Abstract: Disclosed are a valuable-file identifying method and an identifying device thereof. The identifying method and the identifying device store image data of a valuable file using a fast storage method for image data. The fast storage method for image data comprises: compulsively converting collected single-byte image data into long-integer image data; using N data masks which correspond to each other through a “bitwise AND” operation to extract the long-integer image data in such a manner that N points are extracted from M*N points in each line and one point is extracted from L points in each column, where N is an integer greater than or equal to 2, L and M are all integers greater than or equal to 1; and integrating the data extracted respectively by N data masks through a “bitwise OR” operation to obtain coded image data and store same.

Abstract: A network device coordinates with other devices in a network to create a distributed filtering system. The device detects an attack in the network, such as a distributed denial of service attack, and forwards attack information to the other devices. The devices may categorize data into one or more groups and rate limit the amount of data being forwarded based on rate limits for the particular categories. The rate limits may also be updated based on the network conditions. The rate limits may further be used to guarantee bandwidth for certain categories of data.

Abstract: A method to enable dynamic configuration of gaming terminals installed in one or a plurality of gaming premises whereby certified games, certified data files and certified support software components are activated in accordance with a predetermined schedule or automatically in response to the observed gaming activity. The method may include allocating an individual PKI certificate to each executable software component and each of its versions, binding the PKI certificate to the executable software, associating a distinctive policy for each certificate and then enforcing the software execution policies in accordance with the desired authorized game configuration and schedule. The PKI certificate's “Subject Name” (or “Issued to” field or “CommonName” field) may be a concatenation of the software component identification, its version number and optionally other identification characters. The method applies equally to other network connected gaming subsystems.

Abstract: A method and systems for protecting the identification of a subscriber when a service provider transmits a subscriber request to a content provider in a distributed network environment, such as Internet. After the user sends a request to a service provider to which he has subscribed, the service provider encrypts the user identifier before transmitting this request with the encrypted user identifier to the content provider. Upon reception, the content provider uses an authentication Web Service supplied by the service provider for certifying the user identifier. If the user identifier is certified, the content provider transmits the requested content to the service provider, which formats it before sending it to the user. The content provider may charge the user through the service provider.

Abstract: Circuit for calculating a logic combination of two encrypted input operands recieves first and second dual-rail signals comprising data values in a calculation cycle and precharge values in a precharge cycle, and receives a dual-rail encryption signal comprising encryption values in the calculation cycle and precharge values in the precharge cycle, and outputs a dual-rail result signal comprising encrypted result values in the calculation cycle and precharge values in the precharge cycle. The data and encrypted result values are encrypted with the encryption values of the dual-rail encryption signal according to an encryption rule. A logic circuit determines the encrypted result values according to the logic combination from the data and encryption values, and outputs the encrypted result values in the calculation cycle.

Abstract: In accordance with this invention, a system, method, and computer-readable medium that selectively scans files stored on a computing device for malware is provided. One aspect of the present invention includes identifying files that need to be scanned for malware when a software update that includes a malware signature is received. More specifically, attributes of the new malware are identified by searching metadata associated with the malware. Then, the method searches a scan cache and determines whether each file with an entry in the scan cache is the type that may be infected by the malware. If a file is the type that may be infected by the malware, the file is scanned for malware when a scanning event such as an I/O request occurs. Conversely, if the file is not the type that may be infected by the malware, the file may be accessed without a scan being performed.

Abstract: A logic circuit for calculating an encrypted dual-rail result operand from encrypted dual-rail input operands according to a combination rule includes inputs for receiving the input operands and an output for outputting the encrypted result operand. Each operand may comprise a first logic state or a second logic state. The logic circuit comprises a first logic stage connected between the inputs and an intermediate node and a second logic stage connected between the intermediate node and the output. The logic stages are formed to calculate the first or second logic state of the encrypted result operand from the input operands according to the combination rule and to maintain or change exactly once the logic state of the encrypted result operand, independently of an order of arrival of the encrypted input operands, depending on the combination rule, in order to impress the calculated first logic state or second logic state on the output.

Abstract: Digital Fingerprints are generated for data objects in a system where separate annotation files are created for data objects. This permits cross heterogeneous system relationship of a data object with associated annotations. The digital fingerprint is saved in an annotation store along with a first relationship between the digital fingerprint and the location of annotations as well as a second relationship between the digital fingerprint and location of copies of the data object. The digital fingerprint can be generated by any system that has a copy of the data object. Annotations or data objects can be found by searching for the digital fingerprint and its relationships.

Abstract: A quantum key distribution (QKD) method involves the sending of random data from a QKD transmitter to a QKD receiver over a quantum signal channel, and the QKD transmitter and receiver respectively processing the data transmitted and received over the quantum signal channel in order to seek to derive a common random data set. This processing is effected with the aid of messages exchanged between QKD transmitter and receiver over an insecure classical communication channel. The processing concludes with a check, effected by an exchange of authenticated messages over the classical communication channel, that the QKD transmitter and receiver have derived the same random data set. At least some of the other messages exchanged during processing are exchanged without authentication and integrity checking. A QKD transmitter and QKD receiver are also disclosed.

Abstract: A method and system is presented for configuring a group of OCSP (Online Certificate Status Protocol) responders so that they are highly available. Each of the grouped OCSP responders share a common public key. When responding to an OCSP request, an OCSP responder generates an OCSP response that is signed with a group digital signature; the certificate for the common or group public key can be attached to the OCSP response. An OCSP client uses the group public key to verify the group digital signature on an OCSP response from any of the OCSP responders. For an OCSP client, the availability of this group of responders is greater than the availability of any one member of the group.

Abstract: An authentication token using a smart card that an organisation would issue to its customer, the smart card having a processor for executing a software application that is responsive to a user input to generate a one-time password as an output. The smart card co-operates with an interface device for inputting the user input and displaying the one-time password. The authentication token may be used in combination with a remote authentication server for validation of the password and hence authentication of the user.

Abstract: A security system in which wireless transmitting security devices use a hybrid or dual encoding methodology, wherein a first part of a data message is encoded in a return-to-zero (RZ) format and a second part of the data message is encoded in a non-return-to-zero (NRZ) format, thereby increasing error detection and correction. In a first aspect of the invention, status information is included in the first part of the message and redundant status information is included in the second part of the message. In a second aspect of the invention, message sequence information is included in the second part of the message to avoid processing of stale or out-of-sequence messages.

Abstract: A method, data processing system, and computer program product are provided for retrieving access rules using a plurality of subtables. An incoming packet that includes fields of data is received from a network. A key is formed from the fields, the key includes a number of subkeys. The subkeys are selected and each of the selected subkeys is used to search a different subtable. If a subtable entry is a pointer, a next level subtable is searched until a failure or data is encountered. If a failure occurs, a default rule is applied. If data is encountered, the key is masked using a stored mask value. The resulting masked key is compared to a stored rule. If they match, the identified rule is applied, otherwise the default rule is applied.

Abstract: The present invention is directed toward a system, method, and a computer-readable medium for efficiently loading data into memory in order to scan the data for malware. The logic provided in the present invention improves the experience of a user when operating a computer protected with antivirus software. One aspect of the present invention is a method that identifies a pattern in which data in a file is loaded into memory from a computer-readable medium. Then the method identifies a pattern in which data in the file may be loaded into memory in a way that minimizes the time required to read data in the file. When a subsequent scan of the file is scheduled to occur, the method causes data in the file to be loaded in memory using the pattern that minimizes the time required to read data in the file.

Abstract: Methods and apparatus, including computer program products, for modifying a user interface of a client application. A method includes rendering a graphical user interface of a client application having a first and second control coupled to the client application, receiving user-generated input characterizing a request to modify the first control and a selection of a third control; exchanging the first control with the third control; rendering the graphical user interface of the client application as having the third control in lieu of the first control; receiving user-generated input characterizing interaction with the second control; and rendering the third control to reflect the interaction with the second control.

Abstract: A method and device for detecting a condition in a communication system, including at least one user equipment, for determining at least one parameter associated with a communication link between an application and a node of said user equipment, and detecting the condition in response to the at least one parameter.

Abstract: A method and system for ensuring security-compliant creation and signing of endorsement keys of manufactured TPMs. The endorsement keys are generated for the TPM. The TPM vendor selects an N-byte secret and stores the N-byte secret in the TPM along with the endorsement keys. The secret number cannot be read outside of the TPM. The secret number is also provided to the OEM's credential server. During the endorsement key (EK) credential process, the TPM generates an endorsement key, which comprises both the public key and a hash of the secret and the public key. The credential server matches the hash within the endorsement key with a second hash of the received public key (from the endorsement key) and the vendor provided secret. The EK certificate is generated and inserted into the TPM only when a match is confirmed.

Abstract: A system and method can verifiably record a voice communication between participants of the voice communication by connecting a first participant to a verifying service provider, connecting between the verifying service and at least one additional participant, recording the voice communication between the first participant and the at least one additional participant to provide a recorded voice communication and secure time-stamping the recorded voice communication to provide a verifiable recorded voice communication. Switch data, such as telephone numbers for the participants and date and time information for the voice communication, can be appended to the recorded voice communication. The participants may input identification data, such as digital signatures, that can be associated with the recorded voice communication and the recorded voice communication can be digitally signed using the digital signatures input by the participants.

Abstract: A smart card enabled secure computing environment system locks the host computer system from user access and waits for a smart card to be inserted into an attached or co-resident smart card reader. When a smart card is inserted into the smart card reader, the invention asks the user to enter his smart card password which is compared to the password on the smart card. If the two passwords match, the invention looks up the user's username in an access file of valid users and finds its associated access times and/or cumulative time limits in the access file. if the current time is within any of the valid access times and the user's cumulative usage time is within the specified cumulative time limit, then access is granted and the system is unlocked. The invention periodically checks the current time while the user is using the computer. If a blocked time period is entered or a cumulative time limit is exceeded, the user is logged off the machine and the computer is locked from user access.

Abstract: Methods, apparati, and computer-readable media for matching patterns of symbols within computer systems. A method embodiment of the present invention comprises composing (11) a pattern matching expression; and embedding (12) a function using storage means within the expression to form a character matching string. The expression may be a regular expression. The character matching string is compared (13) against a target string. The target string may be one that is suspected to contain malicious computer code.