Abstract: Requests to send data from a first host within a network of hosts are monitored against a record of destination hosts who have been sent data in accordance with a predetermined policy. Destination host identities not the record are stored in a buffer. The buffer size is monitored to establish whether requests from the first host are pursuant to viral activity therein.

Abstract: A computer worm defense system comprises multiple containment systems tied together by a management system. Each containment system is deployed on a separate communication network and contains a worm sensor and a blocking system. Computer worm identifiers generated by a worm sensor of one containment system can be provided not only to the blocking system of the same containment system, but can also be distributed by the management system to blocking systems of other containment systems.

Abstract: A method of gaining access to a resource using an access token printed on a print medium, comprising the steps of: determining, using a sensor module of a mobile telecommunications device, the access token and a print media identifier printed on the print medium; and, causing the access token to undergo authentication, at least partially based on the print media identifier, and if the authentication succeeds, gaining access to the resource.

Abstract: A system and method for providing data content analysis is disclosed. The system includes an intelligent switch in a local area network, where the intelligent switch has content analysis applications stored therein and is configured to apply one or more content analysis applications on a port-by-port basis. The method includes remotely updating one or more content analysis applications at intelligent switches of subscriber networks.

Abstract: A method for detecting address rotation by a device in a communication network includes receiving, at a first time, a first message transmitted by the device, receiving, at a second time, a second message transmitted by the device, and processing the first message to determine a first sequence number and a first transmitter address. The method also includes processing the second message to determine a second sequence number and a second transmitter address, determining that the second transmitter address is different from the first transmitter address, determining a time gap between the first time and the second time, and determining, based, in part, on the time gap, a sequence threshold value. The method further includes determining a sequence difference between the first sequence number and the second sequence number, determining that the sequence difference is less than the sequence threshold value, and providing an indication of address rotation by the device.

Abstract: A method is provided for securely enabling dynamic instrumentation. The method includes categorizing probes, upon creation, into one or more classes, providing lists of permissions for activating the probes and associating users with the permissions for activating the probes, such that certain users have permissions for activating certain probes. Users are associated with permissions by mapping classes of probes to permissions and mapping users to permissions, mapping classes of users to probes, or mapping users to at least one of classes of probes and classes of capabilities.

Abstract: A method of gaining access to a resource using an access token linked to a print medium, comprising the steps of: determining a print media identifier from the print medium using a sensor module of a mobile telecommunications device, the print media identifier having been linked to the access token; identifying, using the mobile telecommunications device and the print media identifier, the access token; and, causing the access token to be supplied to a system, wherein the system is configured to authenticate the access token and, if the authentication succeeds, provide access to the resource.

Abstract: A method of generating a call sign. A method of generating a call sign comprising determining a distinguished qualifier, finding a distinguished salt, and hashing the distinguished salt with the distinguished qualifier.

Abstract: A system and method for correlating a user's use of a first network service with a user's use of a second network service. For each user with which the first network service communicates, the network service transmits a unique ID to the user such that the unique ID is visible to the user. When the user communicates with the second network service, the user provides the second network service with the unique ID. The first and second networks each may store some indication of their respective associations with the user. The user's use of the second network service is correlated with the user's use of the second network service based on the unique ID and any information stored by the networks in association with the unique ID.

Abstract: A memory stores data in an encrypted form. A modifiable register stores a memory address, a0, defining a boundary separating the memory into two regions. The lower region stores data encrypted using a key B, and the upper region stores data encrypted using a different key A. Data stored on the boundary address is encrypted using key A. Accordingly, when data is read from a memory address a, key A is used to decrypt the data if a?a0, and key B is used if a<a0. However, when data is written to a memory address a, then key A is used to encrypt the data if a?a0+1, key B is used if a<a0+1. When data is written to the boundary address, a0, the position of the boundary is caused to increase by one unit.

Abstract: In accordance with various aspects, the present invention relates to methods and systems for sending an identity information document comprising selecting identity information from a self-identity information store for inclusion in the identity information document. The selected identity information is read from a self-identity information store. The identity information document is generated to include the selected identity information and one or more keys, and signed using a key associated with one of the keys included in the identity information document. The identity information document is then sent to a recipient. Receiving an identity information document comprises receiving a signed identity information document from an originator. A determination is made as to whether identity information in the identity information document is reliable. The identity information is saved in a recognized identity information store if the identity information is determined to be reliable.

Abstract: An AES encryption processor is provided for reducing hardware with improved throughput. The processor is composed of a selector unit selecting an element of a state in response to row and column indices, a S-box for obtaining a substitution value with said selected element used as an index, a coefficient table providing first to fourth coefficients in response to said row index, first to fourth Galois field multiplexers respectively computing first to fourth products, which are obtained by multiplication of said substitution value with first to fourth coefficients, respectively, and an accumulator which accumulates the first to fourth products to develop first to fourth elements of a designated column of a resultant state.

Abstract: Delivering a Direct Proof private key to a device installed in a client computer system in the field may be accomplished in a secure manner without requiring significant non-volatile storage in the device. A unique pseudo-random value is generated and stored in the device at manufacturing time. The pseudo-random value is used to generate a symmetric key for encrypting a data structure holding a Direct Proof private key and a private key digest associated with the device. The resulting-encrypted data structure is stored on a removable storage medium (such as a CD), and distributed to the owner of the client computer system. When the device is initialized on the client computer system, the system checks if a localized encrypted data structure is present in the system. If not, the system obtains the associated encrypted data structure from the removable storage medium.

Abstract: A digital measurement apparatus measures a physical measurement object, provides a digital signature of public-key cryptography to measured data of a thus-measured physical quantity, and manages the measured data. The apparatus generates at least a pair of a public key and a private key, to be used for the digital signature of the public-key cryptography, through a key generating algorithm.

Abstract: A method of providing automatically verifiable trust in a content resolution process in which a PDR resolves a content reference identifier (CRID) identifying a content item using a resolution authority record (RAR) to obtain a locator identifying a location where the PDR can obtain the content item. Preferably, the measure comprises computing a digital signature over at least part of the contents of the CRID, the locator and/or the RAR. The method may also comprise encrypting at least a data portion of the CRID, RAR or locator. Digital rights needed to access the content item can be provided with the CRID, RAR or locator.

Abstract: The present invention provides a method, system, and computer program product for checking for viruses by adding a virus scanning capability to a data transfer device. In a method of the present invention a real-time virus checker is stored on a controller. The virus checker scans data as it is being written to a file. If a virus is detected, the suspected file is flagged. Anti-virus software is then invoked to perform a scan of the entire suspected file. In this manner, demands on CPU resources to perform scans will be greatly reduced as only those files marked as possibly containing a viruse need to be scanned, rather than scanning all the files on the entire data transfer device.

Abstract: Disclosed is a method of validating the contents of a real-time clock in a digital circuit. A plurality of memory elements create a first random signature value when power is newly applied to a circuit. The plurality of memory elements maintain the first random signature value while power to the circuit is maintained. The first random signature value is stored as a reference value such that the reference value is not altered by a power interruption. When power to the circuit is lost and then regained, a second random signature value is created. The second random signature value likely will no longer match the reference value because both the reference value and the second signature are random. When the reference value does not match the signature value, the real-time clock value is considered invalid. User input may be employed to correct the real-time clock value.

Abstract: A descrambler adapted as an integrated circuit (IC) according to one embodiment. The descrambler comprises a control word ladder logic to produce, among other data, a control word to descramble incoming scrambled content. The descrambler further comprises copy protection key ladder logic to recover a copy protection key for encrypting descrambled content before subsequent transmission to a digital device.

Abstract: Methods and apparatuses for securely configuring the identifier information of products. In one aspect, a method of manufacturing a product, includes: establishing a connection between a data processing system and the product while the product is being manufactured; verifying that an initial set of identifier information stored within the product is valid, where a set of identifier information is capable of being used to control distribution of media which is received by the product; providing, in response to validly verifying the initial set of identifier information, a new set of identifier information for storage in the product, where the providing is secured through the verifying of the initial set of identifier information.

Abstract: A system and method is disclosed for providing DRM in a broadcast environment. In accordance with the embodiment, a DRM system distributes encrypted service keys over the mobile telephone network to a mobile terminal. The mobile terminal receives the encrypted service key and uses it to decrypt encrypted content keys received from a DVB set top box. The decrypted content keys are sent to the set box over local link where they are used to decrypt encrypted broadcast content. A power management technique for mobile receivers is also disclosed that enables the receiver hardware to power off during a portion of the rendering process.