Abstract: Provided an intermittent characteristic-based demand-side resource coordination control method and system. The method includes: receiving a control request, where the control request is used for requesting control of demand-side resources having an intermittent characteristic; determining a target total control quantity of demand-side resources; determining a coordination strategy of multiple demand-side resources and an action quantity of each of the multiple demand-side resources; and performing coordinated control on the multiple demand-side resources based on the target total control quantity of demand-side resources, the coordination strategy, and the action quantity of each of the multiple demand-side resources.

Abstract: A method of and apparatus for executing a cryptographic cipher is described. The method includes acts of receiving a first finite field of data and key value represented by a first encryption standard including a first and second operation, transforming the first finite field of data and key value into a second finite field of data and key value represented by a second encryption standard, transforming the first operation and the second operation into a first modified operation and a second modified operation represented by the second encryption standard, executing the first modified operation on the second finite field of data and key value to generate a third finite field of data, executing the second modified operation on the third finite field of data to generate a fourth finite field of data, which is transformed into a fifth finite field of data represented by the first encryption standard.

Abstract: A Demand Response (DR) physical potential evaluation method for a feeder line is provided, which includes that: a load curve of a part to be identified in a load curve of a feeder line to be evaluated is acquired; a load database is created on the basis of a historical load curve of loads of predefined types; load types and total number of the loads to be identified are determined on the basis of the load curve of the part to be identified and the load database; a physical potential of the loads of each of the types is acquired according to the load types of the loads to be identified; and an overall aggregated physical potential of the loads to be identified is obtained according to the physical potential of the loads of each of the types and a number of the loads of each of the types.

Abstract: A method of and apparatus for executing a cryptographic cipher is described. The method includes acts of receiving a first finite field of data and key value represented by a first encryption standard including a first and second operation, transforming the first finite field of data and key value into a second finite field of data and key value represented by a second encryption standard, transforming the first operation and the second operation into a first modified operation and a second modified operation represented by the second encryption standard, executing the first modified operation on the second finite field of data and key value to generate a third finite field of data, executing the second modified operation on the third finite field of data to generate a fourth finite field of data, which is transformed into a fifth finite field of data represented by the first encryption standard.

Abstract: A Demand Response (DR) physical potential evaluation method for a feeder line is provided, which includes that: a load curve of a part to be identified in a load curve of a feeder line to be evaluated is acquired; a load database is created on the basis of a historical load curve of loads of predefined types; load types and total number of the loads to be identified are determined on the basis of the load curve of the part to be identified and the load database; a physical potential of the loads of each of the types is acquired according to the load types of the loads to be identified; and an overall aggregated physical potential of the loads to be identified is obtained according to the physical potential of the loads of each of the types and a number of the loads of each of the types.

Abstract: A software trusted platform module (sTPM) operates in a hypervisor, receives trust assurances from specialized hardware, and extends this trust such that the hypervisor performs trust attestation. The hypervisor receives a startup sequence validation from a TPM, or Trusted Platform Module. The TPM performs bus monitoring during a boot sequence of the computer system, records the startup sequence from the bus, and performs a hash on the sequence. The TPM performs an authentication exchange with the hypervisor such that the hypervisor authenticates the attestation of the computer system from the TPM, and the hypervisor, now delegated with trust assurances from the TPM, provides assurances to users via an authentication chain. The ATCB then performs the attestation of the computer system according to the attestation protocol much faster than the TPM. In this manner, the hypervisor operates as a software delegate of the TPM for providing user assurances of trust.

Abstract: Example embodiments of the present invention relate to a system, apparatus and methods for preserving the integrity of a code to prevent it from being modified, maliciously or inadvertently, while it is in execution in the RAM of a computer platform. This method also may be referred to as code hardening. Code to be hardened in example embodiments of the present invention may be referred to as protected code. Example embodiments of the present invention are able to externally detect unauthorized stoppage of the hypervisor by employing (1) a launch-time metric of the protected code; (2) a run-time metric of the protected code; and (3) a liveliness indicator of the protected code.

Abstract: Methods and apparatus are disclosed for managing access to data in a data storage system. For example, an apparatus comprises at least one processing platform associated with a distributed virtual infrastructure. The processing platform comprises at least one processing device having a processor coupled to a memory. The processing platform is operative to instantiate a meta data management process that is configured to provide at least one client process with information to allow the client process to perform one or more operations in accordance with one or more data storage devices through a storage area network. The information provided to the client process may comprise one or more data block descriptors. Each of the one or more data block descriptors may comprise path information for at least one of the data storage devices and an offset address in the at least one data storage device.

Abstract: A method is described by which the possessor of a secret certified in a particular manner can prove to a party with which the possessor of a secret needs to interact that it does indeed possess a secret formed in the proper manner. In the context of trusted computing apparatus, this can be used to show that the secret has been provided by a legitimate manufacturer of such apparatus. A method and an architecture for revocation operable in this context is also described.

Abstract: Conventional network technology is based on processing metadata in the head part of a network packet (e.g., addresses and context tags). In cloud computing, resources have dynamic properties of on-demand elasticity, trans-datacenter distribution, location motion, and tenant-defining arbitrary network topology. Conventional static networks can no longer satisfy these dynamic properties of IT provisioning. Provided is a network virtualization technology—“NVI”. The NVI technology achieves de-coupling between a logical network and the underlying physical network provided through cloud resources. Network control can be implemented on vNICs of VMs in the network. On NVI, a cloud tenant can construct a firewalled logic and virtual private network to protect rental IT infrastructure in global trans-datacenter distributions.

Abstract: A data processing system is described wherein use of resources in the system is metered. Metering evidence is generated which is difficult to forge and is, thus, relatively resistant to tampering. Such a system finds application, for example, in the field of metering the amount of time a person spends reading advertisement that are published on the World Wide Web. If reliable, such metering evidence may be used by the owner of the web server that contains the advertisement to bill the originator of the advertisement.

Abstract: Systems and methods for securing a virtual machine are disclosed. Various embodiments of the systems and methods disclosed herein allow provisioning a trusted and secure computing environment to a user. Various embodiments enable securing a virtual machine during multiple states, such as during run time, construction time and rest time. In one embodiment, a virtualization infrastructure for securing a virtual machine includes a trusted computing base and a proxy virtual machine running on the virtualization infrastructure as a proxy of the trusted computing base, the trusted computing base being configured to cryptographically verify the proxy virtual machine to be authentic and to prevent unauthorized access to the proxy virtual machine. The proxy virtual machine may be configured to compute an exit state measurement of the virtual machine and to use the exit state measurement to prevent an unauthorized entry of the virtual machine into the virtualization infrastructure.

Abstract: Methods and apparatus are disclosed for managing access to data in a data storage system. For example, an apparatus comprises at least one processing platform associated with a distributed virtual infrastructure. The processing platform comprises at least one processing device having a processor coupled to a memory. The processing platform is operative to instantiate a meta data management process that is configured to provide at least one client process with information to allow the client process to perform one or more operations in accordance with one or more data storage devices through a storage area network. The information provided to the client process may comprise one or more data block descriptors. Each of the one or more data block descriptors may comprise path information for at least one of the data storage devices and an offset address in the at least one data storage device.

Abstract: Example embodiments of the present invention relate to a system, apparatus and methods for preserving the integrity of a code to prevent it from being modified, maliciously or inadvertently, while it is in execution in the RAM of a computer platform. This method also may be referred to as code hardening. Code to be hardened in example embodiments of the present invention may be referred to as protected code. Example embodiments of the present invention are able to externally detect unauthorized stoppage of the hypervisor by employing (1) a launch-time metric of the protected code; (2) a run-time metric of the protected code; and (3) a liveliness indicator of the protected code.

Abstract: A software trusted platform module (sTPM) operates in a hypervisor, receives trust assurances from specialized hardware, and extends this trust such that the hypervisor performs trust attestation. The hypervisor receives a startup sequence validation from a TPM, or Trusted Platform Module. The TPM performs bus monitoring during a boot sequence of the computer system, records the startup sequence from the bus, and performs a hash on the sequence. The TPM performs an authentication exchange with the hypervisor such that the hypervisor authenticates the attestation of the computer system from the TPM, and the hypervisor, now delegated with trust assurances from the TPM, provides assurances to users via an authentication chain. The ATCB then performs the attestation of the computer system according to the attestation protocol much faster than the TPM. In this manner, the hypervisor operates as a software delegate of the TPM for providing user assurances of trust.

Abstract: A method is described by which the possessor of a secret certified in a particular manner can prove to a party with which the possessor of a secret needs to interact that it does indeed possess a secret formed in the proper manner. In the context of trusted computing apparatus, this can be used to show that the secret has been provided by a legitimate manufacturer of such apparatus. A method and an architecture for revocation operable in this context is also described.

Abstract: A computing entity has an associated static public/private key-pair formed by a static private key comprising a secret, and a static public key comprising both a first element and that element combined with the secret. The secret is stored in higher-security storage provided, for example, by a smartcard. A short-term private key is provided for use by a computing entity in effecting cryptographic operations during an operational period. This short-term private key is generated, independently of any pending cryptographic operations, by mapping a string to a second element and multiplying that element by said secret, the first and second elements being such that a computable bilinear map exists for these elements. The short-term private key is stored in lower-security storage in the computing entity for a limited period that encompasses the operational period in respect of which the key was generated.

Abstract: A method, apparatus and program are provided by which an entity signs and encrypts an input string using particular instances of a private signature-generation function of a signature trapdoor one-way function pair, and a public encryption function of an encryption trapdoor one-way function pair. As an initial step, the input string is used to form a message string that the entity knows is unique in the context of use by the entity of the particular instances of the signature-generation and encryption functions. Thereafter, a message-recoverable encoding scheme is applied to the message string to form a unique data string that is then subject to the private signature-generation function to produce a signature string. The signature string is in turn subject to the public encryption function to obtain a ciphertext string. Semantic security is achieved without the need to generate a quality random number.

Abstract: A method of exchanging digital public-key verification data whereby a first computing entity (102) enables a second computing entity (104) to obtain probabilistic evidence that a given public-key number n is the product of exactly two odd primes p and q, not known to the second party, whose bit lengths (l(p), l(q)) differ by not more than d bits. The method provides an efficient proof of knowledge protocol for demonstrating Monte-Carlo evidence that a number n is the product of two odd primes of roughly equal size. The evidence is shown “in the dark”, which means that the structure is verified without the prime factors of n disclosed. The cost of a proof amounts to 12klog2 n multiplications of integers of size of n where k is the number of the iterations in the proof and relates to an error probability bounded by max(½k, 24/n1/4).

Abstract: A system and method for automatically registering new articles on a database (110). The system automatically produces in the database a code for each article registered in the database. The system includes the database storing data on articles; at least one terminal unit (2) for exchanging data with the database via an electronic communications network (3); a searching module (160) for searching for data on articles in the database; a registering module (120) for registering new articles on the database; a checking module (130) for checking whether the data input on the database are valid; a coding rule setting module (140) for setting rules of coding articles registered in the database; and a coding module (150) for coding the new articles. The articles recorded in the database are classified into different classes of at least one level. The coding rules are set according to the classes of the new articles.