Abstract: A playback device reads an application and a digital stream from a recording medium to execute the application with playback of the digital stream. The playback device includes a management unit operable to verify authenticity of the application by judging whether a disc root certificate is identical to a first root certificate, and an execution unit operable to execute the application if authenticity of the application is verified by the management unit. The playback device also includes a storage unit having a storage area that is specified by a file path that uses the provider ID and a hash value of a second root certificate, and a playback unit operable to play back the digital stream in accordance with the playlist information.

Abstract: A system and method wherein an intermediary process provides access to a restricted object associated with a source process on behalf of a destination process. The intermediary process may be a trusted process that is available as a service to other processes on the computing platform. The intermediary process may assume one or more privileges associated with the source process whereby the restricted object may be accessed by the intermediary process on behalf of the destination process. Secure access to the restricted object and the risk of malicious exploitation are mitigated since the intermediary process is a trusted service that is known to provide specific functionality.

Abstract: Particular embodiments of a computing device associated with a user may detect an event using a sensor of the computing device. The event may be a lock-triggering event or an unlock-triggering event. The computing device may assess a state of the device. The computing device may also access further information associated with the user. The computing device may also monitor activity on the computing device to detect further events if such further monitoring is warranted. Based on the gathered information, the computing device may update a lock status of the device to lock or unlock access interfaces of the computing device, functionality of the computing device, or content accessible from the computing device. If the event comprised the computing device detecting an attempt by a third party to use the device, the device may attempt to identify the third party to determine if they are authorized to use the device.

Abstract: Systems and methods for weak authentication data reinforcement are described. In some embodiments, authentication data is received in a request to authenticate a user. In response to detecting weak authentication data, the systems and methods determine whether the user was previously authenticated as a human user. An example embodiment may include initiating an authentication process based on determining that the user was previously authenticated as a human user.

Abstract: A system and method of adding programming to a Symbian operating system. A binary component for use by the operating system, with the binary component including both a capability level and a trust level. The trust level is either equal to or higher than the capability level. If the trust level of the binary component is equal to or higher than the capability of a calling process the calling process automatically loads the binary component.

Abstract: The present disclosure is related to a method for releasing a locking on a mobile terminal, the method comprising: locking the mobile terminal; generating a locking-release preliminary signal on the locking; creating a locking-release icon based on a generated position of the locking-release preliminary signal; and releasing the locking by selecting the locking-release icon, and to a mobile terminal using the same.

Abstract: According to one embodiment, an apparatus may receive a token that indicates a change that occurs during a session. The session may facilitate access to a resource. The token may indicate a risk token should be computed. The apparatus may determine, from the token, a first set of attributes. The first set of attributes may include attributes required to compute the risk token. The apparatus may determine that a cache contains a set of cached attributes. The apparatus may examine an attribute in the set of cached attributes, and determine the attribute in the set of cached attributes is not in the first set of attributes. The apparatus may then remove the attribute in the set of cached attributes from the cache.

Abstract: Methods and systems for dynamically bundling portions into secured destination files are provided. Example embodiments provide a Dynamic Digital Rights Bundling System (“DDRBS”), which dynamically bundles a set of portions each variously containing digital rights management components, user interface controls, and content, into a secured destination file in response to a designated content request. In one embodiment, the DDRBS comprises a bundling engine, a translation engine, a merging engine, and an assortment of data repositories. These components cooperate to dynamically assemble and provide customized secured destination files comprising the requested content together with specialized user interface and digital rights management controls. This abstract is provided to comply with rules requiring an abstract, and it is submitted with the intention that it will not be used to interpret or limit the scope or meaning of the claims.

Abstract: A code conversion apparatus, a disk drive, a code buffer, and an encryption buffer are included in a storage. The code buffer stores therein first encrypted data present in the disk drive, and the encryption buffer stores therein first unencrypted data present in the disk drive. An encrypting unit encrypts the first unencrypted data present in the encryption buffer to predetermined encrypted data, and a decrypting unit decrypts the first encrypted data present in the code buffer to second unencrypted data. Moreover, a re-encrypting unit decrypts the first encrypted data present in the code buffer to third unencrypted data and encrypts the third unencrypted data to second encrypted data different from the first encrypted data.

Abstract: Methods and devices for implementing security policies on a wireless device. The wireless device may include a non-volatile memory comprising a security type hard-coded in the non-volatile memory. Based on the security type, it may be determined whether a received security policy governing behavior of one or more resources designated as personal is applicable to the one or more resources designated as personal. If the security type is determined to indicate that the received security policy is not applicable to the one or more resources designated as personal, the security policy may not be applied to the one or more resources designated as personal.

Abstract: Some aspects of what is described here relate to managing permission settings applied to applications on a mobile device. Multiple management policies that apply to an application associated with a perimeter on a device are identified. A priority ranking for each management policy is determined for the application based on the perimeter with which the application is associated. A permission setting based on the priority rankings is applied to the application.

Abstract: A method and apparatus for resolving a cousin domain name to detect web-based fraud is described. In one embodiment, the method for resolving cousin domain names of a legitimate domain name comprising applying at least one rule to a domain name to generate one or more candidate cousin domain names and comparing the at least one candidate cousin domain name with legitimate domain information to identify the legitimate domain name that is imitated by at least one portion of the domain name.

Abstract: Acquiring access to a token controlled system resource, including: receiving, by a token broker, a command that requires access to the token controlled system resource, where the token broker is automated computing machinery for acquiring tokens and distributing the command to the token controlled system resource for execution; identifying, by the token broker, a first need state, the first need state indicating that the token broker requires access to the token controlled system resource to which the token broker does not possess a token; requesting, by the token broker, a configurable number of tokens to gain access to the token controlled system resource, without dispatching an operation handler for executing the command until at least one token is acquired; assigning, by the token broker, an acquired token to the operation handler; and dispatching, by the token broker, the operation handler and its assigned token for executing the command.

Abstract: The present invention discloses an authentication method and a key device and relates to the information security field. The authentication method comprises initiating user authentication, generating a dynamic code and then a first verification code on the basis of the dynamic code, and outputting the dynamic code, by a key device; and receiving a second verification code entered by a user via a host, and collating the second verification code with the first verification code, by the key device, and if a match is found, the user access is authorized to the key device; otherwise, the user access is prohibited. The key device comprises a trigger module, a generator module, an output module, a communication module, a collator module, a controller module and a security module. According to the present invention, better security is achieved by reducing the possibility of sensitive information disclosure and misuse in case of password theft for the key device.

Abstract: A system for and method of automatically enforcing a configuration change process for change requests of one or more configurable element within one or more configurable computation systems. The system comprises means for managing a configuration change process for one or more configurable elements within a corresponding configurable computation system, means for generation a configuration request, means for applying a set of authorization rules to the configuration change requests to generate selective authorization of the CEs, and means for selectively locking and unlocking changes to configurable elements within the configurable computational systems.

Abstract: A system grants “provisional privileges” to a user request for the purpose of provisionally performing a requested transaction. If the provisionally-performed transaction does not put the system in a degraded state, the transaction is authorized despite the user request having inadequate privileges originally.

Abstract: In certain embodiments an apparatus includes a memory operable a processor. The processor is operable to detect a first and second authentication of a user and detect a first plurality of events. The processor is operable to present information associated with a first event in response to the second authentication of the user and present the information associated with a second plurality of events. The processor can detect a touch indicating a request to present a second event and scroll a first region of the display. The processor is further operable to determine that each one of the first plurality of events has been presented and scroll the first region of the display in conjunction with a second region of the display at least in response to determining that each one of the first plurality of events has been presented.

Abstract: A personal information storage system includes a securely configured portable media storage device that communicates with a computer to receive selected personal information. In one embodiment, the portable media storage device takes the form of a universal serial bus connector having a proprietary identifier embedded into the readable memory of the device. A program on the computer restricts the personal information residing on the computer's memory from being accessed by any other storage or processing device except for the secure portable media storage device. Moreover, the portable media storage device may include one or more inaccessible memory portions to prevent the storage of irrelevant material onto the device.

Abstract: The present invention relates to an apparatus and a method for unlocking screen in a portable terminal. The method for unlocking operation includes: detecting at least two touch event inputs in sequence on the touch screen during a locking screen mode; converting the at least two touch event inputs in sequence to authentication information; determining whether the converted authentication information is identical to a preset unlocking authentication information; and unlocking the screen when the converted authentication information is identical to the preset unlocking authentication information.

Abstract: A facility is described for analyzing access control configurations. In various embodiments, the facility comprises an operating system having resources and identifications of principals, the principals having access control privileges relating to the resources, the access control privileges described by access control metadata; an access control scanner component that receives the access control metadata, determines relationships between principals and resources, and emits access control relations information; and an access control inference engine that receives the emitted access control relations information and an access control policy model, analyzes the received information and model, and emits a vulnerability report.

Abstract: A method, system, and computer program product containing instructions to provide hardware-based human presence detection. Rather than rely upon software to display a CAPTCHA image, hardware in the form of a sprite engine of a graphics device is used to write a random text string directly to the display device, overlaying the user interface provided by software. Because the sprite engine is isolated from a host operating system for the system, the random text string cannot be captured and processed by software robots running under the host operating system.

Abstract: A security payload is attached to a received binary executable file. The security payload is adapted to intercept application programming interface (API) calls to system resources from the binary executable file via export address redirection back to the security payload. Upon execution of the binary executable file, the security payload replaces system library export addresses within a process address space for the binary executable file with security monitoring stub addresses to the security payload. Upon the binary executable computer file issuing a call to a given API, the process address space directs the call to the given API back to the security payload via one of the security monitoring stub addresses that is associated with the given API. The security payload then can assess whether the call to the given API is a security breach.

Abstract: An authentication apparatus includes: a database section that stores a password; an entry section through which a password is entered; a storage section that stores an entered password which is entered through the entry section; an authentication section that authenticates whether the password and the entered password match with each other; and a determining section that determines whether or not a re-entered password is to be subjected to an authentication processing performed by the authentication section when the re-entered password is entered through the entry section after the authentication section determines that the password and the entered password do not match with each other.

Abstract: A method of intrusion detection in a terminal device that supports driving of a plurality of operating systems, is provided. The method includes collecting at a first operating system of the plurality of operating systems intrusion detection data for analyzing whether there is an intrusion in at least a second operating system of the plurality of operating systems; and performing at the first operating system an intrusion detection with respect to the at least a second operating system using the collected intrusion detection data.

Abstract: A system for and method of automatically enforcing a configuration change process for change requests of one or more configurable element within one or more configurable computation systems. The system comprises means for managing a configuration change process for one or more configurable elements within a corresponding configurable computation system, means for generation a configuration request, means for applying a set of authorization rules to the configuration change requests to generate selective authorization of the CEs, and means for selectively locking and unlocking changes to configurable elements within the configurable computational systems.

Abstract: Aspects of the disclosure provide a system that includes a protected module, an input module and a gesture engine. The protected module is configured to be accessible based on a specific gesture of a user predetermined to have a right to access the protected module. The input module is configured to receive an input gesture from a requester to access the protected module. The gesture engine is configured to be trained to process the input gesture in order to grant/deny an access to the protected module by the requester.

Abstract: A method and apparatus for managing passwords for accessing data in a storage is provided. The method comprises generating and storing a password, generating and providing to the storage a request to access data in response to receiving a first request to access data in the storage, retrieving and providing the password to the storage in response to the request for a password. The apparatus comprises an initialization module and a storage access module. The initialization module is configured to generate and store a password. The storage access module is configured to generate and provide a request to access data in response to receiving a first request to access data in the storage, receive a request for a password, retrieve the password in response to the request for a password, and provide the password to the storage to obtain access to the data in the storage.

Abstract: A document process system, which includes: an authentication section that authenticates an operator of an operation target document; an extraction section that extracts specific information for setting operation restriction information of the document; a setting section that sets the operation restriction information of the document based on authentication information of the operator authenticated by the authentication section and the specific information extracted by the extraction section; and a generation section that generates a protected document to which the operation restriction information is set by the setting section based on the operation target document.

Abstract: A system for mobile device poll creation and conductance disclosed. A poll is created using poll creation software on a mobile device, personal computer or a web-based application. A polling server then validates the poll and publishes the poll to one or more mobile devices. The users of the one or mobile devices may then respond to the poll via their mobile device, a personal computer, or a web-based application. The results are sent to the polling server and are processed. The results of the poll are then published to the poll creator and the poll participants.

Abstract: Embodiments of the present invention may enable a user of an electronic device to setup a game-based environment within the electronic device that can be used as an authentication platform to prevent access by illegitimate or unauthorized users. The communication device may include a display screen, a processor, and a memory coupled to the processor. The memory may include a database and an instruction set. The database may store pre-defined access patterns that can be used in the authentication process. Further, the instruction set may include instructions executable by the processor to monitor inputs made by a new user in the game based environment. Furthermore, the instructions executable by the processor may match the inputs of the new user with the pre-defined access patterns to check the authentication of a new user.

Abstract: Provided is an information processing apparatus including an application interface and a device interface, generated on the basis of each application, which are associated with each other. The information processing apparatus includes an access right table for storing whether the each application has an access right to a device connected to the information processing apparatus, and an access control unit that controls access between the application interface and the device interface with reference to the access right table.

Abstract: The present disclosure relates to computer-implemented methods and systems for intelligent task management. An example method may include identifying one or more authorized entities. The method may further include broadcasting at least one task associated with a user to one or more devices associated with the one or more authorized entities. The method may further include receiving from the one or more authorized entities, via the one or more devices, an indication of acceptance of the at least one task. The method may further include selecting at least one trusted entity among the one or more authorized entities. The method may further include issuing at least one digital certificate to the at least one trusted entity to perform the at least one task.

Abstract: A mobile terminal and a method for securing information are provided. The mobile terminal includes an application part to receive information related to an application; a determining unit to receive a command issued by the application and to determine whether the command or the application is authorized to access a system resource of the mobile terminal; and a blocking unit to block an execution of the command in response to a determination that the execution of the command is unauthorized or issued by the unauthorized application. The method includes receiving information related to an application; receiving a request for executing a command issued by the application; determining whether the requested command or the application is authorized to access a system resource of a mobile terminal; and blocking execution of the command in response to a determination that the execution of the command is unauthorized or issued by an unauthorized application.

Abstract: A system implements dishonest policies for managing unauthorized access requests. The system includes memory management hardware to store a set of dishonest policy bits, each dishonest policy bit that is configured to a predetermined value indicating disallowed access for one of a set of memory ranges. When a processor receives an access request for a location in a memory range to which access is not allowed as indicated by a set dishonest policy bit, the processor returns a false indication according to a dishonest policy that the requested access has been performed.

Abstract: A lock code recovery system for selectively sending a lock code to a proximate personal electronic device is provided. A recognizable code is associated with the proximate personal electronic device. The lock code recovery system includes a user input device for receiving feedback and a control module. The control module is in communication with the user input device, and has a memory with an application and at least one recognizable code stored thereon. The application has the lock code associated with the application for at least activating or deactivating the application. The control module includes control logic for monitoring the user input device for feedback indicating the lock code associated with the application should be sent to the proximate personal device.

Abstract: The certificate with specified conditions under which copyrighted material can be played. Copyrighted material, such as videos are stored in a storage unit. They are stored along with a policy that indicates when the information can be played. The information can, for example be encrypted one stored, and the decryption key is available only when characteristics of the policy are met. When those characteristics are not met, the information can not be retrieved at all or only can be retrieved in some very limited format.

Abstract: An information processing device verifies the authorization of an application that has issued an access request to access a device. When an application on a universal OS issues a processing request to a secure device driver, a secure VMM and an application identification unit on a management dedicated OS lock a page table of the application and refer to the page table to generate a hash value. The application is determined to be authorized or unauthorized by comparing the generated hash value with a reference hash value.

Abstract: A peripheral device includes an interface for connection to a wired or wireless LAN, a local interface for wireless connection, and a control unit configured to check a legitimacy of a user based on a user-specific certificate stored in a communication-function-equipped device upon being accessed through the local interface by the communication-function-equipped device using near-field wireless communication, and to allow a predetermined process to be performed upon successful authentication of the legitimacy.

Abstract: A method for managing offline authentication. The method may include 1) identifying an attempt, by a user, to access a client device, wherein accessing the client device requires the user to be authenticated, 2) determining whether the client device is offline, 3) in response to determining that the client device is offline, authenticating the user using offline authentication, wherein offline authentication does not require an active network connection with a remote authentication service, 4) upon successful authentication of the user using offline authentication, allowing the user to access the client device, 5) monitoring the network-connection state of the client device, 6) detecting that the client device is online, and then 7) in response to detecting that the client device is online, locking the client device in order to require the user to reauthenticate using online authentication, wherein online authentication requires the active network connection with the remote authentication service.

Abstract: A method of preventing a customer programmable device from causing security threats to itself or to a communication system is provided. The method includes establishing one or more thresholds by programming or configuring of the device, detecting whether one or more of the thresholds have been exceeded using one or more detection mechanisms, and taking action in response to each threshold that has been exceeded.

Abstract: An information handling system includes a device, a controller, and a license manager subsystem. The controller is configured to determine whether the device has a license assigned and to communicate with the device pursuant to a uniform protocol. The communications include issuing a command to the device to provide an identification and a command to the device to activate itself.

Abstract: A method and apparatus is provided that allows code signed by a master key to grant trust to an arbitrary second key, and also allows code, referred to as an antidote and also signed by the master key to revoke permanently the trust given to the second key.

Abstract: A security application is described for determining conditions within a computer application that would create the desire to allow or disallow access to certain system functions or features by the application. The security application analyzes the conditions and sets a lock that enables the application to perform only certain types of actions that would be considered secure by the security application.

Abstract: A boot method an apparatus are described which reduce the likelihood of a security breach in a mobile device, preferably in a situation where a reset has been initiated. A predetermined security value, or password, is stored, for example in BootROM. A value of a security location within FLASH memory is read and the two values are compared. Polling of the serial port is selectively performed, depending on the result of such comparison. In a presently preferred embodiment, if the value in the security location matches the predetermined security value, then polling of the serial port is not performed. This reduces potential security breaches caused in conventional arrangements where code may be downloaded from the serial port and executed, which allows anyone to access and upload programs and data in the FLASH memory, including confidential and proprietary information.

Abstract: A system and method for authenticating a user in a secure computer system. A client computer transmits a request for a sign-on page, the secure computer system responds by transmitting a prompt for a first user identifier, and the client computer transmits a request including a first identifier, a second identifier stored in an object stored at the client computer and a plurality of request header attributes. A server module authenticates the first and second user identifiers, and compares the transmitted plurality of request header attributes with request header attributes stored at the computer system and associated with the first and second user identifiers. If the first and second user identifiers are authenticated, and if a predetermined number of transmitted request header attributes match stored request header attributes, the server software module transmits a success message, and the user is allowed to access the secure computer system.

Abstract: A computer-implemented method for detecting a process to establish a backdoor connection with the computer is described. An application programming interface (API) is hooked. Calls to the hooked API are monitored. A call directed to the hooked API is intercepted. The call instructs the API to initiate a user interface. Structures included in the intercepted call are analyzed. The intercepted call is prevented from arriving at the hooked API if the structures are directed to a socket on the computer.

Abstract: A system for managing adaptive security zones in complex business operations, comprising a rules engine adapted to receive events from a plurality of event sources and a security manager coupled to the rules engine via a data network, wherein upon receiving an event, the rules engine determines what rules, if any, are triggered by the event and, upon triggering a rule, the rules engine determines if the rule pertains to security and, if so, sends a notification message to the security manager informing it of the triggered event, and wherein the security manager, on receiving a notification message from the rules engine, automatically establishes a new security zone based at least in part on the contents of the notification message, is disclosed.

Abstract: An authentication method in a system having a display and a storage device is provided. The authentication method includes the steps of registering an object selected for each user from among a plurality of visually distinguishable objects prepared in advance as a key object in the storage device; and presenting the plurality of objects to the display, accepting selection of an object by a user to be authenticated, and performing authentication based on matching/mismatching of the selected object with the key object registered in association with the user. The step of registering includes a step of determining a degree of freedom of selection of the object at the time of registration of the key object according to a degree of overlapping of the key object already registered in the storage device.

Abstract: In general, techniques are described for modifying control plane messages for subscriber sessions with a network device to add and/or modify discrete information elements and thereby conform the messages to different versions of mobile network specifications, including roaming protocols, executed by different mobile networks or by heterogeneous infrastructure elements within a mobile network. In some examples, an input network interface of a network device receives a roaming protocol message on an interface connecting a first support node of a first mobile network and a second support node of a second mobile network. A roaming protocol module of the network device modifies the roaming protocol message by adding or modifying a discrete information element to conform the roaming protocol message to a roaming protocol of the second mobile network. An output network interface of the network device sends the modified roaming protocol message to the second support node.

Abstract: Various systems and methods for financial analysis are provided. A system is provided comprising a first node comprising a public facing data store in communication with a private facing data store, wherein the first node further comprises a cooperative lookup module configured to locate a second node, a secure data connection between the first node and the second node, and wherein the first node is configured to request processed internal data from the second node.