Abstract: Enabling a client computer to perform an operation is disclosed. Login information is received from a client computer. The login information is confirmed by querying a trusted agent on the client computer.

Abstract: An electronic device (1640) includes a non-volatile store (1620) holding a plurality of encrypted sub-applications (SubApp n), and application-specific identifications (ASIDs) to respectively identify the encrypted sub-applications (SubApp n), and at least one wrapper having a representation of code to call (2220) a function (KPPA2) and supply a said application-specific identification (ASID) to the called function (KPPA2) to determine a storage location (UU) and access (2250) the storage location (UU) for contents and to call (2260) for decryption of the encrypted sub-application (SubApp n) using the contents of the storage location (UU) as a key; and a processor (1660) coupled to said non-volatile store (1620) and operable to access the representation of code and execute the code (2220, 2260). Various electronic devices, information products, processes of manufacture, and apparatus are disclosed and claimed.

Abstract: Various embodiments of methods and apparatuses for managing authentication key contexts are described herein. In various embodiments, the methods and apparatuses include selective purging of authentication key contexts of supplicants even if their authentication keys have not expired.

Abstract: A method and apparatus for authenticated recoverable key distribution are described. In one embodiment, an application key is provided to an integrated chip platform. In one embodiment, the integrated chip platform encrypts the application key with a Key Encryption Key, which is stored within the persistent memory on the platform, and outputs a ChipID and the encrypted application key to enable recovery. In one embodiment, the platform can provide the ChipID to a recovery database to replace a lost encrypted application key. In one embodiment, the ChipID is the public key of a public/private key pair, and the application key is provided to the integrated chip platform by encrypting it using this public key. In one embodiment, the ChipID and the Key Encryption Key are derived from a secret random number programmed into the integrated chip. Other embodiments are described and claimed.

Abstract: A system for obfuscating data across an enterprise, comprising a rule evaluator; an active rule editor; and an active rule editor repository; wherein the rule evaluator evaluates active rules and optimizes its behavior based on both user-specified guidance and properties learned during system execution; wherein the active rule editor provides functionality for specifying, examining, maintaining, simulating and testing active rule behavior and for documenting rules that are bound to any named and typed data spaces of the enterprise that are accessible through connectors to the data systems of the enterprise; and wherein the active rule editor and repository provide functionality for promoting a candidate rule to an active rule and managing the rule in its active state. A method for obfuscating data across an enterprise using the system described above.

Abstract: A transmitting node produces synchronization data to be inserted into plain text and encrypts the thus generated data into multi-valued data so as to transmit the data. The synchronization data indicates the position of a running key used for encryption. A receiving node decrypts a signal including the synchronization data using the running key and detects the synchronization data from the signal to confirm synchronization of the running key between transmitting and receiving nodes. Then, the receiving node transmits a synchronization confirmation signal to the transmitting node. If the transmitting node does not receive the synchronization confirmation signal, it determines that synchronization of the running key is shifted, and re-synchronization is performed. To perform re-synchronization, a running key ahead of the position of the running key associated with synchronization data that has been stored is generated.

Abstract: Methods for cryptographic synchronization of data packets. A roll-over counter (ROC) value is periodically appended to and transmitted with a data packet when a function of the packet sequence number equals a predetermined value. The ROC effectively synchronizes the cryptographic transformation of the data packets. Although the disclosed methods are generally applicable to many transmission protocols, they are particularly adaptable for use in systems wherein the data packets are transmitted to a receiver using the Secure Real-Time Transport Protocol (SRTP) as defined in Internet Engineering Task Force (IETF) Request for Comments (RFC) 3711.

Abstract: Various embodiments of methods and apparatuses for managing authentication key contexts are described herein. In various embodiments, the methods and apparatuses include purging an authentication key context of a supplicant after handing off the supplicant, even the authentication key has not expired.