Abstract: Mechanisms and techniques allow for the establishment of secure, authenticated packet-based communications sessions between a computer system and a processor, such as a service processor, within a data storage system. The computer system is configured with a connection process connection process that operates under user control and that can establish a first packet communications session to a data communications device such as a router within a first computer network such as a vendor computer network. The connection process connection process can then cause the data communications device to establish a second packet communications session between the data communications device and the processor within the data storage system in a secure, reliable and authenticated manner.

Abstract: Systems, computer program products and methods for authentication using a one-time password. In system that includes a client, a service provider, and an authentication service, the authentication service generates an authentication service identifier for the client. Any suitable identifier may be used for the authentication service identifier, which generally takes the form of an arbitrary number of characters. From the client, the authentication service receives a client moniker (e.g., a username) for the client to use when accessing the authentication service. The authentication service sends a one-time password to the client for the client to use in accessing the service provider.

Abstract: An authentication system for authenticating a mobile information terminal is disclosed.

Abstract: A security system for facilitating transponder carrier identification and tracking within a secure area comprising an RF transponder having a memory in which is stored a unique identifier; the transponder including a transmitter to transmit the unique identifier; a transponder writer operable to send a replacement unique identifier to the transponder, the transponder replacing the identifier in the transponder memory with the replacement identifier; a transponder reader to receive from the transponder at least the unique identifier of the transponder; such that the transponder reader interrogates the transponder and, in response to the interrogation, receives from the transponder at least the unique identifier of the transponder; wherein the location of the transponder is determined from the location of the transponder reader.

Abstract: A method and corresponding tool are described for security policy management in a network comprising a plurality of hosts and at least one configurable policy enforcement point. The method, comprises creating one or more policy templates representing classes of usage control models within the network that are enforceable by configuration of the policy enforcement points; creating one or more policy instances, each based on one of the templates and instantiating the template for identified sets of hosts within the network to which the usage control model is to be applied, deploying the policy instances by generating and providing one or more configuration files for provisioning corresponding policy enforcement points within the network.

Abstract: A method for integrated security roles is presented. An upstream application includes one or more role-mapping requirements that correspond to an upstream security role and a downstream security role. The upstream security role is expanded by adding an upstream security role identifier in a downstream application's role-mapping table or by adding upstream user-to-role mappings to a downstream application's role-mapping table. When an upstream security role is expanded, a user assigned to the upstream security role automatically has access to role-mapped downstream applications.

Abstract: A projector system of the present invention includes a projector 10 and a personal computer PC as an information terminal, which communicate with each other via a network connection. The projector 10 generates a password required for establishment of the network connection and projects the password on a screen SC. A user of the personal computer PC inputs the password projected on the screen SC. The password is used for authentication of the network connection between the projector 10 and the personal computer PC and cipher communication therebetween. This arrangement of the present invention enhances the convenience of the projector that is capable of establishing a network connection with the information terminal, while ensuring secrecy of communicating data.

Abstract: When a user successfully logs into an account, the user is provided with a first-class login token, which entitles the user to one or more unsuccessful login attempts without experiencing delays the user would otherwise experience. If attempts with a second-class login token or an expired first-class login token is impermissible, a subsequent login attempt is subject to delays the user would otherwise not experience. The delays minimize the effectiveness of dictionary attacks. Additionally, if the user attempts to login without a login token or an invalid login token, the login attempt is impermissible and the user is provided with a second-class login token for use in a delayed, subsequent login attempt.

Abstract: Application servers are programmed such that when an application server changes a compromised service key, the compromised key is saved by the application server until all tickets that may have been issued under the compromised key expire. Whenever the application server receives a ticket from a client issued under the compromised key, it generates an authenticator for an error message using the session key extracted from the ticket and sends the error message with this authenticator to the client. Clients are programmed to be able to receive error messages from application servers that have changed their service keys. Because the error messages include an authenticator generated by the application server using the session key extracted from the compromised ticket, the client is able to rely on the error message. The client is able to automatically request a new ticket from a key distribution center in response to a successful authentication of the error message.

Abstract: The executions of computer viruses are analyzed to develop register signatures for the viruses. The register signatures specify the sets of outputs the viruses produce when executed with a given set of inputs. A virus detection system (VDS) (400) holds a database (430) of the register signatures. The VDS (400) selects (710) a file that might contain a computer virus and identifies potential entry points in the file. The VDS (400) uses a virtual machine (422) having an initial state to emulate (714) a relatively small number of instructions at each entry point. While emulating each potential entry point, the VDS builds (716) a register table that tracks the state of a subset of the virtual registers (428). Once the VDS (400) reaches an emulation breakpoint, it analyzes the register table in view of the register signatures to determine whether the file contains a virus.

Abstract: A computer includes a processor, an input device and a read only memory (“ROM”). One or more passwords are flashed in the ROM in encoded form. The encoding process may include any well-known encryption or hash process. The password may include a power-on password usable to change the operating state of the computer and/or an administrator password. Such configuration data preferably also is stored on the ROM in encoded form. The encoded nature of the passwords makes it difficult for an unauthorized entity to gain access to the usable form of the passwords. Further, by storing the passwords and configuration in ROM, such as the computer's main system ROM, it is possible to control write access to the ROM because a computer's ROM can generally only be flashed using SMI code which operates outside the control of the computer's operating system and requires entry of a correct password.

Abstract: A method, system, apparatus, or computer program product is presented for morphing a honeypot system on a dynamic and configurable basis. The morphing honeypot emulates a variety of services while falsely presenting information about potential vulnerabilities within the system that supports the honeypot. The morphing honeypot has the ability to dynamically change its personality or displayed characteristics using a variety of algorithms and a database of known operating system and service vulnerabilities. The morphing honeypot's personality can be changed on a timed or scheduled basis, on the basis of activity that is generated by the presented honeypot personality, or on some other basis.

Abstract: A countermeasure method for a microcontroller that executes sequences of instructions. The instructions are executed according to a pipeline method. At least one waiting time is randomly introduced between two consecutive instructions and/or within at least one instruction. The method is implemented by the electronics of the microcontroller rather than by software addition.

Abstract: A Denial of Service attack received at a network node from a packet data communications network is managed by tracing the path of predominantly malicious data packets arriving at the network node. The attack may be mitigated by selecting a router along the detected path and requesting the router to alter its handling of the data traffic. In one embodiment, the selected router installs a filter for data directed at the network node. In a different embodiment, the router alters a Quality of Service setting for the data directed at the network node. The network node may also request the router to mark all data being forwarded to it, to allow the network to characterize the data and determine to what extent it consists of malicious data.

Abstract: A video signal and an audio signal are time division multiplexed, encrypted, and transmitted. A transmission side time-compresses the audio signal, multiplexes, encrypts, and transmits the time-compressed audio signal in a blanking period of the video signal. Control is performed using an audio signal data enable signal ADE, and an audio signal/video signal switch signal.

Abstract: A method and apparatus is provided in which playable content is transmitted in response to a playable-content request; a key for the playable content is separately transmitted in response to a key request. Quality information about the playable content is used to generate tariff information from which a user charge is derived.

Abstract: To improve security of operations in a communication network such as Internet, a database containing a plurality of icons is stored in the installation program of a browser. When executing the installation program, an icon in the icon database is selected. The selected icon is stored in a storage unit which is inaccessible by any device other than the browser. The selected icon is displayed when executing the browser, and it is assigned a feature to indicate whether the current operation is secure.

Abstract: A robust watermark embedded into a Direct Stream Digital (DSD) audio signal including a flat frequency response in a specific frequency range which does not extend below 20 kHz or above 100 kHz. The watermark is therefore hidden in the noise spectrum of the DSD signal, such that the watermark is inaudible to a listener. Since the noise spectrum contains important information that helps provide the DSD signals with sharp transients and an accurate impulse response, the watermark cannot be removed from the DSD signal without causing significant degradation to the signal's audio quality.

Abstract: A computer-implemented system and method for customizing rules used in data integrity validation operations. A data integrity validation application uses the data integrity validation rules to perform the data integrity validation operations. The data integrity validation rules are stored in a knowledge base which is separate from and external to the data integrity validation application. The separately stored and externally located knowledge base allows customization of the data integrity validation rules without requiring recompilation of the data integrity validation application.

Abstract: Methods and systems for authenticating documents. Document data to be modified to contain authentication is inputted. A representation is determined from the document data. Assist information that is usable to reliably recover a determined representation is determined. A one-way hash of the representation and assist information is determined. The one-way hash is then cryptographically signed. The assist information and digitally signed one-way hash is then appended to the document.