Abstract: The disclosed computer-implemented method for anonymizing user accounts may include (i) receiving an instruction to anonymize a user account to protect a user's personally identifiable information, (ii) accessing, by a security program, a settings portal for the user account in response to receiving the instruction to anonymize the user account, (iii) replacing, by the security program, original values within at least two fields within the settings portal for the user account with anonymized values to mask the user's personally identifiable information, and (iv) storing the anonymized values within a protected vault to enable the user to login to the user account. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Techniques are provided for decrypting an encrypted file within an enterprise network. The techniques include identifying by a password collecting module a password entered during a file encryption procedure performed at a terminal and storing the password; receiving an encrypted file by a data leakage protection (DLP) module; and attempting to decrypt the encrypted file with the password by the DLP module.

Abstract: A password evaluation engine used to evaluate a user's password that redefines the concepts of password complexity and password strength is discussed. Password complexity may be calculated by the evaluation engine so as to take into account the amount of knowledge possessed by a potential attacker, seeking to crack the password, of the rules corresponding to a rule set used for generating the password. A determination of password strength by the evaluation engine may consider a potential attacker's computational resources, the protection function used to protect/store a password and the amount of time available to the attacker to crack the password with respect to an identified search space based on the attacker's knowledge. Embodiments also enable a password strength estimator to be evaluated and policy recommendations to be generated for an entity's password policy requirements.

Abstract: In an embodiment, a password risk evaluator may receive a request including a user identifier (ID) and a password. The password risk evaluator may retrieve a password preference model associated with the user ID, and may determine a risk score indicating a likelihood that the password is associated with the user ID. For example, the password preference model may be based on previous passwords used by the user, and may identify one or more characteristics, formulas, rules, or other indicia typically employed by the user in creating passwords. If the password supplied in the request matches or is similar to one or more elements of the password preference model, it may be more likely that the password in the request is a password supplied by the user. That is, the risk score may be an authentication of the user, or part of the authentication of the user, in some embodiments.

Abstract: In an embodiment, a password risk evaluator may receive a request including a user identifier (ID) and a password. The password risk evaluator may retrieve a password preference model associated with the user ID, and may determine a risk score indicating a likelihood that the password is associated with the user ID. For example, the password preference model may be based on previous passwords used by the user, and may identify one or more characteristics, formulas, rules, or other indicia typically employed by the user in creating passwords. If the password supplied in the request matches or is similar to one or more elements of the password preference model, it may be more likely that the password in the request is a password supplied by the user. That is, the risk score may be an authentication of the user, or part of the authentication of the user, in some embodiments.

Abstract: A system includes a target directory service, a domain mesh with a plurality of domains, and a synchronization host coupled to the domain mesh. The synchronization host is configured to synchronize password changes received in the domain mesh with the target directory service. Synchronizing the password changes includes receiving at the synchronization host a hash value representative of a plaintext password from the domain mesh, performing at the synchronization host an additional hash on the hash value to generate protected password data, and exporting the protected password data from the synchronization host to the target directory service.

Abstract: The subject disclosure is directed towards securely synchronizing passwords that are changed at a source location (e.g., an on-premises directory service) to a target location (e.g., a cloud directory service), so that the same credentials may be used to log into the source or target location, yet without necessarily having each domain controller handle the synchronization. The plaintext password is not revealed, instead using hash values computed therefrom to represent the password-related data. The target may receive a secondary hash of a primary hash, and thereby only receive and store a password blob. Authentication is accomplished by using the same hashing algorithms at the target service to compute a blob and compare against the synchronized blob. Also described are crypto agility and/or changing hashing algorithms without requiring a user password change.

Abstract: The subject disclosure is directed towards securely synchronizing passwords that are changed at a source location (e.g., an on-premises directory service) to a target location (e.g., a cloud directory service), so that the same credentials may be used to log into the source or target location, yet without necessarily having each domain controller handle the synchronization. The plaintext password is not revealed, instead using hash values computed therefrom to represent the password-related data. The target may receive a secondary hash of a primary hash, and thereby only receive and store a password blob. Authentication is accomplished by using the same hashing algorithms at the target service to compute a blob and compare against the synchronized blob. Also described are crypto agility and/or changing hashing algorithms without requiring a user password change.

Abstract: A method and system for roaming website accounts and passwords are provided. The method is operational on a first client and includes: authenticating website accounts and passwords that have been stored; obtaining the stored website addresses, accounts and passwords according to a success verification; encrypting the stored website addresses, accounts and passwords for generating encrypted information, and generating a first QR code to be obtained by a second client according to the encrypted information. The website accounts and passwords are roamed and synchronized to be shared. The synchronization process verifies the accounts and passwords, and would not need a third-party server. Risk of data lost in case that the third-party server is attacked would be eliminated, and the safety for the accounts and passwords is improved.

Abstract: A first cryptographic device is authenticated by a second cryptographic device. The second cryptographic device stores an alternative version of a secret value associated with the first cryptographic device as a countermeasure to compromise of the secret value. In conjunction with a protocol carried out between the first cryptographic device and the second cryptographic device, the second cryptographic device determines the secret value based at least in part on the alternative version of the secret value, and utilizes the determined secret value to authenticate the first cryptographic device. The alternative version of the secret value may comprise a randomly-skewed version of the secret value. For example, the secret value may comprise a key or other parameter of the first cryptographic device and the alternative version of the secret value may comprise a randomly-skewed version of the key or other parameter.

Abstract: A password-hardening system comprises at least first and second servers. The first server is configured to store a plurality of sets of passwords for respective users with each such set comprising at least one valid password for the corresponding user and a plurality of chaff passwords for that user. The second server is configured to store at least a portion of valid password indication information indicating for each of the sets which of the passwords in that set is a valid password. The first and second servers are further configured to proactively update the sets of passwords and the valid password indication information in each of a plurality of epochs. The valid password indication information may comprise, for example, valid password index values for respective ones of the users, with the index values being stored as a shared secret across the first and second servers.

Abstract: A masking addition operation apparatus for prevention of a side channel attack, includes a random value generation unit generating a first random value for a first input, second random value for a second input, and a summation random value. The masking addition operation apparatus includes an operation part performing an operation on the first and second random values, a previous carry input, and first and second masked random values generated based on the first and second random values. The masking addition operation apparatus includes a carry generator generating a carry input using a result of the operation part; and a summation bit generator generating a summation bit using the summation random value, the first and second random values, the previous carry input and the first and second masked random values.

Abstract: A method embeds tracing secret data into multimedia contents delivered to particular users. The method descrambles a first scrambled video stream having alternate values to obtain a personalized video stream corresponding to an original video stream by a decoder comprising at least a security unit and a descrambling unit, the personalized video stream being obtained by restoring the alternate values by personalized values taking into account an internal parameter on the security unit and received control data containing the original values and their location in the modified stream.

Abstract: Embodiments of the present invention provide for the copy protection of distributed material after conditional access is applied, regardless of where the material is distributed. The solutions described provide the advantage of being sufficiently simple in implementation to qualify as “curb high” solutions. “Curb high” solutions provide a range of security from minimal security to a high level of security while requiring relatively fewer system resources to implement than prior approaches.

Abstract: A composite masking system and method for improving the invisibility of high-definition video watermarking. The composite masking system includes a watermark generation module, a mask generation module, and watermark embedment means. The watermark generation module generates a basic watermark pattern using a private key, and generate a watermark pattern by repeatedly extending the basic watermark pattern. The mask generation module generates a Noise Visibility Function (NVF) mask using NVF masking means, an adaptive dithering mask using adaptive dithering masking means, and a contour mask using contour masking means. The watermark embedment means generates a composite mask by multiplying the NVF mask, the adaptive dithering mask and the contour mask together, multiplying the composite mask and the extended watermark pattern together, and embedding the result of the second multiplication in the luminance channel of an original image.

Abstract: A method for encrypting an information carrier comprising generating a sequence of data using a sequence generator, modulating, using a first modulator an output from the sequence generator such that an interference signal results, encoding the interference generator's synchronization information using an encoder, modulating, using a second modulator, the encoded synchronization information such that a synchronization carrier signal results, spreading the synchronization carrier signal using a spreader such that a spread sub-carrier synchronization signal results, and combining the modulated information carrier signal, interference signal, and spread sub-carrier synchronization signal using a signal combiner such that a composite signal results, the interference signal having one or more signal characteristics that results in obfuscation of the information carrier signal when the information carrier signal and interference signal are combined.

Abstract: A transmitting apparatus 100 includes an initialization vector generating unit 110 for generating initialization vector IV1-IV5 for encrypting stream data with a stream encryption method, wherein the initialization vector is changed at every initialization intervals defined by a stream encryption module; an initialization packet generating unit 140 for generating an initialization packet IP containing an initialization vector used when stream data following the initialization packet are encrypted and another initialization vector used when another stream data different from the stream data following the initialization packet are encrypted; an encryption unit 120 for initializing the stream encryption module using a generated initialization vector, and performing stream encryption on stream data following the initialization vector; an encryption packet generating unit 130 for generating an encryption packet EP containing stream-encrypted data; and a transmission unit 150 for transmitting the initialization pac

Abstract: An improved methodology and implementing computer system are provided in which sensitive information is selectively masked in order to enable such information to be relatively securely and efficiently transmitted over networks without disclosure of such sensitive information at a transmitting or receiving terminal, or at points along the data transmission network.

Abstract: A program conversion device generates a program by obfuscating an original program, and generates and encrypts conversion parameters for inverse conversion of the obfuscated program. The program conversion device distributes the obfuscated program together with the encrypted conversion parameters. To execute the obfuscated program, a device having a high security level decrypts the encrypted parameters by using a decryption key stored in advance, applies inverse conversion to the obfuscated program by using the decrypted conversion parameters, and executes the program resulting from the inverse conversion. A device having a low security level executes the obfuscated program without any inverse conversion.

Abstract: A method and apparatus for defeating copy protection signals in a video signal, and also for providing copy protection signals for a video signal, is disclosed. The defeat technique generally utilizes a particular pulse position shifting, modulation, etc., of AGC, normal sync and/or pseudo sync pulses to increase the separation between the pulses. Various embodiments are disclosed including selective shifting of the relative positions of either the sync/pseudo sync or AGC pulses, trimming portions of the sync/pseudo sync and/or the AGC pulses and narrowing of either the sync/pseudo sync and/or the AGC pulses, all to provide the selective position separation between the sync/pseudo sync and AGC pulses.

Abstract: A BD-ROM stores a video stream and a plurality of pieces of copy control information. The plurality of pieces of copy control information include “CCIforHD with CM”, “CCIforSD with CM”, “CCIforHD without CM”, and “CCIforSD without CM”. The video stream constitutes video composed of a plurality of video streams. Among the plurality of pieces of copy control information, “CCIforHD with CM” and “CCIforSD with CM” indicate whether recording is permitted of a video signal converted from the video stream and output with addition of supplemental information. On the other hand, “CCIforHD without CM” and “CCIforSD without CM” indicate whether recording is permitted of the video output without addition of the supplemental information.

Abstract: The present invention relates to media synchronization. The invention is mainly addressed to synchronization of continuous media streams that are provided in data transfer systems. In a sending device, at least one of media components being transferred is provided, by means of data hiding, with synchronization information relating to one other of the media components. In a receiving device the media components are received, and synchronization information relating to one of the media component and being hid in at least one other media component is recovered from the at least one other media component, by means of which synchronization information the at least two media components are synchronized to be played.

Abstract: An apparatus and a method of generating a video-reproducing clock signal from a 480p signal. The apparatus generates a video-reproducing clock signal from a 480p signal that includes a vertical synchronization signal, horizontal synchronization signals, and copy guard signals. The apparatus includes a coast signal generating unit and a clock signal generating unit. The coast signal generating unit generates a plurality of coast signals with pulse widths, each of which covers the different number of copy guard signals on the basis of the present copy guard signal in one frame signal of the 480p signal. The clock signal generating unit generates horizontal synchronization signals at the same period as that of the horizontal synchronization signals generated in a previous frame, while the corresponding coast signal is being generated.

Abstract: A method for combining transfer functions with predetermined key creation. In one embodiment, digital information, including a digital sample and format information, is protected by identifying and encoding a portion of the format information. Encoded digital information, including the digital sample and the encoded format information, is generated to protect the original digital information. In another embodiment, a digital signal, including digital samples in a file format having an inherent granularity, is protected by creating a predetermined key. The predetermined key is comprised of a transfer function-based mask set to manipulate data at the inherent granularity of the file format of the underlying digitized samples.

Abstract: In a random number sequence sharing apparatus, a reception unit receives a radio signal including a radio wave from a pre-designated radio star at a pre-designated observation time, a sending unit sends the received radio signal to another random number sequence sharing apparatus, an acceptance unit accepts a radio signal sent from the another sharing apparatus, an analysis unit separates the two radio signals into a plurality of independent components by independent component analysis, a selection unit selects two independent components temporally different by difference in time required for the radio wave to arrive at both sharing apparatuses from the radio star, a sampling unit averages the two selected independent components after adjusting the temporal difference and bit-samples the average, and an output unit outputs a sequence of the bit samples as a random number sequence to be shared.

Abstract: A reception apparatus includes: a reception unit for receiving the scrambled content, the scrambled content being scrambled so that a predetermined unit of scrambled content is descrambled using a descrambling key corresponding to the predetermined unit of scrambled content, and at least one piece of storage information in which a list including all descrambling keys used for descrambling the scrambled content is embedded; storage unit for storing the received scrambled content and the storage information; list extraction unit for extracting the list from the stored storage information; descramble processing unit for extracting the predetermined unit of scrambled content from the stored scrambled content, extracting a descrambling key corresponding to the predetermined unit of scrambled content from the extracted list, and descrambling the extracted predetermined unit of scrambled content using the extracted descrambling key; and reproduction unit for reproducing the predetermined unit of descrambled content

Abstract: A verification system randomly retrieves data from a removable data storage medium. The retrieved data is compared to corresponding verification data, which is known to be valid. The system determines that a legitimate removable data storage medium is present if the retrieved data matches the corresponding verification data. The removable data storage medium can be partitioned into multiple blocks of data. A cryptographic digest is calculated for each data block. The digests are compared to determine whether the retrieved data matches the verification data. The removable data storage medium may be a compact disc (CD) or a digital versatile disc (DVD).

Abstract: In a video on demand (VOD) system, methods and apparatus are provided for seamlessly switching back and forth between two pre-encrypted files having changing encryption keys. Such switching back and forth may be required when a VOD server stores both a “normal” copy of a movie and a “special” copy such as a “trick-play” version for, e.g., fast forward and rewind effects. Instead of using keys with changing parities in both streams, the special stream is encrypted with keys using the same parity (even or odd), while the normal stream is encrypted with one dynamic key (odd or even) and one fixed key (even or odd). Other special streams, such as scene branch streams and alternate angle streams can also be accommodated.

Abstract: In general, one embodiment of the invention involves a method to protect the integrity of the sign mask. The method involves computing a key shared by a plurality of software modules employed within an image display device and encrypting a sign mask with the shared key. The sign mask is used for scrambling a bit stream prior to its transmission along with the encrypted sign mask. The encrypted sign mask is decrypted at the destination in order to descramble the scrambled bit stream.

Abstract: A transmitter adds packet transmission order information to transmitted packets using a forward error device (416) and a masking device (420). The masking device (420) receives ordering masks (610) from a mask store (424). The ordering masks (610) are maintained in a known order, and the ordering masks (610) and the known order are known to both the transmitter and the receiver. The receiver includes an unmasking device (504) that applies ordering masks to unmask the packets, and then an error detection device checks for errors. The ordering masks (610) are applied in the known order until errors are below an acceptable limit. When errors are below an acceptable limit, the relative packet order is determined from the known order of the ordering masks.

Abstract: A system and method for verifying digital recordings that have a plurality of tracks. The system includes an encoder that: divides the digital recording into a plurality of sections and associates a random number with each section; calculates an identifier as a function of the associated random numbers; and watermarks sections within a block of sections with the associated random number and a portion of the identifier. A verification system is provided that extracts the random numbers and identifier portions; calculates a first identifier as a function of the extracted random numbers; calculates a second identifier based on the identifier portions; and compares the first identifier and the second identifier.

Abstract: Illegal cable decoders, i.e., black boxes, are defeated by adding, inserting and/or superimposing an added signal onto an already scrambled video signal, which added signal is capable of disrupting the operation of the illegal cable decoder. As a result of the added signal, the illegal cable decoder outputs an unstable or unviewable picture or signal and concealment is maintained. In another embodiment of an added signal, a modulated signal with a range from about blanking level to about peak white level is added, inserted and/or superimposed on the unstable scrambled video signal in the vertical blanking interval and/or its vicinity. As a result, the illegal cable decoder is caused to generate some horizontal instabilities at its output.

Abstract: A cryptation system for information transmitted through packet switching networks masks the digital information data by combining it at the transmitting station with digital data of a certain cryptation code before transmitting the so-encrypted data through the network. The system also performs an inverse decrypting processing at the receiving station using the same code. The system generates at a transmitting station and at a receiving station, starting from a given pair of password codes or user key, a certain discrete chaotic model or map of the pair of codes or key, producing dynamically updated pairs of values of codes or keys every certain number of processing steps of the chaotic map. The data to be transmitted is masked by way of a logic combination with the current dynamically updated keys at the transmitting station.

Abstract: A glasses type display that is connected to an information communication terminal via a wire line or a wireless line, in which the operation by the user is made simple by preventing error operation and the power consumption is decreased by not consuming the unnecessary power, is provided. The glasses type display provides lenses, a main frame, side frames, a microphone, a speaker(s), open and closed state detecting sensors, wearing state detecting sensors. When the user opened the side frames, the open and closed state detecting sensors react, and the wearing state detecting sensors become the on state. When the user put on the glasses type display, the lenses automatically become the on state by that the wearing state detecting sensors detected the wearing state. And when the reaction from a part of the wearing state detecting sensors was turned off, caused by some vibration, the lenses are not immediately turned off. Therefore, an error operation is avoided.

Abstract: A method for securely providing privately viewable data in a publicly viewable display can include interspersing private data frames among public data frames according to a sequencing pattern. A syncstream can be encoded based upon a syncstream mask. More particularly, the syncstream can specify when to activate shutters in a set of active glasses in synchronization with the sequencing pattern. Notably, an encryption key pair can be generated having a public key and a private key. Using the public key, the syncstream mask can be encrypted and forwarded to a pair of active glasses. Once received in the active glasses, the encrypted syncstream mask can be decrypted with the private key. Finally, the decrypted syncstream mask can be applied to the encoded syncstream to determine when to activate the shutters in the active glasses.

Abstract: A method and arrangement for detecting a watermark in an information signal. The method may include the steps of computing the correlation (dk) of the watermark (Wi) and the information signal (e.g. an image Q) for a plurality of positions (k) of the watermark with respect to the information signal, and detecting whether at least one of the respective correlation values exceeds a given threshold. The step of detecting may include determining the standard deviation (&sgr;d) of the respective correlation values (dk), and setting the threshold to a given multiple (T) of the standard deviation. The multiple (T) is derived form a desired false alarm rate (watermark detected when there is none, or no watermark detected when there is one).

Abstract: In order to descramble sections of scrambled data interleaved with sections of unscrambled data in a transport stream of broadcast video data, while leaving the sections with the original timing relationship in the transport stream, a common data flow path (1-5) is provided both for sections of scrambled data and sections of unscrambled data and signal path loops (6,7; 8,9) including cipher means (62,64) to enable the descrambling of scrambled data, and a control state machine for controlling the flow of data through said common data flow path and said signal path loops to enable passage of unscrambled data sections and descrambling of scrambled data sections, while maintaining the desired relative positions of the data sections.

Abstract: A wireless communications system (110) with increased privacy. The system (110) transmits an encrypted signal between a base station (112) and a wireless terminal (122). In the forward channel, the base station (112) includes an encryptor (130) with a long code mask generator (200) that generates a rolling long code mask. The wireless terminal (122) similarly includes a decryptor (164) with a long code mask generator (208) that creates a rolling long code mask.

Abstract: A system, method, and data structure provide for securely synchronizing passwords and/or other information between systems. The password-related information is stored in the systems in a secure manner, and a user or some other, external agent participates actively in the transmission of a new password between systems. A password update file is communicated or shared between systems to synchronize passwords.

Abstract: Provided is a method and a system for automatically controlling display of video or image data in dependence on content classification information which is integrated within the data by means of invisible digital watermarking techniques. A controller decodes the watermarked content codes and then prevents displaying of certain material, by overlaying the display with blanking data, if the codes match certain stored codes which the controller has been set to respond to. The use of invisible digital watermark codes by a controller which operates in response to the watermark codes provides reliable control since the codes are more difficult for unauthorized persons to detect and remove than other embedded codes would be.

Abstract: A technique for hiding of data, including watermarks, in human-perceptible sounds, that is, audio host data, is disclosed. In one embodiment a method comprises three steps. In the first step, data to be embedded is inputted. In the case of a watermark, this data is a unique signature, and may be a pseudo-noise (PN) code. In the case of hidden data to be embedded in the host data, this data is the hidden data itself, or the hidden data as spread against the frequency spectrum by a pseudo-noise (PN) code. In the second step, the inputted data is embedded within the host data, in accordance with a perceptual mask of the host data. The perceptual mask determines the optimal locations within the host data to insert the inputted data. In the case of sounds, these optimal locations are determined by reference to the human auditory system. In the third step, the host data, with the embedded data, is further masked by a non-frequency mask. In the case of audio data, the non-frequency mask is a temporal mask.