Abstract: A method and apparatus are provided for dynamically configuring authorized clients with the address of a protected host and the key and address of an intermediate device (e.g., encrypting firewall, encrypting router, secure gateway) which is protecting a number of hosts on a private network located topologically behind that intermediate device. The registered name server for a domain is configured to return a new resource record type, herein called an SX record, in response to requests for information needed for secure communications with protected hosts in that domain. The resolver on (or otherwise associated with) the authorized client is configured to use the data in the SX record to dynamically update the information used by the client to handle secure communications.

Abstract: A method for digitally signing a message by a tamper-resistant device to generate a digital signature. The method includes the step of hashing the message to form message bits; and encrypting with a private key the message bits, redundancy bits for the security of the signature, and auditing bits to form the digital signature for the message. The auditing bits provide an audit trail for the message. The auditing bits include one or more of the following categories: signature-packet version bits to identify the version of the device generating the signature; device ID bits to identify the token generating the digital signature; key ID bits to identify the private key; a packet-sequence number, which increments every time the device generates a signature to indicate the sequence of signatures generated; bits generated by hashing the prior signature to provide an auditing trail of signatures generated and a time-stamp to indicate the time when the signature is generated.

Abstract: A computer-implemented method and apparatus electronically represent and quantify the security of a system as a logical tree structure including leaf nodes representing attacks against the system and intermediate nodes representing various logical combinations of attacks necessary to mount a successful overall attack. An indication of the overall security of the system is quantified in a value of a root node of the tree. The values of the various nodes can be Boolean or continuous, representing simple binary security attributes such as feasible/infeasible or more complicated attributes such as cost, time or probability. The nodes' attributes and values can also represent defenses as well as attacks. The attack trees can be used to calculate the cost, time or probability of an attack to list the security assumptions of a system, to compare competing systems, to evaluate system modifications, to perform security subsystem analysis, to allocate a security budget, and for many other uses.

Abstract: The present invention is a method, apparatus and computer program product for discovering the nodes and other network information of a computer network (the target network) from a device or node that is not part of the target network (the discovery node) when the discovery node uses a different network protocol than the target network. The invention involves identifying one or more additional nodes (the target nodes) that have access to network information about the target network and with whom the discovery node can communicate. This target network information can include the identification of nodes which are present on the network, the topology of the network, the services provided by the network or by the nodes on the network, status information as the network changes such as information about network and node events or alarms, etc.

Abstract: A method and apparatus is disclosed for providing a secure wireless communication link between a mobile nomadic device and a base computing unit. A mobile sends a host certificate (Cert.sub.-- Mobile) to the base along with a randomly chosen challenge value (CH1) and a list of supported shared key algorithms ("SKCS"). The base determines if the Cert.sub.-- Mobile is valid. If the Cert.sub.-- Mobile is not valid, then the base unit rejects the connection attempt. The base then sends a Cert.sub.-- Base, random number (RN1) encrypted in mobile's public key and an identifier for the chosen SKCS to the mobile. The base saves the RN1 value and adds the CH1 value and the chosen SKCS to messages sent to the base. The mobile unit then validates the Cert.sub.-- Base, and if the certificate is valid, the mobile verifies under the public key of the base (Pub.sub.-- Base) the signature on the message.