that is to be perceptible only to the subset. Device-specific characteristics of participant devices are used, in addition to user-provided data (such as a user's log-on identifier and/or password), as input to create cryptographic key information. Only participants in the subset can decrypt the encrypted private information; other participants preferably receive a filler pattern instead.

Abstract: Systems and methods are provided for tracking electronic files in computer networks using electronic signatures. A signature program installed on a network node inserts an electronic signature into certain encoded media files when they are transferred to other network users. Each network user is issued a unique electronic signature based on public key infrastructure. A signature repository supplies the recipient signature to the signature program prior to transferring a file. The sender and recipient signatures are appended to a portion of the media file, preferably the lower order bits to minimize perceptible file degradation. A transaction record is thereby written into the file and a copy of the transfer information is stored centrally at the repository, thereby creating a traceable record of a file's movement.

Abstract: An apparatus and method for providing an Internet Web services for securing the transmission of data between object oriented software infrastructure and relational database via web pages are disclosed. Upon generating a table having multiple columns for encrypting a database, a process is capable of handling object attributes in accordance with the table. The process, in one embodiment, encrypts HTML data elements at a browser level.

Abstract: An image forming apparatus which performs a log-in through an identification with respect to a user includes a non-volatility memory which previously stores discrimination information of the user as registration discrimination information. A discrimination information obtaining section obtains an identified discrimination information from the user. An identifying section compares the identified discrimination information and the registration discrimination information to determine whether the identification is authenticated. An inputting section which receives a process request input by the user. A process executing section executes the process request from the inputting section. A log-in section logs in for the user when the identification is authenticated. A log-out processing section logs out following an end of the input of the process request. The process executing section executes the requested process together with log-out.

Abstract: A system and method is presented for providing verification of specified credentials to an independent person (a third party, that is, a user of a purported member's website) through the utilization of an “organization certificate” (OC) in combination with a “membership certificate” (MC), with the field structure of the OC limiting the type of information that can be certified by the issuing organization. The set of fields in the OC is defined as associated with a particular type of organization, where any extraneous information will not be permitted to form part of a legitimate membership certificate (hereinafter “MC”). The use of specific field descriptions thus assumes that any field appearing in an MC that does not have a corresponding <field> tag in the OC will cause the MC to be flagged as invalid by the user's browser extension during the verification process.

Abstract: A computer assisted method for detecting encrypted tunneling or proxy avoidance is presented. The method may include electronically receiving information from a proxy server, extracting information regarding a CONNECT function of Hyper Text Transport Protocol (HTTP) from the electronically received information, determining at least one destination to which the extracted information regarding the CONNECT function of HTTP corresponds and attempting to negotiate a standard HTTPS session with each of the at least one destination. Further, the computer assisted method may further include, for each of the at least one destination, determining whether the destination is hosting an encrypted tunneling or proxy avoidance application, wherein such a determining may be based on characteristics of an Secure Socket Layer (SSL) certificate associated with the destination or a response received from the destination over a TCP/IP connection.

Abstract: Methods, data structures, systems and computer program products are provided for organizing security data. A triggering security event is hierarchically related to at least one additional security event based on a possible relationship between the triggering security event and the at least one additional security event in a computer database environment.

Abstract: Shares for one or more data values in a dataset can be computed using evaluation point values and sharing polynomials. Lagrangian coefficients can also be computed for the evaluation point values. The shares and the Lagrangian coefficients may be used to evaluate the polynomials on the data values. The technique can also include encrypting the Lagrangian coefficients according to an encryption scheme that provides for addition operations between encrypted values. An operation on representations of coefficients of the evaluation polynomial, representations of the shares, and the encrypted representations of the Lagrangian coefficients can be delegated to a remote computing environment. The operation can be performed at the remote computing environment, such as by performing a map-reduce operation. Results of the delegated operation can be received from the remote computing environment and processed to produce representation(s) of evaluation(s) of the polynomial on the data value(s).

Abstract: A multifunction product, when receiving input of login name and password, requests an LDAP server to perform authentication by using a pre-set representative ID. If the authentication is successful, the multifunction product requests the LDAP server to search for user information (DN) with the use of the login name, and after acquiring the DN, requests the LDAP server to perform authentication with the use of the DN. If the authentication processing is successful, the multifunction product permits a search for user information stored in the LDAP server.

Abstract: The invention relates to password-based authentication in group networks. Each device has an authentication token irreversibly based on the password. The authentication involves a first device at which the password P is entered and a second device towards which the authentication occurs. The first device determines a check token Mj for the second based on the password and its own authentication token Rl and this check token is sent to the second device, where it is compared with the authentication token of that device. The procedure may include update of a device to exclude a non-trusted device from the group or change the password. Advantageous features are that the information in one device does not allow retrieval of the password and that the password is only exposed at one device, and only temporarily, during the authentication.

Abstract: A method of establishing security association during handover between heterogeneous networks in a radio access system is disclosed. A method of establishing security association before handover with a target base station included in a heterogeneous radio access network is performed comprises transmitting a request message to a service base station, the request message requesting the service base station to transfer authentication related information of a mobile station to a target network authentication server; and receiving a response message from the service base station before the handover with the target base station is performed, the response message including security related information used in a target network.

Abstract: A computer assisted method for detecting encrypted tunneling or proxy avoidance is provided. The method may include electronically receiving information from a proxy server, extracting information regarding a CONNECT function of Hyper Text Transport Protocol (HTTP) from the electronically received information, determining at least one destination to which the extracted information regarding the CONNECT function of HTTP corresponds and attempting to negotiate a standard HTTPS session with each of the at least one destination. Further, the computer assisted method may further include, for each of the at least one destination, determining whether the destination is hosting an encrypted tunneling or proxy avoidance application, wherein such a determining may be based on characteristics of an Secure Socket Layer (SSL) certificate associated with the destination or a response received from the destination over a TCP/IP connection.

Abstract: A portable data sensor tag includes a memory, a data communication circuit which receives a wireless activation signal from an external terminal, and, in an operation using electromotive force generated by the received activation signal, receives an encryption key from the external terminal and stores the received encryption key in the memory. A power source supplies power, an insulator which switches a power supply from the power source from off to on, and a sensor circuit reads the encryption key from the memory, encrypts measured data using the read encryption key, and stores the encrypted measurement data in the memory. The sensor circuit operates using the power supplied from the power source after the power supply from the power source is switched on.

Abstract: In accessing communication networks using access technologies such as wireless LAN, a subset of intermediary network operators is selected in accordance with one or more optimization methods from among a larger set of potential intermediary network operators. The selected subset is advertised to a user's terminal so that authentication information can be passed between an access network and a user's home network.