Abstract: In interactive television, a broadcaster may broadcast triggers to a great many receiver units prompting the receiver units to attempt to send requests to a single destination on the Internet at roughly the same time. Such a large number of simultaneous requests can give rise to throughput problems and server overload. A receiver unit in accordance with the invention, rather than immediately attempting to send a request, waits a period of time (for example, a random period) before sending the request so as not to overload the server. In one embodiment, a trigger is received on an interactive television receiver unit prompting the viewer to select an icon. If the viewer selects the icon, then a browser in the receiver unit retrieves a web page on the Internet identified by a URL in the trigger. The web page includes an indication of a destination, scheduling information, and a form area. The viewer enters user information in association with the form area.

Abstract: Disclosed is a system for inserting indicators, such as tags and markers, in a video stream. The tags and markers can be inserted automatically using a database, or manually using an operator input station that supplies standard tags and markers for easy insertion. The information can be accessed with the database functioning as a look-up table, or using a comparator that compares a time code with stored table information. Also disclosed is the generation of supplemental video signals that can be combined with a video signal to provide supplemental information that varies on a regional basis. The present invention also discloses the use of indicators to access Internet web sites to generate enhanced video signals. The indicators can be transmitted by embedding them in the streaming video, in the video blanking interval, encoding them as a separate data PID or placing them on a back channel.

Abstract: A providing computer system may receive a request, via a stateless protocol, to access a resource. An access control application may refer to administrative rules to set validation information associated with the request. Validation information may be in the form of electronic text that is stored in a location such as a cookie or state-table. Validation information may indicate the state of a session associated with a resource, such as whether a session is in a logged-in or logged-out state. When a request is received, validation information and authentication information may be utilized together to determine if access to a resource should be granted. When access to a resource is granted or denied, validation information may be updated to indicate that the state of the session has changed.

Abstract: A user, by way of a computing device, requests and receives content from a first server at the computing device. An authentication response is also received from the first server at the computing device of the user. The authentication response includes an address of the second server and an executable script. The computing device of the user executes the executable script by issuing a request to the second server for state information corresponding to the user, receiving the state information from the second server; and determining, based on the state information, whether the user is authenticated to the second server. If the user is not authenticated to the second server, the computer device of the user displays a login module that is visually associated with the first server. Such login module collects login information for authenticating the user to the second server.

Abstract: Generic Internet Protocol (IP) authentication is provided by authentication server (134). Application Programming Interface (API) (310) detects the protocol type of an incoming authentication request and invokes one of a number of authentication mechanisms (318-326) depending on the protocol type detected. A localized repository (520) is provided to store Subscriber Identity Module (SIM) information and other algorithm data as required to facilitate the authentication session.

Abstract: When a user successfully logs into an account, the user is provided with a first-class login token, which entitles the user to one or more unsuccessful login attempts without experiencing delays the user would otherwise experience. If attempts with a second-class login token or an expired first-class login token is impermissible, a subsequent login attempt is subject to delays the user would otherwise not experience. The delays minimize the effectiveness of dictionary attacks. Additionally, if the user attempts to login without a login token or an invalid login token, the login attempt is impermissible and the user is provided with a second-class login token for use in a delayed, subsequent login attempt.

Abstract: A test method for Internet-Protocol packet networks that verifies the proper functioning of a dynamic pinhole filtering implementation as well as quantifying network vulnerability statistically, as pinholes are opened and closed is described.

Abstract: A method, system and apparatus are described for avoiding the use of a web-server or generic security when providing network administration services remotely to managed entities using wireless technology. Instead a true Proxy device, not operating as a web-server, is used to preprocess all command traffic from wireless input devices (WID). The intervention between the WID and the managed entities of the Proxy isolating the managed entities from the WID, enhanced by encoding using a novel messaging protocol, further enhanced by a novel security model based on multiple pre-shared keys and algorithms together with identifiers and passwords that are not transmitted, achieves several bandwidth and security advantages including the ability to deliver TELNET services across the Internet and behind a firewall.

Abstract: A method for providing peer-to-peer virtual private network (P2P-VPN) services over a network. The method includes identifying subnet and host addresses for each user device requesting participation in a virtual private network (VPN) session. Once the subnet and host addresses are identified, a virtual private host (VPH) is initiated for each user device, where each VPH communicates with each user device via a respective tunnel through the network, thereby enabling secure communications between the user devices.

Abstract: Evasion detection is disclosed. Techniques are provided for network security, including comparing a received header value to a baseline header value, determining based on the comparison whether a threshold has been satisfied, and generating an alert if the threshold has been satisfied. Header values may be representative of data included in packet headers that, depending upon a data communication protocol in use (e.g., TCP, IP, etc.) may include information such as a time-to-live (TTL) value or IP options. After retrieving a received packet's header value, it is compared to a baseline header value and, in combination with evaluating a flip count threshold, used to detect an evasion attempt.

Abstract: A skeptical system protects an asset by monitoring commands of a user, predicting a plan of the user based on the monitored commands, inferring an actual plan from the predicted plan, receiving information related to an identity of the user, inferring an actual identity of the user from the information, assessing a threat based on the actual plan and the actual user identity, and selecting, from among a plurality of possible responses, a response that is appropriate to the assessed threat.

Abstract: The invention facilitates monitoring and ensuring data security in security update information between software and hardware applications. The invention is achieved through an automated system that allows for substantial uniformity and substantially seamless security through a front-end system. The invention may use one or more third-party products to facilitate communication between computing platforms.

Abstract: Transactional access control information extracted from a transactional data source and used by a transactional application program is received at an analytical application program used for analytical processing. Each entry in the transactional access control information identifies a user that is permitted to access a data object that is stored in the transactional data source. The received transactional access control information is translated into analytical access control information for use by the analytical application program. Entries in the analytical access control information identify users that are able to access data objects that are stored in an analytical data store used by the analytical application program and correspond to data objects stored in the transactional data source.

Abstract: A system and method of encrypting digital content in a digital container and securely locking the encrypted content to a particular user and/or computer or other computing device is provided. The system uses a token-based authentication and authorization procedure and involves the use of an authentication/authorization server. This system provides a high level of encryption security equivalent to that provided by public key/asymmetric cryptography without the complexity and expense of the associated PKI infrastructure. The system enjoys the simplicity and ease of use of single key/symmetric cryptography without the risk inherent in passing unsecured hidden keys. The secured digital container when locked to a user or user's device may not open or permit access to the contents if the digital container is transferred to another user's device. The digital container provides a secure technique of distributing electronic content such as videos, text, data, photos, financial data, sales solicitations, or the like.

Abstract: A signal processing system includes a reproducing apparatus for reading information from a recording medium having unique information and an information processing apparatus for mutually authenticating and connecting the reproducing apparatus. The reproducing apparatus includes a final encryption key generating portion that generates a content information encryption key in accordance with intermediate key information. A first transmitting portion transmits the intermediate key information to the information processing apparatus. A second transmitting portion transmits the content information encryption key to the information processing apparatus. The information processing apparatus includes a content information encrypting portion that encrypts content information using the content information encryption key, and an intermediate key information encrypting portion that encrypts the intermediate key information using key information unique to the recording medium.