Abstract: An apparatus, system, computer-readable medium, and method to facilitate quick transition of communications of a mobile station between network stations of a radio communication system, such as a WLAN operable to a variant of an IEEE 802 operating specification, is provided. Implementations of embodiments described herein reduce the transition duration by a pre-keying mechanism that performs authentication procedures prior to commencement of reassociation procedures. In other embodiments, a mobile station is allowed to select whether to perform pre-keying processes over an air interface with a target transition access point or whether to perform the pre-keying processes over a distribution system.

Abstract: An encryption processor, for storing encrypted data in a memory chip of a memory card, includes a FIFO memory for sequentially outputting m-bit data in response to a first signal, and an encryption key generator for generating m-bit encrypted keys (m being a positive integer) in response to a second signal and for sequentially outputting the keys in response to a third signal. A logic operator performs a logic operation on the data from the FIFO memory with the keys from the encryption key generator during a data write operation to sequentially encrypt the data. The logic operator performs a logic operation on the encrypted data received from a memory interface with the keys output from the encryption key generator during a data read operation in order to sequentially decode the encrypted data. The second signal is simultaneously generated with one of the write command or the read command.

Abstract: A secure gateway includes a TLS server for authenticating connecting devices, a connection manager for routing requests from the TLS server to service provider adapters, and a key management system for providing key management functions, wherein when a device provides a manufacturing certificate to one or more servers of the gateway, servers identify the device as authentic by validating that the manufacturing certificate provided is signed by the same root that has signed the servers its own certificate.

Abstract: A method for dependent trust in a computer system is provided. In this method, trust dependency relationships are defined among components of the computer system, specifying, for a component, which components it relies on in ensuring the integrity or confidentiality of its code or data. Subsequently, trust dependencies are resolved and the results are used in performing certain operations described in Trusted Computing Group standards including generating an attestation reply, sealing data, and unsealing data. In addition, methods for computing an integrity measurement for a Core Root of Trust for Measurement of a trust-dependent component are included. A system for dependent trust in a computer system is also described.

Abstract: A file attachment processing method and system. The method comprises generating by a first computing system, a configurable list comprising valid computer file types for computer files. The valid computer file types for the computer files comprising a low risk for comprising computer viruses. The first computing system comprises a memory device. The first computing system stores the configurable list in the memory device. The first computing system receives a computer file comprising a first file type. The first computing system compares the first file type to the list to determine if the first file type comprises a valid file type from the first list.

Abstract: A method, apparatus and system enable access control and intrusion detection on encrypted data. Specifically, application data on a node may be routed to a partition on the computing platform. The partition may utilize Direct Memory Access (“DMA”) to access session key stored in system memory of a host operating system on the platform. The partition may thereafter utilize the session key to perform intrusion detection on encrypted data from the application running under the host operating system. Other embodiments may be described and claimed.

Abstract: A user authentication system collects measurements of physical and/or behavioral characteristics of a user. The measurements are processed by two or more processing engines to produce initial confidence measures, and a unified confidence measure is prepared from weighted inputs including the initial confidence measures.

Abstract: System renewability message data is transmitted to set top boxes, or other devices, using a protocol such as an MPEG-2 Systems type transport protocol. The system renewability message data is incorporated by a content provider or distributor directly into a MPEG-type transport packet stream. A data structure within a transport multiplex carries information pertinent to the system renewability message data. A plurality of packets is selected from the MPEG-type transport stream wherein the packets include data corresponding to identities of a plurality of devices that are unauthorized for the use of content. Each packet comprises an identifier that is referenced from a transport stream description table. The data from the plurality of packets is processed whereupon use of the content is prevented in accordance with the data.

Abstract: A method, system and device for deterring spam on a communication medium are disclosed. The method includes detecting a call with a device for accessing the communication medium, wherein calls thereon include Internet Protocol traffic. The device includes an interface for allowing a user of to flag the call as a spam call (e.g., SPIT, SPIM, etc). Upon the flag, a signaling message associated with the call is accessed. The signaling message is stored as information relating to spam call sources. Upon detecting a subsequent call, a signaling message associated with the subsequent call is compared with the information relating to spam call sources. Upon a match between the signaling message associated with the subsequent call and the information relating to spam call sources, the subsequent call is blocked.

Abstract: A method and apparatus for providing conditional access to media programs is described. An exemplary method comprising the steps of transmitting media information encrypted according to a control word (CW) to a receiver station, transmitting entitlement management information (EMI) to the receiver station, the EMI comprising a service bitmap, and transmitting entitlement control information (ECI) to the receiver station, the entitlement control information including the control word (CW) encrypted according to a key (K) and an index to an element of the service bitmap, wherein the control word (CW) is decrypted by the receiver stations according to a value of the indexed element of the service bitmap.

Abstract: A retail environment having retail terminals with data entry point devices selectively encrypts input received by the data entry point devices and passes the encrypted data to a security module. The selective encryption is based on whether or not sensitive or confidential information, such as a personal identification number (PIN) associated with a debit card, is being input. To prevent hacking of the software of the retail terminal, content destined for display on the retail terminal is authenticated prior to display. In this manner, the retail terminal may be assured that confidential information is input only when desired, and thus may be encrypted only as needed.

Abstract: A computer-implemented device provides security events from publishers to subscribers. There is provided a message bus, configured to contain a plurality of security events. Also provided is a receiver unit, responsive to a plurality of publishers, to receive the plurality of security events from the publishers. There is also a queue unit, responsive to receipt of the security events, to queue the plurality of security events in the message bus. Also, there is a transport unit, responsive to the security events in the message bus, to transport the plurality of security events in the message bus to a plurality of subscribers.

Abstract: A credential security support provider (Cred SSP) is provided that enables any application to securely delegate a user's credentials from the client, via client side Security Support Provider (SSP) software, to a target server, via server side SSP software in a networked computing environment. The Cred SSP of the invention provides a secure solution that is based in part upon a set of policies, including a default policy that is secure against a broad range of attacks, which are used to control and restrict the delegation of user credentials from a client to a server. The policies can be for any type of user credentials and the different policies are designed to mitigate a broad range of attacks so that appropriate delegation can occur for given delegation circumstances, network conditions, trust levels, etc. Additionally, only a trusted subsystem, e.g.

Abstract: A method for controlling subsidy locking of a handset device includes storing, in a handset device, an asymmetrically digitally signed subsidy unlock data block that has been modified based on a password after signing (505); modifying the stored unlock data block based on a received subsidy unlock password (510); and granting subsidy unlock status if the asymmetric digital signature of the modified, stored unlock data block properly verifies (510). A method (110) for controlling subsidy locking of a handset device includes storing, in the handset device, an asymmetrically digitally signed subsidy unlock data block that comprises a password portion that has been modified after signing (112); replacing the contents of the modified password portion with a received subsidy unlock password to produce an updated subsidy unlock data block (116); and granting subsidy unlock status if the asymmetric digital signature of the updated subsidy unlock data block properly verifies (118).

Abstract: Disclosed are a method, a system and a computer program for scrolling to an arbitrary position in a set of unfetched rows of data in a relational database. Each of the rows has a plurality of columns and a class value in each of the columns. Also, each column of the set of rows of data has class values for a specified data class, and the rows ore ordered in the set according to a given sequence of these classes. The method of this invention, preferably, comprises the steps of identifying one of the rows in the database, and finding that one of the rows by identifying the given sequence of data classes by which the rows are ordered in the database, and for each of the data classes in the given sequence, determining the class value for the data class in the identified one of the rows. These rows may be ordered for purposes of a query in the database.

Abstract: Disclosed herein are apparatuses and methods for generating pseudorandom numbers by making the existing ANSI and FIPS PRNGs forward secure and eliminating the need for re-keying them. A forward secure ANSI PRNG is created which includes an enhanced block cipher that is non-invertible even if the key becomes known and a function of the block cipher used in the existing ANSI PRNG. Additionally, the forward secure ANSI PRNG includes an enhanced next state that allows previous states to remain secret even when the key and the current state become known. A forward secure FIPS PRNG is created which includes a computation of an enhanced next state that is noninvertible.

Abstract: A computer-implemented system and method for configuring and operating a white-box cipher is disclosed. In one implementation, the system employs a method for configuring pseudorandom data derived from a key to perform key-scheduling functionality associated with rounds of the cipher. Additionally, the system employs a method for generating white-box executable code, wherein the code hides the pseudorandom data by incorporating it into mathematical operations performed during execution of the rounds. Accordingly, the cipher is suited for white-box applications managing digital rights, such as decoding audio, video and other content.