Abstract: A public key cryptography (PKI or other similar system) is used to sent partial or multiple of encryption or decryption algorithm (cipher or decipher) to the data sender or receiver to encrypt or decrypt the data to be sent or received and destroy itself after each or multiple use. Since the encryption algorithm is protected, it can be devised very small in size in compare to the data to be sent and the user can afford to use large key size in it's transmission to increase protection without significant compact to the overall speed. Without knowing the encryption algorithm, which may also be changing from time to time, it will be impossible to use brut force to break the code provided that the algorithm scheme is designed properly. It is due to that there are unlimited numbers of new or old algorithms with countless variations and it takes years of supper fast computing time to break even few algorithms.

Abstract: A method and system for managing multiple firewall configurations are disclosed. The method uses a pointer on a packet object representing a packet to reference a configuration object representing a configuration of the firewall which is assigned to the packet. By using a pointer to link each packet entering a computer system to the most recent configuration, the method can maintain multiple configurations and enable the firewall processing modules to process each packet according to its assigned configuration even if new configurations are released during the transition of the packet through the system. A reference count is also used as a variable by the configuration object to track the number of packets assigned to the configuration. A corresponding system is also provided.

Abstract: Creating a plaintext index from a text that is extracted from a file presents the risk of a leak of confidential information from the created index. To address this problem, provided is a computer system which has a computer, a storage subsystem coupled to the computer, and a network coupling the computer and the storage subsystem. The computer has an interface coupled to the network, a first processor coupled to the interface, and a memory coupled to the first processor. The storage subsystem has a disk device which stores data. A storage area of the disk device is divided into a plurality of storage areas including, at least, a first storage area and a second storage area. The first processor reads a part of data stored in the first storage area, encrypts the part of data read from the first storage area when the data stored in the first storage area is judged as encrypted data, and writes the encrypted part of data in the second storage area.

Abstract: A Protocol for carrying Authentication for Network Access (PANA) authentication system is provided. The system includes: a PANA client (PaC) which establishes, with a PANA authentication agent (PAA), a first PANA session and a second PANA session independent of the first PANA session, and transmits, to the PAA, a PANA update request packet requesting a binding of the first PANA session and the second PANA session; and a PAA which determines whether the first PANA session and the second PANA session are associated with an identical PaC in response to the PANA update request packet received from the PaC.

Abstract: A novel method and apparatus for protection of streamed media content is disclosed. In one aspect, the apparatus includes control means for governance of content streams or content objects, decryption means for decrypting content streams or content objects under control of the control means, and feedback means for tracking actual use of content streams or content objects. The control means may operate in accordance with rules received as part of the streamed content, or through a side-band channel. The rules may specify allowed uses of the content, including whether or not the content can be copied or transferred, and whether and under what circumstances received content may be “checked-out” of one device and used in a second device. The rules may also include or specify budgets, and a requirement that audit information be collected and/or transmitted to an external server. In a different aspect, the apparatus may include a media player designed to call plugins to assist in rendering content.

Abstract: Systems and/or methods that facilitate security of data are presented. A random number generation component generates random numbers based in part on electron activity in a select memory cell(s) to facilitate data security. Sensor components that are highly sensitive can be employed to sense activity of the select memory cell(s) and/or reference memory cell in a noise margin associated with respective memory cells in the memory component. The activity of the select memory cell is compared to the reference memory cell(s) to facilitate generating binary data. The binary data is provided to the random number generation component where the binary data is evaluated to determine whether a predetermined level of entropy exists in the binary data. The binary data, or a portion thereof, can be processed to generate random numbers that are utilized in cryptographic processes and/or as a physical signature to facilitate data security.

Abstract: Arrangements which permit the employment of dedicated user-access management architecture with more than text-based access. Particularly contemplated herein are arrangements for accepting user identifiers that are then communicated to an intermediate user-delineating architecture (i.e., architecture configured for permitting access to encrypted data or sections of a computer on a user-specific basis) in a manner to permit the user-delineating architecture to perform its own task of unlocking data or sections of a computer.

Abstract: A network device includes a content processing module that is configured to perform intelligent document content processing, such as confidential information processing, content optimization and workflow optimization. The network device authenticates a user and determines electronic document data that is to be processed. The electronic document data may be created at the network device, e.g., by a scanning module on the network device, or at a client device, e.g., by a word processing application executing on the client device. The content processing module retrieves particular user preference data based upon the user authentication. The particular user preference data may specify confidential information preferences, content optimization preferences and/or workflow preferences. The content processing module performs intelligent document content processing on the electronic document data based upon the particular user preference data and generates processed electronic document data.

Abstract: The present invention provides a method for establishing a secure channel between wireless devices. The method involves reducing the transmit power of the devices in conjunction with placing the devices in close proximity to one another. By reducing the transmit power, wireless communications between the devices cannot be detected by other devices beyond the short transmission range. The devices then generate and exchange encryption keys using the reduced-power transmissions in order to establish a secure, encrypted communications channel. Once the secure channel is established, the devices increase their transmit power back to normal operating levels, allowing them to be moved further apart while maintaining secure wireless communications.

Abstract: A method and a system for privacy-preserving SNA. A plurality of vertices of a first subgraph of a graph is encrypted with a first key of a commutatively encryption scheme. A plurality of vertices of a second subgraph encrypted with a second key of the commutatively encryption scheme are received and encrypted commutatively with the first key. A plurality of commutatively encrypted vertices of the first subgraph and a plurality of commutatively encrypted vertices of the second subgraph are used for computing centrality metrics preserving the privacy of the graph and its structure.

Abstract: Provided are a method, system, and article of manufacture for generating a challenge response image including a recognizable image. A challenge image is generated including random elements and a recognizable image. The challenge image is transmitted to a recipient. Recipient input associated with the transmitted challenge image is received. A determination is made as to whether the received recipient input matches a descriptor associated with the recognizable image in the challenge image. Indication is made that the recipient correctly identified the recognizable image.

Abstract: A procedure for login in a case where a prescribed job is executed in an image processor is simplified. An image processor includes: input unit accepting an input of user authentication information from a user; user authentication unit performing user authentication by comparing the inputted user authentication information with the stored user authentication information to authorize execution of processing; and temporary ID generation unit generating an temporary ID if the user authentication is successful to store the temporary ID, being related to the user authentication information, wherein the input unit accepts an input of the temporary ID and the user authentication unit compares the inputted temporary ID with the stored temporary ID to thereby perform the user authentication and to authorize execution of the processing.

Abstract: A centralized password repository (CPR) provides network users with a password portal through which the user can manage password access to domains and applications on the network. A subset of the domains and applications on the network may be required, by design, to maintain a separate password infrastructure. For these systems, the CPR establishes a secure and authenticated communication channel and software on the system interfaces with the password infrastructure to synchronize the password in the system password infrastructure with the password in the CPR. For other systems not required to maintain a separate password infrastructure, the CPR performs password services by responding to requests from those systems seeking to validate user IDs and passwords. The CPR enables an administrator to modify network privileges and enables a user to alter passwords on the network through a single interface.

Abstract: A first information handling system (“IHS”) receives identification information of a first user of a second IHS. The first IHS initiates a network session in response to authenticating the identification information of the first user. Within the network session, the first IHS receives identification information of a second user of the second IHS. The first IHS authenticates the identification information of the second user.

Abstract: Secure tunneled multicast transmission and reception through a network is provided. A join request may be received from a second tunnel endpoint, the join request indicating a multicast group to be joined. Group keys may be transmitted to the second tunnel endpoint, where the group keys are based at least on the multicast group. A packet received at the first tunnel endpoint may be cryptographically processed to generate an encapsulated payload. A header may be appended to the encapsulated payload to form an encapsulated packet, wherein the header includes information associated with the second tunnel endpoint. A tunnel may be established between the first tunnel endpoint and the second tunnel endpoint based on the appended header. The encapsulated packet may be transmitted through the tunnel to the second tunnel endpoint. The second tunnel endpoint may receive the encapsulated packet. Cryptographic processing of the encapsulated packet may reveal the packet having a second header.

Abstract: The invention comprises a method of authenticating and encrypting a client-server communication, comprising the steps of: a) generating a first one-time password (OTP1) and a second one-time password (OTP2) from a cryptographic token; b) generating an encryption key (K_ENC) and a MAC key (K_MAC) based on OTP2; c) preparing and protecting the client data using K_ENC and K_MAC; d) sending a request message from the client to the server, the request message containing the protected client data, a cryptographic token identifier (TID) and OTP1; e) validating OTP1 at the server, and generating OTP2 at the server upon successful validation; f) deriving K_ENC and K_MAC from OTP2 at the server; g) processing the request message and generating result data h) encrypting the result data using K_ENC and creating a digest using K_MAC; i) sending the encrypted result data to the client; and i) decrypting the result data at the client using K_ENC and verifying the authenticity of the result data using K_MAC.

Abstract: A system and method allows some or all of an e-mail message, such as the sender or its contents, to be authenticated, for example, to identify a message as potential spam.

Abstract: The SSL VPN session failover solution of the appliance and/or client agent described herein provides an environment for handling IP address assignment and end point re-authorization upon failover. The appliances may be deployed to provide a session failover environment in which a second appliance is a backup to a first appliance when a failover condition is detected, such as failure in operation of the first appliance. The backup appliance takes over responsibility for SSL VPN sessions provided by the first appliance. In the failover environment, the first appliance propagates SSL VPN session information including user IP address assignment and end point authorization information to the backup appliance. The backup appliance maintains this information. Upon detection of failover of the first appliance, the backup appliance activates the transferred SSL VPN session and maintains the user assigned IP addresses. The backup appliance may also re-authorize the client for the transferred SSL VPN session.

Abstract: Apparatus, system, and method having a first counter to record a number of invalid authentication requests, a first timer to set a first time period based on a value of the first counter, and an authentication module associated with the first counter and the first timer to receive an initial authentication request that includes a username and when said username is invalid, the module is to invalidate any subsequent authentication requests under the username during the first time period regardless of whether the subsequent requests includes a valid username. The system further includes a communication medium. The method includes receiving an authentication request with new information in a first session, validating the new information, and caching the validated new information in the first session.

Abstract: Techniques for efficiently authenticating multiple objects and clustering objects based on access patterns are provided. For example, in an illustrative aspect of the invention, a technique for generating and/or reading authentication information, wherein the authentication information provides evidence that a plurality of objects were one of generated and sent by an entity, comprises using one or more object access patterns indicative of whether at least two of the plurality of objects are accessed within a similar time period to group objects together to reduce an overhead for at least one of generating and reading the authentication information.