Abstract: A method of reducing the window of malicious exploitation between vulnerability publication and the installation of a software patch. One or more probe points are inserted into a code path in an application (or operating system if applicable) that contains one or more vulnerabilities (or coding errors). The probe points mark locations of the security vulnerabilities utilizing software interrupts to enable the original code base of the code path to remain unmodified. A probe handler utility subsequently monitors the execution of the code path and generates an alert if the execution reaches a probe point in the code path, thus indicating whether the application exhibits a particular vulnerability. The probe handler selectively performs one of multiple customizable corrective actions, thereby securing the application until an applicable software patch can be installed.

Abstract: The presented method allows a virtual TRUSTED PLATFORM MODULE (TPM) instance to map the Platform Configuration Registers (PCR) register state of a parent virtual TPM instance into its own register space and export the state of those registers to applications inside the virtual machine associated with the virtual TPM instance. Through the mapping of PCR registers, the procedure of attesting to the overall state of a virtual machine can be accelerated, since the state of all measurements relevant to the trustworthiness of a virtual machine are all visible in the combined view of mapped and non-mapped PCR registers. Registers that are mapped into the register space of a virtual TPM instance reflect the state of trustworthiness of those virtual machines that were involved in the creation of the virtual machine that is being challenged.

Abstract: A method for rejoining a second group of nodes with a first group of nodes is described. A first state of a first group key associated with a first group of nodes is received. The first state of the first group key is multicast to a second group of nodes. The first group key is rekeyed to a second group key associated with the second group of nodes. A second state of the second group key is multicast to the second group of nodes. A third state of a third group key associated with the first group of nodes is received. A rekey command is multicast to the second group of nodes if the third state is different from the second state. The second group key is rekeyed to the third group key.

Abstract: Described herein is an implementation that produces a new representation of a digital good (such as an image) in a new defined representation domain. In particular, the representations in this new domain are based upon matrix invariances. In some implementations, the matrix invariances may, for example, heavily use singular value decomposition (SVD).

Abstract: A method for access control is provided. A request is received from an administrator to modify a user role for a user. Whether the user is in a user group that belongs exclusively to the administrator is determined. Whether the administrator role permits the request is determined in response to a determination that the user is in the user group. The user role is modified based on the request in response to a determination that the administrator role permits the request, wherein the user accesses a resource based on the user role.

Abstract: NTLM compliant clients and servers are mutually authenticated in accordance with the Kerberos authentication protocol without migrating the clients or servers to Kerberos. With an RPC framework, a target name is generated from the server host name. The target name includes an indication that mutual authentication is to be accomplished. During the initial stages of the RPC session, the target name is sent to the server. If the server recognizes the target name, the client and server are mutually authenticated in accordance with the Kerberos protocol. If the server does not recognize the target name, the client is authenticated in accordance with the NTLM authentication protocol.

Abstract: A storage device includes a storage unit that stores key information. The storage device also includes an input/output unit that inputs a converted command. Further, the storage device includes an extractor that extracts attached information from the converted command inputted, reads out, from an address according to the attached information, the key information from the storage unit, and performs an inverse data conversion corresponding to a data conversion on the converted command, using the key information, to extract command information and address information. In addition, the storage device includes an output controller that, only when the command information is equivalent to predetermined information, reads out and outputs storage data from an address of the storage unit through the input/output unit, the address of the storage data indicated by the address information extracted by the extractor.

Abstract: A device for and method of authenticated encryption by concatenating a first user-datum with a second datum, concatenating the first datum with a third datum, encrypting the results, concatenating the encrypted results, concatenating the result with a message and a fifth user-definable datum, hashing the result, concatenating the result with the message, dividing the result into blocks, concatenating the first datum with a sixth datum, generating key-stream blocks from the result using a block cipher in counter mode, combining the blocks and key-stream blocks, concatenating the result with the first datum and the fifth datum, and transmitting the result to a recipient. The recipient extracts the hash value from the received ciphertext, generates a hash value from the first through fifth datums and plaintext derived from the ciphertext, and compares the two. If they match then the plaintext and fifth datum are as the sender intended.

Abstract: A communication network (22) includes a central node (30) loaded with a trusted key (26) and key material (56) corresponding to an asymmetric key agreement protocol (48). The network (22) further includes vulnerable nodes (32) loaded with key material (69) corresponding to the protocol (48). Successive secure connections (68, 70) are established between the central node (30) and the vulnerable nodes (32) using the key material (56, 69) to generate a distinct session key (52) for each of the secure connections (68, 70). The trusted key (26) and one of the session keys (52) are utilized to produce a mission key (39). The mission key (39) is transferred from the central node (30) to each of the vulnerable nodes (32) via each of the secure connections (68, 70) using the corresponding current session key (52). The mission key (39) functions for secure communication within the communication network (22).

Abstract: Evidence gathering and analysis from networked machines can be automated and made policy-based. In one embodiment, the present invention includes, a networked machine receiving an instruction from a server to execute a pre-recorded action sequence designed to capture evidence data. The machine can annotate the captured evidence data with meta-data, and send the annotated evidence data to the server. The server can then perform analysis on the collected evidence data and present the evidence data and the analysis to an administrator.

Abstract: Systems and methods are disclosed in which the software license for server partitions are flexible in that, as between two (or more, if desired) partitions the software licensed resources assigned to one partition can be used by the other partitions, providing a total number of resources do not exceeded the software license limit. In one embodiment, a workload manager monitors workload utilization to be sure that the total number of CPUs working on the application does not exceed the maximum under the software license. Users are notified when the workload's policy is about to be exceeded. In one embodiment, this could be a warning while in another embodiment additional software licenses can be activated, or a limit can be placed on the CPU use.

Abstract: A system for a plurality of users to share resources with access, control and configuration based on pre-defined relationships of trust between the users of the system. A computer-based authority provides the services of authentication, identification and verification of each user within network. Processes are described that leads to the formation of an electronic community, which facilitates electronic communication and transactions in a defined manner.

Abstract: A method secures a memory in which individually read-accessible binary words are saved. The method includes defining a memory zone covering a plurality of words, calculating a cumulative signature according to all of the words in the memory zone, and storing the cumulative signature as an expected signature of the memory zone to check the integrity of data read in the memory. The method can be applied to the securing of smart cards.

Abstract: Provided are N grouping of traffic and pattern-free Internet worm response system and method. According to the method, traffic factors generated by respective worms are grouped into N groups so that a great quantity of Information may be effectively understood and a worm generated afterward is involved with characteristics of a relevant group. Damages of a network or a system predictable through already classified N traffic characteristics are defined so that corresponding step-by-step measures are taken. Characteristics of the grouped worms are quantitatively analyzed so that a danger degree of a new worm is predicted when the new worm appears afterward and forecasting and alarming through the prediction are performed. Easiness with which a controlling operator instantly understands an accident using a visualization method having an approximate real-time characteristic is increased, so that detection efficiency for most worms not detected using a conventional rule is increased.

Abstract: A system for detecting tampering in a signal conditioner of electronics that determines a parameter from signals received from one or more sensors is provided. The system includes a host system that receives the parameter signals from the signal conditioner indicating properties of a material and supplies power to the signal conditioner. The signal conditioner is remote from and coupled to said host system. The signal conditioner generates the parameter signals. The host system is configured to periodically transmit a request for said authentication information to said signal conditioner, receive said authentication information from said signal conditioner in response to said request, compare said authentication information with initial authentication information, and detect said tampering condition in said signal conditioner if said authentication information is not equal to said initial authentication information.

Abstract: Systems and methods for a wireless communication system used for transmitting and receiving information, the information not containing identification of the information's intended recipient. A method for transmitting payload information, the method comprising providing verification information scrambling a portion of the verification information and transmitting the payload information with the scrambled verification information portion. Also provided is a method for processing transmitted payload information incorporated into an encoded information message with scrambled verification information, the method comprising receiving the encoded information message descrambling at least a portion of the scrambled verification information and comparing said descrambled verification information with predetermined verification information processing said payload information based on said comparison.

Abstract: A storage device assembly includes a sealed housing having a base and a cover. A storage medium is disposed within the sealed housing. A security feature within the housing is adapted to damage at least a portion of the storage medium if the sealed housing is opened.

Abstract: A method and system for ensuring security-compliant creation and certificate generation for endorsement keys of manufactured TPMs. The endorsement keys are generated by the TPM manufacturer and stored within the TPM. The TPM manufacturer also creates a signing key pair and associated signing key certificate. The signing key pair is also stored within the TPM, while the certificate is provided to the OEM's credential server. During the endorsement key (EK) credential process, the TPM generates a signed endorsement key, which comprises the public endorsement key signed with the public signing key. The credential server matches the public signing key of the endorsement key with a public signing key within the received certificate. The EK certificate is generated and inserted into the TPM only when a match is confirmed.

Abstract: Provided are a method, system and article of manufacture, wherein a request to access data is received from a requestor. A determination is made as to whether the requestor is authorized to access the data. In response to determining that the requestor is authorized to access the data, a determination is made as to whether the data is encrypted. An encryption key is requested from the requester, in response to determining that the data is not encrypted.

Abstract: A method for detecting surveillance activity in a computer communication network comprising automatic detection of malicious probes and scans and adaptive learning. Automatic scan/probe detection in turn comprises modeling network connections, detecting connections that are likely probes originating from malicious sources, and detecting scanning activity by grouping source addresses that are logically close to one another and by recognizing certain combinations of probes. The method is implemented in a scan/probe detector, preferably in combination with a commercial or open-source intrusion detection system and an anomaly detector. Once generated, the model monitors online activity to detect malicious behavior without any requirement for a priori knowledge of system behavior. This is referred to as “behavior-based” or “mining-based detection.” The three main components may be used separately or in combination with each other.