Abstract: An apparatus and a method for protection of data stored in a data storage unit that comprises a plurality of storage areas. A data interface connects to a computer system and transfer of a data signal from the computer system to the apparatus requests access to the data storage unit. A main control unit is configured to receive the data signal and is connected to the data storage unit. A user control unit is connected to the main control unit and is arranged to be set in different modes and generates a mode selection signal indicating the selected mode. The main control unit is configured to receive the mode selection signal, and depending on the selected mode, control connection of the apparatus to a plurality of networks, and direct the request to a storage area of the plurality of storage areas of the data storage unit.

Abstract: Systems and methods for passporting credentials provide a mechanism by which a native app on a client device can invoke a service provider's core web site web addresses (URL) while keeping the existing session active and shared between the two experiences (native app and web flow) so that the end user does not need to re-login at each context switch. The mechanism can include a unique way for the web flow context to communicate conditions and pass control back to the native app context of the shared session.

Abstract: A secure lock procedure for mobile devices is disclosed. The secure lock process generally includes detecting a device access attempt at a telecommunication device during a security-enabled boot sequence. The device access attempt may include a cryptographic key, which when detected, initiates a cryptographic authentication operation. The cryptographic authentication operation results in access to one or more resource of the telecommunication device being enabled, when the cryptographic key is determined to be valid, or denied, when the cryptographic key is determined to be invalid. The device access attempt may be associated with a root-level device access attempt or software flash attempt, and the secure lock procedure can be implemented in conjunction with a boot loader stored within a memory of the telecommunication device.

Abstract: An image forming apparatus is connectable to an external storage device and includes an authentication data generating section and a writing section. Upon occurrence of a prescribed event, the authentication data generating section generates authentication data and transmits the generated authentication data to a server. Once the external storage device is connected, the writing section obtains first data relating the event according to whether or not the authentication data transmitted to the server is stored in the external storage device and writes the obtained first data into the external storage device.

Abstract: A secure computing environment that prevents malicious code from “illegitimately” interacting with programs and data residing on the computing platform. While the various embodiments restrict certain programs to operate in a virtualized environment, such operation is transparent to the user from the operational point of view. Moreover, any program operating in the virtualized environment is made to believe that it has full access to all of the computing resources. To prevent a user from unknowingly or inadvertently allowing the program to adversely affect the computer, the user is also presented with “feel” that the program is able to perform all operations in the computing environment.

Abstract: A method of accepting a remote access at a target machine from a source machine may include receiving a login request at the target machine from the source machine, wherein the login request includes a user identification for the target machine. Responsive to accepting the login request, a session may be provided between the source and target machines using the user identification for the target machine. In addition, a user identification for the source machine may be received, and the user identification for the source machine may be locked at the target machine so that the user identification for the source machine is associated with target machine actions relating to the session between the source and target machines. For example, the user identification for the source machine may be received as an environment variable.

Abstract: A wearable emergency cellular device for use in a medical emergency alert situation includes an application containing synoptic medical information and other user data, a call module for mobile communication with a call center and a display for selectively controlling information displayed on the cellular device. Only the call center is able to input the synoptic medical and selected other information to the device. The cellular device is usable for emergency situations other than medical, such as for personal security at home or for mobile use. Various access methods are described using panel displays for medical or other emergency personnel to access the stored cellular device information. Initiation of user communication with the call center can be activated manually or by the user's voice. Also described are an electronic emergency call system and methods for handling an emergency alert using the emergency cellular device.

Abstract: A shared data managing device is provided which manages shared data by setting an access right on a first user account basis. The first user account has a first identifier and first user information on a first user receiving a first service. The device includes an obtaining portion for obtaining, from a service providing system for a second service, a second identifier of a second user account used for the second service and second user information on a second user; a pairing portion for making a pair of the first identifier and the second identifier of the first user account and the second user account that are common in the first user information and the second user information; and a transmission portion for sending, to the service providing system, the shared data, the pair made, and the access right on a first user account basis.

Abstract: An improved system and method for controlling access of components to industrial automation system resources by reference to the various operational states of the industrial automation system. A central access control system includes a processing circuitry, interface circuitry configured to receive information pertaining to the operational state of an automation system, memory circuitry, and a display and user interface. In operation, access to automation components are either allowed or denied based on the designation of an operational state of an automation system.

Abstract: A wearable emergency cellular device for use in a medical emergency alert situation includes an application containing synoptic medical information and other user data, a call module for mobile communication with a call center and a display for selectively controlling information displayed on the cellular device. Only the call center is able to input the synoptic medical and selected other information to the device. The cellular device is usable for emergency situations other than medical, such as for personal security at home or for mobile use. Various access methods are described using panel displays for medical or other emergency personnel to access the stored cellular device information. Initiation of user communication with the call center can be activated manually or by the user's voice. Also described are an electronic emergency call system and methods for handling an emergency alert using the emergency cellular device.

Abstract: A method of executing a trusted application on a trusted security zone enabled electronic device. The method comprises responsive to a trusted security subzone not being provisioned on the electronic device, generating, by a server, a temporary trust token, transmitting the temporary trust token to the electronic device, and comparing the temporary trust token with a plurality of trust tokens stored in the electronic device to determine the trustworthiness of the temporary trust token.

Abstract: An analytics module may be embedded into an application developed, published, or used by an entity in addition to the owner of the data under analysis. An access token may be submitted by the analytics module to a provider of hosted services. The access token may correspond to an n-dimensional cube containing data at a level of granularity permitted to the application. The access token may incorporate additional policies controlling access to the corresponding n-dimensional cube.

Abstract: In accordance with some embodiments, data may be automatically provided on preordained conditions for specific types of data. Thus specific types of data or specific requestors may be treated differently. The system may be programmed to respond appropriately to requests for certain types of data from certain types of requestors. This offloads the need to review specific requests in many cases and enables an automated system for providing requested data as appropriate.

Abstract: An example processor-implemented method for placing a graphical element on a display surface in accordance with the present disclosure is receiving an image of at least part of a display surface, detecting in the received image a token placed by a user on the display surface to specify an area on the display surface, and placing the graphical element within the area specified by the placement of the token.

Abstract: The presently disclosed invention provides for the security of a computing device in the context of a test taking environment. By securing a computing device, an individual (or group of individuals) may more effectively proctor a large examination without worrying about a test taker illicitly accessing information on their computer or via a remote source of data. Securing a computing device includes locking out or preventing access to any application not deemed necessary or appropriate by the test administrator.

Abstract: In an information processing apparatus, if the number of specific items of a plurality of setting items included in pre-registration information selected by a selection portion is equal to or less than a threshold, a change portion changes a setting content of the specific item to a content within a range of use authority. A setting screen display portion displays a setting screen for setting the specific item whose setting content has been changed by the change portion. A second display control portion displays an authentication screen if the setting content of the specific item is set on the setting screen so as to be outside the range of the use authority.

Abstract: Approaches for securing resources of a virtual machine. An application executes on a host operating system. A user instructs the application to display a file. In response, a host module executing on the host operating system instructs a guest module, executing within a virtual machine, to render the file within the virtual machine. The application displays the file using screen data which was created within the virtual machine and defines a rendered representation of the file. The user is prevented from accessing any resource of the virtual machine unrelated to the file. The virtual machine may consult policy data to determine how to perform certain user-initiated actions within the virtual machine. Examples of the file include image, a document, an email, and a web page.

Abstract: A printing control terminal apparatus, an image forming apparatus, and a method of controlling the same. The printing control terminal apparatus includes a communication interface to receive job log data from the image forming apparatus, a storage device to store the received job log data, and a controller to extract job accumulation amounts and job quantities, which belong to the same job type, from the job log data in a time order, and to determine whether the job log data has been lost based on the extracted job accumulation amounts and job quantities.

Abstract: A system, method and computer program product for providing access to private digital content are disclosed. The private digital content is owned by an owner and installed on a content server and access is provided to a first client which is capable of rendering said digital content. Predetermined information required for gaining authorized access to said content server by said first client is generated by a second client. The predetermined information is transferred from said second client to said first client then used by said first client to get access to said private digital content.

Abstract: A method for access control of an application feature to resources on a mobile computing device. An application is prepared for installation on the mobile computing device via a processor. An application permission associated with the application is identified. The application permission relates to access of resources of the mobile computing device. Restrictions associated with the application permission are determined. A set of mandatory access control rules are defined for the application permission based on the restrictions. The set of mandatory access control rules and the application permission are combined in a loadable mandatory access control policy module. The loadable mandatory access control policy module is stored in a memory of the mobile computing device, the loadable mandatory access control policy module capable of being enforced by an operating system of the mobile computing device.

Abstract: In one embodiment, a method comprises providing an apparatus having exclusive access to each of one or more central processing units (CPUs) of a computing system and exclusive access to host resources of the computing system; and controlling, by the apparatus, execution of a virtual machine in the computing system based on the apparatus controlling access to any one of the CPUs or any one of the host resources according to prescribed policies for the virtual machine, the prescribed policies maintained exclusively by the apparatus.

Abstract: A web browser that includes a network policy enforcement unit, a storage policy enforcement unit, and an ancillary policy enforcement unit is disclosed. The network policy enforcement unit controls communications between application logic of a web application and data communication APIs. The storage policy enforcement unit controls access between the web application logic and persistent storage APIs. The ancillary policy enforcement unit controls user authentication of the web application logic.

Abstract: Various embodiments described herein relate to apparatus for executing software in a secure computing environment. A secure processor can be used and configured to request a context swap from a first context to a second context when switching execution from a first portion of software to a second portion of software. A context manager, which can be in communication with the secure processor, can be configured to receive and initiate a requested context swap. A trust vector verifier, which can be in communication with the secure processor and the context manager, can be configured to load a trust vector descriptor upon command from a context manager.

Abstract: The variable domain data access control system and method described herein use the same variable domain to describe a data security model and a variable domain data model, such as a product configuration model. A variable domain is a set of resource data that can be described using a logical relationship data structure. The variable domain utilizes logical relationship expressions, such as a Boolean logic language, to define resource data in terms of parts, rules and/or attributes, and any other property that can be accessed for viewing, manipulation, or other purposes. The data security model represents an access control list (ACL) that includes security attributes as resource data and uses the same data structure and logical relationship expressions as an associated variable domain data model. An application, such as a configuration engine, can be used to create controlled access to the variable domain data model using the data security model.

Abstract: A method and system of providing conditional access to encrypted content includes receiving unsolicited multiply encrypted video content and first decryption data over a broadcast network. Partially decrypted video content is obtained by decrypting a first layer of encryption of the encrypted video content using the first decryption data. The partially decrypted video content is stored. A request for viewing the encrypted video content is transmitted and second decryption data is received. A second layer of encryption of the encrypted video content is decrypted using the second decryption data.

Abstract: An access rights management system is presented in which a mobile device may be allowed to access corporately held data in a flexible manner but in which the security and integrity of the data is maintained. The mobile device is provided with a rights adjustment module which modifies the access rights for locally stored corporate data in dependence on the connectivity of the mobile device with a corporate server.

Abstract: Real-time access by a requestor to surveillance video is conditionally pre-authorized dependent on the existence of at least one pre-specified automatically detectable condition, and recorded in a data processing system. A requestor subsequently requests real-time access to the surveillance video (e.g., as a result of an alarm), and if the pre-specified automatically detectable condition is met, access is automatically granted, i.e., without the need for manual intervention. An automatically detectable condition could, e.g., be an alarm condition detected by a sensor at the site of the video surveillance. Alternatively, it could be a locational proximity of the requestor to the site of the video surveillance. Alternatively, it could be a previously defined time interval.

Abstract: Systems and methods for the sharing of information between organizations are disclosed. Policies that govern the permissions for the sharing of information are represented as Boolean functions such as Binary Decision Diagrams.

Abstract: Embodiments of the subject invention relate to systems and methods for presenting and managing user information. Specific embodiments allow creating, editing, presenting, and storing user information. In a more specific embodiment, the systems and methods can be used to provide a digital safe deposit box (DSDB) that allows users to save, maintain, update, and/or share information about themselves and/or their organization. Specific embodiments provide a personal financial solution that is designed for customers interacting with professional institutions, such as accounting firms, banks, and insurance agencies, and/or interacting with family members and people that may need to access certain documents. Embodiments of the invention provide individuals, based on permission granted/allocated to them, access to specific information, while providing safety from fraud.

Abstract: In an information processing apparatus and a method of controlling the same, settings for prohibiting an access to a removable medium is performed, and even if the setting is set, the access to the removable medium is permitted in a case where the information processing apparatus is activated in the maintenance mode.

Abstract: According to an embodiment, there is provided is an information processing apparatus including: a storage unit that stores therein information, which is set for a screen to be displayed on an information display unit, as to whether or not to permit an external input device to enter data to the information processing apparatus, and information as to whether or not to permit data entered from an external input device; an external-input-unit control unit that controls data entry to the screen from an external input device by utilizing information about a type of the external input unit and the information as to whether or not to permit the external input unit to enter data; and an input-key control unit that controls the data entry permitted by the external-input-unit control unit by consulting the information as to whether or not to permit data entered from the external input unit.

Abstract: An electronic device includes: display controller; user presence determination module; user authentication module; and controller. The user presence determination module determines presence of a user based on image data received from the camera while dominating access to a camera. The user authentication module dominates access to the camera, if the display is put in a screen lock state and to perform a user authentication based on the image data. The controller turns off the display if the user present determination module determines that the user is absent and while the display has not been put in the screen lock state, and to cause the user presence determination module to release the access to the camera and to put the display in the screen lock state before turning on the display if it is determined after the display is turned off that the user is present.

Abstract: A method and computer program product for managing and controlling direct access of an administrator to a computer system. At least one computer program on the computer system receives from the administrator a request for the direct access to the managed computer system directly from the system console and requests a service management system to search open tickets. In response to that the open tickets are found, the at least one computer program requests the administrator to choose at least one ticket from the open tickets and grants the administrator the direct access to the computer system in response to determining that the at least one ticket is valid.

Abstract: An image forming includes a predetermined-act acquisition unit, an output control unit, and an image forming unit. The predetermined-act acquisition unit is configured to obtain a predetermined act by a user. The output control unit is configured to: output a page of print data where a security has not been set up among pages of the print data where the security has been set up in page units, and permit output of a page of the print data where the security has been set up if the predetermined act has been obtained by the predetermined act acquisition unit within a predetermined standby time. The image forming unit is configured to print a page for which the output has been permitted by the output control unit.

Abstract: Employment role data, trust data, and special permissions data, associated with a party is automatically obtained and/or monitored. The employment role data associated with the party, the trust data associated with the party, and the special permissions data associated with the party, is then analyzed to determine a set of allowed access permissions data to be associated with the party, the set of allowed access permissions data providing the party access to one or more resources. It is then either recommended that the set of allowed access permissions data be provided to the party, or the set of allowed access permissions data is automatically provided to the party.

Abstract: The disclosure relates to an electric tool, particularly a hand-held power tool, comprising a control unit which has control software with control parameters, and is provided for the purpose of controlling a drive unit. According to the disclosure, said electric tool comprises an interface unit that is provided to fundamentally update and/or modify the control software and/or the control parameters.

Abstract: An avatar in a virtual world is provided with credentials for access to various parts of the virtual world by embedding information derived from avatar identification and authorized credential information in the form of a graphic image associated with the avatar. The embedded information is preferably encrypted.

Abstract: The invention is directed to systems and methods for detecting the loss, theft or unauthorized use of a device and/or altering the functionality of the device in response. In one embodiment, a device monitors its use, its local environment, and/or its operating context to determine that the device is no longer within the control of an authorized user. The device may receive communications or generate an internal signal altering its functionality, such as instructing the device to enter a restricted use mode, a surveillance mode, to provide instructions to return the device and/or to prevent unauthorized use or unauthorized access to data. Additional embodiments also address methods and systems for gathering forensic data regarding an unauthorized user to assist in locating the unauthorized user and/or the device.

Abstract: In order that even a wireless terminal whose an unique ID is not registered in the filter list can use simply the access point without a prior setting task by user, a communication device includes access point means, filtering disabling means, unique ID registration means and filtering enabling means. The access point means connects a wireless terminal with at least one of a lower network and an upper network. The filtering disabling means disables a filtering which prevents connecting with an unregistered wireless terminal whose an unique ID is not registered in a filter list. The unique ID registration means acquires the unique ID of the wireless terminal and registers the acquired unique ID in the filter list, upon a state where the filtering is disabling, if a connection request is received from the wireless terminal. The filtering enabling means enables the filtering after the unique ID of the wireless terminal is registered in the filter list.

Abstract: A method of providing security for network access radio systems and associated access radio security systems used with the systems. The method includes connecting an access radio having a radio link to a network; communicating between the access radio and a computer over the network using a ping application having ping commands and unique encrypted codes; and enabling operation of the access radio when the access radio is receiving ping commands. Typically, the access radio and the computer are nodes on the network and the network is a local area network (LAN). The ping application sends packets of information from the computer to the access radio and receives a response from the access radio. The ping application must be functioning (i.e., sending and receiving commands between the computer and the access radio) to enable the access radio to communicate via the radio link with a remote network.

Abstract: System and method of authenticating a terminal. An authentication system which provides an authentication value specified by a tilt angle of a terminal, includes a terminal which measures the tilt angle, and a short-range communication reader which receives the tilt angle and terminal identification data from the terminal by using short-range communication and which generates the authentication value based on the tilt angle. The short-range communication reader authenticates the terminal based on the authentication value.

Abstract: A computing system includes a first security central processing unit (SCPU) of a system-on-a-chip (SOC), the first SCPU configured to execute functions of a first security level. The computing system also includes a second SCPU of the SOC coupled with the first SCPU and coupled with a host processor, the second SCPU configured to execute functions of a second security level less secure than the first security level, and the second SCPU executing functions not executed by the first SCPU.

Abstract: There is provided an authentication control system including an acquisition unit configured to acquire information detected by a sensor, an evaluation unit configured to evaluate suitability for use of each of one or more sensors in environmental conditions indicated by the information, and an authentication mode selection unit configured to select an authentication mode from among a plurality of authentication modes based on an evaluation result obtained by the evaluation unit, each of the authentication modes using any one of the one or more sensors.

Abstract: An apparatus and method are disclosed for determining authentication frequency (i.e., the length of time between authenticating and re-authenticating a user) and challenge type (e.g., username/password, fingerprint recognition, voice recognition, etc.) based on what software applications a user is running on a data-processing system, and how those applications are being used (e.g., what functions are used, what data is input to or output by the application, how often and for how long applications are used, what input devices and output devices are used, etc.) Advantageously, the illustrative embodiment enables authentication frequency and challenge type to be adjusted based on the likelihood of malicious activity and/or the potential cost of malicious activity, as inferred from current and past application usage. In addition, the illustrative embodiment enables selection of an authentication challenge type that is less intrusive to a user based on current application usage.

Abstract: An image processing apparatus performs specific processing on images read out of a document having pages as follows. Each of the pages is a member assigned to at least any one of groups. The apparatus determines a second security level of each group based on a first security level of each page of the corresponding group; before the specific processing on the N-th group, determines whether or not password entry is necessary based on the second security level of the N-th group and any of the second security levels of the first group through the (N?1)-th group; and performs the specific processing on the N-th group if it is determined that password entry is unnecessary for the N-th group, or, alternatively, if it is determined that password entry is necessary for the N-th group and if a password is appropriately entered.

Abstract: A multiple-access-level lock screen system allows different levels of functionality to be accessed on a computing device. For example, when a device is in a locked state, a user can select (e.g., by making one or more gestures on a touchscreen) a full-access lock screen pane and provide input that causes the device to be fully unlocked, or a user can select a partial-access lock screen pane and provide input that causes only certain resources (e.g., particular applications, attached devices, documents, etc.) to be accessible. Lock screen panes also can be selected (e.g., automatically) in response to events. For example, when a device is in a locked state, a messaging access lock screen pane can be selected automatically in response to an incoming message, and a user can provide input at the messaging access lock screen pane that causes only a messaging application to be accessible.

Abstract: The present invention provides methods and apparatuses that utilize a portable apparatus to securely operate a host electronic device. Typically, each portable apparatus includes a data storage unit which stores an operating system and other software. In one example, a portable apparatus can provide a virtual operating environment on top of a host's operating system for a host device. In another example, a portable apparatus containing its operating system can directly boot a host device with one or more hardware profiles. Furthermore, a device-dependent protection against software piracy, a user-dependent protection against sensitive data leaks, a controllable host operating environment to prevent unwanted information exposure, and a secure restoration procedure to prevent virus infection between the host device users may be incorporated. Moreover, an authorization signature may also be utilized to authorize a connected-state guest operation environment in the host device.

Abstract: The invention provides a computer-implemented method of analyzing symbols in a computer system, the symbols conforming to a specification for the symbols, in which the specification has been codified into a set of computer-readable rules; and, the symbols analyzed using the computer-readable rules to obtain patterns of the symbols by determining the path that is taken by the symbols through the rules that successfully terminates, and grouping the symbols according to said paths, the method comprising; upon receipt of a message at a computer, performing a lexical analysis of the message; and, in dependence on lexical analysis of the message assigning the message to one of the groups identified according to said paths. The invention also provides a computer programmed to perform the method and a computer program comprising program instructions for causing a computer to perform the method.

Abstract: Various embodiments of the invention provide for secure data communication in industrial process control architectures that employ a network of sensors and actuators. In various embodiments, data is secured by a secure serial transmission system that detects and authenticates IO-Link devices that are equipped with secure transceivers circuits, thereby, ensuring that non-trusted or non-qualified hardware is prevented from connecting to a network and potentially compromising system behavior.

Abstract: Embodiments of the present invention are directed to a method and system for virtual device communication filtering. The method includes receiving, within an electronic system, an instantiation request for a first virtual device and determining whether the first virtual device and a second virtual device are allowed to communicate based on an authorization record datastore. The method further includes modifying an authorization record of the authorization record datastore. The modifying comprises setting an indicator of a data filtering module to filter communication between the first virtual device and the second virtual device. A response can then be sent to the instantiation request.