摘要:
A maintenance/diagnosis data storage server includes: a data storing unit that obtains maintenance/diagnosis data pertaining to equipment that is connected to a first network, from the equipment via a first firewall, and stores the maintenance/diagnosis data; a request receiving unit that receives a data access request in which to request an access to the maintenance/diagnosis data, from a client provided for obtaining data and connected to a second network, via a second firewall; an authenticating unit that authenticates the data access request based on authentication information; and a data transmitting unit that transmits the maintenance/diagnosis data stored in the data storing unit to the client via the second firewall in a case where the authenticating unit authenticates the data access request is valid.
摘要:
A distributed access control technique assigns permission to a user without permission explosion, thereby facilitating the system administration of user access to a piece of content represented by a Web service. Permissions are granted to pieces of content through expressions rather than explicitly coupled between a piece of content and a user. Each expression defines an access scope for either a user or a piece of content. An expression defining the access scope for a user can be created and maintained independently of an expression defining the access scope to a piece of content, hence simplifying management information system implementation and administration.
摘要:
Systems and methods are described for declarative client input security screening. A configuration module in a web-based application (or project) that includes one or more web pages is designed to allow client input to be screened for the web pages by declaring particular screening attributes and actions therein. A global section in such a configuration module includes security screens that apply to input of all types, while other individual sections include security screens that apply only to input of particular type. The global section provides a way to consolidate screening that applies to all client input types, thereby precluding redundant screens having to be maintained in each individual section. Client input that survives the security screening is cached and used in normal page processing. By including the security screens in a declarative section, maintenance is made more efficient and reliable.
摘要:
A secure personal identification entry system provides an integrated approach to secure identification data entry. A controller resides in a secure PIN smart card keyboard that also contains a numeric keypad and a smart card reader and allows the numeric keypad to server two purposes: the first as a normal keypad in a keyboard and the second as a secure PIN entry keypad. The user inserts his smart card, with his PIN number information stored in the smart card's memory, into the smart card reader. An application program running on a PC that requires secure identification from the user requests that the user enter his PIN number using the keypad on the keyboard. The controller receives the PIN request and switches the keypad from normal mode to PIN entry mode. The keypad is switched to be dedicated to PIN entry and communicates with the controller. The user enters his PIN number into the keypad. The controller receives the PIN number and forwards the PIN number to the smart card. The smart card validates the PIN number and sends a pass/fail indicator back to the controller. The controller forwards the pass/fail indication to the PC. Another preferred embodiment of the invention connects a biometric device to the keyboard from which the controller obtains a user's biometric identification information.
摘要:
A content, restored in an information processing apparatus, for replaying a content, such as a personal computer, is fed back to a drive device. The drive device detects an electronic watermark from the transferred restored content, and controls content outputting from the drive device. In this arrangement, an electronic watermark is reliably detected and content replay control is performed based on the detected electronic watermark in any type of coding including MPEG 2, MPEG-1, MPEG-4 regardless of type of coding or even if the content is encrypted.
摘要:
A method for protecting packets to be sent from a first network node to a second network node is provided. According to one embodiment, the method includes the steps of generating validity information for a packet, and generating a header for the packet, including the validity information. The method also includes the step of sending the packet including the header from the first network node to the second network node. The validity information includes all necessary information required for performing a validity check of the packet. Thus, no pre-established security association is needed to verify the validity of a packet.
摘要:
A method of controlling access to a data server, in which a web server receives a request from a client for a web page, the web page being configured to receive data from the data server for display by the client. In response to the request, a program associated with the web server generates a password signed with a private key to provide the client with access to the data server. The corresponding public key has previously been sent to the data server. The password is returned to the client and program code in the web page directs the client to connect to the data server. The data server receives the password and attempts to validate it using the public key received from the web server. Data is sent to the client in the event that the password is successfully validated.
摘要:
A method and apparatus is provided for invoking authenticated transactions on behalf of a user when the user is not present. For example, the invention allows a subscription to take actions that would otherwise require authentication, such as performing collections from a wallet, when the user is not present. Thus, the invention provides a form of delegation of authority.
摘要:
A system that allows a user of a first domain to access a second domain. A request originates in the first domain to perform an action in the second domain. The request indicates a user of the first domain on whose behalf the request was originated. The access request is received by an adapter in the second domain. The adapter requests an access token for a user of the second domain who corresponds to the user of the first domain. A mapping table is used to identify which user in the second domain corresponds to the user in the first domain. Once the correct user of the second domain is identified, an access token for that user is returned to the adapter. The adapter then carries out the requested action by using the access token to impersonate the user of the second domain.
摘要:
Supplementary information related to original data is embedded in the original data without being lost or altered and without degrading the quality of the original data. A photographing condition regarding photographing of the original image data is generated as the supplementary information by supplementary information generating unit and stored on a network in a supplementary information database. Storage management information such as a URL address of where the supplementary information is stored is generated by storage management information generating unit and embedded the original image data by using deep layer encryption. The original image data in which the storage management information has been embedded are recorded in a recording medium. Since the storage management information has a smaller amount of data than the supplementary information, quality of the original data is not degraded even when the storage management information is embedded in the original image data.