Abstract: The present invention extends to methods, systems, and computer program products for workflow based authorization for content access. A workflow can be triggered when a protection policy does not fully express an intended recipient's rights in protected content. A workflow processes relevant inputs to more fully express the intended recipient's rights in protected content. Workflows can provide policy item updates and authorizations decisions with respect to protected content. Through the use of workflows to make an authorization decision, access to information can become more flexible, allowing it to follow the desired flow of information throughout its lifecycle. This flexibility allows organizations to protect their information without worrying about the protection stopping the natural flow of business.

Abstract: A method and a circuit for masking a digital word by application of a random bijection, including applying at least one first operation including selecting a non-disjoint subset of the word having its position and size depending on a first random quantity, and assigning to each bit of the subset, the state of the bit having a symmetrical position with respect to the middle of the subset, to obtain a masked digital quantity.

Abstract: A server device initiates a traffic encapsulation key (TEK) re-key sequence for a group virtual private network (VPN), based on an upcoming expiration time for an existing TEK. The server device sends, via a push message during a first time period immediately after the initiating, a new TEK to members of the group VPN. The server device receives, during a second time period that immediately follows the first time period, a pull request, for the new TEK, from one of the members of the group VPN, and sends, to the one of the members, the new TEK, where the re-key sequence transitions all the members of the group VPN from the existing TEK key to the new TEK key before the expiration time for the existing TEK.

Abstract: A system biometrically authenticates a user that intends to use an entertainment device. The system obtains, based on the biometric authentication, one or more quotas associated with an amount of time that the user may use the entertainment device, and controls the user's use of the entertainment device based on the one or more quotas.

Abstract: According to certain embodiments, a cyber threat analysis system generates a network model of a network infrastructure that is used by an organization, assigns a weighting value to each of a plurality of network elements of the network infrastructure according to a relative importance of the each network element to the organization, and generates an attack vector according to a determined vulnerability of the network infrastructure. The attack vector represents one or more illicit actions that may be performed to compromise the network infrastructure. The system may simulate, using a network modeling tool, the attack vector on the network model to determine one or more resulting ramifications of one or more of the plurality of network elements due to the attack vector, and determine a criticality level of the attack vector according to the weighting value of the one or more network elements.

Abstract: In one embodiment, a circuit arrangement for performing cryptographic operations is provided. The circuit includes a substitution block, a cryptographic circuit coupled to the substitution block, and a balancing circuit coupled to the substitution block. The substitution block includes a memory unit storing substitution values and ones-complement values that are corresponding ones-complements of the substitution values. The substitution block, responsive to a request to read a specified one of the substitution values, concurrently reads and outputs the specified substitution value and the corresponding ones-complement value. A power consumed in reading the specified substitution value is uniform with a power consumed in reading another one of the substitution values. The cryptographic circuit and the balancing circuit are configured to concurrently operate on each substitution value and the corresponding ones-complement value read from the memory, respectively.

Abstract: This invention relates to security procedures in a communication system, specifically to production of key material. The invention provides a method for producing key material in a highly secure way for use in communication with a local network of a company. The method uses authentication information obtained from the communication system and information exchanged locally between a mobile station and the authentication systems of the company to produce a communication key for use in authentication procedures or e.g. for signing and/or encrypting data.

Abstract: A system and method for authenticating a user of an image processing system. User credentials are received at an authentication device corresponding to an image processing device, and transmitted to a first server remote from the authentication device. The validity of the user credentials are judged by comparing the received user credentials to authentication information stored at the first server, and a result of the judging is transmitted to the image processing device. The image processing device then requests access to a second server remote from the image processing device, and the second server transmits a request for the user credentials to the first server. After receiving the user credentials from the first server, the second server performs user authentication.

Abstract: Counterfeit articles are distinguished from genuine articles by a combination of a party-specific code and a product authentication code of the article. After authenticating a genuine article, a replacement authentication code is generated based on the original authentication code and party-specific code. Documents and currencies can be authenticated independently of any party-specific code by an addition to or alteration of their authentication code with each authentication event.

Abstract: Aspects of the present disclosure relate to a computer assisted method for detecting encrypted tunneling or proxy avoidance which may include electronically receiving information from a proxy server, extracting information regarding a CONNECT function of Hyper Text Transport Protocol (HTTP) from the electronically received information, determining at least one destination to which the extracted information regarding the CONNECT function of HTTP corresponds and attempting to negotiate a standard HTTPS session with each of the at least one destination. Further, the computer assisted method may further include, for each of the at least one destination, determining whether the destination is hosting an encrypted tunneling or proxy avoidance application, wherein such a determining may be based on characteristics of an Secure Socket Layer (SSL) certificate associated with the destination or a response received from the destination over a TCP/IP connection.

Abstract: A recording control apparatus includes the following elements. A receiving unit is configured to receive, from each of a plurality of recording apparatuses, recording schedule information set on a recording apparatus and available-recording-capacity information of the recording apparatus. A determination unit is configured to determine a program to be recorded. A control unit is configured to perform control to select one of the recording apparatuses on the basis of the recording schedule information and the available-recording-capacity information received from the plurality of recording apparatuses and to transmit, to the selected recording apparatus, information for scheduling the recording of the determined program.

Abstract: Methods for evaluating data packets addressed to a wireless communication device are disclosed herein. When in a dormant state, a wireless communication device receives page messages indicating a source of data packets addressed to the wireless communication device and determines whether the data packets represent unwanted traffic. When in an active state, the wireless communication device examines data packets to determine if the received packets represent unwanted traffic, and in response to determining that the traffic is unwanted, the wireless communication device transitions into a dormant state or enters an idle state from which the wireless communication can transition into the dormant state.

Abstract: Playability of a copy protected video signal is improved by reducing the darkening and or venetian blind effects which tend to cause artifacts in a video signal display. To this end, the copy protection signal includes automatic gain control (AGC) signals or pulses in video lines in a portion of the active or viewable video field or frame, wherein the AGC pulses comprise non similar AGC signals from one video line to another video line. The dis-similar AGC pulses may include pulses which are deleted, blanked, attenuated, pulse width modified, modulated, etc. In addition, selected sync pulses may be pulse width, amplitude and or position modified.

Abstract: A system to implement user-level filesystem related calls instead of an operating system kernel may include data processing applications executing via a computer processor. The system may also include a plurality of user-level filesystems, each one of which is associated with at least one of the data processing applications. The system may further include a user-level library in communication with the data processing applications, the user-level library configured to implement user-level filesystem related calls instead of an operating system kernel executing via the computer processor.

Abstract: Disclosed herein are systems, computer-implemented methods, and computer-readable storage media for obfuscating data based on a discrete logarithm. A system practicing the method identifies a clear value in source code, replaces the clear value in the source code with a transformed value based on the clear value and a discrete logarithm, and updates portions of the source code that refer to the clear value such that interactions with the transformed value provide a same result as interactions with the clear value. This discrete logarithm approach can be implemented in three variations. The first variation obfuscates some or all of the clear values in loops. The second variation obfuscates data in a process. The third variation obfuscates data pointers, including tables and arrays. The third variation also preserves the ability to use pointer arithmetic.

Abstract: A bridge is disclosed having a security engine to protect digital content at insecure interfaces of the bridge. The bridge permits cryptographic services to he offloaded from a central processing unit to the bridge. The bridge receives a clear text input from a central processing unit. The bridge encrypts the clear text input as cipher text for storage in a memory. The bridge provided the cipher text to a graphics processing unit.

Abstract: An apparatus for right management of digital contents that includes a digital right manager that creates a usage right of digital contents on the basis of received right information; and a contents manager that provides the digital contents in accordance with the created usage right. The contents manager includes a contents packing unit that receives the usage right created from the digital right manager, and extracts and packages components of the digital contents in accordance with the usage right, and a contents providing unit that receives packaged digital contents created from the contents packaging unit and provides the digital contents to a contents using device.

Abstract: Apparatus and method for managing risk in an environment where information is received regarding a problem in an environment. A security risk is analyzed associated with the problem. Controls associated with the environment containing the problem are analyzed. A framework is generated defining one or more controls for mitigating the security risk responsive to the analyzed security risk and controls.

Abstract: Computer protection is weak with the methods currently available and there are risks of malicious users getting access to computers, corrupting important data, including system data. We are proposing a method for improving access protection, more particularly, by adding a device that will enable or disable protection for applications as required. The device supports one or more users, one or more user groups, none or one or more Application Security Environments for each user or user group and one or more states for each Application Security Environment. The state of the hardware is manually controlled by the users. Depending on the configuration, each hardware state corresponding to an Application Security Environment corresponds to a set of privileges for processes running in that Application Security Environment while that Application Security Environment is in that state.

Abstract: Disclosed herein are systems, computer-implemented methods, and computer-readable storage media for obfuscating data based on a discrete logarithm. A system practicing the method identifies a clear value in source code, replaces the clear value in the source code with a transformed value based on the clear value and a discrete logarithm, and updates portions of the source code that refer to the clear value such that interactions with the transformed value provide a same result as interactions with the clear value. This discrete logarithm approach can be implemented in three variations. The first variation obfuscates some or all of the clear values in loops. The second variation obfuscates data in a process. The third variation obfuscates data pointers, including tables and arrays. The third variation also preserves the ability to use pointer arithmetic.