Abstract: A system and method for securely flashing a controller, where the controller includes at least one main processor and at least one secondary processor, and where the processing duties are distributed between the processors. A programming tool provides a content file to be flashed and a digital signature to the controller. The controller calculates a hash value of the content file, decrypts the digital signature using a public key to generate a decrypted hash value, compares the decrypted hash value to the calculated hash value, and determines that the content file is valid if the decrypted hash code matches the calculated hash value, where one or more of the steps of calculating the hash value, decrypting the digital signature, comparing the decrypted hash value to the calculated hash value and determining that the content file is valid, is performed by the main processor for the secondary processor.

Abstract: In one embodiment, a system for secure application hosting is provided. The system includes a memory, a first processor coupled to the memory, a second processor coupled to the first processor via a bus, and a data storage device and a network interface coupled to the second processor. The second processor is configured to perform cryptographic processing to provide an encrypted domain, in which the network interface and data storage device operate, and an unencrypted domain, in which the processor and memory operate.

Abstract: A mobile communication device registers for data communication through a mobile communication network with a packet-based network. The device may or may not have a mobile device number, and registers using a fully-qualified-domain-name (FQDN) uniquely identifying the device in a domain-name-system (DNS) of the packet-based network. A packet-data-network gateway assigns a packet-based address for the device, and generates a request for registering the address with the FQDN in a DNS server. Alternatively, the device generates the packet-based address based on a received portion of the address, retrieves the FQDN from an identity module, and sends a DNS-Update message to the DNS server including the address and FQDN. Again alternatively, a DNS server receives an encrypted DNS update message including a FQDN and a packet-based address, and decrypts the message prior to registering the address and FQDN in a DNS database.

Abstract: Disclosed are an apparatus and method of verifying an application installation procedure. One example method of operation may include receiving an application at a computer device and initiating the installation of the application on the computer device. The method may also provide executing the application during the installation procedure and creating a hash value corresponding to the executed application data. The method may further provide storing the hash value in memory and comparing the hash value to a pre-stored hash value to determine whether to continue the installation of the application.

Abstract: The invention relates to an apparatus for preventing infection by malicious code, comprising: a database in which files installed in an agent system, DNA values for each part of the files, and index information for indicating whether each file is normal or malicious are stored; a calculation unit which calculates a DNA value for a part of a file for which an execution is requested in the agent system; and a file inspection unit which searches the database to extract, in a group, files having the DNA value calculated by the calculation unit, inspects whether an object file is normal or malicious on the basis of the index information on the files extracted in a group, and allows the execution of the object file or makes a request for the calculation of DNA values of other parts which selectively include one part of the object file.

Abstract: A system for an engine for forecasting cyber threats and a method enabling the forecast of a low-level cyber threat and the forecast of a high-level cyber threat using the low-level cyber threat in a hierarchical structure of cyber threats are provided. The system includes a forecast information database which stores forecast information including cyber threat forecast items, a forecast schedule related to the items, forecast simulation information, forecast item hierarchical structure information, time series data on cyber threats, and sample data on cyber threats; a forecast engine core subsystem which forecasts the levels of threats for the cyber threat forecast items having a hierarchical structure using the forecast information stored in the forecast information database; and a forecast engine control interface which receives control commands for the forecast engine core subsystem from a user or external system, and delivers the received control commands to the forecast engine core subsystem.

Abstract: The invention discloses a method and a system for wireless transmission of content. The present invention relates generally to wireless network technology, Problems solved by the invention is that, the method for manually entering the shared key is neither convenient nor secure, while the method for transmitting the shared key over the wireless network also makes the shared key exposed to an unsafe environment. Embodiments of the invention provide the program as follows: a method and a system for wireless transmission of content, wherein, capturing shared key, using the shared key to encrypt the content, and then transmitting the encrypted content over the wireless network. Embodiments of the invention are suitable for terminals and devices wirelessly connected, and so on.

Abstract: Provided are methods and systems of using division-free duplexing (DFD) in a cable communication network. Techniques for applying DFD in a cable communication network may enable data to be transmitted and received over a coaxial cable without using division duplexing techniques. For example, the cable communication network may include DFD enabled network nodes and each subscriber to the cable network may be equipped with a DFD system configured to operate in a DFD mode. In some embodiments, oppositely propagating signals may be transmitted over one frequency channel, and DFD techniques may be used to recover originally transmitted signals. Further, in some embodiments, DFD techniques may be used with encryption methods to increase the security of data transmitted in the cable communication network.

Abstract: Described herein are systems and methods for providing software administration tools, for use in administering server configurations, such as in a traffic director or other type of server environment. In accordance with an embodiment, the system comprises a traffic director having one or more traffic director instances, which is configured to receive and communicate requests, from clients, to origin servers having one or more pools of servers. An administration server can be used to manage the traffic director, including a REpresentational State Transfer (REST) infrastructure and management service which maps REST calls to mbeans or other management components registered on the administration server, for use in managing the traffic director.

Abstract: A method for protecting a calculation, by an electronic circuit, of a modular exponentiation of a digital quantity, wherein: a first variable is initialized with a random quantity; at least one second variable is initialized with a value which is a function of the digital quantity; at least for a bit at 1 of an exponent of the modular exponentiation, the first variable is updated by: a) the quotient of its content and a power of the random quantity; and b) the product of its content by that of the second variable; and once all the exponent bits have been processed, the content of the first variable is divided by the random quantity to provide the result of the modular exponentiation.

Abstract: A system and method of sending an e-mail message associated with a wireless device is provided. A request to forward or reply to an original e-mail message is sent from the wireless device to a server. The request contains one or more recipients and includes a message identifier of an original e-mail message. A portion indicator is provided for retrieving portions of the original e-mail message identified by the message identifier. An e-mail message is sent to the one or more recipients comprising any added user text and the one or more retrieved portions of the original e-mail message such that text of the original message that the user may not be aware is not forwarded to new recipients.

Abstract: Software applications are analyzed to determine if they are legitimate applications and warnings are provided to users to avoid installation and/or purchases of unnecessary and/or potentially harmful software based on comparisons of user-interface characteristics of the software applications to visual characteristics of authentic applications to determine to what extent they match (or do not match) or are attempting to mirror the legitimate application.

Abstract: A decrypting apparatus for decrypting cryptography data included in a packet includes a receiver, a key generator, and a decrypting section. The receiver receives a packet transmitted from an encrypting apparatus that executes an encrypting process. The key generator generates a key used for the encrypting process. The decrypting section decrypts cryptography data included in the packet received by the receiver with using the key generated by the key generator. In the decrypting apparatus, the packet received by the receiver includes packet information used for generating the key. The key generator generates the key with using the packet information.

Abstract: A device is secured against unauthorized use with a passcode based on a sensory association of a visual item with one or both of a sound clip and a tactile pattern. The sensory association passcode is encoded from one or more frames containing a user-selected combination of the visual item with the sound clip and/or the tactile pattern. The sensory association passcode can be further encoded with a sequence that indicates an order of the one or more frames of the passcode. Users can retrieve a portion of the sensory association passcode to facilitate recall of a forgotten passcode. The user-selected combination of the visual item with the sound clip and/or the tactile pattern facilitates easier recall of a passcode than might be possible with conventional passcode techniques.

Abstract: Systems and methods for detecting intrusion into a data network are disclosed. Such intrusion can be detected, for example, by providing at least two network devices in a data network. Each of the network devices has a decoy cryptographic key that is used to detect unauthorized data and an authentic cryptographic key that is used to encrypt authorized data. The first network device receives data from the second network device that is encrypted using the decoy cryptographic key. The first network device determines that the data is encrypted using the decoy cryptographic key. The first network device deletes or otherwise discards the data encrypted using the decoy cryptographic key. The first network device can generate an alert message instructing other network devices that the second network device is generating the unauthorized data. The alert message also instructs the other network devices to ignore data originating from the second network device.

Abstract: The invention features systems and methods for detecting and mitigating network attacks in a Voice-Over-IP (VoIP) network. A server is configured to receive information related to a mitigation action for a call. The information can include a complexity level for administering an audio challenge-response test to the call and an identification of the call. The server also generates i) a routing label based on the identification of the call, and ii) a script defining a plurality of variables that store identifications of a plurality of altered sound files for the audio challenge-response test. Each altered sound file is randomly selected by the server subject to one or more constraints associated with the complexity level. The server is further configured to transmit the script to a guardian module and the routing label to a gateway.

Abstract: A system and method whereby the identity of a person, entity, device or the like attempting to gain access to a secured resource may be securely authenticated includes a means for receiving from a service client (such as a retail store, service station, on-line service provider or merchandiser, healthcare provider, medical insurer, information consumer or the like) a request for access to a secured resource, where the request for access was previously submitted to the service client by a requester purporting to be an authorized user of said secured resource; means for generating and communicating to the purported authorized user a challenge string adapted to provide a basis for authenticating the identity of the requester; a means for receiving from the service client a response string corresponding to the challenge string; and a means for evaluating the response string to authenticate the identity of the requester.

Abstract: Methods for rule-based group security data management and corresponding systems and computer-readable mediums. A method includes receiving a complex rule set corresponding to at least one electronic document, the complex rule set including a combination of granting rules, denying rules, and rule precedence. The method includes generating derived user groups according to the complex rule set. The method includes deriving grant rules for each electronic document according to the complex rule set to produce a derived grant rule set. The method includes storing the derived grant rules as associated with the electronic document.

Abstract: The invention describes a system, method and computer product to regulate user access to websites. The system receives a URL request by a user corresponding to a website that the user wishes to access. Thereafter, the system determines the associated group of the user and the associated category of the website. Subsequently, a message to be displayed to the user is determined based on the associated group of the user and the associated category of the website. The message is included in a block page and then displayed to the user.

Abstract: A mobile entitlements manager implemented on a mobile device stores the software entitlements belonging to a user of the mobile device. The mobile device communicates with client computers on which the user wishes to run software applications. Messages are exchanged between the client and the mobile device to enable activation, continued running, and to deactivate client applications in accordance with the entitlements available to the user. The mobile entitlements manager updates its entitlement information by communicating with a remote entitlements server, and informs the entitlement server of the status of programs running on clients in communication with the device. The entitlements manager handles entitlements for multiple applications and for multiple licensed entities, such as individual users, sites, client computers, or organizations.