Abstract: A method for encoding a connection between a base (2) and a mobile part (1), and a computer program product is povided. The method comprises generating a key agreed to by the base (2) and the mobile part (1) during a first connection, wherein the key comprises an index assigned by the base during the first connection, and b) using the generated key for a second connection between the base (2) and the mobile part (1), wherein the data to be transferred between the base (2) and the mobile part (1) are identified and encoded using the index assigned to the key. The security of wireless data transfer is thus increased in a simple and low-cost manner.

Abstract: A computer-implemented method for looking up anti-malware metadata may include identifying a plurality of executable objects to be scanned for malware before execution. The computer-implemented method may also include, for each executable object within the plurality of executable objects, assessing an imminence of execution of the executable object. The computer-implemented method may further include prioritizing, based on the assessments, a retrieval order for anti-malware metadata corresponding to the plurality of executable objects. The computer-implemented method may additionally include retrieving anti-malware metadata corresponding to an executable object within the plurality of executable objects based on the retrieval order. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method and system for accessing to a network through public equipment are provided. The method includes: after an access service node (ASN) receives a network access request message from a user on public equipment, the ASN sending the network access request message to an authentication center (AC), wherein, the network access request message comprises at least the user's account and password; the AC verifying validity of the account and the password, if the verification is passed, sending the user's access identifier (AID) to the ASN; and after the ASN receives the user's AID, the ASN sending the user's AID to the public equipment, the public equipment taking the user's AID as a virtual AID and using the virtual AID to send and receive user's messages. By the present invention, users who access to the network through the public equipment can be tracked and traced effectively.

Abstract: A control entity communicates with an entity to be controlled so as to effect a control, a secret key being associated with the control entity. These entities share public parameters, a second public parameter being a combination of a first public parameter of the said plurality with the secret key. At the level of the entity to be controlled, a random value is generated, a first message is transmitted to the control entity, this first message comprising at least one value obtained by combining the first public parameter with the random value; and a second message is transmitted to the control entity, this second message comprising at least one value obtained by combining the first random value, a secret key of the entity to be controlled and a value received from the control entity. One of the values included in the first or the second message is based on the second public parameter.

Abstract: An information processing system includes a first information processing device and a second information processing device. The first information processing device stores a first object group and an additional access control policies. The second information processing device stores access control policies applied to each of second objects. The additional access control policies indicate a changed object group for the each first object. The changed object group is a group of second objects whose access control policy is same as that of the first object. When the second information device obtains an operation request for the first object, the second information device accesses the additional access control policy and determines the changed object group. The second information system judges whether or not the operation request is feasible for the changed object group based on the access control policy, and determines whether or not the target first object is processed.

Abstract: An encryption/decryption method comprises by using a generalized Feistel structure in which data is divided into n pieces and mixing processing with key data is performed, diffusion processing, in which data transformation via linear operation is executed, is performed at least once between rounds of the generalized Feistel structure, wherein. As the diffusion processing, linear transformation is performed in which each of n pieces of output data is operated on by two or more pieces of input data. The method is adapted for encryption or decryption.

Abstract: Methods and systems for mediating between first and second network security policies, by: (1) mapping a first security policy to a generic second security policy, and (2) mapping the generic second security policy to a plurality of rules each associated with a target network security policy.

Abstract: In accordance with one or more aspects, a storage volume is transformed into an encrypted storage volume or an unencrypted storage volume using a multi-phase process. One or more parts of the storage volume that have not yet been transformed are identified, and one or more parts of the storage volume that are allocated for use are identified. In a first phase of the multi-phase process, one or more parts of the storage volume that have not yet been transformed and that are allocated for use are transformed. In a second phase of the multi-phase process, after the first phase is finished, one or more parts of the storage volume that have not yet been transformed and are not allocated for use are transformed.

Abstract: Provided are devices, methods, systems, computer readable storage media for tokenizing data. In some examples, credit card numbers are tokenized using a pre-generated token map and absent the use of a networked database that stores a relatively large quantity of credit card numbers in a central location. The token map may be generated by a token map generator such that the token map can be used by a tokenizer to replace a portion of an account number with a token, and by a detokenizer to replace the token with the original portion of the account number. A pre-parser and parser may also be used to locate an account number and/or token in a message received over a network.

Abstract: A method of implementing a block cipher algorithm by a device storing a fixed initialization datum includes determining, before execution of a first iteration of the algorithm in the course of a session, a modified initialization datum by way of a determined function supplied as input with the fixed initialization datum and a state value specific to the session. The state value may be stored in the device. The modified initialization datum may be used to implement the first iteration of the algorithm.

Abstract: Undesirable electronic messages, such as the unsolicited broadcast e-mail known as spam, is not only a nuisance, but wastes both computer and user resources. Conversely, desirable electronic messages with sensitive content is important to secure, so that it is not forged, tampered or revealed. Accordingly, the present invention provides cryptographic methods that simultaneously secures electronic communication and helps fight spam.

Abstract: This invention relates to the veracity of information displayed to a user of a computer, and information provided to a computer by human input devices such as mice and keyboards. A digital video guard (DVG) device is a peripheral that is retrofitted to commodity computer devices. The DVG resides in-line with a digital display and enables secure end-to-end interactions between a user and a displayed (usually remote) application. In-band signalling within the digital video stream is used to carry encrypted information from a local or remote source, over untrusted network infrastructure through the digital video guard device to a user. The DVG decrypts and verifies the integrity of the digital video. The integrity of the displayed information is indicated by a trusted LED on the DVG hardware. Portions of the video signal may be designated as trusted, if the received data has been encrypted, signed, or labelled as trustworthy.

Abstract: A method is provided for generating on-demand cryptographic keys in a vehicle-to-vehicle communication system. At least one unique identifier is obtained relating to a user of the vehicle. The host vehicle generates cryptographic keys for encrypting, decrypting, and authenticating secured messages between the host vehicle and at least one remote vehicle in the vehicle-to-vehicle communication system. The cryptographic keys are generated as a function of the at least one unique identifier. A respective cryptographic key used to decrypt or encrypt messages communicated between the host vehicle and the at least one remote entity is temporarily stored in a memory device of the host vehicle. The host vehicle utilizes the respective cryptographic key to decrypt or encrypt a secure message transmitted between the host vehicle and the remote vehicle.

Abstract: A method for realizing an authentication center (AC) and an authentication system are disclosed. The method comprises: a UE sends an authentication request to an AC and applies for temporary authentication information, the AC assigns a first authentication random code to the UE, then the UE calculates a first response code and sends it to the AC, the AC assigns the temporary authentication information to the UE after authentication and authorization; the UE sends a login request to the application system (AS) which assigns a second authentication random code to the UE, and the UE uses it and the temporary authentication information to calculate a second response code, and sends this code to the AS; the AS sends the second response code to the AC for authentication and authorization; the AC returns the authentication result to the AS which in turn returns the authentication result to the UE.

Abstract: Systems and methods allow service-to-device mapping by which services are mapped onto best-suited smart items selected from a plurality of smart items of a sensor network. As part of the mapping, and/or subsequent thereto, a deployment of the service(s) onto the smart items is initiated. However, in some cases, the deployment may fail, or may only partially succeed. In such cases, one or more conditions of the deployment may be altered to obtain a modified, allowable deployment condition, so that the deployment may then proceed. As a result, users may achieve a desired result in a fast, convenient, and reliable manner, even when executing the deployment remotely or automatically.

Abstract: A program comprises a functional block. The functional block is encrypted, additional code is added to the program and a protected program is generated that is executable only in the presence of a predetermined license in a computer system which comprises a protection module for protection against unauthorized execution of the protected program. If the encrypted functional block is to be executed, the additional code is executed. If a license is present, the additional code and/or the protection module causes decryption of the functional block, allows execution of the decrypted functional block, and upon completion of execution of the functional block, causes removal of the decrypted functional block from the working memory.

Abstract: Provided is an information processing apparatus including a communication unit for communication with an external apparatus, an operating system running unit for running first and second operating systems, the first for communication via a first communication path under a first communication protocol, and the second for communication via a second communication path under a second communication protocol. The apparatus includes a storage including first and second data areas for the operating systems, and a shared area for both operating systems. A first encryption key is stored in the first area for first protocol communication. The first operating system encrypts the communication via the first path by the first key, acquires, from the external apparatus via the first path, a second encryption key for second protocol communication, and stores the second key into the shared area. The second operating system transfers the second key to the second data area.

Abstract: A method of detecting a fault attack during a cryptographic operation using at least one look-up table including a plurality of sub-tables each having a same number of values of a fixed bit length, a fixed relation existing between values at same locations in each sub-table, the method including: performing a load operation to retrieve from the look-up table data values from a same location in each sub-table; verifying that the fixed relation exists between at least two of the data values; and generating an output signal based on the verification.

Abstract: A method for data cryptographic processing, that is implemented by an electronic entity and includes the conversion of input data (M?i?1), masked by an input mask (X), into output data, the conversion using a conversion table (S), and the method including the following steps: for at least one plurality of possible values (A) for the input mask (X), transferring the output value of the conversion table (S) corresponding to the masked input data (M?i?1) converted by the application of an unmasking operation using the possible value (A), into a table (T) at a position corresponding to a determined value (0) masked by the input mask (X) and converted by the application of an unmasking operation using the possible value (A); determining the output data using the value located in the table (T) at the position corresponding to the determined value (0).

Abstract: A system creates a trusted group of devices for single sign on. The trusted group is a set of two or more devices which can communicate securely to exchange information about the states of the devices. The two or more devices can arrange or establish the trusted group through the exchange of credentials or authentication information. After the establishment of the trusted group, the two or more devices may communicate through a secure connection established between the members of the trusted group. Each device may then execute normally and may encounter events that change the status of the device. Information about the locking or unlocking of the computer can be exchanged with the other members of the trusted group and the other members may also lock or unlock in concert.