Abstract: Cryptographic keys are distributed to computer systems to be remotely managed by a management node. First secure channels are established between the management node and trusted computing platforms associated with the computer systems. Cryptographic keys are sent to the trusted computing platforms via the first secure channels, wherein the cryptographic keys are stored in the trusted computing platforms and retrieved from the trusted computing platforms by the computer systems. Second secure channels are established with the computer systems using the retrieved cryptographic keys. Commands are remotely executed on one or more of the computer systems via the second secure channels.

Abstract: The present subject matter related to trusted computing, and more particularly, to virtual trusted platform module keys rooted in a hardware trusted platform module. Some embodiments include a trusted platform virtualization module operable to capture virtual machine trusted platform module calls and operates to generate, maintain, and utilize hardware trusted platform module keys on behalf of the one or more virtual machines. Some embodiments include virtual trusted platform module keys having a public portion on top of an private portion including an encrypted hardware trusted platform module key.

Abstract: Embodiments of the present invention comprise systems and methods for: authorizing the transmission of audiovisual data based on an iterative changing bit budget, where the bit budget may be based on a value of a total size of the set of Network Abstraction Layer units and a value of an initial size of the group of frames; and determining a bit budget remainder and an adjusted bit budget remainder.

Abstract: Embodiments of the present invention comprise systems and methods for predicting image elements, comprising scaling a received low dynamic range (LDR) image element value for an image element via a binary shift operation, where the binary shift operation is based on a received prediction shift value, and combining, via a received additive operation, the scaled LDR image element value with the received LDR image element value.

Abstract: A secure NFC apparatus includes a plug-in socket, an NFC unit, and a protocol matching unit. A security module is inserted in the plug-in socket. The NFC unit communicates with the outside via non-contact NFC using signals based on an S2C protocol. The protocol matching unit determines the type of chip in the inserted security module, generates a chip identification signal according to results of the identification, and matches the protocol of the signals based on the S2C protocol, which are input to and output from the NFC unit, with the protocol of the signals, which are input to and output from the security module, according to the chip identification signal.

Abstract: A data communication apparatus is highly concealable and significantly increases time necessary for an eavesdropper to analyze cipher text. A multi-level code generation section generates, by using predetermined key information, a multi-level code sequence in which a signal level changes so as to be random numbers. The multi-level processing section combines a multi-level code sequence and information data, and generates a multi-level signal having a level corresponding to a combination of the multi-level code sequence and the information data. In the multi-level code generation section, a random number sequence generation section generates a binary random number sequence by using the predetermined key information. A multi-level conversion section generates a multi-level code sequence from the binary random number sequence in accordance with a predetermined encoding rule.

Abstract: Techniques are provided for forming a digital signature for a portion of a document. A registered module is invoked to process the document in accordance with a structured format associated with the document. The registered module is able to process a plurality of different structured formats. The registered module obtains the portion. A digital signature is formed for the portion. The digital signature is included in the document in accordance with the structured format.

Abstract: A server for transferring data between networks. The server is programmed to perform the following steps: (a) creating a receiving process, a filtering process and a forwarding process, the filtering process being dictated by a file that specifies filtering rules, wherein: (b) the receiving process receives data transmitted from a source host; (c) the filtering process filters the transmitted data based on the filtering rules; and (d) the forwarding process forwards only filtered data to a destination host.

Abstract: The present invention provides a video coding method and a video decoding method which allow enhancement of coding efficiency and improvement in video quality. A video coding apparatus includes: a mode determination unit which determines a notification method for notifying a transform block size to be used in orthogonal transform of a current block to be either the implicit mode or the explicit mode, and outputs the ABT mode indicating the determined notification method; an orthogonal transformation unit which transforms the difference values between the input image and predicted image into frequency coefficients based on the transform block size determined in accordance with the determined notification method; a quantization unit which quantizes the frequency coefficients and output the quantized values; and a variable length coding unit which performs variable length coding on the quantized values, the ABT mode, and the like, so as to output a coded stream.

Abstract: A method and apparatus to provide a cryptographic protocol for secure authentication, privacy, and anonymity. The protocol, in one embodiment, is designed to be implemented in a small number of logic gates, executed quickly on simple devices, and provide military grade security.

Abstract: A method for securing personal computing devices from unauthorized data copying and removal includes detecting an attachment of a device to a client included within a computing network; determining whether the detected attached device is permitted to be attached to the client; prompting a user of the client to remove the attached device therefrom in the event the detected attached device is not permitted to be attached to the client; and loading a replacement device driver onto the client in the event the attached device has not been removed, wherein the replacement device driver prevents the client from copying data to the attached device.

Abstract: A system comprises a first operating environment and a second operating environment. The first and second operating environments exchange information in encrypted form using a shared encryption key (K3). The first and second operating environments cooperate to change the encryption key K3 using another shared encryption key (K4). The encryption key K4 is changed upon the encryption key K3 being changed.

Abstract: A technique carries out seed (or key) derivation within an electronic apparatus (e.g., a hand holdable electronic apparatus such as a token, an authentication server, etc.). The technique involves acquiring a stored representation of a derived seed, the stored representation of the derived seed resulting from an earlier-performed cryptographic operation based on a higher-level seed. The technique further involves (i) performing a current cryptographic operation based on a stored representation of the higher-level seed, the current cryptographic operation resulting in a current representation of the derived seed, and (ii) providing a corruption detection signal indicating whether the current representation of the derived seed matches the stored representation of the derived seed.

Abstract: A computer system having resistance to timing attacks based on measuring processing times by encrypting or decrypting a plain text or ciphertext by converting the partial data related to the plain text or the encrypted text into conversion data. In the system, a conversion table includes one piece of conversion data corresponding to the partial data at a start position of a line table area and includes data not associated with the conversion in the other position. In the system, a computer program includes an operation instruction for calculating a predetermined position of the conversion data in the conversion table by using acquired partial data and a read instruction for reading out the conversion data from the calculated position.

Abstract: A secure network server wherein both the forwarding process and the receiving process are created upon connection initialization, and the receiving process is held off from communicating with the source host until the forwarding process has created a connection with the destination host. This solves the problem of message loss when the destination host is unreachable.

Abstract: A message authentication code, MAC, is generated in an electronic circuit, wherein the MAC integrity protects a data value, PD. A random challenge word, RND, is received from a source that is external to the electronic circuit. A first function G(RND,K) is evaluated that generates a first encrypted value, K?, from RND and K, wherein K is a secret key value that is stored on the electronic circuit. A second function F(RND,K) is evaluated that generates a second encrypted value, K?, from RND and K. The MAC is then generated in accordance with MAC=K?+m1K?+m2K?2+ . . . +MlK?l, wherein m1, m2, . . . , ml are derived by representing the data value, PD, as an l-tuple of elements in a field, GF(2n), wherein n is an integer greater than zero. A hardware-efficient arrangement is also disclosed for generating this and other MACs.

Abstract: Systems and methods that facilitate introducing devices having digital characteristics to one another, to mitigate a man-in-the-middle attack. A keytote component supplies initial session keys for communication between devices, and includes a plurality of interfaces that can facilitate such communication. The keytote component can receive a key from a first device via one of a plulrality of communication interfaces associated with the keytote component. The user can then physically carry the keytote component to the vicinity of a second device for transferring the key thereto. As such, a man-in-the-middle attack can be mitigated, as an encrypted channel can be established in an insecure environment.

Abstract: A method of network communication and a network gateway are disclosed. The method and gateway operate between a secure network and remote clients by way of an intermediate transport network, such as the Internet. The remote clients connect through a NAT router so share a common source address on the intermediate transport network. In the secure network, the method analyses packets received from a remote client to identify packets that start a new secure communication session. Then, the method assigns a session-unique address and port to the new secure communication session. Subsequent packets are translated in the secure communication session by exchanging the source address with the local session address. Thus, the secure network perceived each session as originating from a distinct address and port, whereby several such sessions can coexist simultaneously.

Abstract: Provided are a method, system, and article of manufacture for encrypting and decrypting database records. Encryption metadata is provided for a database file having fields, wherein the encryption metadata indicates at least one encryption key for the file. A request is received to perform a read or write operation with respect to a record including the fields for the database file. A determination is made from the encryption metadata of the at least one encryption key for the database file. The determined encryption key is used to encrypt or decrypt for the read or write operation with respect to at least one of the fields in the database file.

Abstract: A method for managing shared passwords on a multi-user computer system is disclosed. A set of shared passwords and an administrator internal key are initially generated. After the receipt of an administrator external key, the administrator internal key is encrypted with the administrator external key. For each user level within the computer system, an internal key is generated by hashing the administrator internal key. For each user level within the computer system, each of the shared passwords encrypted with a respective one of the internal keys. The internal keys and the encrypted shared passwords are then stored in a non-volatile storage device.