Abstract: The present invention relates to a method for providing content in a communication system. The method comprises encoding content to a first part and a second part. Furthermore, the method comprises protecting the second part of the content against unauthorised use. Furthermore, the method comprises transmitting the content to user equipment associated with an identity module. The present invention relates also to a method for obtaining content in user equipment in a communication system. The method comprises receiving content encoded to a first layer and a protected second layer. Furthermore, the method comprises requesting for opening the protection of the second layer, receiving opening means and opening the protection of the second layer using the opening means interacting with an identity module associated with the user equipment. Furthermore, a network element and user equipment are configured to execute the method.

Abstract: The present invention addresses the previous of lack of subscriber identity tracking and management for residential broadband lines and provides customized access and enhanced IP services for a subscriber's household members (virtual user domain) and his/her circle of extended families, relatives, and friends (multiple virtual user domains). Rather than treating a broadband link as a single connection with a single set of services and quality constraints, the present invention enables the subscriber to create multiple user profiles per broadband link; tailor activities such as web services to a specific user and group profile; provide restricted access to minors (e.g. allow only age appropriate content to be viewed); and facilitate connection at multiple access points on a carrier's edge network.

Abstract: A new method and framework for scheduling receive-side processing of data streams received from a remote requesting client by a multiprocessor system computer is disclosed. The method receives data packets from the remote requesting client via a network and, for each data packet, applies a cryptographically secure hashing function to portions of the received data packet yielding a hash value. The method further applies the hash value to a processor selection policy to identify a processor in the multiprocessor system as a selected processor to perform receive-side processing of the data packet. The method queues the received data packet for processing by the selected processor and invokes a procedure call to initiate processing of the data packet.

Abstract: The present disclosure is associated with a user requesting access to the software option associated with a machine, a remote facility receiving the request, authorizing access to the software option, and sending an enabling signal to enable the software. The enabling signal (e.g., a software key) may then be used to access and use the software option. An intermediary may be used to authenticate the enabling signal.

Abstract: Methods, systems, and products are disclosed for detecting encrypted packet streams. One method notes an observable parameter of an encrypted stream of packets. The parameter is observable despite encryption obscuring the contents of the encrypted stream of packets. The type of data within the encrypted stream of packets is inferred from the observable parameter, wherein, despite the encryption, the type of data within the encrypted stream of packets may be inferred.

Abstract: The techniques and mechanisms described herein are directed to a taint mechanism. An object-based command declares a taint directive for a parameter within a command declaration. The taint directive is then associated with that parameter in a manner such that when an engine processes the command, the engine determines whether to process the command based on the taint directive and input for the parameter. The taint directive may specify that the input may be tainted or untainted. The command declaration may also include a taint parameter that specifies a taint characteristic for output from the command. The taint characteristic may be tainted, untainted, or propagated. Any type of object may become tainted. An untaint process may be applied to tainted data to obtain untainted data if an authorization check performed by the engine is successful.

Abstract: A method and apparatus for registering auto-configured network addresses includes receiving first data at a networking device connected to a host at a physical connection. The first data is received from a first server and indicates authentication information associated with the host. A first message is received at the networking device from the host. The first message requests configuration information and includes a logical network address for the host determined at least in part by the host. A second message is generated based on the first message and the first data. The second message is sent to a second server that registers the host by associating the logical network address with the first data.

Abstract: A system for licensing a computational component in a distributed processing network is provided. The system includes a licensing provider 100 that is spatially remote from the computational component 154 and is operable to: (a) assign a private and public key pair to the computational component 154; (b) create a digital certificate 308 for the computational component 154, the digital certificate 308 being signed with a private key of the licensing provider 100, the licensing provider's private key being different from the computational component's private key 312; (c) create a license file 176 to be installed on the computational component; and (d) transmit the license file 176 and the computational component's signed digital certificate 308 and private key 312 to the computational component 154.

Abstract: A method and apparatus for associating session ticket includes a ticketing authority server. The ticketing authority server receives a ticket generation request and information about a client node. It identifies a master session ticket associated in a storage element with the client node. The ticketing authority server then generates a derivative session ticket for the client node and associates the derivative session ticket with the master session ticket. Finally, the ticketing authority server stores information about the client node and the derivative session ticket in the storage element.

Abstract: A method and apparatus for secure storage of data by using redundant keys is provided. The method includes encrypting a data set by using a master key, which can be encrypted by different sync keys. Sync keys can be generated by different supervisor cards. Thereafter, the encrypted master key and the encrypted data set can be stored in a memory. Further, credentials stored in one of the supervisor cards can be encrypted and transferred to other supervisor cards, to provide redundancy of supervisor cards.

Abstract: A disk drive according to the invention has a processor for executing a program for identifying harmful computer code (HCC). A communication protocol with the host computer according to the invention provides means for the host to control the HCC detection process, receive information about the HCC detection from the disk drive and preferably for the HCC detection program to be transmitted to the disk drive. In a preferred embodiment a disk drive has a scanning program for scanning data for harmful computer code (HCC) using a set of HCC signatures. In one embodiment, the disk drive has means for communicating with a controlling host computer which implements the HCC protocol and a user computer which does not implement the HCC protocol, to allow the user computer to be protected from HCC in a transparent way.

Abstract: A system, method and computer program product for detection of epidemics caused by malware programs or computer viruses. Detection of local and global epidemics is performed automatically. A source of an epidemic is calculated and analyzed based on collected statistics. A spread of the epidemic is predicted and an accurate prognosis referring to the time frame and to geographical areas of the epidemic spread is made. The prognosis is made based on a calculated value of “connection strength” coefficient. The connection strength coefficient reflects a volume of information exchange (i.e., a number and a quality of connection channels) between the countries. An epidemic is detected in its infancy and its spread is monitored in time and propagation across different countries. Then, effective security and protection measures can be invoked in a timely manner.

Abstract: Methods, apparatus, system and computer program are provided for concealing the identity of a network device transmitting a datagram having a network layer header. A unique local identifier and broadcast address are determined in accordance with a next-hop address. A partially encrypted network layer header is determined by encrypting a plurality of identifying portions of the network layer header, where one portion of the network layer header is the unique local identifier. The datagram is encapsulated with another network layer header whose address is set to the broadcast address. The encapsulated datagram can be received and detunneled, and an address of a recipient can be extracted from the network layer header. The datagram is then admitted into a network domain.

Abstract: Provided is a method for delivering all or part of a rights object (RO) of a user associated with the content to other users. The method includes creating a rights object to be transmitted to a second user within a limit of the rights object held by the first user, and forwarding the created rights object to the second user. The method allows each user to share its own RO with other users within the limit of the RO without server authentication.

Abstract: An authorization method includes establishing a password for a user, wherein the password includes password characters in a defined order. The method further includes assigning a code character to each of the password characters at an authorization site, transmitting the code characters assigned to the password characters to a remote client and authorizing a user at the remote client upon entry of the code characters corresponding to the password characters in the defined order.

Abstract: Improved system and approaches for permitting users of different organizations to access secured files (e.g., documents) are disclosed. These users can be part of a group that is shared across a plurality of file security systems. For example, at a first file security system, a user of the shared group can secure a file for restricted access by those users within the shared group. Subsequently, at a different file security system, another user of the shared group is able to access the content of the secured file.

Abstract: A computer readable medium includes executable instructions to audit data migration. The executable instructions include instructions to define a data migration path from a source to a target. Audit points are specified within the data migration path. Audit statistics to be generated at the audit points are identified. The audit statistics including data corresponding to individual data values transmitted over the data migration path. Audit rules to be applied against the audit statistics are established.

Abstract: A system, method and computer program product for scanning an executable file for malware presence, the method comprising: (a) detecting an attempt to execute a file on a computer; (b) identifying whether the file is known or unknown; (c) if the file is a known file, performing a signature malware check; (d) if the file is an unknown file, performing risk analysis and risk assessment for the file; (e) based on the risk analysis and the risk assessment, identifying which malware detection algorithms need to be used for the file, in addition to signature detection; (f) performing the malware detection algorithms on the file; and (g) if no malware is detected, permitting execution of the file. The risk analysis is based on file source, file origin, file path, file size, whether the file is digitally signed, whether the file is a download utility, whether the file is packed, whether the file was received from a CDROM.

Abstract: A method for inline intrusion detection includes receiving a packet at a network gateway, storing the packet, and assigning an identifier to the packet. The method also includes transmitting a copy of the packet and the identifier from the network gateway to an intrusion detection system and analyzing the copy of the packet by the intrusion detection system to determine whether the packet includes an attack signature and communicating a reply message from the intrusion detection system to the network gateway. The reply message includes the identifier and is indicative of the results of the analysis. The size of the reply message is less than the size of the packet.

Abstract: Computer login may comprise any user-determined submission. A user may select among different devices for input, select the signal content, and as well select the types of signals used for a login signature. Account identification may be inferred by signature rather than explicitly stated. A plurality of discontiguous data blocks in a plurality of files may be employed for validation. The paths to data used in validation may be multifarious, regardless of the prospects for successful authorization.