Abstract: Systems and methods for providing resource management in a distributed network are disclosed. A loose collection of devices in a network may not be aware of the power restrictions for other devices. Wall powered devices will generally have drastically different power settings than battery powered mobile devices. The invention provides a federation policy for time that can be used to slave to a local service responsible for understanding the local resource requirements of each device (or node) on the network. In such a distributed time system, all services in a particular time domain may be sped up, slowed down, or completely halted.

Abstract: A method of communicating in a secure communication system, comprises the steps of assembling a message at a sender, then determining a security level, and including an indication of the security level in a header of the message. The message is then sent to a recipient.

Abstract: Methods of authenticating a combination of a programmable IC and a non-volatile memory device, where the non-volatile memory device stores a configuration data stream implementing a user design in the programmable IC. A first identifier unique to the programmable IC is stored in non-volatile memory in the programmable IC. A second identifier unique to the non-volatile memory device is stored in the non-volatile memory device. As part of the process in which the configuration data stream is used to program the programmable IC with the user design, a function is performed on the two identifiers, producing a key specific to the programmable IC/non-volatile memory device combination. The key is then compared to an expected value. When the key matches the expected value, the user design is enabled. When the key does not match the expected value, at least a portion of the user design is disabled.

Abstract: A network component comprising a receiver configured to receive a signed content item and an associated security information from a publisher, wherein the security information indicates which group from a plurality of groups is allowed to access the signed content item, a storage unit configured to cache the content item and the associated security information, a processor to implement procedures to enforce security policies defined by the security information, and a transmitter configured to send the signed content item from the cache to a subscriber when the subscriber is a member of a group indicated by the security information as authorized to access the signed content item.

Abstract: This disclosure describes scalable video coding techniques. In particular, the techniques may be used to encode refinements of a video block for enhancement layer bit streams in a single coding pass, thereby reducing coding complexity, coding delay and memory requirements. In some instances, the techniques encode each nonzero coefficient of a coefficient vector of the enhancement layer without knowledge of any subsequent coefficients. Coding the enhancement layer in a single pass may eliminate the need to perform a first pass to analyze the coefficient vector and a second pass for coding the coefficient vector based on the analysis.

Abstract: A method and apparatus for accessing a document-processing device is provided. A request to access the document-processing device is received by the document-processing device. For example, the request may be a request to configure the document-processing device or a request to produce an electronic copy of a document. The document-processing device reads authentication data from an authentication token, which is a portable physical object associated with the user that issued the request. For example, the authentication token may be a proximity card, a common access card (CAC), a smart card, a credit card, a driver's license, or a cell phone. The document-processing device determines, based on the authentication data, whether the user has sufficient user access privileges to perform the request. If user has sufficient user access privileges to perform of the request, then the document-processing device performs the request.

Abstract: Methods, systems, apparatuses and program products are disclosed for protecting computers and similar equipment from undesirable occurrences, especially attacks by malware. Invariant information, such as pure code and some data tables may be enrolled for later revalidation by code operating outside the normal context. For example, a periodic interrupt may invoked a system management mode interrupt service routine to discover whether code regions accessible to Protected Mode programs have become corrupted or otherwise changed, such as by tampering from untrusted or untrustworthy programs that have easy access only to protected mode operation.

Abstract: Methods and systems are provided for improving a firewall implemented at a WLAN infrastructure device (WID). The WID includes a stateful firewall that implements firewall rules based on an ESSID of the WID to specify whether traffic is allowed to or from the ESSID. For example, in one implementation of such a firewall rule, packets that are required to be sent out on all wired ports can be blocked from being flooded out on WLANs (e.g., the packet is allowed to pass only to the wired ports). A method and system are provided for preventing a malicious wireless client device (WCD) that is transmitting undesirable traffic from using RF resources by deauthenticating the malicious WCD to remove it from the WLAN and blacklisting it to prevent it from rejoining the WLAN for a time period. Method and systems are also provided for either “on-demand” and/or predicatively communicating state information regarding an existing firewall session.

Abstract: A ciphering key management technique for use in a WLAN receiver is provided where a hash table is stored that has a first and a second table portion. The first table portion stores transmitter address data and the second table portion stores at least one cipher key. It is determined whether a transmitter address matches transmitter address data in the first table portion, and if so, a corresponding cipher key stored in the second table portion is determined for use in decrypting the received data. The hash table technique allows for a fast search for the correct cipher key. Embodiments are described that allow for dynamically adding and removing keys without blocking the search.

Abstract: Systems and methods for managing multiple keys for file encryption and decryption may provide an encrypted list of previously used keys. The list itself may be encrypted using a current key. To decrypt files that are encrypted in one or more of the previous keys, the list can be decrypted, and the appropriate previous key can be retrieved. To re-key files, an automated process can decrypt any files using previous keys and encrypt them using the current key. If a new current key is introduced, the prior current key can be used to decrypt the list of keys, the prior current key can be added to the list, and the list can be re-encrypted using the new current key.

Abstract: A authenticating system and process for authenticating user devices to a access a media service where access to certain portions of the media service may be limited according to a gateway or other device used by a user device to facilitate interfacing a user with the media service. The authentication may be achieved without directly assessing a trustworthiness of the user devices, and optionally, without requiring a user thereof to complete a sign-on operation.

Abstract: A protected memory source device including removable non-volatile memory durably stores a signature such as a serial number or identifier, which is used to mark protected multimedia content legally stored on the protected memory device. The protected multimedia content is moved from the source device to another device, such as a target device used to aggregated protected content in a library. Moving the protected multimedia content involves replacing a source-specific header, comprising digital rights management metadata and/or other security metadata allowing only a device having the source device signature access to the content, with a target-specific header comprising digital rights management metadata and/or other security metadata allowing only a device having the target device signature access to the content. The transfer is done using one of a variety of transfer methods with either a trusted or un-trusted host system connecting the source device to the target device.

Abstract: The public exponent e of an RSA key is embedded in a RSA key object that lacks this exponent. During exponentiation, the public exponent e may be extracted and used to verify that the result of the exponentiation is correct. The result is output only if this is the case. The invention counters fault-attacks. Also provided are an apparatus and a computer program product.

Abstract: Systems and methods for remotely loading encryption keys in card reader systems are provided. One such method includes storing, at a card reader, a device identification number for identifying the card reader, a first magnetic fingerprint of a data card, and a second magnetic fingerprint of the data card, wherein each of the first and second fingerprints includes an intrinsic magnetic characteristic of the data card, encrypting, using a first encryption key derived from the second fingerprint, information including the device identification number and first fingerprint, sending the encrypted information to an authentication server, receiving, from the authentication server, a score indicative of a degree of correlation between the first fingerprint and second fingerprint, and receiving, when the score is above a preselected threshold, a second encryption key from the authentication server, the second encryption key encrypted using a third encryption key derived from the first fingerprint.

Abstract: Methods, a client entity, network entities, a system, and a computer program product perform authentication between a client entity and a network. The network includes at least a bootstrapping server function entity and a network application function entity. The client entity is not able to communicate with both of the network entities in a bidirectional manner. The 3GPP standard Ub reference point between the client entity and the bootstrapping server function entity is not utilized for authentication purposes, such as authentication using GAA functionality for unidirectional network connections.

Abstract: A method that includes receiving a first request for video content from a user of a user device; retrieving an identifier for the user device using an application programming interface; sending a second request to receive the video content that includes the identifier; receiving an instruction to provide payment to rent or purchase the video content; sending the payment in response to the instruction; receiving the video content and a token, where the video content is encrypted based on a key and where the token indicates that the payment was processed; sending a third request to obtain a license associated with the video content that includes the token and the identifier; receiving the license, which includes the key and terms under which the video content is to be processed; decrypting the video content, using the key, when the decrypting is performed in a manner permitted by the terms; and playing the decrypted video content.

Abstract: A content distribution system includes a management device and a viewing device. The management device manages encrypted content information. The viewing device acquires the encrypted content information from the management device, decodes the encrypted content information, and allows the decoded content information to be viewed. The management device includes a view control information issuing unit. Upon receipt of a request from the viewing device to issue view control information, the view control information issuing unit issues view control information including decryption key information corresponding to an (i)-th random number corresponding to an ordinal number (i) among plural random numbers and period-of-validity information about a period of validity. The plural random numbers are shared between the management device and the viewing device.

Abstract: Methods and systems for providing confidentiality of communications sent via a network that is efficient, easy to implement, and does not require significant key management. The identity of each node of the routing path of a communication is encrypted utilizing an identity-based encryption scheme. This allows each node of the routing path to decrypt only those portions of the routing path necessary to send the communication to the next node. Thus, each node will only know the immediate previous node from which the communication came, and the next node to which the communication is to be sent. The remainder of the routing path of the communication, along with the original sender and intended recipient, remain confidential from any intermediate nodes in the routing path. Use of the identity-based encryption scheme removes the need for significant key management to maintain the encryption/decryption keys.

Abstract: The present invention provides for an authenticity marker to be embedded within web page and/or email content which allows a user to validate that the content originates from the true source of the content and is not merely a copy. The method includes a user requesting content in the form of a web page and/or email from a server using a web browser or email client. The server receives the request, retrieves the content and forwards it to an authentication server. The authentication server inserts into the retrieved content a unique fractal icon and/or information only known between the owner of the content and the user.

Abstract: An encryption/decryption method of an endecryptor including a plurality of endecryption units supporting an XES mode with tweak and ciphertext streaming (XTS) includes dividing an input data stream into consecutive data units; inputting the divided data units to the endecryption units, respectively; and simultaneously processing the input data units at the respective endecryption units. According to the encryption/decryption method, parallel processing is performed to encrypt/decrypt data at higher speed.