Abstract: A system and method of operating a device to securely update the control firmware controlling the device. Downloading a firmware update package to a first microcontroller of the device. Determining a firmware update portion and an encrypted hash portion of the firmware update package wherein the encrypted hash portion is cryptographically signed by a signatory. Confirm that the encrypted hash portion conforms to the firmware update by independently computing the hash of the encrypted firmware update portion on the first microcontroller and comparing that value to the signed hash. Other systems and methods are disclosed.

Abstract: According to one embodiment, a device includes a cell array including an ordinary area, a hidden area, and an identification information record area in which identification information which defines a condition for accessing the hidden area is recorded. An authentication circuit performs authentication. A sensing circuit recognizes information recorded in the identification information storage area, determines the information recorded in the identification information record area when an access request selects the hidden area, validates an access to the hidden area when determined that the identification information is recorded, and invalidates an access to the hidden area when determined that the identification information is not recorded.

Abstract: Embodiments of the invention are directed to automatically populating a database of names and secrets in an authentication server by sending one or more lists of one or more names and secrets by a network management software to an authentication server. Furthermore, some embodiments provide that the lists being sent are encrypted and/or embedded in otherwise inconspicuous files.

Abstract: A medical device customization system and method comprising medical device that receives signals from a biological probe having an operational parameter and that stores data based on the signals in a memory. The medical device receives a custom application and establishes a virtual machine to run the custom application.

Abstract: According to an aspect of the disclosure, a portable handheld device includes a CPU for processing a script; a multi-core processor for processing an image, and a DRAM for storing image data. The CPU and the multi-core processor are integrated on one chip and share a data cache provided on the same chip. The DRAM is provided external to the chip. The portable handheld device further comprises a DRAM interface for receiving and sending data to the DRAM, the DRAM interface being provided on the same chip and sharing the data cache with the CPU and the multi-core processor.

Abstract: The present document relates to techniques for authentication of data streams. Specifically, the present document relates to the insertion of identifiers into a data stream, such as a Dolby Pulse, AAC or HE AAC bitstream, and the authentication and verification of the data stream based on such identifiers. A method and system for encoding a data stream comprising a plurality of data frames is described. The method comprises the step of generating a cryptographic value of a number N of successive data frames and configuration information, wherein the configuration information comprises information for rendering the data stream. The method then inserts the cryptographic value into the data stream subsequent to the N successive data frames.

Abstract: The medication usage monitoring and reminding device and method enables a user to easily monitor usage of medications by weighing the medications using a weighing component, a processing component and an I/O component. Additionally, the device is able to remind a user regarding the medications if the medication has not been timely taken. The device is also able to obtain information regarding medications such as possible conflicts, updates and other information. The device is able to be used for food/drink information or dietary information.

Abstract: A device receives capability information associated with a next hop device of a wireless local area network (WLAN). The device also determines, based on the capability information, whether the next hop device is capable of implementing security for traffic, where the security includes a media access control (MAC) security standard and a layer 2 link security standard. The device further creates, via the MAC security standard, a secure channel with the next hop device when the next hop device is capable of providing security for traffic.

Abstract: A removable drive such as a USB drive or key is provided for connecting to computer devices to provide secure and portable data storage. The drive includes a drive manager adapted to be run by an operating system of the computer device. The drive manager receives a password, generates a random key based on the password, encrypts a user-selected data file in memory of the computer device using the key, and stores the encrypted file in the memory of the removable drive. The drive manager performs the encryption of the data file without corresponding encryption applications being previously loaded on the computer system. The drive manager may include an Advanced Encryption Standard (AES) cryptography algorithm. The drive manager generates a user interface that allows a user to enter passwords, select files for encryption and decryption, and create folders for storing the encrypted files on the removable drive.

Abstract: The present invention discloses a method for quickly and easily authenticating large computer program. The system operates by first sealing the computer program with digital signature in an incremental manner. Specifically, the computer program is divided into a set of pages and a hash value is calculated for each page. The set of hash values is formed into a hash value array and then the hash value array is then sealed with a digital signature. The computer program is then distributed along with the hash value array and the digital signature. To authenticate the computer program, a recipient first verifies the authenticity of the hash value array with the digital signature and a public key. Once the hash value array has been authenticated, the recipient can then verify the authenticity of each page of the computer program by calculating a hash of a page to be loaded and then comparing with an associated hash value in the authenticated hash value array.

Abstract: Technologies for establishing and managing a connection with a power line communication network include establishing a communication connection between an electronic device and a security server. A default device encryption key associated with the electronic device is changed to correspond with a new device encryption key of the security server. Thereafter, the electronic device may only join a power line communication network of a particular security server using a network membership key, which is encrypted with the device encryption key that the particular security server associates to the electronic device. The electronic device contains a circuit interrupt to interrupt a circuit of the electronic device if the electronic device is not able to successfully decrypt the network membership key.

Abstract: A system for transferring secured data has an authentication facilitator that transmits data indicative of a graphical key pad to a remote display device of a user computing device and, in response, receives from the user computing device icon location data indicative of locations of icons selected by a user. Additionally, the authentication facilitator recovers a personal identifier (PI) from the icon location data, translates the recovered PI to obtain a translated PI, and transmits the translated PI. The system further has a partner computing apparatus that receives the translated PI and allows the user access to a secured area based upon the translated PI.

Abstract: The present invention provides a method for keys generation, member authentication and communication security in a dynamic group, which comprises steps: assigning each member an identification vector containing common group identification vector elements and an individual identification vector element, and generating an authentication vector and an access control vector for each member according to the identification vector; using the identification vector elements to generate public key elements and establish an authentication public key and an access control public key; and using a polynomial and the identification vector to generate a private key. The present invention uses these public keys and private keys, which are generated from the identification vectors, to implement serverless member authentication and data access control, whereby is protected privacy of members and promoted security of communication.

Abstract: Computer implemented methods and systems are provided for mediating access to content based on digital rights management. A request is received from a mobile device for a unit of content. A digital rights holder identity is identified for the mobile device by using a unique identifier for the mobile device. The unique identifier is an equipment identifier, an international mobile subscriber identity, a mobile subscriber identification number, or a mobile identification number. Whether the digital rights holder identity is associated with a right to receive the unit of content is determined. The unit of content is provided to the mobile device in response to a determination that the digital rights holder identity is associated with the right to receive the unit of content.

Abstract: An application program determines, based upon a user's operation that has been received during execution, whether installation of an extension function is necessary, saves information identifying an extension function whose installation is necessary in memory if it is determined that installation of the extension function is necessary, activates an installer of the extension function whose installation is necessary and then terminates execution of this application program. If the application program is activated by the installer after the completion of installation, the application program activates the extension function, which has been installed by the installer, based upon the identifying information that has been saved in the memory.

Abstract: A digital content protection apparatus and method for digital rights management (DRM) are provided in which a content file including a plurality of content parts is imported such that a header is included which stores location information required for decoding each of the content parts. Therefore, the number of content parts constituting the content file can be recognized, and a license that is required for the use of each of the content parts can be acquired by analyzing header information without necessitating the parsing of the transport packets of the content file. Accordingly, preparation time for using content can be reduced.

Abstract: The present invention disclose a system for securing managing usage rights of plurality of software applications in plurality of client computers devices to be authorized by a server application.

Abstract: Herewith disclosed a method and system for computerized managing a plurality of data protection (DP) resources. The computerized management comprises obtaining data related to at least part of the DP resources among said plurality of DP resources, wherein at least part of data is obtained by automated collecting; accommodating the obtained data in a data repository thus giving rise to accommodated data; processing the accommodated data, said processing resulting in at least one of the following: a) identifying one or more data protection (DP) schemes characterizing DP resources and/or relationship thereof; and b) identifying one or more data protection (DP) gaps.

Abstract: A two-stage anonymization process is applied to monitored network traffic in which unique user identifiers, such as the MSISDN (Mobile Station International Subscriber Directory Number), are extracted from the traffic and anonymized to generate an ASI (anonymized subscriber identifier). A strictly random RSI (random subscriber identifier) is generated and used to replace the ASI. The RSI is generated upon a first occurrence of an ASI and stored in a lookup table for utilization upon subsequent ASI occurrences. Use of the strictly random RSI enables various studies and analysis of user behavior to be performed at a heightened level of privacy protection as compared with conventional anonymization schemes that do not utilize strictly random identifiers.

Abstract: This invention relates to system for securing an information unit and applications thereof. The system comprising at least one encrypting means for applying a first encryption key to the information unit thus provided an encrypted information unit, wherein said at least one encryption means is adapted to apply at least two second information encryption keys to the encrypted information unit, said at least two second encryption keys being calculated so as to decrypt the encrypted information unit when all of said first and second encryption keys have been applied to the information unit, the encryption keys being distributed to chosen users of the system.

Abstract: A method for joining a user domain based on digital right management (DRM), a method for exchanging information between a user device and a domain enforcement agent, and a method for exchanging information between user devices belonging to the same user domain include sharing a domain session key between the user device and the domain enforcement agent or between the user devices belonging to the same user domain. Information is exchanged through a secure session set up between the user device and domain enforcement agent or between the user devices, and information exchange occurs through encryption/decryption using the domain session key.

Abstract: A method of policy management and control on a mobile phone. The method comprises receiving a user interface change request by a launcher application executing on the mobile phone, requesting permissions from an interface control application programming interface (API) by the launcher application, receiving a response from the interface control application programming interface by the launcher application, where the response indicates if the user interface change is permitted, and enforcing the received permission by the launcher application, where enforcing the received permission comprises executing the user interface change request when the user interface change is permitted, and where enforcing the received permissions comprises not executing the user interface change request and presenting a message to a user of the mobile phone when the user interface change is restricted.

Abstract: Techniques for detecting reason for connection attempt failure for DHCP with an Open Key authentication (WEP) protocol are discussed.

Abstract: This invention relates to an anti-fake identification system and method capable of automatically connecting to web address, in which an electronic tag of commodity is scanned by a reader device so as to read the identification code into the computer device; the identification code includes a web address of a remote maker to which the computer can automatically connect so as to transmit the identification code to the web address; a verifying device receives and verifies the identification code at the web address, and produce an authentication code according to the identification code after the identification code passes through verification so as to confirm the accuracy of the identification code. The method comprises the following steps of: reading an identification code of commodity; transmitting the identification code to the web address; verifying the identification code and generating an authentication code when the identification code is accurate.

Abstract: A secure USB flash drive employing digital rights management to implement secure digital media storage such as that provided by encrypted storage utilizing content protection for recordable media (CPRM) or the like. Unlike a secure digital card which provides such protection, it does not need an SD card port which is CPRM enabled, or alternatively a reader adapted for use therewith. The form factor can be that of a standard USB flash drive and a standard USB connector is employed making the device and its use familiar and comfortable to the average consumer.

Abstract: A method, system and apparatus for authenticating a communication request sent from a client computing device. The communication request is initially blocked by a firewall preventing delivery to a server. A first logging event corresponding to the communication request is created. The communication request and the logging event are stored in a firewall. The server is notified of the first logging event. The communication request corresponding to the first logging event is authenticated. A port in the firewall is enabled if the communication request is authenticated.

Abstract: In general, in one aspect, the disclosure describes a process that includes a cryptographic engine and first and second registers. The cryptographic engine is to encrypt data to be written to memory, to decrypt data read from memory, to generate read integrity check values (ICVs) and write ICVs for memory accesses. The cryptographic engine is also to create a cumulative read ICV and a cumulative write ICV by XORing the generated read ICV and the generated write ICV with a current read MAC and a current write ICV respectively and to validate data integrity by comparing the cumulative read ICV and the cumulative write ICV. The first and second registers are to store the cumulative read and write ICVs respectively at the processor. Other embodiments are described and claimed.

Abstract: A method includes receiving data related to an individual, the data comprising a plurality of elements of personally-identifying information (PII). The method further includes building, via the plurality of elements of the PII, a compositional key for the individual. In addition, the method includes storing the compositional key and a biometric print for the individual as a biometric record in a biometric repository. The method also includes, via the compositional key, providing a plurality of federated entity (FE) computer systems with access to the biometric repository.

Abstract: The objects of an archive may be verified with a cryptographic signature stored in the archive. However, when an object is extracted, the authentication involves re-authenticating the entire archive, re-extracting the object, and comparing the extracted object with the current object, which is inefficient or unachievable if the archive is unavailable. Instead, the archive may include a block map signed with the signature and comprising hashcodes for respective blocks of the objects of the archive. When an object is extracted, the signature and block map may also be extracted and stored as objects outside of the archive. The extracted signature and block map may later be verified by authenticating the signature, verifying the block map with the signature, and matching the hashcodes of the block map with those of the blocks of the extracted objects, thus enabling a more efficient and portable verification of extracted object with extracted authentication credentials.

Abstract: In the method of accessing an information system of an aircraft the system receives an authenticator request from a connector of the aircraft; the system determines whether the connector presents a predetermined characteristic; and in the event that the system determines that the connector does indeed present the predetermined characteristic, the system sends an authenticator to the connector. Provision is also made for: the system receives an authenticator the system determines whether the authenticator is valid; and in the event that the system determines that the authenticator is indeed valid, the system authorizes access to the system from a connector of the aircraft from which the authenticator was sent.

Abstract: Methods and apparatuses for private electronic information exchange are described herein. In one embodiment, when electronic information is received to be delivered to a recipient, the electronic information is transmitted over an electronic network with a private routing address. The private routing address is routable within a private domain, which is a subset of the electronic network. Other methods and apparatuses are also described.

Abstract: A method includes receiving user input including a user password while an authentication token is retained at a first position in an authentication token receiver of an authentication token reader by an insertion force applied to the authentication token by a user. The authentication token reader includes a bias member that applies an ejection force to the authentication token while the authentication token is at the first position. The method also includes reading authentication data from a memory of the authentication token while the authentication token is retained at the first position by the insertion force applied to the authentication token by the user. The method also includes authenticating the user based on the authentication data.

Abstract: System and methods for access control in a Universal Plug and Play (UPnP) network are based on a user identity. A control point has an identity assertion capability for identifying a user. The control point is configured to declare a value of an attribute associated with the identity assertion capability. A device is communicatively coupled to the control point via the UPnP network. The device has a first access control list and a trusted-to-identify access control list (TIA). The device is configured to permit the user to perform one or more actions based upon whether the user identity appears as a subject in the first access control list.

Abstract: A method and system for generating contexts of targets to estimate a high-order context. The system includes: a detection device including: a sensor for detecting a target; module for extracting the target and a primary context of the target based on data detected by the sensor; and module for encrypting the primary context with a key corresponding to the target; a storage device for recording encrypted primary context from the detection device; and a processing device including: module for receiving the encrypted primary context from the storage device; module for receiving the key corresponding to the target involved in the encrypted primary context; module for decrypting the encrypted primary context using received key; and module for estimating a high-order context using the decrypted primary context; where the processing device further includes a module for requesting the detection device to delete information on a key corresponding to a specific target.

Abstract: A method of controlling an apparatus comprising a plurality of features and adapted to receive messages via a first network interface, wherein said method is implemented in a filter superposed on the top of an existing architecture of the apparatus. The method comprises the following steps: receiving network management message via said first network interface; interrogating said message in order to identify a feature said network management message relates to and filtering the received management message such that said management message is rejected if the identified feature is classified as disabled and said management message is allowed top go through if said feature is classified as enabled.

Abstract: Behavioral analysis of a mobile application is performed to determine whether the application is malicious. During analysis, various user interactions are simulated in an emulated environment to activate many possible resulting behaviors of an application. The behaviors are classified as hard or soft signals. A probability of the application being malicious is determined through combining soft signals, and the application is classified as malicious or non-malicious. Users of the application, the developer of the application, or a distributor of the application are notified of the application classification to enable responsive action.

Abstract: Behavioral analysis of a mobile webpage is performed to determine whether the webpage is malicious. During analysis, the webpage is visited by an emulated mobile device to cause behaviors to occur which may be malicious. The behaviors occurring after accessing the webpage are stored. The behaviors are classified as hard or soft signals. A probability of the webpage being malicious is determined through combining soft signals, and the webpage is classified as malicious or non-malicious. Users of the webpage, the developer of the webpage, or a distributor of the webpage are notified of the webpage classification to enable responsive action.

Abstract: Systems, methods, and other embodiments associated with authentication via monitoring are described. One example method includes detecting a data flow in which indicia of identity (DFWIOI) travel between a first endpoint and a second endpoint. The DFWIOI may be partially encrypted. The example method may also include collecting an identity data associated with the DFWIOI from the DFWIOI, the first endpoint, the second endpoint, and so on. The example method may also include making an authentication policy decision regarding the DFWIOI based, at least in part, on the identity data. The example method may also include controlling a networking device associated with the DFWIOI based, at least in part, on the authentication policy decision.

Abstract: In one embodiment, a security device receives one or more first unique identifications of packets sent by a first device to a second device for which a corresponding acknowledgment was purportedly returned by the second device to the first device. The security device also receives one or more second unique identifications of packets received by the second device from the first device and acknowledged by the second device to the first device. By comparing the first and second unique identifications, the security device may then determine whether acknowledgments received by the first device were truly returned from the second device based on whether the first and second unique identifications exactly match.

Abstract: Methods and devices for controlling system settings of a computing device are described herein. One example embodiment comprises: determining configuration data associated with a software application, wherein the configuration data identifies one or more new system settings to be temporarily enforced on the computing device during an execution of the software application, and wherein the configuration data is digitally signed; and in response to an initiation of the execution of the software application, reconfiguring system settings on the computing device; wherein the reconfiguring comprises verifying at least one digital signature associated with the digitally signed configuration data; wherein if the at least one digital signature associated with the digitally signed configuration data successfully verifies, then the reconfiguring further comprises temporarily enforcing new system settings for the duration of the execution of the software application.

Abstract: Web-based authentication includes receiving a packet in a network switch having at least one associative store configured to forward packet traffic to a first one or more processors of the switch that are dedicated to cryptographic processing if a destination port of the packet indicates a secure transport protocol, and to a second one or more processors of the switch that are not dedicated to cryptographic processing if the destination port does not indicate a secure transport protocol. If a source of the packet is an authenticated user, the packet is forwarded via an output port of the switch, based on the associative store. If the source is an unauthenticated user, the packet is forwarded to the first one or more processors if the destination port indicates a secure transport protocol, and to the second one or more processors if the destination port does not indicate a secure transport protocol.

Abstract: A storage device and method for storage device state recovery are provided. In one embodiment, a storage device commences an authentication process to authenticate a host device. The authentication process comprises a plurality of phases, and the storage device stores the state of the authentication process, wherein the state indicates the phase(s) of the authentication process that have been successfully completed. After a power loss, the storage device retrieves the state of the authentication process and resumes an operation with the host device without re-performing the phase(s) of the authentication process that have been completed.

Abstract: In one embodiment, the method performed by mobile equipment to authenticate communication with a network includes generating keys using cellular authentication and voice encryption, and then generating an authentication key based on these keys. The authentication key is used to generate an expected message authentication code used in authenticating the network according to authentication and key agreement security protocol.

Abstract: A method for providing service plane encryption in IP/MPLS and GRE networks is disclosed. The method for providing service plane encryption in IP/MPLS and GRE networks includes receiving a first Security Parameter Index with associated first encryption key and associated first authentication key at a first network element supporting the first Service Distribution Point; receiving an instruction at the first network element to encrypt data entering the first Service Distribution point with the first encryption key; receiving an instruction at the first network element to associate a data communication service provided at the first network element to the first Service Distribution Point; providing an encryption label; and providing data associated with the first communication service to the first Service Distribution Point for transmission to the second Service Distribution Point.

Abstract: In a method of temporarily registering a second device with a first device, in which the first device includes a temporary registration mode, the temporary registration mode in the first device is activated, a temporary registration operation in the first device is initiated from the second device, a determination as to whether the second device is authorized to register with the first device is made, and the second device is temporarily registered with the first device in response to a determination that the second device is authorized to register with the first device, in which the temporary registration requires that at least one of the second device and the first device delete information required for the temporary registration following at least one of a determination of a network connection between the first device and the second device and a powering off of at least one of the first device and the second device.

Abstract: Provided is a transmission apparatus capable of avoiding unnecessary decryption and preventing a denial-of-service attack. The transmission apparatus that establishes a secure communications channel (SA) between the transmission apparatus and a reception apparatus includes a creation section that creates a packet, an encryption section that, based on a ratio of a redundant packet to the packets created by the packet creation section and on an instruction from the reception apparatus, determines an encryption coverage in the created packet and encrypts data in the encryption coverage, and a transmission section that transmits the encrypted packet through SA.

Abstract: Systems and methods of authenticating user access based on an access point to a secure data network include a secure data network having a plurality of a network access points serving as entry points for a user to access the secure data network using a user device. The user is associated with a user identity, each network access point with a network access point identity. The user uses a user device to send an access request, requesting access to the secure data network, to the network access point, which then sends an authentication request to an identity server. The identity server processes the authentication request, by validating the combination of the user identity and the network access point identity, and responds with an authentication response, granting or denying access, as communicated to the user device via an access response.

Abstract: A method is performed at a computer system having one or more processors and memory storing one or more programs executed by the one or more processors. The method includes generating a document, including marking one or more portions of the document as private; and sending the document to an intermediary system for transmission to a destination system. Prior to the document being transmitted to the destination system, the marked portions of the document are encrypted by the intermediary system using a key that is unavailable to the destination system.

Abstract: A method provides subscriber-specific activation of network-based mobility management using an authentication server. According to the method, network-based mobility management is enforced, even if the mobile terminal supports terminal-based mobility management. This gives a network provider complete control over mobility management in his network, preventing configuration problems during the configuration of mobile terminals. In the method, after the successful authentication of a subscriber, the authentication server transmits an authentication confirmation message to an authentication client in an access network. The received authentication confirmation message contains an activation attribute for activating network-based mobility management, if the authentication server does not provide a common mobile key for terminal-based mobility management.

Abstract: A user accessing a protected resource is authenticated using multiple channels, including a mobile device of the user. A user attempting to access a protected resource is authenticated by receiving a request from a mobile device of the user to access the protected resource; receiving a public key from the mobile device of the user; providing a provision token to the mobile device, wherein the provision token is used by the user to access the protected resource using a second device; and confirming the provision token to a provider of the protected resource to authorize the user to access the protected resource. The user then communicates with the provider using a second device to authorize the provisioning token. A transaction signing protocol is also provided.