Abstract: System and method for transcoding enhancement. According to an embodiment, the present invention provides system for transcoding video. The system includes a controller module. The system also includes a decoding module, the decoding module including an interface for receiving a video in a first format, the video being characterized by a first dimension, the decoding module being adapted to converted the video from first format to a second format in response to a first control signal from the controller module. Furthermore, the system includes a first video processing module, the first video processing module being configured to processes the video in the second format to determined whether to remove one or more types of defects associated with the first video, the first video processing module furthering being adapted to remove one or more types of artifacts.

Abstract: Verifiable authentication credentials are provided to foreign systems without passing an id and password to the protected resource. A user wishing to access a secure remote site is prompted for credentials, the credentials are authenticated locally and a digitally signed token is created. The token is redirected to the secure remote site by the user's browser using HTTP redirection. The digital signature is verified by the secure remote site preferably by a digital signature web service. The remote site establishes communications with the user if the digital signature is valid.

Abstract: In one or more implementations, a computing device may receive information from a matrix code reader that scans multiple matrix codes, each displayed by one of multiple devices. The computing device may determine whether or not the devices are being fraudulently utilized, such as whether the devices are in the same location. Additionally, in some implementations, a computing device may receive a service request from a matrix code reader that includes an associated telephone number. The computing device may extract the number and may handle the service request based on the number. Moreover, in various implementations, a computing device may receive information from a matrix code reader that scans a displayed matrix code. The information may include an electronic signature that is included in the matrix code by the device. After receiving the information, the computing device may analyze the information to determine that the electronic signature is valid.

Abstract: Methods and systems are provided that use smartcards, such as subscriber identity module (SIM) cards to provide secure functions for a mobile client. One embodiment of the invention provides a mobile communication network system that includes a mobile network, a mobile terminal, a server coupled to the mobile terminal via the mobile network, and a subscriber identity module (SIM) card coupled to the mobile terminal. The SIM card includes a first key and a second key. The first key is used to authenticate an intended user of the mobile terminal to the mobile network. Upon successful authentication of the intended user to the mobile network, the mobile terminal downloads a function offered from the server through the mobile network. The second key is then used by the mobile terminal to authenticate the intended user to the downloaded function so that the intended user can utilize the function.

Abstract: A server protected by a firewall uses an obfuscation algorithm to periodically generate a source port number and a destination port number. The server periodically sends an outbound packet from the source port to the destination port of an arbitrary destination network address. The outbound packet passes through the firewall and configures the state table of the firewall to temporarily pass inbound packets from the destination port of the arbitrary network address to the source port of the server. A client uses the obfuscation algorithm to send a packet from the destination port of the client to the source port of the server. The packet from the client indicates that it was sent from the arbitrary destination network address and includes the real port and network address of the client within it. The server communicates with the client at the real port and network address.

Abstract: A processing method of content intended for broadcasting is disclosed. The method includes, preceding broadcasting: encryption of the content by a plurality of control words, reservation of locations intended to receive a control message in the encrypted content, marking of each location with location information in the content, and storage of a key file comprising the control words. During broadcasting, the method includes: transmission of the encrypted content to a video server, transmission of the key file to a control message generator, broadcasting of the content encrypted by the video server, interception of the video server output by a replacement module, detection, by the replacement module, of location information of control messages in the stream of the broadcasted content, and application of the control messages at locations provided for this purpose by the replacement module.

Abstract: A service provider may provide one or more services to and/or for a client. Providing a service may involve receiving a service request including a security token at the service provider and determining whether the security token is valid. Providing the service may also involve determining a session security token if the security token is valid and generating a service response including the session security token. Providing the service may further involve receiving a service request including the session security token, determining whether the session security token is valid, and, if the session security token is valid, generating a second service response.

Abstract: An interface device for a protected workstation or host has a network interface for connection to a multi-level secure network, a first address corresponding to a guard control port, and a second address corresponding to a guard data port. A transport guard in the device has a control component coupled to the guard control port for processing configuration data sent to the first address and producing a desired security configuration, a guard component coupled to the output of the control component and to the guard data port of the network interface, and a host interface coupled to the guard component for exchanging data with the protected host. Only when permitted by the desired security configuration, the guard component passes network data addressed to the second address of the network interface to the host interface, and passes outbound data from the host interface to the network through the guard data port.

Abstract: An enterprise system may separate the executable functionality existing in backend applications, and the separation may be at differing levels of granularity. The separated functions of the application may be registered in a catalog in the form of metadata objects. Once the executable functionality has been registered, the authorization information for each granular functional object may be associated with authorization information. In this manner, the authorization of a service of an application may be made on a feature by feature (or object by object) basis in a unified manner.

Abstract: A basic idea of this system is to separate ordered delivery data and unordered delivery data in a security protocol running on top of a reliable transport protocol, and perform a first type of security processing for ordered delivery data and a second different type of security processing for unordered delivery data in the security protocol. Preferably, data messages using ordered delivery and data messages using unordered delivery within a secure data stream are separated into two message sequence spaces on the security protocol layer, and data security processing is then performed differently in these two spaces. This system is particularly suitable for a reliable transport protocol such as SCTP (Stream Control Transmission Protocol). The security protocol running on top of the transport protocol is preferably based on the TLS (Transport Layer Security) or a TLS-like protocol with a security processing extension for unordered delivery.

Abstract: Networked resources that are not located behind a proxy authentication server may be enabled to use the proxy authentication server for authentication. This may provide one or more of the features associated with a proxy authentication server (e.g., centralized administration of authentication and/or access information, enhancing software security, centralized administration of permission information, and/or other features) for the resources not located behind the proxy authentication server. These features may be provided without requiring substantial modification of the proxy authentication server.

Abstract: An information processing device includes: a receiving unit that receives a first random number from another information processing device; a generating unit that generates a second random number; a time-variant-key generating unit that generates a time variant key for encryption according to the second random number; an encrypting unit that encrypts the first random number with the time variant key; and a transmitting unit that transmits the first random number encrypted by the time variant key and the second random number to the other information processing device.

Abstract: The present invention is directed to various systems and/or methods relating to a software platform that provides for authentication of a requestor. Preferably, this authentication happens before there is an opportunity for any resource intensive request to harm operation of the system. Preferably, a reliability level is based on authentication so that the amount and/or type of resource access is controlled based, at least in part, on the authentication information. Preferably, heap usage is controlled by this reliability level. Preferably, the software platform is a virtual machine, preferably the Java Virtual Machine.

Abstract: A method and a computer program product for creating roles in an enterprise system comprising monitoring a system for instances of a change from a first normal user to a first super user; mapping said first user with a terminal; scanning said system to derive a plurality of commands executed from said terminal; mapping at least one of the plurality of command executed from said terminal to said first super user; and creating a first role comprising an authorization to execute the at least one command executed by said first super user.

Abstract: The invention relates to a method for controlling access to a private network. To a firewall node are updated logical names for mobile nodes allowed to communicate with nodes in the private network. A packet is received to the firewall node from an external network, the packet being addressed to a first node within the private network. The source address is obtained from the packet. Addresses associated with the logical names are obtained from a database node. It is checked whether the source address belongs to the addresses obtained. The packet is admitted to the private network, if the source address belongs to the addresses obtained.

Abstract: The disclosed technology provides a system and method of securely communicating data. An encryptor located at a transmitter can provide encrypted data to the transmitter. The transmitter can maintain a packet number indicating a particular packet for carrying the encrypted data and a sub-packet number indicating a position within the packet where the encrypted data is to be stored. The encryptor can produce the encrypted data using an encryptor seed generated based on the packet number and sub-packet number. A receiver can maintain a receiver packet number indicating a number of previously received packets and can compute a receiver sub-packet number. The receiver can receive a packet containing encrypted data and can decrypt the encrypted data using a decryptor seed generated based on the receiver packet number and sub-packet number.

Abstract: In accordance with the teachings described herein, systems and methods are provided for scanning a search area of reference pixel data to identify a reference macroblock of pixels with a closest pixel fit to a current macroblock of pixels. An example system may include a local memory array (e.g., a shift register), a processing block and a scan sequencer. The local memory array may include a plurality of rows and columns, with N extra rows or columns in addition to a number of rows or columns necessary to store N reference macroblocks of pixels The processing block may be used to compare reference macroblocks of pixels with the current macroblock of pixels to identify the reference macroblock of pixels with the closest pixel fit to the current macroblock of pixels. The scan sequencer may be used to load reference pixel data into the local memory array and present reference macroblocks of pixels from the local memory array to the processing block according to a scan pattern.

Abstract: An apparatus and method for spatial encoding of intra-predictions for a current block of a video sequence without the need to average across a number of best template matches. The encoder identifies and sorts the best template matches for the current block within previously coded and reconstructed blocks which neighbor the current block of video. In response to determining actual predictive error for the sorted list of matches, a selector is generated identifying which of the sorted templates is optimal. The selector is then communicated for receipt by the decoder, which is adapted for performing the same template matching and sorting, which is followed by selection of the optimum candidate in response to using the selector. In response to the selector information the decoder can provide optimum template matching without the compromise or overhead of taking averages across the best template candidates.

Abstract: A single validity proof (ci(F)) may be provided to certificate owners for a set (F) of the certificates via a multicast transmission if a multicasting group (2010) is formed to correspond to the set.

Abstract: Encrypting data on an originating computer and prevent access to this data if the computer is stolen or otherwise unauthorized for use. Access to the encrypted data is granted based on the originating computer's ability to successfully send the data encryption keys, via an electronic connection, to a remote computer and have the remote computer decrypt the encryption keys and transmit them back to the he originating computer. When originating computer receives the decrypt encryption keys, it can then successfully decrypt the encrypted hard drive using the encryption key provided by the remote computer.