Abstract: Technologies for memory encryption include a computing device to generate a keyed hash of a data line based on a statistical counter value and a memory address to which to write the data line and to store the keyed hash to a cache line. The statistical counter value has a reference probability of incrementing at each write operation. The cache line includes a plurality of keyed hashes and each of the keyed hashes corresponds with a different data line. The computing device further encrypts the data line based on the keyed hash, the memory address, and the statistical counter value.

Abstract: Reader (420) for determining the validity of a connection to a transponder (440), designed to measure a response time of a transponder (440) and to authenticate the transponder (440) in two separate steps. Transponder (440) for determining the validity of a connection to a reader (420), wherein the transponder (440) is designed to provide information for response time measurement to said reader (420) and to provide information for authentication to said reader (420) in two separate steps, wherein at least a part of data used for the authentication is included in a communication message transmitted between the reader (420) and the transponder (440) during the measuring of the response time.

Abstract: The present solution allows users, such as administrators to configure slow start parameters for new services. These slow start parameters specify a rate at which requests should be given to a newly added or up service. The users can also chose to automatically increase the load in multiples of the chosen rate by specifying an increment interval. The services are given the configured rate for the interval, and once the interval is reached, the next multiple of the rate of requests is given. The increase of rate of requests is done automatically until an existing service request rate is reached. At that point in time this functionality is disabled and the existing and new services are treated the same.

Abstract: A method and apparatus for processing path-based database operations is provided. According to one aspect, a path cache is maintained. For each hierarchical node that is traversed during a path-determining operation, it is determined whether a cache entry corresponding to that node is already contained in the path cache. If such a cache entry is already contained in the path cache, then the path indicated in that cache entry is used to complete the pathname for the node for which the operation is being performed. As a result, hierarchically higher nodes do not need to be traversed to complete the operation. Alternatively, if such a cache entry is not already contained in the path cache, then a cache entry for the node currently being traversed is generated and inserted into the path cache for use in subsequent path-determining operations.

Abstract: Methods and apparatus for detecting and minimizing the effects of Denial Of Service (DOS) attacks in high-speed networks in which packet processing is carried out by multiple processing cores. In one embodiment of the invention a communications method and apparatus detects and deletes denial of service attack packets in a multi-core distributed packet processing system using a lightweight DOS attack packet detection and deletion process.

Abstract: A method (and structure) protects confidentiality and integrity of information in a secure object from other software on the system. An object-id value that identifies software currently executing on a CPU (Central Processing Unit) is stored, the value having a predetermined standard value when software that is not a secure object is executing. Each block of information in the cache is associated with an ownership value that is used to store an identification of the software that owns the information in the block. When software attempts to access information in one of the blocks, the object-id of the currently executing software is compared with the ownership value associated with the block being accessed. Access to the block is allowed if the object-id of the currently executing software matches the ownership value of the block.

Abstract: A mechanism to ensure that the same server/proxy is selected by different server/proxy discovery mechanisms executed in a network control element and a terminal equipment, respectively. A first selection of a server/proxy is executed by a network control element on the basis of a first discovery procedure. Then, a second selection of a server/proxy is started by a terminal equipment on the basis of a second discovery procedure. A relay agent element is used for responding to the request on behalf of a configuration server or for modifying a configuration server response so that the same server/proxy is selected by the network control element and the terminal equipment.

Abstract: A system for secure communication, including a first security computer communicatively coupled with a client computer via an SSL connection, including a certificate creator, for receiving certificate attributes of a server computer certificate and for creating a signed certificate therefrom, and an SSL connector, for performing an SSL handshake with the client computer using the signed certificate created by said certificate creator, and a second security computer communicatively coupled with a server computer via an SSL connection, and communicatively coupled with the first security computer via a non-SSL connection, including an SSL connector, for performing an SSL handshake with the server computer using a signed certificate provided by the server computer, and a protocol appender, for appending attributes of the signed certificate provided by the server computer within a message communicated to the first security computer. A method is also described and claimed.

Abstract: Techniques to perform federated authentication are described. An apparatus may comprise a resource server may have an authentication proxy component to perform authentication operations on behalf of a client. The authentication proxy component comprises an authentication handling module operative to receive an authentication request to authenticate the client using a basic authentication protocol. The authentication proxy component also comprises an authentication discovery module communicatively coupled to the authentication handling module, the authentication discovery module operative to discover an identity server for the client.

Abstract: An execution control method performed by a processor includes storing a first plurality of commands executed in the first computer and a first execution order in a memory; executing the first plurality of commands according to the first execution order when executed on the third computer; storing a second plurality of commands executed in the second computer and a second execution order in the memory; executing the second plurality of commands according to the second execution order when executed on the fourth computer; storing information generated by executing a command among the first plurality of commands and the second plurality of commands in the memory as configuration information each time the command is executed; and selecting a command among a first earliest command among unexecuted commands of the first plurality of commands and a second earliest command among unexecuted commands of the first plurality of commands, and executing the command.

Abstract: A method, apparatus, and system are directed toward configuring a dependency relationship between resources in a cluster. A dependency relationship between a dependent in a first resource group and a dependee in a second resource group is declared. The dependency relationship might include a locality based qualifier and/or a time based qualifier. The locality based qualifier includes a Local Node, Any Node, or From Resource Group Affinity relationship. The time based dependency qualifier includes a Strong dependency, Weak dependency, Online Restart dependency, or Offline Restart dependency. The declaration might be made using a graphical user interface, property list, configuration file, or the like. A candidate node on which to activate the first resource group is determined. The dependent is brought online on the candidate node based on whether an instance of the dependee is online on a node specified by the locality based qualifier.

Abstract: It is disclosed a method comprising monitoring validity of limited-validity key information, acquiring, from a network entity upon invalidity of the limited-validity key information, limited-validity transaction identification information based on unlimited-validity identification information identifying a terminal, generating new limited-validity key information based on the acquired limited-validity transaction identification information, and transmitting the acquired limited-validity transaction identification information to a network element.

Abstract: A method, apparatus, and manufacture for content protection for protecting some objects is provided. A content protection operation or license operation is performed for at least one media object of a web application. Some or all of the objects are then marked as protected. When an operation is performed that accesses a protected object, a user agent determines whether to deny the operation, to allow the operation and mark data exported by the operation and objects storing the exported data as protected objects, or to allow the operation and not mark data exported by the operation and objects storing the exported data as protected objects.

Abstract: A system that incorporates teachings of the present disclosure may include, for example, a mobile communication device, having a controller to capture media content and transmit the media content to a media server with a request for distribution of the media content to one or more targeted recipients according to a user profile associated with the mobile communication device that is stored in the media server, where a format of the media content is adjusted by the media server based at least in part on the user profile. Other embodiments are disclosed.

Abstract: A download manger running on a computer system identifies an in-progress download of content by the computer system directly from a content system. The download manager causes the computer system to join a peer-to-peer network in which the content is being shared. The computer system starts to receive data blocks of the content from peer-to-peer network, as it continues the download from the content system. Based on the receipt of the content from the peer-to-peer network and from the content system, the download manager determines whether the computer system should rely primarily on the peer-to-peer network instead of the content system for receiving the content. If a determination is made to rely on the peer-to-peer network instead of the content system, the download manager terminates the download from the content system and continues receiving data blocks of the content from the peer-to-peer network.

Abstract: A method, an integrated circuit and a system for implementing a secure chain of trust is disclosed. While executing secure boot code in a secure boot mode, less-secure boot code may be authenticated using a secret key. A secure key may also be calculated or generated during the secure boot mode. After control is turned over to the authenticated less-secure boot code, at least one application may be authenticated using the secure key. Once authenticated in the less-secure boot mode, the application may be executed by the programmable integrated circuit. In this manner, a secure chain of trust may be implemented for the programmable integrated circuit.

Abstract: Systems and methods are disclosed for management of resource objects (“resources”) within a computing environment. Resources may be stored in a number of resource spaces, each including service endpoints configured to facilitate access to resources. On creation of a resource, an identifier may be assigned to the resource. Thereafter, the identifier may be used to determine an appropriate service endpoint for accessing the resource. For example, each resource space may submit a set of resolution rules to a resolution server. Each set of resolution rules may be used to identify an appropriate endpoint for accessing a resource. Thereafter, a request for a resource may first retrieve the set of resolution rules, and use such rules to determine an appropriate service endpoint. Illustratively, utilization of resource resolution rules may enable the service endpoint to be modified without requiring modification of client devices.

Abstract: A cloud computing system includes a physical resource pool that includes a number of information processing devices. Each information processing device includes a processor, a computer-readable medium, and a network interface. The system further includes a first cloud controller to manage a first cloud infrastructure, the first cloud infrastructure operating a first set of virtualized resources, the first set of virtualized resources having access to the physical resource pool through the first cloud controller. The system further includes a second cloud controller to manage a second cloud infrastructure, the second cloud infrastructure utilizing the first set of virtual resources to operate a second set of virtual resources, the second set of virtual resources being provided access to the physical resource pool through the second cloud controller and the first cloud controller.

Abstract: A system and method for maintaining privacy of a user's telephone number is disclosed. The method provides a means by which a user A may prefer to exchange her contact number with another user B. The contact number is encrypted by user A and passed on to the mobile phone of user B. In the phonebook of user B, the contact number of user A is stored in encrypted format. Further, when user B initiates a call to user A, the encrypted number is sent to the network. At the MSC of user B, the number is decrypted and a call is established with user A. When user A calls user B, user A's number is encrypted at user B's MSC. This is transmitted to user B, where it is compared with the already encrypted number in the phonebook. The matching name of user A is then displayed.

Abstract: A system for secure communication, including a first security computer communicatively coupled with a client computer via an SSL connection, including a certificate creator, for receiving certificate attributes of a server computer certificate and for creating a signed certificate therefrom, and an SSL connector, for performing an SSL handshake with the client computer using the signed certificate created by said certificate creator, and a second security computer communicatively coupled with a server computer via an SSL connection, and communicatively coupled with the first security computer via a non-SSL connection, including an SSL connector, for performing an SSL handshake with the server computer using a signed certificate provided by the server computer, and a protocol appender, for appending attributes of the signed certificate provided by the server computer within a message communicated to the first security computer. A method is also described and claimed.