Abstract: A method and system for managing security information for a domain of computer systems is provided. The security system displays security information for a selected security object, such as a user or a computer system. The security system initially retrieves security information that includes security specifications that each has the identification of an entity, a resource, and an access right for the selected security object. The security system then displays an identification of the entity and the resource along with the access right for each security specification. When the security information is stored in a security store (i.e., the main security store) by resource and, for each resource, the entities that have access rights to that resource, the security system may use an auxiliary security store to facilitate the retrieval of the security information.

Abstract: A cryptosystem includes an encrypting device, a communication path, and a decrypting arithmetic device. Key generation means in the encrypting device generate a public key {g1, g2} as random numbers respectively including the power of (p?1) and the power of (q?1) and decrypt a message m using the Fermat's little theorem and the Chinese remainder theorem. This makes it possible to suggest an extremely simple cryptosystem, which is simplified by reducing the amount of computations for encryption and decryption and enables encryption and decryption by simple calculations, while maintaining a security equivalent to the RSA encryption scheme.

Abstract: The invention relates to security for computer systems and a method for protecting computer systems, particularly those employing an encryption for the protection of sensitive information. A cryptographic algorithm is implemented in the protected system using Boolean operations and arithmetic operations wherein at least one variable is separated into several parts, in a Boolean separation using a Boolean operation, and in an arithmetic separation using an arithmetic operation. In order to switch from one of the operations to the other, a predetermined number of Boolean and arithmetic operations is performed on the parts and at least one random number, so that for each of the values appearing during the operation, there is no correlation with the variable.

Abstract: A method and apparatus for directing a client to establish a secure connection with a server across a public network. The server and the client exchange a Server Authentication Public Key, a Client Authentication Public Key, and a Remote Service Unique Identifier (RSUID) during a registration process. In one embodiment, the method includes the client transmitting to the server a client information package having the RSUID and a client challenge information package encrypted with the Server Authentication Public Key, the client receiving from the server a server information package having the RSUID and a server challenge information package and a portion of the received client challenge information encrypted with the Client Authentication Public Key, the client decrypting and verifying the server challenge information package with the Client Authentication Private Key, and, the client transmitting to the server an encrypted portion of the received client challenge information.