Abstract

A method 20 for managing a first application program comprises: - executing, by a first processor, a first control flow, the first control flow graph including at least two separated branches 260, 280, each of the at least two separated branches including at least one node 26; - executing, by a second processor, in synchronization with the first control flow execution, a second application; - determining, by the second processor, when executing the at least one second application, at least one transition decision between at least two first nodes of the at least two separated branches, the at least one transition decision being conditional (226 or 228) to continue from an execution of the current node to an execution of a first node of one branch of the at least two separated branches or a first node of another branch of the at least two separated branches; - controlling,by the second processor,when executing the at least one second application,based on the determined at least one transition decision, the first node of the branch to be executed by the first processor.

IPC Classes  ?

• G06F 21/52 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure

Abstract

A method for securing a digital document comprising first and second types of data, where a set of data of the second type is previously identified in an initial version of the document. For each data of the second type, an identifier is allocated to the data and an entry comprising the data is stored in a secure storage unit. The identifier comprises a display value and a link value. The data is reachable in the secure storage unit through the link value. The secure storage unit is configured to use access rules for authorizing or denying a request initiated by a user for accessing data of the second type contained in an entry of the secure storage unit. An updated version of the digital document is generated by replacing each data of the second type by its allocated identifier in the initial version of the digital document.

IPC Classes  ?

• G06F 17/24 - Editing, e.g. insert/delete
• G06F 17/22 - Manipulating or registering by use of codes, e.g. in sequence of text characters

Abstract

The invention is a method for securing a digital document. An initial version of the digital document contains a set of data. The method comprises:- generating a link value by applying a preset function to a subset of the set of data,- allocating the link value to a target data belonging to the set of data and storing an entry comprising the target data in a secure storage unit, the target data being reachable in the secure storage unit through the link value, the secure storage unit being configured to use access rules for authorizing or denying a request initiated by a user and aiming at accessing the target data comprised in said entry,- generating an updated version of the digital document by removing the target data from the initial version of the digital document.

IPC Classes  ?

• G06F 17/24 - Editing, e.g. insert/delete
• G06F 17/22 - Manipulating or registering by use of codes, e.g. in sequence of text characters

Abstract

The invention is a method for securely accessing a document in paper form containing a set of data by a user. The method comprises the following steps: (a) from a current version of the document, detecting the existence of a target data belonging to an enhanced version of the document and missing from the current version of the document, (b) generating a link value allocated to the target data by applying a preset function to a subset of said set of data, (c) retrieving a metadata from a secure storage unit by using the link value and, using a message based on said metadata, proposing to the user to get the target data, (d) getting both agreement of the user and credentials of the user, (e) generating a request by using the link value and said credentials for retrieving the target data from the secure storage unit only if the user gave his agreement, (f) providing the user with the target data only if the secure storage unit successfully checked the compliance of the request with preset access rules.

IPC Classes  ?

• G06F 17/24 - Editing, e.g. insert/delete
• G06F 17/22 - Manipulating or registering by use of codes, e.g. in sequence of text characters

Abstract

The invention is a method that comprises parsing first and second digital documents and identifying a first component into said first digital document and a second component into said second digital document, determining a first attribute based on a context of the first digital document, determining a second attribute based on a context of the second digital document, allocating the first attribute to the first component and the second attribute to the second component, and storing in a storage unit a first entry comprising a value of the first component and the first attribute and a second entry comprising a value of the second component and the second attribute. The method comprises conducting a correlation search between said first and second components using said first and second attributes, if the correlation has been found, generating a data reflecting the correlation.

IPC Classes  ?

• G06F 17/24 - Editing, e.g. insert/delete

Abstract

The invention relates to a method, an entity and a system for managing access to data. The data is associated with metadata. At least one predetermined access policy for accessing metadata includes, for each client, at least one identifier relating to the client. An entity (14) receives from at least one client device (12), a data access request (22) that includes at least one identifier relating to the client. The entity determines 218, based on the associated access policy, whether the metadata access is authorized. If yes, the entity determines (220), based on the associated access policy, associated first data allowing to access the metadata. The entity accesses (222), based on the first data, the associated metadata. The entity accesses (226), based on the accessed metadata and the associated access policy, at least a part of the associated data, as a late dynamic binding of the metadata with the associated data (or a part of it).

IPC Classes  ?

• G06F 21/31 - User authentication
• G06F 21/60 - Protecting data
• G06F 21/62 - Protecting access to data via a platform, e.g. using keys or access control rules
• H04L 9/08 - Key distribution
• H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
• H04L 29/06 - Communication control; Communication processing characterised by a protocol

Abstract

The invention relates to a method (20) for managing data access. The method comprises: - receiving (22) at least one request for accessing data; - capturing (26) data relating to at least one current context signal during each data access request; - comparing (210), as a current authorization step, the data relating to at least one captured current context signal to predetermined reference data relating to at least one corresponding context signal according to at least one corresponding predetermined authorization policy; - determining (212) and (214), based upon the current authorization result and at least one predetermined dynamic data access policy, whether the data access is or is not authorized, as a data access decision; and - issuing the data access decision (216). The invention also relates to corresponding first device (14), second device (16) and system (10).

IPC Classes  ?

• G06F 21/31 - User authentication
• G06F 21/44 - Program or device authentication
• G06F 21/60 - Protecting data
• G06F 21/62 - Protecting access to data via a platform, e.g. using keys or access control rules
• H04L 29/06 - Communication control; Communication processing characterised by a protocol

Abstract

A secure processing facility has a plurality of workstations, with associated computers to provide data to, and/or receive data from, the workstations. The computers are provided with a visual display unit, and display machine-readable data codes on the display. The computers are provided with a scanner to read the machine-readable data codes on the display of another of the computers. The computers have no other connection to receive or transmit machine readable data. A method of operating the facility includes processing a workpiece at a first workstation. A display of the computer of the first workstation displays a data code containing data related to the processing of the workpiece. The scanner of the computer associated with a second workstation scans the data code. The workpiece is transferred from the first workstation to the second workstation. The workpiece is processed at the second workstation.

IPC Classes  ?

• G06F 11/00 - Error detectionError correctionMonitoring

Abstract

Software application protection methods and systems for protecting and verifying licensing of an original application. The system reads the original application executable, and generates a shelled application comprising the original application and a shell containing the license information. The shelled application implements license APIs, and establishes secure communications within the shelled application between the original application and the shell. Licensing for the original application can be verified by the shelled application alone.

IPC Classes  ?

• G06F 21/12 - Protecting executable software

Abstract

A technique for secure file encryption first choose a file encryption key randomly among a set of file encryption keys and encrypts a file using the chosen file encryption key based on a set of encryption rules. The file encryption key can then be encrypted via a directory master secret (DMS) key for an extra layer of security so that an intruder cannot decrypt the encrypted file even if the intruder gains access to the DMS-encrypted file encryption key. Finally, the DMS-encrypted file encryption key can be stored in a metadata associated with the file.

IPC Classes  ?

• G06F 7/04 - Identity comparison, i.e. for like or unlike values

Abstract

A technique for protecting secrets may involve enclosing master secret keys in an encapsulation module functioning like an envelope on a host that may run an untrusted operating system. The encapsulation module itself can be obfuscated and protected with various software security techniques, such as anti-debugging techniques, which make reverse-engineering more difficult. Session or file keys could then be derived from the master key stored in the encapsulation module on the host, wherein each of the keys protects a session or a file on the host. Additionally, a code can be provided to prevent the master secret and the keys from being swapped to a non-volatile storage device of the host.

IPC Classes  ?

• G06F 7/04 - Identity comparison, i.e. for like or unlike values

Abstract

A technique for encrypting a file without changing file size may involve encrypting a first set of a plurality of blocks of a file in a first encryption mode using the first set of encryption keys and/or the first set of configuration rules, and a second set of the plurality of blocks of the file in a second encryption mode using a second set of the encryption keys and/or a second set of the configuration rules without causing the file to increase in size before and after the encryption. Here, the first and the second encryption modes are chosen to be different, so are the first and the second sets of the encryption keys and/or the configuration rules to reduce security risk of the file being encrypted.

IPC Classes  ?

• H04L 9/00 - Arrangements for secret or secure communicationsNetwork security protocols

Abstract

A system and method for binding a protected application to a shell module. The shell module is appended to the application. The shell module executes prior to the execution of the application, and first creates a resource. After the shell module finishes execution, the application tries to access the created resource. If the access is successful, the application is allowed to proceed. Otherwise, the application terminates. The inability of the application to access the resource is an indication that the shell module never actually created the resource. This suggests that the shell module never executed; the shell module may have been either removed or functionally disconnected from the application. This further implies that the security functionality of the shell module has not executed. The application is therefore not permitted to execute, since the shell's security checks have probably not been performed.

IPC Classes  ?

• H04L 9/00 - Arrangements for secret or secure communicationsNetwork security protocols

Goods & Services

products that provide secure communication on global computer communication protocol based networks, namely,[ modems, computer firewall software and hardware, ] software, encryption devices, authenticating devices, and local area computer network hardware, software and peripherals