Abstract: Secure memory controlled access is described. In embodiment(s), memory stores encrypted data and the memory includes a secure memory partition to store cryptographically sensitive data utilized to control access to the encrypted data stored on the memory. Controller firmware can access the encrypted data stored on the memory, but is precluded from access to the secure memory partition and the cryptographically sensitive data. Secure firmware can access the cryptographically sensitive data stored on the secure memory partition to control access by the controller firmware to the encrypted data stored on the memory.

Abstract: In an embodiment, a method is provided. The method of this embodiment provides in response to receiving a packet, looking up a packet characteristic in one of at least one protocol table to determine one or more fields of the packet to use as a hash value, applying a hash function to the hash value to obtain a hash result, and using the hash result to determine one of a plurality of processors on which to process the packet.

Abstract: A Direct Anonymous Attestation (DAA) scheme using elliptic curve cryptography (ECC) and bilinear maps. A trusted platform module (TPM) may maintain privacy of a portion of a private membership key from an issuer while joining a group. Moreover, the TPM can outsource most of the computation involved in generating a signature to a host computer.

Abstract: The invention relates to a method for arranging use of configurations in a device with multiple configuration data sets manageable by one or more external managing entities. The device comprises access control information originated and/or controlled by an external managing entity for defining a right to access a configuration data set. The access control information is checked in response to an indication from an application requiring access to a configuration data set. If the application is, on the basis of the access control information, entitled to access the configuration data set, access to the configuration data set is arranged for the application.

Abstract: A security-enhanced login technique that provides a convenient and easy-to-use two factor technique to enhance the security of passwords without requiring any changes on the server side of a client-server network. The technique employs a convenient and easy-to-use two-factor technique to generate strong passwords for Web and other applications. In this technique, a convenient or personal device such as a mouse is used as the other factor besides a user password. A secret stored in the mouse or other personal device is hashed together with the password entered by a user and the server ID, to generate a strong, server-specific password which is used to authenticate the user to the server. This password enhancement operation is carried out inside the personal device.

Abstract: In some embodiments, a processor-based system may include a processor, the processor having a processor identification, one or more electronic components coupled to the processor, at least one of the electronic components having a component identification, and a hardware security component coupled to the processor and the electronic component. The hardware security component may include a secure non-volatile memory and a controller. The controller may be configured to receive the processor identification from the processor, receive the at least one component identification from the one or more electronic components, and determine if a boot of the processor-based system is a provisioning boot of the processor-based system. If the boot is determined to be the provisioning boot, the controller may be configured to store a security code in the secure non-volatile memory, wherein the security code is based on the processor identification and the at least one component identification.

Abstract: A system, method, and computer program product are provided for identifying vulnerabilities associated with data loaded in memory. In operation, a subset of data that is loaded in memory is identified. Additionally, the subset of data is compared to a list of known data. Furthermore, there is a reaction based on the comparison.

Abstract: The present invention is directed to an apparatus for improving communications between players and coaches during a sporting event, more specifically allowing players to dynamically receive real-time communications from their coaches concerning intended game plays to be effected on the field or court. Said game apparatus comprises of a transparent, protective top cover having the same contour as a middle portion, wherein said middle portion is provided with a display element, and wherein said top cover, middle portion and the display element are all enclosed by a rear cover forming a housing for a receiving means for receiving an encrypted signal of an intended game play from a portable remote terminal, and wherein said top cover, middle portion, display element and housing are positioned on an upper portion of an elasticized band, which has an extended flap, wherein said extended flap includes a closing means used to secure the game apparatus and to conceal the display element from public view.

Abstract: Methods and apparatus, including computer program products, related to integration of client and server development environments. A message may be caused to be sent to a server development environment engine where the message characterizes an action mapped from a client development environment to a function of the server development environment engine. Another message characterizing an event of the server development environment engine may be received where that message is to cause the client development environment to resolve the event. The messages may be used to integrate the client and server development environments by providing a path of communication by which the server development environment engine may provide services to a client development environment that integrates the service in a user interface of a client development environment engine.

Abstract: Methods and apparatus are provided for generating an access control policy data structure for a single-authorization-query access control system from a source policy data structure of an access control system in which primary authorizations can be subject to auxiliary constraints. Authorizations in the data structures are defined in terms of subject, resource and action elements. For each resource in a set of resources in the source policy data structure, the data structure is analyzed to identify primary authorizations relating to that resource. For each primary authorization, policy data which represents a policy defining an access rule expressing that authorization is generated and stored in system memory and analyzed to identify any auxiliary constraints associated with that primary authorization. For each auxiliary constraint so identified, policy data is generated and stored in system memory.

Abstract: The content-aware application switch and methods thereof intelligently switch client packets to one server among a group of servers in a server farm. The switch uses Layer 7 or application content parsed from a packet to help select the server and to schedule the transmitting of the packet to the server. This enables refined load-balancing and Quality of-Service control tailored to the application being switched. In an exemplary embodiment of the invention, a method includes maintaining a server load metric for each server in a group of servers; parsing application content from a packet; selecting a destination server from the group of servers, wherein selecting the destination server is dependent on the server load metric for each server, assigning a priority to the packet, the priority being dependent on the application content; and dropping the packet if the priority comprises at least one of a predetermined type.

Abstract: A method of detecting malware may include: a) examining header data in each PDU transferred by a port of an access switch to identify PDUs transferred from a local network device, b) extracting a far-end device address for PDUs based at least in part on examination of an address portion of the corresponding header data, c) maintaining fan-out information indicative of a quantity of unique far-end device addresses extracted from the PDUs during consecutive time windows, d) determining a current trend based on the fan-out information for a current time window, e) comparing the current trend to an expected trend, and f) identifying a suspected malware infection in the local network device when the current trend exceeds the expected trend by a trend threshold. A network element that may implement the method may include a header data processing unit, data storage logic, data processing logic, and malware identification logic.

Abstract: A method, computer readable medium, and system for integrating security in network communications includes generating a private key and a public key by encrypting the private key with a first encryption. The generated private key and public key are provided in an initial response to an initial request over the secure connection. At least one additional received request is validated based on the public key and a requesting signature signed using the key received with the at least one additional request. An additional response with a responding signature signed using the private key is provided in response to the validated additional request.

Abstract: A computer readable storage medium including a set of instructions executable by a processor, the set of instructions operable to determine if a network location included in a request to connect to the network location, is included in a first list of untrusted network locations stored on the client computer and send a request to determine if the network location is included in a second list of untrusted network locations stored remotely from the client computer when it is determined that the network location is not included in the first list.

Abstract: A method, system and apparatus of a secure debug interface and memory of a media security circuit and method are disclosed. In one embodiment, a host processor, an external hardware circuit to encrypt an incoming data bit communicated to a debug interface using a debug master key stored at a pointer location of a memory (e.g., the memory may be any one of a flash memory and/or an Electrically Erasable Programmable Read-Only Memory (EEPROM)) and to decrypt an outgoing data bit from the debug interface using the debug master key, and a media security circuit having the debug interface to provide the pointer location of the memory having the debug master key to the external hardware circuit.

Abstract: A system for establishing and maintaining a permission delegation policy for roles within a collaborative computing environment provides a list of potential delegatee end user persons to a delegator end user person. A list of delegatable permissions is provided to the delegator end user person in which the list of delegatable permissions correspond to permissions held by the delegator end user person. A delegation policy is received from the delegator end user person. The delegation policy includes one or more delegated permissions from the list of delegatable permissions and identification of a delegatee end user person from the list of potential delegatee end users persons designated to receive the delegated permissions.

Abstract: A client computer may be configured to perform computer security operation services, such as malicious code scanning and protection against online threats, using one of several remotely located server computers. The client computer may be configured to determine an operational state of the server computers and determine a protection status of the client computer resulting from use of a server computer of a particular operational state. The protection status may have one of at least three levels and indicate vulnerability of the client computer. The client computer may determine the operational state of a server computer based on available bandwidth for network communication between the client computer and the server computer. The client computer may be configured to allow for automatic or manual selection of another server computer when the currently selected server computer results in the client computer having a protection status below a threshold level.

Abstract: Provided is an apparatus for computing a T-function based Stream Cipher (TSC)-4 stream cipher. The apparatus includes: two T-function units; and a nonlinear filter for receiving bits output from the two T-function units and generating an 8-bit output sequence per clock. Each of the T-function units includes: a first register for storing an internal state value of the lower N bits; an N-bit internal state updater for updating the internal state value of the lower N-bits stored in the first register; an intermediate result register for storing an intermediate result value output from the N-bit internal state updater; a second register for storing an internal state value of the upper M bits; and an M-bit internal state updater for updating the internal state value of the upper M bits stored in the second register using the value stored in the intermediate result register.

Abstract: A system and method for authenticating an HTTP message. A relying party may respond to a request from a requester by sending an HTTP message with authentication specifications to the requester. The requester responds with a new request that adheres to a scheme specified by the relying party. A framework allows for a security token to be located in an HTTP header or a message body, with various options such as fragmenting the token available. An option allows for cryptographically binding the security token to the body of a message. An authentication framework provides for an implementation by an HTTP stack or by an application.

Abstract: A system to manage network resources of a network so that network performance is predictable and manageable is disclosed. According to the system, network resource utilization is monitored and then computer systems seeking to transmit or receive data over the network as requested to do so at times that serve to more efficiently utilize the network resources. A method for managing network resources is also disclosed.