Abstract: Various embodiments include a method of detecting shell code in an arbitrary file comprising determining where one or more candidate areas exist within an arbitrary file, searching at least one nearby area surrounding each of the one or more candidate areas within the arbitrary file for an instruction candidate, and calculating for any such instruction candidate a statistical probability based on a disassembly of instructions starting at a found offset for the instruction candidate that the disassembled instructions are shellcode.

Abstract: Methods and systems for direct device access are disclosed. Aspects of one method may include a plurality of GOSs directly accessing a first network interface device, where the first network interface device may provide access to a network. One or more of the GOSs may be migrated to directly access a second network interface device, based on state information for each of the GOSs, where the state information may be maintained by the host. The GOSs may communicate data to a device coupled to the network by direct accessing the first and/or second network interface device. Similarly, the first and/or second network interface device may communicate data received from a device coupled to the network to one or more of the plurality of GOSs via direct access of the first and/or second network interface device.

Abstract: In one embodiment the present invention includes a computer-implemented method comprising storing authorization data on a first client computer system, accessing virtual computing software from the first client computer system, accessing a virtual object in the virtual computing software in response to instructions received from the first client computer system, sending the authorization data from the first client computer system to a second computer system, wherein the authorization data specifies access rights on the second computer system, and accessing the second computer system using the authorization data and determining access rights on the second computer system based on said authorization data.

Abstract: The present disclosure relates to a method for executing, by a processor, a program read in a program memory, comprising steps of: detecting a program memory read address jump; providing prior to a jump address instruction for jumping a program memory read address, an instruction for storing the presence of the jump address instruction; and activating an error signal if an address jump has been detected and if the presence of a jump address instruction has not been stored. The present disclosure also relates to securing integrated circuits.

Abstract: Methods, systems, and computer products for download notification including identifying content for download, requesting a download of the content to a device and requesting a notification related to the status of the download.

Abstract: An object of the present invention is to provide a mechanism for tamper detection of electronic devices (110) in closed units which is robust and low cost. The object is achieved by a method in an electronic device (110) for detecting if a cover (100) enclosing the electronic device (110) has been opened. The cover (100) comprises an enclosing assembly (250) which is adapted to fasten the cover (100) into a closed position. The electronic (device 110) comprises a non volatile memory (120). The non volatile memory (120) comprises a stored reference signature associated to the enclosing assembly (250) when the cover (100) was fastened into a closed position. The method comprises the following steps: (Creating 1003) a signature associated to the enclosing assembly (250). Comparing (1004) the created signature with the reference signature. Detecting (1007) that the cover 100 has been opened when the comparing (1004) results in a difference.

Abstract: Multiple applications sharing common resources are arbitrated such that failures resulting from unavailable resources can be avoided. Whenever an application (e.g., a data application) desires to perform an operation (e.g., PPP resynchronization) that requires the use of a shared resource (e.g., an RF receiver), a determination is made as to whether that resource is available. The operation may be delayed while the resource is unavailable. The application may be assigned the resource if it is available or becomes available and may then start the operation. The resource is locked while the operation is pending to avoid assignment to another application. The resource arbitration allows applications to complete their operations without encountering failures due to other applications taking over the resources.

Abstract: A data protection system includes terminals, and an encryption device that encrypts distribution data distributed to each terminal. Each terminal corresponds with one node on a lowest level of a tree structure having hierarchies. A data protection system excludes nodes on the lowest level, determines a plurality of combination patterns that include combinations of two or more of all four nodes that are reached one level below the node, decides an individual decryption key for each determined combination pattern, and decides an individual decryption key for each node on the lowest level. The data protection system prescribes nodes that are reached from the node on the lowest level and a terminal to the node on the highest level that is an invalid node.

Abstract: An apparatus, system, and method are disclosed for a baseboard management controller (BMC) which includes an FPGA with a monitor module for monitoring the operations parameters of a host computer device. In addition, the BMC has a host connector that connects the BMC to the system bus of the host computing device, allowing the BMC access to the computing elements on the host. The host connector has reconfigurable pins with connection configuration controlled by the FPGA. In addition, the BMC has a server with a processor and associated non-volatile memory on board. The operating system provides services to the host computing device and its constituent components, as well as allowing advanced networking and interconnectivity with other BMCs in a management network.

Abstract: An apparatus including a microprocessor and a secure non-volatile memory. The microprocessor executes non-secure application programs and a secure application program. The microprocessor has secure execution mode initialization logic and an authorized public key. The secure execution mode initialization logic provides for initialization of a secure execution mode within the microprocessor. The secure execution mode initialization logic employs an asymmetric key algorithm to decrypt an enable parameter directing entry into the secure execution mode. The authorized public key is used to decrypt the enable parameter, the enable parameter having been encrypted according to the asymmetric key algorithm using an authorized private key that corresponds to the authorized public key.

Abstract: A method for content insertion is provided. In this method, a first media data is received from a server and a placement request is transmitted to a content provider service. As a result, a placement response is received from the content provider service. The placement response includes data identifying a second media data associated with the first media data. The second media data is retrieved and merged with the first media data. After the merge, the first and second media data are transmitted to the server.

Abstract: A method, and apparatus for software and resource management with a model-based architecture.

Abstract: A method and system for interfacing to an electronic device is disclosed. The interfacing may comprise one or more servers in a wireless network communicating internet protocol (IP) based messages to one or more electronic devices, where the wireless network may also communicate with the electronic devices using a network protocol that is not internet protocol. The IP based messages may be used to conduct device management of the electronic devices. The IP based messages may be digitally signed for security purposes. For mobile devices that do not have an IP address, a server may assign and IP address when the electronic device first enters the wireless network. Accordingly, the assigning of the IP address may be via a non-IP network protocol.

Abstract: When a customer operates a terminal to send a request for a provision of a manual page to the center via the Internet, the center determines whether the customer who is accessing is a registered customer (user of a copier) based on the stored customer information. In a case where the customer who is accessing the center is a registered customer, the center automatically selects electronic manual file(s) for the copier being used by the customer concerned. And the center generates a manual page representing the content of the selected manual file so that the content of the manual file is noticeable rather than the other information. The center transmits the manual page to the terminal concerned.

Abstract: A process for quiescing a master and a plurality of subordinate computer systems in a cluster. An original or a pending state may be entered that is a quiesce or an online state. The master instructs the subordinates the quiesce or online state be made the pending state. The subordinates prepare to change accordingly, determine whether successful, and vote to commit or abort. Based on whether all voted to commit, the master instructs the subordinates to either commit or abort. If to commit and the pending state is the quiesce state, an operation is performed in the subordinates. If to commit and the pending state is the online state, the subordinates prepare to resume the original state. The subordinates change from the original to the pending state. Otherwise, if to abort, the subordinates prepare to remain in the original state and reset the pending to the original state.

Abstract: One embodiment provides a system that verifies a user's identity. The system generates a list including a plurality of items and formulates a substantially large set of security questions base on the plurality of items. The number of questions in the set is significantly larger than a subset of security questions presented to the user to reduce the likelihood of the same questions being asked repeatedly. During account creation, the system presents to the user the subset of questions, and receives and stores a response from the user. At least one question in the subset is selected based on user information that is automatically extracted from devices associated with the user. Subsequently, the system receives a request to reset the user's password and presents the subset of questions to the requester. The system determines whether the requester is the user by comparing the requester's response with the stored user response.

Abstract: Disclosed is an authentication method employing elliptic curve cryptography (ECC), applicable to a mobile broadcast TV system having one or more head end systems, at least a transmitter, and at least a mobile set. The authentication method comprises at least one request message from mobile sets simultaneously or in a short period of time arriving at a head end system for authentication; manipulating each broadcast authentication message by ECC; manipulating each service request message by ECC and pairing operation; performing a mutual authentication between the head end system and mobile sets by ECC and pairing operation; and broadcasting one group of authentication messages to all the mobile sets of many requests arrived at the head end system simultaneously or in a short period of time for the same service.

Abstract: The invention provides a system and method for automated data analysis in which data agents are located and operate at each member site or data source (i.e., locally). These agents access stored data at the data source or member sites, process the data and also aggregate the results. The aggregated results from each of the member sites are then forwarded to and further aggregated at a central analytic hub. The central analytic hub contains a centralized application which can further aggregate each of the aggregated results and perform a final analysis. These results are then delivered to the requester without any ability to identify individual data sources, or records from those sources.

Abstract: Methods, systems, and apparatus are disclosed for utilizing a universal serial bus (“USB”) transport as a system interface to transmit and receive IPMI commands and responses. An intelligent platform management interface (“IPMI”) transport library is provided that receives IPMI commands from IPMI client applications executing on a host. The IPMI commands are encapsulated into vendor specific small computer systems interface (“SCSI”) commands and transmitted over the USB transport to a virtual mass storage device provided by a management device. In response to receiving the vendor specific commands, IPMI firmware executing on the management device extracts the IPMI commands and executes them. A response may be returned to the host by encapsulating the IPMI response into a vendor specific SCSI response and transmitting the response to the host.

Abstract: In one embodiment, a method includes identifying a critical time when a current presence state associated with a first client is scheduled to change to a timed presence state. The method also includes generating a first presence document before the critical time, and providing the first presence document to at least a second client. The first presence document has an indication of the current presence state and the timed presence state, and is provided to the second client before the critical time.