63results about How to "Information leakage" patented technology

A system and method for conducting verifiably correct auctions that preserves the secrecy of the bids while providing for verifiable correctness and trustworthiness of the auction is disclosed. Some of the elements of the method and apparatus are that the auction operator accepts all bids submitted and follows the published rules of the auction. In one embodiment, the bids are maintained secret from the auctioneer and all bidders until the auction closes and no bidder is able to change or repudiate her bid. In another embodiment, the auction operator computes the auction results and publishes proofs of the results' correctness. In yet another embodiment, any party can check these proofs of correctness via publicly verifiable computations on encrypted bids.

A secure communication session is established between a first endpoint and a second endpoint. The first endpoint can contact the second endpoint via a first communication network and via a second communication network. The first communication network is more trusted than the second communication network. The first endpoint determines that a secure communication session is required. A security association is established between the endpoints for the communication session on a connection via the first communication network. Service is received on a connection via the second communication network using the previously established security association. The step of establishing a security association can comprise authenticating the second endpoint and negotiating a shared secret and the step of receiving service on a connection via the second communication network can occur without any further negotiation of key material or authentication between the endpoints via the second communication network.

A cryptography device which reduces side channel information including a first computing block adapted to either encrypt or decrypt received first input data and to output the encrypted or decrypted first input data as first output data at a first data output, a second computing block adapted to either encrypt or decrypt received second input data and to output the encrypted or decrypted second input data as second output data at a second data output, and a control unit connected to the first and second computing blocks and adapted in a first operating condition on the one hand to partially or completely assign the first output data to the first computing block as the first input data and on the other hand to completely or partially assign the first output data to the second computing block as part of the second input data.

A storage device that can be attached and/or detached to and/or from an information-processing device is provided. The storage device includes a storage unit including a first area provided to store an encryption key used to encode first information and first authentication information used to perform authentication, and a second area storing second information encoded by the information-processing device by using the encryption key, an authentication unit configured to authenticate a user based on second authentication information generated by the information-processing device based on third information input by the user and the first authentication information, a transmission unit configured to transmit the encryption key to the information-processing device when validity of the user is confirmed through the authentication, and a control unit configured to have control over writing and/or reading the encoded second information into and/or from the second area.

A facsimile machine includes an entry unit, a searching unit, a transmitting unit and a control unit. The entry unit accepts a transmission instruction including a destination. The searching unit searches the destination information in a database held by an external database device with the destination as a search key. The transmitting unit executes the facsimile transmission. The control unit causes the searching unit to execute searching for the first time immediately after the acceptance of the transmission instruction by the entry unit and for the second time immediately before the facsimile transmission in the case in which the entry unit accepts the time-specified transmission instruction or immediately before the redialing facsimile transmission and, when it is found that the destination information including the search key exists in the database by the searches for the first time and the second time, causes the transmitting unit to execute the facsimile transmission for the corresponding destination.

The present invention discloses a bus monitor for enhancing SOC system security and a realization method thereof. The bus monitor disposed between a system bus and a system control unit includes a configuration unit, a condition judgment unit, an effective data selection unit, a hardware algorithm unit and a comparative output unit. Without affecting the bus access efficiency, the present invention provides the method capable of immediately monitoring the bus behavior, and the detection system notices whether a particular bus access serial behavior is changed due to an accidental fault or intentional attacking fault. If the particular bus access serial behavior is changed, the present invention warns the system to adopt a suitable security measure to prevent the security hidden trouble and leakage of classified information due to the incorrect system security process.

Provided is a technique that can control a federated search apparatus to prevent transmission of access account information, which is not necessary to carry out security trimming, to search servers in the execution of federated search. The federated search apparatus according to the present invention includes an account correspondence table describing a correspondence between a first access account that issues a first search request for requesting federated search and second access accounts that issue a second search request to the search apparatuses. The federated search apparatus specifies the second access account corresponding to the first access account in accordance with the description of the account correspondence table, designates, as a search condition, a range that can be accessed by the second access account, and issues the second search request to the search servers.

In a copy management system, an output device generates a print image, and list information including identification information identifying a person authorized for printing. The list information is converted to a specific code, which is in turn embedded in a print image. The code-embedded print image is output by a printer on a printing medium. The code-embedded print image on the printing medium is received by a copying device of the system. The copying device also receives and accepts copier identification information identifying a copying person. The list information is acquired from the code-embedded print image. The identification information in the list information acquired is compared to the copier identification information accepted. Allowance/non-allowance of copying is determined based on whether or not the above information coincides with each other. The copying device outputs a printed copy subject to decision for allowance of copying.

To generate print jobs to be executed by a printing device, an image processing apparatus edits drawing commands output by applications and stored in storage means, in accordance with editing instructions input through input means, executes a process of generating chasing data using the drawing commands, the process including the edition, and then executes a process of generating print data, the process including the edition. The editing instructions for the drawing commands include an instruction to combine a plurality of drawing commands, an instruction to separate a drawing command into a plurality of subcommands, and an instruction to delete a drawing command. The chasing data is generated so as to have a layered data structure indicating the combinative relationship among the plurality of drawing commands if the editing instruction instructs a plurality of drawing commands to be combined together.

A method and system for optimizing allocation of large block orders for a security for maximum fill rate and minimum information leakage. The invention includes a process by which a block order for a security is allocated to a number of suborders which are then submitted to various electronic trading destinations to be filled. This allocation process involves ranking the suborders on the basis of a quality measurement, calculating and assigned a liquidity expectation to each suborder, determining a maximum target execution rate for the security that will not result in market impact, assigning orders to a trade list beginning with the higher rank suborder until the sum of shares represented in the list is equal to the maximum target execution rate, allocating the suborders not assigned to the trade list, and submitting the suborders to the corresponding electronic trading destination.

An information processing terminal transmits, to an authentication server, information obtained by imaging a code pattern of multifunction device information, and authentication information inputted by a user. The authentication server performs user authentication based on the received authentication information and specifies a multifunction device based on the received information of the code pattern. If the user has been authenticated, the authentication server transmits print data corresponding to the user to the multifunction device and prescribes the execution of print processing to the multifunction device. The multifunction device executes print process based on the obtained print data.

In a trading system for trading securities or the like, Contra Targeting is performed by enabling users to expose the liquidity within their order management system without divulging order management system information to a central trading server. Also, virtual orders can be placed and executed which give users price-time priority on an order without reserving the shares until the moment of execution.

Out of data being transmitted from a client application A1 to a server application B1, data of which encryption has been determined to be necessary in a frame analyzing means within an intermediate driver A11 of s PC 1 is relayed by use of a total of two TCP sessions consisting of a TCP session 1 between a TCP A14 and a TCP A2, and a TCP session 2 between a TCP A17 and a TCP B3. Relaying the TCP sessions in such a manner makes it possible to achieve a coincidence of a TCP/IP protocol hierarchy between an SSL A16 within the intermediate driver A11 and an SSL B2 within a server 2, which enables certificate information, an encryption algorithm, etc. necessary for starting an SSL session to be automatically exchanged therebetween. As a result, secret data being sent out from the PC can be encrypted without changing the setting of the server or installing any software.

A methodology as described herein allows cyber-domain tools such as computer aided-manufacturing (CAM) to be aware of the existing information leakage. Then, either machine process or product design parameters in the cyber-domain are changed to minimize the information leakage. This methodology aids the existing cyber-domain and physical-domain security solution by utilizing the cross-domain relationship.

In an information processing apparatus having a service mode for a service person to carry out maintenance of the apparatus enters for carrying out the maintenance, a registration page is provided for registering the service person as a service person in charge of the maintenance of the apparatus, and an input page is provided for inputting authentication information required for the service person that is registered in the registration page as a person in charge of the maintenance of the apparatus to enter the service mode.

The invention discloses a receiving information processing method and a receiving information processing device, belonging to the field of e-business. The method comprises the steps of receiving an anonymous receiving instruction transmitted by a user; performing the anonymous process on the receiving information selected by the user so as to obtain anonymous information corresponding to the receiving information; generating a first order containing the anonymous information; and providing the first order to a third party. The device comprises a receiving module, an anonymous processing module, an order generating module and a providing module; the receiving module is used for receiving the anonymous receiving order of the user; the anonymous processing module is used for performing the anonymous process on the receiving information selected by user so as to obtain the anonymous information corresponding to the receiving information; the order generating module is used for generating the first order of the anonymous information containing the anonymous processing module; and the providing module is used for providing the first order generated by the order generating module for the third party. According to the receiving information processing method and the receiving information processing device, the anonymous information of the user instead of the receiving information of the user is provided for the third party so as to protect the privacy of the user.

A USB memory device incorporates a flash memory and a memory controller. An access lock is placed on a data storage area of the flash memory. When the USB memory device is attached to an electronic cassette, a cassette controller controls a USB controller to input an unlock password to the USB memory device. The memory controller unlocks the access lock on the data storage area when the unlock password matches a password stored in a program area of the flash memory in advance.

The present invention makes it possible, in encrypted data verification, to avoid the leaking of information related to the original plaintext, thereby ensuring safety. The system of the present invention is provided with: means (103 in FIG. 1) for generating first and second auxiliary data for verifying whether or not the Hamming distance of a plaintext between a first encrypted data in which input data is encrypted and is recorded in a storage device, and a second encrypted data obtained by encrypting input data of a target to be checked is equal to or less than a predetermined value; and means (402 and 403 in FIG. 1) for taking the difference between the first encrypted data recorded in the storage device, and the second encrypted data, and determining, using the first and second auxiliary data, whether or not the Hamming distance of the plaintext corresponding to the difference between the first encrypted data and the second encrypted data is equal to or less than the predetermined value.

A heating cooker for commercial use is provided in which heating control is conducted based on cooking parameter according to each cooking menu and an unauthorized user is prevented from changing the cooking parameter easily. In the heating cooker, cooking parameter can be changed only when a password is entered. Moreover, a user's administration level is determined by the entered password and information which can be changed is selected according to the user's administration level. The password entry can be carried out not only in an operation display panel provided with the heating cooker but in a remote central monitoring system which operates the heating cooker from a distant place.

This software enables a financial institution acting as a clearing agent to offer a liquidity pool where their clients can anonymously submit orders for a financial instrument. Many financial markets suffer from reduced liquidity, the causes for which include: 1) fragmentation across multiple markets, 2) fragmentation across a large instrument universe and 3) attempting to trade an illiquid instrument. The software has been developed to uniquely improve available liquidity using crossing algorithms that intelligently identify orders for similar instruments as relevant execution opportunities, and applies a quantitative scoring of their propensity to trade on which clients can anonymously negotiate and execute. As crossing algorithms are not constrained by the conventional restriction that orders must be for identical instruments, the system is able to increase liquidity by identifying execution opportunities that existing markets cannot, while employing an anonymous negotiation process that minimizes information leakage to mitigate disruption to market prices.

The present invention discloses a display panel, a displayer and a drive method for an array substrate in a display panel. The display panel comprises a cell substrate and an array substrate. Sub-pixel units of the array substrate are classified into first type of sub-pixel units for displaying an original image and second type of sub-pixel units for displaying an interference image. The outermost side of the cell substrate is provided with a FPR film array, wherein, first FPR films are in correspondence to the first type of sub-pixel units so as to convert emitting light of the first type of sub-pixel units into polarized light in a first direction; and a second FPR film is in correspondence to the second type of sub-pixel units so as to convert emitting light of the second type of sub-pixel units into polarized light in a second direction different from the first direction. The displayer may show the original image as well as the interference image simultaneously, and only wearing glasses for filtering interference image can the user observes the normal original image so as to prevent the original image from being observed by a peeper with his/her naked eyes.

A computer system for an easy system/information management. A client (100) and a server (200) are connected through a network (NW) so that a hard disk (240) or a server storage device is stored with a server holding type application program such as a menu program (243) to be operated on the web browser of the client (100). The server (200) has a web server program (242) and provides a file in response to the request of the client (100). After having started a second OS program (151), the client (100) starts a web browser program (153) in a full-screen display, and gains access to the file which is set for each client (100) or user and expressed in URL.