Abstract: Methods and apparatuses that enroll a wireless device into an enterprise service with a management server addressed in a management profile are described. The enrollment may grant a control of configurations of the wireless device to the management server via the management profile. In response to receiving a notification from the management server, a trust of the notification may be verified against the management profile. If the trust is verified, a network session may be established with the management server. The network session may be secured via a certificate in the management profile. Management operations may be performed for management commands received over the secure network session to manage the configurations transparently to a user of the wireless device according to the control.

Abstract: A communication method for transmitting TT Ethernet messages is a distributed real-time system, including a plurality of node computers. Each node computer has an Ethernet controller, which by way of a data line is directly connected to a port of a TTE star coupler, said port being uniquely associated with the node computer. A plurality of TTE star couplers are connected among each other by way of one or more data lines to form a TTE network. A TTE message scheduler dynamically calculates the conflict-free schedules for a number of time-controlled messages and signs the schedule provided for each node with a secret part of a public-key signature before it transmits said schedule to the corresponding node computer. Each node computer integrates the signed periodic schedule, which is transmitted to the node computer in the form of a TTE message header of an ETE message, into each dynamically calculated TTE message.

Abstract: A behavioral signature for detecting malware is generated. A computer is used to collect behavior traces of malware in a malware dataset. The behavior traces describe sequential behaviors performed by the malware. The behavior traces are normalized to produce malware behavior sequences. Similar malware behavior sequences are clustered together. The malware behavior sequences in a cluster describe behaviors of a malware family. The cluster is analyzed to identify a behavior subsequence common to the cluster's malware family. A behavior signature for the malware family is generated using the behavior subsequence. A trace of new malware is normalized and aligned with an existing cluster, if possible. The behavioral signature for that cluster is generated based on the behavior sequence of the new malware and the other sequences in the cluster.

Abstract: A method includes storing a security credential associated with a communication network on a portable storage device. The method also includes detecting removal of the portable storage device from a specified location. The method further includes allowing at least one communication device to communicate over the communication network using the security credential. In addition, the method includes revoking the security credential after a specified time period has elapsed. The portable storage device could represent a card, and the specified location could represent a card reader/writer. Also, the communication network could represent a wireless network, and the security credential could represent a cryptographic key.

Abstract: An image processing apparatus includes a first partial information providing unit that provides first partial information to another device holding a first signing key KS corresponding to a first verification key KV, the first partial information constituting a part of a second verification key KV? (KV??KV) that is capable of verifying an electronic signature ? generated using the first signing key KS and being unable to identify the second verification key KV?; a second partial information acquisition unit that acquires second partial information which is generated by the another device using the first partial information and the first signing key KS, and which is unable to identify the first signing key KS and used for generating the remaining part of the second verification key KV?; and a second verification key generation unit that generates the second verification key KV? based on the first and second partial information.

Abstract: Methods and systems for software security in a secure communication system are disclosed and may include verifying downloaded code in a reprogrammable system and reloading prestored unmodifiable first stage code upon failure. The prestored unmodifiable first stage code, which may comprise boot code for the reprogrammable system, may be stored in locked flash, and the downloaded software code may be stored in unlocked flash. The downloaded software code may be verified by comparing a signature of the downloaded code to a private key. A first sticky bit may be utilized to indicate a failure of the verification and a second sticky bit may be utilized to indicate passing of the verification and the use of the downloaded software code. Whether to reset the reprogrammable system and reload the prestored unmodifiable first stage code may be determined from within the reprogrammable system, which may comprise a set-top box.

Abstract: A method for signaling ROI scalability information in a file format. The present invention provides an efficient signaling of ROI scalability information in the file format, wherein the signaling comprises providing the geometrical information of a ROI and an indication to identify the ROI each coded data unit is associated with within a tier or layer.

Abstract: In one embodiment, a method can include: (i) sending a request to join a group to a service broker; (ii) receiving from the service broker a list of key servers servicing the group; and (iii) sending registration information to a selected one of the key servers in the list.

Abstract: An authentication apparatus includes an imaging device having at least one of a macro imaging function, an auto focusing function and a zoom imaging function, an authentication device for authenticating a user through a face image picked up by the imaging device, and an authentication limiting device for canceling the specified function of the imaging device in picking up an image for the user authentication.

Abstract: Methods and computer-readable media are provided for refreshing a page validation token. In response to a request for a form from a client, a server responds with the requested form, a page validation token, and a page token refresh program. The client executes the page token refresh program in response to a request to post the contents of the form to the server computer. The page token refresh program determines whether a preset period of time has elapsed since server computer generated the page validation token. If the period of time has not elapsed, the form is posted to the server with the page validation token and processed by the server computer. If the page timeout has elapsed, the page token refresh program refreshes the page validation token prior to posting the form by requesting an updated page validation token from the server.

Abstract: A method, system, and computer usable program product for securing a data communication against attacks are provided in the illustrative embodiments. A segment in the data communication is received at a first application executing in a first data processing system. The segment is formed according to a data communication protocol and includes an option. The option includes a current clue and a next clue. The current clue is compared with a saved next clue, the saved next clue being a next clue in a previous segment. The segment is accepted as being a valid segment in the data communication if the current clue matches the saved next clue. A part of the segment is sent to a consumer application.

Abstract: Systems and methods for testing uniform resource identifier protocols, comprising a fuzzer that can accept an input, and produce a fuzzed uniform resource identifier (URI), and a debugger that monitors effects of invoking the fuzzed uniform resource identifier. The input can comprise a directory containing a plurality of valid uniform resource identifier bodies, which can be fuzzed and invoked. The debugger can monitor a target application as well as other applications and/or processes affected by the uniform resource identifier as invoked.

Abstract: Systems, methods, and/or techniques (“tools”) for binding content licenses to portable storage devices are described. In connection with binding the content licenses to the portable storage devices (“stores”), a host may perform authentication protocols that include generating a nonce, sending the nonce to a store, and receiving a session key from the store, with the session key being generated using the nonce. The store may perform authentication protocols that include receiving the nonce from the host, generating a random session key based on the nonce, and sending the session key to the host.

Abstract: A ubiquitous audio reproducing and servicing method and apparatus for streaming or downloading a lossless audio source from a Content Provider (CP) using a lossy audio source card as an authentication key. The ubiquitous audio reproducing method includes determining whether a memory card storing lossy audio sources and their authentication codes is inserted, if it is determined that the memory card is inserted, transmitting an authentication code of a lossy audio source in the memory card and a system unique Identifier (ID) to a content server by connecting to the content server via a network, and if the content server allows the use of a lossless audio source corresponding to the lossy audio source using the authentication code, streaming or downloading the lossless audio source from the content server.

Abstract: The present application relates to cloud storage technology and especially relates to a cloud storage data access method, apparatus and system based on OTP. This method includes: generating and storing true random numbers of a predetermined length and a random seed of a predetermined length composed of the true random numbers via a preset method; acquiring data from the random seed for several times and cascading the data acquired each time into a true random data string of no shorter than the length of plaintext; based on the true random data string, generating a true random cryptographic key of no shorter than the length of the plaintext, encrypting the plaintext using this cryptographic key and transmitting ciphertext to a cloud storage data center. This application also provides a cloud storage data access apparatus and system based on OTP.

Abstract: A content distribution system may be provided for reviewing content such as video games, music, movies, or the like that may be shared by the system. The content distribution system may receive a credential from a user and authenticate the user based on the credential to permit access to the system. The content distribution system may also receive content generated by the user if the user may be authenticated. The content distribution system may provide the received content to a content evaluation entity, for example. The content distribution system may receive a review for the content from the content review entity and then may determine whether the content passes a review process based on the review, for example. The content distribution system may provide additional access to the content if the content passes the review process.

Abstract: An elliptic curve random number generator avoids escrow keys by choosing a point Q on the elliptic curve as verifiably random. An arbitrary string is chosen and a hash of that string computed. The hash is then converted to a field element of the desired field, the field element regarded as the x-coordinate of a point Q on the elliptic curve and the x-coordinate is tested for validity on the desired elliptic curve. If valid, the x-coordinate is decompressed to the point Q, wherein the choice of which is the two points is also derived from the hash value. Intentional use of escrow keys can provide for back up functionality. The relationship between P and Q is used as an escrow key and stored by for a security domain. The administrator logs the output of the generator to reconstruct the random number with the escrow key.

Abstract: A file may contain an unencrypted and an encrypted portion. The unencrypted portion may contain a layout section that may point to a published license, metadata, and a contents section, where the contents section is in the encrypted portion. The encrypted portion may contain the contents section which may act as a directory for one or more included files that may be compressed and stored in the encrypted portion. When the file is opened by a receiver, the receiver may read the published license and communicate with a security server to establish access rights and receive at least one key for decrypting at least a portion of the encrypted portion of the file. The receiver may then gain access to the included files.

Abstract: A method, system, computer program product and/or a computer readable medium of instructions for detecting one or more entities which are able to reinfect a processing system with malicious software. The method includes: monitoring, in the processing system, activity indicative of the malicious software reinfecting the processing system; in response to detecting the activity, storing a record of the activity and one or more entities associated with the activity; determining if the malicious software has reinfected the processing system; and in response to determining that the malicious software has reinfected the processing system, analysing the record to detect the one or more entities which were associated with the activity that caused and/or assisted in reinfecting the processing system with the malicious software. There is also disclosed a method, system, computer program product and/or a computer readable medium of instructions for detecting a variant of malicious software in a processing system.

Abstract: The document identification method comprises: a step of marking the document with an anti-copy mark that is identical for a plurality of documents, a step of reading an anti-copy mark, a step of generating an identification mark that can vary from one document to another and according to the reading of the anti-copy mark and a step of marking said document to form said identification mark on said document. In embodiments the method comprises, in addition, a step of printing a uniform area and the step of marking the document to form the identification mark comprises a step of emitting light with a laser in the uniform area. In embodiments the method comprises, in addition, a step of invisibly marking the identification mark on said document.