Abstract: Provided are an identity (ID)-based encryption and signature method and a terminal that use an ID of a transmitter or a receiver as a part of the filename or the extension of a file transmitted to the receiver by the transmitter. Accordingly, it is possible to enable a user to visually recognize that the file has been provided with security. Also, it is possible to designate an associated program for the extension, and the user can easily decrypt or verify the file through the designated associated program.

Abstract: A data processing apparatus includes processing circuitry and a data store including a plurality of regions including a secure region and a less secure region. The secure region is configured to store sensitive data accessible by the circuitry when operating in a secure domain and not accessible by the circuitry when operating in a less secure domain. The data store includes a plurality of stacks with a secure stack in the secure region. Stack access circuitry is configured to store predetermined processing state to the secure stack. The processing circuitry further comprises fault checking circuitry configured to identify a first fault condition if the data stored in the predetermined relative location is the first value. This provides protection against attacks from the less secure domain, for example performing a function call return from an exception, or an exception return from a function call.

Abstract: A binary application suitable for the .Net framework is disassembled into human readable code. Or, CIL or MSIL code is obtained. The methods are put into a representation indicating which methods of the code call other methods. A source method call chain having a source API and a sink method call chain having a sink API are discerned from the representation. APIs are put into the same format as the methods to allow matching. A method in common between the two call chains indicates that a privacy leak exists. The application is downloaded from a remote server to a computing device where the analysis occurs.

Abstract: A method and system for integrating anti-virus in a clustered storage system. A clustered storage system provides anti-virus scanning with third-party software components. Specifically, the clustered storage system receives a request for data from a client, identifies the data requires scanning and scans the data for viruses with third party software components that have been previously provided by any one of a number of third party software vendors.

Abstract: A data processing apparatus and method are provided for handling exceptions, including processing circuitry configured to perform data processing operations in response to program code, said circuitry including exception control circuitry. A plurality of registers are provided including a first and second subsets of registers, and a data store. The data store includes a secure region and a less secure region, wherein the secure region is for storing data accessible by the processing circuitry when operating in a secure domain and not accessible by the processing circuitry when operating in a less secure domain. The exception control circuitry performs state saving of data from the first subset of registers before triggering the processing circuitry to perform an exception handling routine corresponding to the exception. Where background processing was performed by the processing circuitry in the secure domain, the exception control circuitry performs additional state saving of the data.

Abstract: A method and apparatus are described for performing cipher communication in a wireless local area network system. A pseudo noise (PN) code sequence for a plaintext Medium Access Control (MAC) protocol data unit (MPDU) is obtained. An additional authentication data (AAD) is constructed by using at least one field in a header of the plaintext MPDU. A Nonce is constructed from the PN code sequence, an Address 2 field in the header of the plaintext MPDU and a Priority field in the header of the plaintext MPDU. A counter mode (CTR) is generated with cipher block chaining (CBC)-MAC Protocol (CCMP) header. Encrypted data and Message Integrity Code (MIC) are generated by using a temporal key, the AAD, and the Nonce. An encrypted MPDU is generated to be transmitted to a peer station by combining the plaintext MPDU header, the CCMP header, the encrypted data and the MIC.

Abstract: A method of communicating with a computing device having a trusted security zone comprises mapping a unique identifier for a computing device with a trust zone access control (TZAC) address, composing a message comprising the trust zone access control address, and routing the message to the computing device based on the unique identifier. The computing device comprises a normal security zone and a trusted security zone that is separate from the normal security zone, and the trust zone access control address is a unique identifier associated with a hardware component of the trusted security zone within the computing device. The message is internally routed to the trusted security zone within the computing device using on the trust zone access control address.

Abstract: Techniques for managing secure data transfer, including firmware updates and/or cryptographic keys, may be provided. For example, a portable device may be provided that includes at least a first memory configured to store data associated with secure firmware updates while the device is interacting with a second device. In some examples, a network connection with a third device may be established. The data associated with the firmware update may be received from the third device by utilizing the established network connection. Further, in some examples, the received data may be stored in the first memory only while the first device is interacting with the second device. The portable device may also enable a firmware update of the second device based at least in part on the data stored in the first memory.

Abstract: A device is described for forming a signature from an input signal (input). According to the present invention, a plurality of transformation elements is provided, each having a finite-state machine, to which, on the input end, in each case the input signal (input) and/or a signal (input?), that is a function of the input signal, is able to be fed, all the finite-state machines are similar and are configured in such a way, particularly able to be initialized, that each finite-state machine always respectively has a different state than do all the other finite-state machines, and the signature is formable as a function of state data of at least one finite-state machine.

Abstract: The subject authentication scheme encompasses a large family of authentication systems which may be built over existing transmission systems. By superimposing a carefully designed secret modulation on the waveforms, authentication is added to the signal without requiring additional bandwidth. The authentication information (tag signal) is sent concurrently with data (message signal). The authentication is designed to be stealthy to the uninformed user, robust to interference, and secure for identity verification. The tradeoffs between these three goals are identified and analyzed. The use of the authentication for channel estimation is also considered, and improved bit errors are demonstrated for time-varying channels. With a long enough authentication code word an authentication system is achieved with very slight data degradation. Additionally, by treating the authentication tag as a sequence of pilot symbols, the data recovery may be improved by the aware receiver.

Abstract: The invention relates to a module to be included onboard the equipment of a telecommunication network and comprising: a database storing at least search field values including URL addresses, at least some of said URL addresses being stored in an encrypted form, encryption means capable of encrypting a piece of information received by the module in order to allow an information search in the database by comparison with the encrypted search field values.

Abstract: Processing circuitry can operate in a secure domain and a less secure domain. In response to an initial exception from background processing performed by the processing circuitry, state saving of data from a first subset of registers is performed by exception control circuitry before triggering an exception handling routine, while the exception handling routine has responsibility for performing state saving of data from a second subset of registers. In response to a first exception causing a transition from the secure domain from a less secure domain, where the background processing was in the less secure domain, the exception control circuitry performs additional state saving of data from the second set of registers before triggering the exception handling routine. In response to a tail-chained exception causing a transition from the secure domain to the less secure domain, the exception handling routine is triggered without performing an additional state saving.

Abstract: Security techniques and security mechanisms for wireless networks that transmit content such as advertisements. According to exemplary techniques, control messages comprising unrequested content (e.g., advertisement data) may be transmitted in response to a request from a client device, while in other exemplary techniques the control messages may be transmitted without any request from a client device. In some exemplary implementations, security mechanisms such as public key cryptography algorithms may be used to secure transmissions. In some of these techniques which implement public key cryptography, a user may be required to retrieve a public key from a source other than the wireless access point transmitting encrypted advertisements (e.g., a sign or terminal in a commercial entity transmitting such advertisements, or from a web service), such that the user may confirm that the encrypted content is from a source matching the retrieved public key and thus confirm the authenticity of a wireless access point.

Abstract: Techniques for secure transparent switching between modes of a virtual private network (VPN) are provided. A principal, via a client, establishes a VPN session in a first mode of operation with a server. The principal subsequently requests a second mode of operation during the same VPN session. The VPN session is transparently transitioned to the second mode of operation without any interaction being required on the part of the principal and without terminating the original VPN session.

Abstract: Systems and methods for storing data and retrieving data from a smart storage device is provided, where smart storage includes processing capabilities along with the ability to store information. In one aspect, a method includes detecting via bidirectional settings one or more capabilities of rules enforcement logic associated with a storage device and selecting a set of criteria and policies to be downloaded from a host or a management server that are to be downloaded onto the storage device. This includes dynamically generating conditional context aware policies syntax based on user settings or network policy and downloading a set of policies onto the storage device for future policy enforcement.

Abstract: A media recording device automatically records selected broadcast programs according to categories specified by the user, without requiring the user to specify in advance which programs are to be recorded. The recorded programs are then presented to the user for selection, and the selected programs may be played back immediately or saved for later playback. Each broadcast program may be allocated a priority, and the device may decide which programs to record or delete according to their relative priority. For each broadcast program, a corresponding visibility period may be specified, during which the program can be selected for playback and is not deleted. There may be a delay between the broadcast of the program and the beginning of its visibility period. An expiry time may be specified for each program, after which the program is deleted. There may be a delay between the end of the visibility period and the expiry time.

Abstract: A system comprises a movie clip environment in which a movie clip object is defined, and a native application that is external to the movie clip environment. The native application renders an image to an off-screen surface of the system. A composition manager is responsive to communications from the movie clip object to control where the off-screen surface is to be rendered on a display screen. The composition manager may be responsive to communications from the movie clip object to direct the native application to control one or more properties of the image of the off-screen surface.

Abstract: Secure communication of information over a wireless link with apparatus including a blade management module and a plurality of blade servers, the blade servers connected for data communications with the blade management module through at least one wired link, the blade servers also connected for data communications with the blade management module through at least one wireless link, including sharing an encryption key between the blade management module and one or more of the blade servers only through the at least one wired link connecting the blade management module to the one or more blade servers; encrypting information by the blade management module with the encryption key; transmitting the encrypted information by the blade management module to the one or more blade servers through the at least one wireless link; and decrypting the encrypted information by the blade server with the encryption key.

Abstract: Disclosed are various embodiments for recovery and other management functions relating to security credentials which may be centrally managed. Account data, which includes multiple security credentials for multiple network sites for a user, is stored by a service in an encrypted form. A request for the account data is obtained from a client. The request specifies a security credential for accessing the account data. The account data is sent to the client in response to determining that the client corresponds to a preauthorized client and in response to determining that the security credential for accessing the account data is valid.

Abstract: A short-range communication tag includes a transmitter, a clock circuit providing a clock value and a memory containing a unique identification value. The tag further includes a processor which generates encryption keys with a period of K seconds and combines the unique identification value with the encryption key, according to a predetermined encryption method, to generate an obfuscated unique identification value. The tag further includes a short-range transmitter to transmit the tag identification value.