Abstract: This document discusses, among other things, applying network policy at a network device. In an example embodiment fiber channel hard zoning information may be received that indicates whether a fiber channel frame is permitted to be communicated between two fiber channel ports. Some example embodiments include identifying a media access control addresses associated with the fiber channel ports. An example embodiment may include generating one or more access control entries based on the fiber channel identifications of the fiber channel ports and the zoning information. The access control entries may be distributes to an Ethernet port to be inserted into an existing access control list and used to enforce a zoning policy upon fiber channel over Ethernet frames.

Abstract: In the disclosed method, users are provided with sets of authentication codes, each set includes a secret, a private key container and a matching public key container, the private and public key container are generated from respectively a first string including a domain name of an authentication server system and a PKI private key and a second string including the same domain name and a matching PKI public key. Upon receipt on the authentication server system of the first strings as a result of a first user reading the respective private key container, an action definition procedure is performed in which the first user is requested to enter a secret of the same set of authentication codes. If a check returns a positive result, the first user can define a set of actions to be performed upon receipt of the second string belonging to the same set of authentication codes.

Abstract: A method operational on a receiver device for exchanging and/or generating security keys is provided. A first encrypted master key Km is received at the receiver device from a transmitter device, the first encrypted master key Km secured by a receiver public key Kpub-rx. The first encrypted master key Km may be decrypted with a receiver private key Kpri-rx to obtain the master key Km. The master key Km may be encrypted using a block cipher that applies a receiver secret key Kh to obtain a second encrypted master key.

Abstract: Embodiments relate generally to systems and methods for providing access to a trusted security zone container within a trusted security zone of a mobile device. An application may receive trusted service manager validation data from a trusted service manager. The application may also receive a trusted security zone master key, wherein the trusted security zone master key provides access to a plurality of trusted security zone containers within the trusted security zone. The application may hash the trusted service manager validation data with the trusted security zone master key. The application may generate the trusted security zone sub key based on hashing to access one or more containers. One or more signal may be transmitted to provision the set of one or more trusted security zone containers with the trusted security zone sub key. The application may provide the sub key to the trusted service manager to access a container.

Abstract: Aspects of the invention relate generally to validating array bounds in an API emulator. More specifically, an OpenGL (or OpenGL ES) emulator may examine each array accessed by a 3D graphic program. If the program requests information outside of an array, the emulator may return an error when the graphic is drawn. However, when the user (here, a programmer) queries the value of the array, the correct value (or the value provided by the programmer) may be returned. In another example, the emulator may examine index buffers which contain the indices of the elements on the other arrays to access. If the program requests a value which is not within the range, the emulator may return an error when the graphic is drawn. Again, when the programmer queries the value of the array, the correct value (or the value provided by the programmer) may be returned.

Abstract: A data encryption method, adapted to a node computing device in a cloud server system comprises following steps. A primary data is received. A dimension of an encrypted matrix is computed. An encryption length is computed, and data segments matching the encryption length are extracted from the primary data sequentially according to the encryption length. A plurality of encrypted segments is obtained by encrypting the extracted data segments respectively through the encrypted matrix.

Abstract: An apparatus, a method, and a computer program product of a wireless device are provided in which a first device identifier of a wireless device is provided. An allocation record is received that includes an expression used for discovery, a second device identifier, and at least one of a digital signature of a first server that delegates the expression or a digital signature of a second server that manages the expression. The allocation record is verified. An apparatus, a method, and a computer program product of a first server are provided in which a device identifier is received from a wireless device. An allocation record is generated that includes an expression used for discovery, the device identifier, and at least one of a digital signature of the first server or a digital signature of a second server that manages the expression. The allocation record is sent.

Abstract: A system for filtering a digital signal transmitted in a protocol featuring multi-level packetization from a first server to a second server. The first server is coupled to the second server via a one-way data link. The system includes a filter having an input for receiving the digital signal and an output. The filter is configured to analyze the digital video signal and determine whether the digital signal violates one or more predetermined criteria. The filter may be within the first server, or alternatively, within the second server. The predetermined criteria may be unauthorized security level information included within metadata transmitted with the digital video signal. The predetermined criteria may also be format information that, when not conformed to, indicates potential malware or other bad content included within the digital video signal. The filter provides low data transfer latency and/or decoupling of data filter latency from data transfer latency.

Abstract: A SIP adaptor modifies the format of a session initiation protocol (SIP) message. A SIP message in a first format is received by the SIP adaptor from a first SIP server that is based on the first message format. The SIP adaptor modifies the SIP message to a second format and forwards the modified SIP message to a second SIP server that is based on the second message format. By modifying SIP messages, the SIP adaptor allows communications sessions to be established between clients of SIP servers that utilize dissimilar SIP message formats.