Abstract: The embodiments provides a method for processing data. According to the invention, an elliptic curve with an order m which corresponds to a product of a first cofactor c and a prime number q is provided, wherein the order (q?1) of the multiplicative group of the prime number q corresponds to a product of a second cofactor I and at least two prime divisors s1, . . . , sk, wherein the at least two prime divisors s1, . . . , sk are each greater than a predetermined bound of 2n; and a chosen method is applied to provided data using the provided elliptic curve for providing cryptographically transformed data. The invention enables cryptographically transformed data to be provided while simultaneously minimizing the probability of a successful attack.

Abstract: A system for processing a communication data item. The communication data item is divided into at least two unencrypted packets to be encrypted. Each encrypted packet is generated from a corresponding unencrypted packet. Each unencrypted packet has a packet header and plaintext data. The packet header has an identifier field that includes a packet identifier that is identical for all unencrypted packets. Generating an encrypted packet for each unencrypted packet includes: determining a vector identifier from the identical packet identifier, wherein the vector identifier is associated with the identical packet identifier; ascertaining an initial vector from the vector identifier; and forming an encrypted packet header by inserting the vector identifier into a first portion of the packet header and encrypting a second portion of the packet header through use of the initial vector. The encrypted packets are subsequently decrypted and combined to reconstruct the communication data item.

Abstract: The present invention relates to a method for electronic reauthentication of a communication party (12, 22). The method further relates to a device for electronic reauthentication of a communication party. A basic idea of the present invention is to have a communication party, which employs a service, state two different communication addresses, one being a telephone number, via which the communicating party may authenticate herself to a provider (11, 21) of the service.

Abstract: A method, an apparatus, and a computer program product for enabling verification key handling is disclosed. Said handling is enabled by receiving a verification key including an identifier of the parent verification key of the verification key, wherein the verification key includes a constraint portion, determining whether the constraint portion of the verification key corresponds to the constraint portion of the parent verification key, associating, in case the constraint portion of the verification key corresponds to the constraint portion of the parent verification key, the verification key with a particular state update, and storing the verification key associated with the particular state update.

Abstract: In an embodiment, an apparatus is provided that may include an integrated circuit to be removably communicatively coupled to at least one storage device. The integrated circuit of this embodiment may be capable of encrypting and/or and decrypting, based at least in part upon a first key, data to be, in at least in part, stored in and/or retrieved from, respectively, at least one region of the at least one storage device. The at least one region and a second key may be associated with at least one access privilege authorized, at least in part, by an administrator. The second key may be stored, at least in part, externally to the at least one storage device. The first key may be obtainable, at least in part, based, at least in part, upon at least one operation involving the second key. Of course, many alternatives, modifications, and variations are possible without departing from this embodiment.

Abstract: There is provided an information processing unit enabling reduction of the number of keys to be held by a terminal unit and the amount of calculations necessary for decryption of encrypted data. The information processing unit configures an entire binary tree made up of n-number of leaf nodes, a root node and a plurality of intermediate nodes different from the root node and the leaf nodes and divides the entire tree into a plurality of base subtrees including n1/y number of leaf nodes to form a y-level (y is a divisor of log(n)) hierarchical structure, such that root nodes of the base subtrees at a lower level coincide with leaf nodes of the base subtree at an upper level. Further, it assigns subsets of the terminal units to nodes of the respective base subtrees and generates directed graphs where directed edges connecting coordinate points on a coordinate axis are set.

Abstract: A method for identifying data related to a software security issue is provided. The method includes accessing a software security issue and determining one or more attributes associated with the software security issue. The method also includes accessing aggregated software security data retrieved from a plurality of on-line sources and searching the aggregated software security data for the attributes associated with the security issue. The method further includes associating a portion of the aggregated data with the security issue based on matching the attributes associated with the security issue with contents of the portion of the aggregated data.

Abstract: An access control enforcing system, method, and computer-readable storage medium, the system including an access control enforcing part enforcing an access control for subject information based on access control information, the access control information indicating a control of an access to the subject information in accordance with a security policy. The security policy regulates an access permit to the subject information, a requirement enforced when the access is allowed, and supplement information indicating character information or image information used to enforce the requirement. The access control enforcing part further includes a requirement capability determining part determining whether or not the requirement to execute the access can be executed, the requirement indicated by the access control information.

Abstract: Data scrambling techniques implemented externally to a flash memory device are disclosed which can be used in concert with flash memory on-chip copy functionality operating internally to the flash device, thus supporting high performance copying operations. All the data stored in the flash may be scrambled, including headers and control structures. Robust file system operation may be achieved, including the capability to tolerate a power loss at any time, and yet be able to relocate data internally within the flash without having to de-scramble and then re-scramble the data. An exemplary hardware based solution has little or no impact on overall system performance, and may be implemented at very low incremental cost to increase overall system reliability. The data scrambling technique preferably uses a logical address, such as logical block address or logical page address, rather than a physical address, to determine a seed scrambling key.

Abstract: It relates to an information processing unit, a terminal unit, an information processing method, a key generation method and a program that enable reduction of the number of keys to be held by users and aims at providing an information processing unit capable of generating a directed-graph representing an encryption key generation logic to derive a set-key for encrypting a content or a content-key. The technique relates to a scheme that divides a set of user terminals into some subsets, allocates a set-key and an intermediate-key to each subset, and upon input of an intermediate-key correlated with a subset, outputs the set-key corresponding to the subset and the intermediate-key of the subset associated by the directed-edge. Further, it relates to a technique of replacing the directed-edge in the directed-graph with a shorter directed-edge. The effect of reducing the number of intermediate-keys held by each user is expected from the technique.

Abstract: A method for managing the functionality of a user device is provided that includes storing security information for a secure zone in a user device. The security information for the secure zone includes at least one peripheral associated with the secure zone. Based on the security information for the secure zone, the at least one peripheral associated with the secure zone is automatically disabled when the user device enters the secure zone.

Abstract: A system and method for a distributed multi-processing security gateway establishes a host side session, selects a proxy network address for a server, uses the proxy network address to establish a server side session, receives a data packet, assigns a central processing unit core from a plurality of central processing unit cores in a multi-core processor of the security gateway to process the data packet, processes the data packet according to security policies, and sends the processed data packet. The proxy network address is selected such that a same central processing unit core is assigned to process data packets from the server side session and the host side session. By assigning central processing unit cores in this manner, higher capable security gateways are provided.

Abstract: A system, method, and computer program product are provided for detecting unwanted activity associated with an object, based on an attribute associated with the object. In use, an object is labeled with an attribute of a predetermined behavior based on detection of the predetermined behavior in association with the object. Additionally, unwanted activity associated with the object is detected, utilizing the attribute.

Abstract: A group key update method and a group key update apparatus for updating a key of members in a group are provided. The group key update method includes selecting a sub-root node among nodes on the binary tree; performing a node change with respect to the group according to a type of the sub-root node, and generating a changed binary tree; and performing a node key update with respect to the changed binary tree.

Abstract: Embodiments describe a method and/or system whereby a secret key in a cryptographic system may be replaced without revealing the secret key. One embodiment comprises creating a first private key and corresponding first public key. A second private key associated with the first private key and a second public key corresponding to the second private key are also created. The second private key is output once such that it can be re-created and the second public key is output when outputting the first public key. The first private key is used for authentication. The method further comprises re-creating the second private key; and using the second private key for authentication. Another embodiment comprises creating a private key and corresponding public key with associated system parameter; outputting the system parameter when outputting the public key; and using the private key for authentication. The method may further comprise creating a new private key using the previous key and the system parameter.

Abstract: Techniques are described for use with social networks and associated access information, such as access control lists, indicating which users are allowed to access the social networks. The social networks represent relationships between users. The social networks and access control lists may be represented in a graph which is traversed in connection with performing different operations using the social networks.

Abstract: In an embodiment a secure module is provided that provides access keys to an unsecured system. In an embodiment the secure module may generate passcodes and supply the passcodes to the unsecured system. In an embodiment the access keys are sent to the unsecured system after receiving the passcode from the unsecured system. In an embodiment, after authenticating the passcode, the secure module does not store the passcode in its memory. In an embodiment, the unsecured module requires the access key to execute a set of instructions or another entity. In an embodiment, the unsecured system does not store access keys. In an embodiment, the unsecured system erases the access key once the unsecured system no longer requires the access key. In an embodiment, the unsecured system receives a new passcode to replace the stored passcode after using the stored passcode. Each of these embodiments may be used separately.

Abstract: Software application protection methods and systems for protecting and verifying licensing of an original application. The system reads the original application executable, and generates a shelled application comprising the original application and a shell containing the license information. The shelled application implements license APIs, and establishes secure communications within the shelled application between the original application and the shell. Licensing for the original application can be verified by the shelled application alone.

Abstract: A method, system and computer program product for securing and tracking restricted files stored in a data processing system is provided. The data processing system is connected to a server for sharing information. An entity requesting to access a restricted file is authenticated, based on certain policies defined by a system administrator. Further, the system maintains a log of operations executed on the restricted file, and sends a record of the log to the server.

Abstract: A circuit for generating chaotic signals implemented using heterojunction bipolar transistors (HBTs) and utilized in low probability intercept communications. The HBT chaotic circuit generates truly random analog signals in the GHz range that are non-repeating and deterministic and may not be replicated by preloading a predetermined sequence. A fully differential autonomous chaotic circuit outputs two pairs of chaotic signals to be used in a communication system. As it is impossible to generate identical chaotic signals at the transmitter and receiver sites, the receiver itself sends the chaotic signal to be used for encoding to the transmitter. The receiver includes a chaotic signal generator and digitizes, upconverts, and transmits the generated chaotic signal to the transmitter. The transmitter uses the received chaotic signal to code data to be transmitted. The receiver decodes the transmitted data that is encoded by the chaotic signal to retrieve the transmitted data.