Abstract: There is disclosed an authentication method comprising requesting a user of a personal mobile terminal to enter a personal code into a personal mobile terminal in response to receipt of an authentication request transmitted to the personal mobile terminal, the authentication request being related to an action that requires user authentication, and processing an entered personal code together with challenge data corresponding to the authentication request to determine whether one or more predetermined conditions are met and, if one or more predetermined conditions are met, producing a valid and signed authentication code that the user can provide in order to authenticate the action.

Abstract: A data processing apparatus includes an address bus, a scramble unit, and a data bus. The address bus outputs address data to be given to a memory apparatus. The scramble unit scrambles write-in data into a storage position in the memory apparatus identified by the address data to obtain confidential data. The data bus outputs the confidential data. The scramble unit includes a first scrambler, a first converter and a second scrambler. The first scrambler XORs first mask data corresponding to the address data and the write-in data for each bit and makes it first scrambled data. The first converter performs one-to-one substitution conversion of the first scrambled data. The second scrambler XORs second mask data corresponding to the address data and data after the conversion of the first scrambled data by the first converter and outputs obtained second scrambled data as the confidential data.

Abstract: A secure authentication channel (SAC) between two nodes in a communication network is created by the nodes themselves using mutual authentication. The network has two nodes, a coordinating entity, two PKI-based SACs, and one non-PKI SAC which is created by the two nodes and is for use by the nodes. The coordinating entity generates a master key which is transmitted to two nodes via a PKI-based SAC established between the coordinating entity and each of the two nodes. One node uses the master key to generate a first random number and the second node uses the key to generate a second random number. The second node also has an encrypted third random number. The network also has a third SAC, which is not solely based on PKI, between the first node and the second node and is created when the two nodes have authenticated each other. The mutual authentication process occurs without the intervention of the coordinating entity.

Abstract: In one embodiment, a device includes a first interface, a second interface, a memory, and a processor coupled to the first and second interfaces and to the memory. The processor is configured to receive key-management information via the second interface, and to store the key-management information in a protected portion of the memory as stored key-management information. The processor is also configured to perform a challenge-response authentication interaction via the first interface. The challenge-response authentication interaction is based at least in part on the stored key-management information. The device is configured to prevent data in the protected portion of the memory from being modified in response to information received via the first interface.

Abstract: A method of communicating in a secure communication system, comprises the steps of assembling a message at a sender, then determining a frame type, and including an indication of the frame type in a header of the message. The message is then sent to a recipient and the frame type used to perform a policy check.

Abstract: A computer system. In one embodiment, the computer system includes a remote management computer with a user input device and a display device, a plurality of target computers communicatively connected to the remote management computer over a communications link, and a computer-executable remote management application. Each target computer includes a baseboard management controller (BMC) executing a keyboard, video, and mouse (KVM) redirection application and storing remote management data.

Abstract: Differential phase shift (DPS) quantum key distribution (QKD) is provided, where the average number of photons per transmitted pulse is predetermined such that the secure key generation rate is maximal or nearly maximal, given other system parameters. These parameters include detector quantum efficiency, channel transmittance and pulse spacing (or clock rate). Additional system parameters that can optionally be included in the optimization include baseline error rate, sifted key error rate, detector dead time, detector dark count rate, and error correction algorithm performance factor. The security analysis leading to these results is based on consideration of a hybrid beam splitter and intercept-resend attack.

Abstract: Techniques are described for repairing some types of user account problems that interfere with granting a user access to a computer system and doing so during a process to authenticate the user in a way that does not require the user to re-enter authentication information or require the user to restart a communication session with the computer system. In response to a determination that a user's account has a problem during an authentication process, techniques are provided to enable a user to execute an appropriate process or processes to fix the user account, after which the authentication process continues. In this way, the correction to the user account may appear to be seamless to the user.

Abstract: A mechanism is provided to automatically retrieve zoning best practices from a centralized repository and to ensure that automatically generated zones do not violate these best practices. A user selects a set of hosts and storage controllers. The user also selects a guidance policy for creating the zone, and also selects a set of validation policies that must be enforced on the zone. If the user selects a guidance policy and a validation policy combination that is incompatible, the mechanism allows the user to change either the selected guidance policy or the set of validation policies. If the user has selected consistent-zoning as a guidance policy, then the mechanism automatically selects a guidance policy that does not violate the known validation policies.

Abstract: Upon obtaining second (first) class information corresponding to a second (first) device newly added to a network, the communication controller refers to fundamental request (notification) information and obtains request (notification) information corresponding to the obtained second (first) class information. The communication controller refers to notification (request) authorization information and obtains second (first) sender information associated with the notification (request) information indicative of the same processing as that indicated by the obtained request (notification) information.

Abstract: A device for using information on malicious application behaviors is provided. The device includes a capability-monitoring unit that monitors application capabilities, a behavior-monitoring unit that monitors application behaviors, an mBDL-generating unit that generates a document in a formal language specifying the application capabilities and the application behaviors, and a controlling unit that controls execution of application using the formal language.

Abstract: A method for accessing data in a storage area network is provided. The method initiates with receiving a request for a list of targets on the storage area network. All the targets on the storage area network are exposed to the requester and authentication requiring a password is requested from the requester to grant access to the targets on the storage are network. Access to the targets is granted if the password is acceptable, and access to the targets is refused if the password is unacceptable.

Abstract: There is provided an identifier authenticating system in which information requesting users can share all predetermined information held in a plurality of information providing servers. In the identifier authenticating system, when an identifier holding user 18 presents an identifier to an information requesting server 16, the information requesting server 16 asks a location managing server 14 about a location of an information providing server 15; the location managing server 14 returns a confirmed IP address of the information providing server 15 to the information requesting server 16 based on the location information; and the information requesting server 16 uses the confirmed IP address to access the information providing server 15 corresponding to the confirmed IP address and receives predetermined information specified by multiplying n pieces of identification information from the accessed information providing server.

Abstract: An access unit to be decoded is selected from data stored in a coded picture buffer (CPB) (56). If the access unit is an IDR (Instantaneous Decoder Refresh) picture, it is checked whether a decoded picture buffer (DPB) (60) has a free area enough to store the access unit. If the DPB (60) has a sufficient free area, a decoder (58) stores the decoding result in the DPB (60), and selects the next access unit from the CPB (56). If the DPB (60) does not have a sufficient free area and the earliest stored picture has already been displayed, the buffer area of the displayed picture is deallocated. If the earliest stored picture has not been displayed, a warning is displayed to the user. All memory areas in the DPB (60) except for the area of a currently displayed picture are deallocated to wait for an IDR picture.

Abstract: Embodiments of the present invention comprise systems and methods for managing and combining data contained in layers in a multilayer bitstream such that one or more transform coefficients in a first layer are used to modify one or more coefficients in a second layers that in turn is reconstructed using the modified one or more coefficients.

Abstract: A policy store associated with a policy decision point of an access control system is updated. The policy decision point is arranged to provide, in response to received decision requests, access control decisions in dependence on one or more policies stored in the policy store, each policy specifying a predetermined access control decision to be provided in response to a particular access request made in respect of a particular attribute or combination of attributes. The policy decision point is associated with at least one policy enforcement point arranged to implement access control in accordance with access control decisions provided by the policy decision point in response to decision requests submitted by the policy enforcement point, the policy enforcement point having associated therewith an attribute store providing data relating to attributes in respect of which access requests have previously been made via the policy enforcement point.

Abstract: One aspect of the invention discloses a method of authenticating an application. The method comprising performing, with a server application, bootstrapping procedures between the server application and a bootstrapping server function; deriving a shared key based on at least a key received from the bootstrapping server function server during the bootstrapping procedures and a network application function identifier; providing an application with a bootstrapping transaction identifier, the bootstrapping transaction identifier being received from the bootstrapping server function server during the bootstrapping procedures; receiving a response from the application; and authenticating the application by validating the response with the shared key.

Abstract: A method of encrypting a digital file composed of a sequence of bytes, each byte defined by a relative position within the digital file and a value, the method comprising: using an encryption key to encode the relative position separately from the value of each byte; and producing an encrypted digital file in which the correlation between relative position and value of each byte in the original digital file is concealed in the encrypted digital file.

Abstract: A lock administration system for self-powered locks is provided. The system comprises an ASP (application service provider) server operationally connected to the Internet and configured to store lock system related information, at least one client module configured to control the generating of shared secrets for encrypting and decrypting, and the generating and the encrypting of lock access data packets using a token, transmit the data packets to the ASP server using public networks, receive an encrypted status packet from the ASP server using public networks, control the decrypting of the status packet and send information regarding the decrypt status packet to the ASP server using public networks and at least one lock configured to receive data packets from the ASP server via public networks, decrypt the data packets and send an encrypted status packet to the ASP server using public networks.

Abstract: A file on a computer system is evaluated against trust criteria to determine whether the file is compatible with the trust criteria. Responsive to the file being incompatible with the trust criteria, the file is assigned to a package. Files assigned to the package are tracked to determine whether the files collectively perform malicious behavior. The package is convicted as malware responsive to the files in the package collectively performing malicious behavior.