Abstract: If the communication partner of a client node (A1a) is an encryption communication target node (C1), a DNS Proxy unit (A12a) in the client node rewrites a response to a name resolution request for the communication partner node of an application from the actual IP address of the communication partner node to a loopback address that changes depending on the communication partner. On the basis of the destination loopback address of a data packet transmitted from the application, a communication encryption module (A13a) in the client node identifies the communication partner and the encryption communication path to be used for communication with the communication partner. Hence, encryption communication can simultaneously be executed directly with a plurality of communication partner nodes by using the communication encryption module that operates as an independent process.

Abstract: A credential caching system includes receiving a set of authentication credentials, storing the set of authentication credentials in a credential cache memory, wherein the credential cache memory is coupled with a management controller, and supplying the set of authentication credentials for automatic authentication during a reset or reboot. In the event of a security breach, the credential caching system clears the set of authentication credentials from the credential cache memory so that the set of authentication credentials may no longer be used for a reset or reboot.

Abstract: Methods and systems for controlling the distribution of digital content are provided. A license holder acquires protected content and an original digital license to the protected content from a content provider system. The license holder in turn delegates all or part of the grants in that original license to other qualified devices or clients. The content remains in its original, protected or encrypted form while it is delivered from the license holder to the client along with a digital sublicense that the client receives from the original license holder, whereupon the content can then be rendered. The original digital license defines or governs the conditions under which such delegation occurs, and includes terms under which such delegation is permitted to continue in order to enforce the intent of the content provider.

Abstract: Disclosed is a method of providing a completely automated public turing test to tell a computer and a human apart (CAPTCHA) based on image. The method comprises the steps of: storing a plurality of randomly-selected images by session when a request for a web page is received from a user client; providing the web page and a session ID to the user client; generating a test image by mixing the plurality of images when a request for a test image corresponding to the session ID is received from the user client; transmitting the generated test image to the user client; receiving at least one of first identification information inputted by the user about the test image from the user client; and comparing the first identification information with second identification information included in Meta information of the test image.

Abstract: The intrusion detection function monitors for and reports detected intrusion signatures. The dynamic intrusion signatures function determines whether reported intrusion signatures exist in a library of signatures associated with a particular intrusion detection function. If the reported signature does not exist in the library, the library is updated. Detected intrusion signatures are reported to similarly enabled devices for library analysis and updating, if necessary. The related method includes the steps of monitoring for intrusion signatures or other triggering events, analyzing the events and updating IDS signature libraries as necessary.

Abstract: A method and apparatus including units configured to send a request from a first network entity to a user equipment for an identifier and receive a message indicating that a public key is required from the user equipment by the first network entity. The method and apparatus also includes units configured to send, by the first network entity, the public key to the user equipment and receive an encrypted identifier by the first network entity, wherein upon authenticating the public key, the user equipment encrypts at least part of the identifier using the public key, thereby enabling further processing between the network entity and the user equipment.

Abstract: An embodiment of a network manager permits a resource group administrator (with resource group level permissions but without global permissions) to add a global object to his/her resource group as a managed object, without requiring the administrator to have a global permission, as discussed further below. An embodiment of the network manager permits a resource group administrator to also edit the configuration settings that are attached to his/her resource group without requiring the administrator to have a global permission.

Abstract: A multi-level data encoding system is provided that is operable on a computer. The encoding system includes a data input device adapted to input a data set and store the data set in a database. The system further includes an encoder adapted to encode the data set and separate the encoded data set into two files, wherein each character of the data set comprises a unique electronic footprint. Additionally, the system includes a data field adapted to organize the encoded data set for proper decoding, a master file comprising one file of the encoded data set and an overlay file comprising the other file of the encoded data set. The system also includes a decoder adapted to align the overlay file onto the master file to decode the encoded data set.

Abstract: Systems and methods for pre-configuring a media device or other information handling system so as to be authorized to gain access to one or more destination networks. Pre-configuring the device includes determining what admission requirements the destination network providers require for access and then generating and providing to the media device a network admission coupon that includes the required information. In some embodiments this may be accomplished by a service center, which removes the need for additional authentication steps to be performed by the media device or the destination network providers.

Abstract: An authentication device and method of a semiconductor chip which sends and receives authentication information, performs a login process for permitting an input to the semiconductor chip and an output from the semiconductor chip, controls acquisition of the authentication information and controls installation or uninstallation of a loadable program, assignment of a session to the loadable program unit, and use of the loadable program unit based on the session.

Abstract: A device for the secured start-up of a computer installation comprising a first connection interface to the computer installation and a second connection interface to an external data medium unit separate from the computer installation and which contains data and executable codes for a start-up program of the computer installation. The device also includes means for securing the use of data and executable codes and for transmitting data and executable codes of the start-up program from the external data medium unit via the second connection interface to the computer installation via the first connection interface, and after executing the means of security, to start-up the computer installation using transmitted executable codes and data.

Abstract: A computer system for identifying an individual using a biometric characteristic of the individual includes a biometric sensor for generating a first code, and a controller including a memory for storing the first code and a dynamic binary code conversion algorithm. When the controller receives a sensor code from the biometric sensor, it compares the sensor code with the first code stored in the memory, and if the identity between the sensor code and the first code is verified, the controller generates a first binary code by means of the dynamic binary code conversion algorithm and outputs the first binary code from which the computer system generates a second binary code by means of the dynamic binary code conversion algorithm. The computer system then verifies the identity of the individual if the second binary code matches the first binary code.

Abstract: Access to secured services may be controlled based on the proximity of a wireless token to a computing device through which access to the secured services is obtained. An authorized user may be provided access to a service only when a wireless token assigned to the user is in the proximity of the computing device. A user's credential may be stored on an RFID token and an RFID reader may be implemented within a security boundary on the computing device. Thus, the credential may be passed to the security boundary without passing through the computing device via software messages or applications. The security boundary may be provided, in part, by incorporating the RFID reader onto the same chip as a cryptographic processing component. Once the information is received by the RFID reader it may be encrypted within the chip. As a result, the information may never be presented in the clear outside of the chip.

Abstract: Various techniques for software license inventory and asset management are disclosed. A fingerprint may be generated and associated with various copies of software applications installed on a software licensee's computer systems. Upon generation, each fingerprint may be stored in a license information database system along with relevant license information for that copy of the software application. A software inventory tool may then be used to collect fingerprints on installed copies of software applications and provide these fingerprints to the license information database system to obtain the corresponding license information. The output of the software inventory tool may be used by a licensee to comply with software license agreements and/or efficiently allocate information technology resources. Methods and systems that provide and process secured, dynamic and persistent tagging of software deployments and usage are also disclosed.

Abstract: A printing apparatus includes a data reading unit that reads data from a storage device that can store pieces of data, the data reading unit being connectable to the storage device, an input panel that accepts an input a password used to decrypt encrypted data stored in the storage device, a password storing unit that stores the input password, a data decrypting unit that decrypts the encrypted data by using the stored password, a decrypted data storing unit that temporarily stores the decrypted data, and a re-decrypting unit that decrypts other encrypted data stored in the storage device by using the stored password.

Abstract: An information processing apparatus includes a use restriction unit that restricts use of the information processing apparatus based on identification information stored in an identification information storage unit, and a controller. The controller is operable to update the identification information stored in the identification information storage unit, send the updated identification information to a preset mail address, by an E-mail, receive an E-mail, determine whether the received E-mail is an E-mail replying to the sent E-mail, and control the identification information storage unit to store identification information included in the received E-mail as new identification information if the received E-mail is determined to be the E-mail replying to the sent E-mail.

Abstract: Communication and validation of information transfer from a transmitter to a receiver is achieved by generating a cipher (400) from a message m (410) using parameters of an elliptic curve, a generator point P (406) on the elliptic curve and a public key Q (416) of the receiver. The cipher includes a first element that is the product kP of a random number k (404) with the generator point P and a second element that is the product of m and the x-coordinate of the product kQ. The message m is generated from two mathematically independent representations of the information and, optionally, a random number. The cipher is communicated to the receiver and decoded to recover a message m? (502). A validation token (500) is generated by the receiver and passed to the transmitter, which validates communication of the information to the receiver if the product mkQ is equal to the validation token.

Abstract: A method of protecting username/password (U/P) credentials operates on a client computer that cooperates with an anti-phishing scheme that generates a client warning at the client computer when a suspected phishing website issues a U/P request. At the client computer, a set of S fake U/P credentials is generated when the client warning is heeded, or a set of (S?1) fake U/P credentials are derived from a client-supplied U/P credential provided after the client warning is ignored. The client computer then transmits to the suspected phishing website one of (i) the set of S fake U/P credentials, and (ii) the client-supplied U/P credential along with the set of (S?1) fake U/P credentials.

Abstract: Disclosed are embodiments of on-chip identification circuitry. In one embodiment, pairs of conductors (e.g., metal pads, vias, lines) are formed within one or more metallization layers. The distance between the conductors in each pair is predetermined so that, given known across chip line variations, there is a random chance (i.e., an approximately 50/50 chance) of a short. In another embodiment different masks form first conductors (e.g., metal lines separated by varying distances and having different widths) and second conductors (e.g., metal vias separated by varying distances and having equal widths). The first and second conductors alternate across the chip. Due to the different separation distances and widths of the first conductors, the different separation distances of the second conductors and, random mask alignment variations, each first conductor can short to up to two second conductors.

Abstract: In a method for the transition from a first masked representation of a value to be kept secret to a second masked representation of the value, according to a first aspect of the invention at least one previously calculated table with a plurality of entries is used, and the calculation is carried out depending on at least one veiling parameter, in order to prevent the value to be kept secret from being spied out. According to a second aspect of the invention, at least one comparison table is used, which, for each table index, provides the result of a comparison between a value dependent on the table index and a value dependent on at least one masking value. A computer program product and a device have corresponding features. The invention provides a technique for protecting the transition between masked representations of a value from being spied out, wherein the masked representations are based on different masking rules.