Abstract: The present invention provides a method and system for secure access to computer equipment. An embodiment includes a secure access controller connected to a link between a transceiver (such as a modem) and the computer equipment. Public and private keys are used by the secure access controller and a remote user. The keys are provided to the secure access controller by an authentication server. Once the transceiver establishes a communication link with the user, the access controller uses these keys to authenticate packets issued by the user to the computer equipment. If the packet is authenticated, the access controller passes the packet to the computer equipment. Otherwise, the packet is discarded. Another embodiment includes a secure access controller having a plurality of ports for connection to a plurality of different pieces of computer equipment. The secure access controller thus intermediates communications between the modem and the plurality of different pieces of computer equipment.

Abstract: A console-based multi-user authentication process allows multiple users of a game console to be authenticated together in a single request/reply exchange with an authentication entity. The results of which is the possession of a single ticket that can be used to prove authenticity of multiple authentication principals to one or more online services. Also described is a handshake process that can be used to initially establish an authentication account for each game console, in which the account creation server can trust that a genuine game console is making the request.

Abstract: The present invention is directed to a data processing apparatus adapted for performing scramble processing of transmit data, which comprises cyclic code generating means for generating cyclic bit data train of a predetermined period, EXOR operation means for sequentially performing EXOR operation of the cyclic bit data train with respect to the transmit data to output scramble-processed data, data generating means for generating bit data of a predetermined pattern, and switching means supplied with the scramble-processed data and the bit data of the predetermined pattern generated by the data generating means to select the bit data of the predetermined pattern at the time of synchronization processing of the transmit data, and to select the scramble-processed data when synchronization processing of transmit data is not performed to output the data thus selected as scrambler output data.

Abstract: To detect an attack of a network connection, detection of a message containing a sequence number that is within a valid sequence number range is performed, where the message is intended to cause reset of the network connection. The message is dropped, and a counter is incremented to track a number of occurrences of receiving the message in response to detecting that the sequence number in the message is within the valid sequence number range.

Abstract: Early detection of computer viruses is provided by collecting information about suspicious messages and generating virus outbreak information. In one embodiment, a method comprises receiving the virus outbreak information that has been determined by receiving message information for messages that have characteristics associated with computer viruses, wherein the messages were determined by a virus-check component as not comprising a virus, and mapping the message information received in a specified time period to the virus outbreak information; and when the virus outbreak information indicates initiation of a virus attack, performing a message flow control action for additional messages that have the same characteristics associated with computer viruses as the first messages. As a result, a messaging gateway can suspend delivery of messages early in a virus outbreak, providing sufficient time for updating an anti-virus checker that can strip virus code from the messages.

Abstract: A method for controlling consumption of resources by a packet destination involves receiving a plurality of packets from a network, identifying the packet destination consuming greater than a pre-determined amount of resources to process the plurality of packets, analyzing each of the plurality of packets by a classifier to determine to which of a plurality of temporary data structures each of the plurality of packet is forwarded, forwarding each of the plurality of packets to one of the plurality of temporary data structures as determined by the classifier, requesting a number of packets from the one of the plurality of temporary data structures associated with the packet destination by the virtual serialization queue, wherein the number of packets is limited by an attack control parameter associated with the virtual serialization queue, and forwarding the number of packets to the virtual serialization queue.

Abstract: A method of authenticating an object by sensing coded data provided on or in a surface associated with the object. The coded data is indicative of an identity of the object and, at least part of a signature, the signature being a digital signature of at least part of the identity. The method includes using the sensed coded data to determine a sensed identity and a sensed signature part. The sensed identity is then used to determine at least a determined signature part, which is then compared to the sensed signature part, with the object being authenticated using the results of the comparison.

Abstract: Computer-implemented methods, apparati, and computer-readable media for thwarting computer attacks. A method embodiment of the present invention comprises the steps of examining (52) a digital certificate (20) presented by a server computer (2); compiling (53) a set of suspicion indications (31) gleaned from said examining step (52); feeding (54) said suspicion indications (31) to a trustworthiness calculation engine (30); and outputting from said engine (30) a trustworthiness factor (32) that determines whether SSL stripping is to be used (57) on communications with said server computer (2).

Abstract: An authenticated user is provided with page information relating to a service to be provided, such as a service for ordering products. In the invention, the authenticated user is provided with page information in either a first or second form, wherein in the first form the page information includes an entry field for coupon information and in the second form the page information does not include the entry field for the coupon information. When coupon information input in the entry field is received, a determination is made whether or not the coupon information is valid. The number of times that the coupon information is determined to be invalid is counted and stored in association with the authenticated user. When the counted number does not exceed a predetermined value, the user is provided with the page information in the first form, while the page information is provided in the second form when the counted number exceeds the predetermined value.

Abstract: Methods and systems are provided for secure switching of a roaming wireless terminal. The system includes a network having a plurality of access points for communicating with a wireless terminal. The network includes a first access point configured to couple with the wireless terminal, and a second access point configured to couple with the wireless terminal. The first access point is further configured to generate a first authentication information with the wireless terminal, and connect the wireless terminal with the network upon an authentication of the wireless terminal based on the first authentication information. The first access point is further configured to transmit the first authentication information to the second access point via the network upon the authentication of the wireless terminal. The second access point is further configured to connect the wireless terminal with the network using the first authentication information.

Abstract: Methods, systems and computer products are provided for preventing display of sensitive information. Displayed information may be designated as sensitive information and may be covered from display on a computer screen display by an opaque covering. The sensitive information covering may be removed to expose the underlying information in response to minimal user action. Uncovered sensitive information may be automatically re-covered according to a number of triggering mechanisms.

Abstract: A method for controlling a denial of service attack involves receiving a plurality of packets from a network, identifying an attacking host based on a severity level of the denial of service attack from the network, wherein the attacking host is identified by an identifying attack characteristic associated with one of the plurality of packets associated with the attacking host, analyzing each of the plurality of packets by a classifier to determine to which of a plurality of temporary data structures each of the plurality of packet is forwarded, forwarding each of the plurality of packets associated with the identifying attack characteristic to one of the plurality of temporary data structures matching the severity level of the denial of service attack as determined by the classifier, requesting a number of packets from the one of the plurality of temporary data structures matching the severity level by the virtual serialization queue, and forwarding the number of packets to the virtual serialization queue.

Abstract: In general, embodiments of the present invention provide protection for anti-malware software programs (also referred to herein as anti-malware) that is in addition to the protection that currently exists. In particular, instead of only protecting anti-malware programs from malware attacks by attempting to detect the malware software programs (also referred to herein as malware) before they can accomplish their malicious task, embodiments of the present invention obfuscate, or hide, the anti-malware and/or files associated with the anti-malware. Obfuscating files makes it difficult for malware to locate the information needed to accomplish its malware tasks. Additionally, because obfuscation makes file location difficult, malware that attempts to overcome this protection technique will likely include or use a detection engine.

Abstract: The present invention includes a system and method for translating potential malware devices into safe program code. The potential malware is translated from any one of a number of different types of source languages, including, but not limited to, native CPU program code, platform independent .NET byte code, scripting program code, and the like. Then the translated program code is compiled into program code that may be understood and executed by the native CPU. Before and/or during execution, the present invention causes a scanner to search for potential malware stored in memory. If malware is not detected, the computing device causes the CPU to execute the translated program code. However, execution and/or analysis of potential malware may be interrupted if computer memory that stores potential malware is altered during execution. In this instance, the potential malware now stored in memory is translated into safe program code before being executed.

Abstract: A first device is automatically authorized to participate in a secure network by associating the first device with network access information in a machine-accessible format that can serve as a basis for the authorization. The network access information may be presented to a machine code reader in communication with a second device participating in the secure network. Upon the network access information being presented to the reader, the second device authorizes the first device associated with the identifier to participate in the secure network. Alternatively, the network access information may be registered with an authorization database in which the network access information is associated with a network identifier or an identifier representing a user associated with the secure network. The second device is signaled, by means of a signal button or comparable act, to access the authorization database to verify the first device is authorized to participate in the network.

Abstract: In a wireless communication system, a method and system for hardware accelerator for implementing the f8 confidentiality algorithm in WCDMA compliant handsets are provided. Input variables may be initialized in a keystream generator and an intermediate value may be generated with a confidentiality key parameter and a key modifier. The number of processing blocks of output bits may be based on the length of the input bitstream. The processing blocks of output bits may be generated utilizing a KASUMI operation and may be based on an immediately previous processing block of output bits, the intermediate value, and an indication of the current processing block of output bits. The processing blocks of output bits may be generated after an indication that an immediately previous processing block of output bits is available. The keystream generator may indicate when a first and any additional processing blocks of output bits have been determined.

Abstract: Systems and methods configured for recoding an odd integer and elliptic curve point multiplication are disclosed, having general utility and also specific application to elliptic curve point multiplication and cryptosystems. In one implementation, the recoding is performed by converting an odd integer k into a binary representation. The binary representation could be, for example, coefficients for powers of two representing the odd integer. The binary representation is then configured as comb bit-columns, wherein every bit-column is a signed odd integer. Another implementation applies this recoding method and discloses a variation of comb methods that computes elliptic curve point multiplication more efficiently and with less saved points than known comb methods. The disclosed point multiplication methods are then modified to be Simple Power Analysis (SPA)-resistant.

Abstract: A networked system includes multiple information handling systems (IHSs) that store personal user information such as name and contact information. The networked system automatically updates personal user information when one IHS communicates with another IHS. A first IHS stores personal user information associated with a first IHS user. A second IHS also stores the first user's personal information. The first IHS sends a first user information update to the second IHS if the first IHS determines that the first user information on the second IHS is not current. A digital certificate accompanies the update to indicate the authenticity of the information update to the second IHS.

Abstract: A secure communication method is performed in a system including a terminal device and an authentication server. The terminal device has at least one service process supplying a service to other terminal devices and a user authentication process performing authentication of a user, which processes run on the terminal device. The authentication server has an encryption key of the service process, registered therein in advance. The secure communication method includes the steps of generating a secret key used for achieving secure communication between the service process and the user authentication process by the authentication server, the generation being performed independently of the user authentication process; and encrypting the generated secret key with the encryption key of the service process to transmit the encrypted secret key to the service process by the authentication server.

Abstract: The encryption/decryption device includes: a data structure analysis block for receiving encrypted data or data to be encrypted and outputting control data and also the encrypted data or the data to be encrypted as processing block input data; a data control block for determining a mode selection signal according to the control data; and a shared processing block for performing encryption or decryption for the processing block input data and outputting the result. The shared processing block is configured to have the ability to perform encryption and decryption in either of the CBC mode and the CFB mode by performing ECB processing using input key data, and performs encryption or decryption in the mode indicated by the mode selection signal.