Abstract: The present invention provides a method, system, and computer program product for limiting authorization of an executable action to an application session. A method in accordance with an embodiment of the present invention comprises: generating an alert in response to an execution of an action in an application; and allowing a user to temporarily authorize the execution of the action for a current session of the application. The authorization for the execution of the action is removed when the current session of the application ends.

Abstract: An information processing apparatus decrypts stream data encrypted according to a first encryption method using a key encrypted according to a second encryption method. In the apparatus, an update instructing unit identifies the update timings of decryption keys and issues an update command. A decryption key output unit outputs a first decryption key before receiving the update command and outputs a second decryption key generated subsequent to the first decryption key after receiving the update command. An update instruction control unit determines whether the second decryption key has been generated before the first decryption key is updated to the second decryption key. When the second decryption key is generated, the update instruction control unit considers the second key generation point in time to be the update timing from the first decryption key to the second decryption key so as to control the update instructing unit to issue the update command.

Abstract: A communication system, which performs communication using a transmission packet encrypted by an IP-SEC encrypting method, includes a first encrypting circuit that encrypts a transmission packet by an IP-SEC encrypting method, a second encrypting circuit that encrypt header data to be used to decode the transmission packet encrypted by the first encrypting circuit, and a transmitting circuit that transmit the transmission packet whose header is encrypted by the second encrypting circuit. The communication system further includes a first decoding circuit that decode the authentication data of the reception packet using information to be used to decode the authentication data recorded in the IP-SEC header of the transmission packet and a second decoding circuit that decodes the reception packet using the authentication data decoded by the first decoding circuit.

Abstract: A system for providing application services in a computing environment having both user-mode processes and privileged-mode processes. A user-mode component is provided with an interface configured to access an exposed privileged-mode interface. A configuration component specifies a list of installable code components that are authorized for installation, wherein privileged-mode functions will only be executed in response to accesses by the user-mode code component when the installable code component is represented on the list.

Abstract: A prime calculating apparatus calculating a prime and determining whether the prime has been duly generated. The prime calculating apparatus (i) generates a random number, (ii) calculates a multiplication value R by multiplying a management identifier by the random number, and (iii) calculates a prime candidate N, according to N=2×(multiplication value R+w)×prime q+1, with respect to w satisfying an equation of 2×w×prime q+1=verification value (mod management information). Then, the prime calculating apparatus judges whether the calculated prime candidate N is a prime, and outputs the calculated prime candidate N as a prime when determining that it is a prime.

Abstract: A symmetric encryption/decryption method includes the steps of selecting a diffused mechanism, and the diffused mechanism includes at least one selected from a shift point, a block and a frame; obtaining a plurality of bits required for a cipher by the diffused mechanism and the element number of each dimension of a plaintext; carrying out at least one diffused operation for the plaintext; repeating the foregoing steps to achieve the effect of encrypting the plaintext. Since the sum of the encryption diffused times and the decryption diffused times equals to the diffused cycle, the cipher can be read and at least one dimensional diffused operation of the ciphertext can be carried out, and thus achieving the effect of decrypting the ciphertext.

Abstract: A tree is used to partition stateless receivers in a broadcast content encryption system into subsets. Two different methods of partitioning are disclosed. When a set of revoked receivers is identified, the revoked receivers define a relatively small cover of the non-revoked receivers by disjoint subsets. Subset keys associated with the subsets are then used to encrypt a session key that in turn is used to encrypt the broadcast content. Only non-revoked receivers can decrypt the session key and, hence, the content.

Abstract: A DVD terminal (20) makes a request for sending a sub-content to an authentication server (40) (in this case, attaches the “model name and serial number” of the DVD terminal (20)) (S302). The authentication server (40) generates a random number R (S304) and sends it to the DVD terminal (20) (S306). The DVD terminal (20) reads a terminal key and a terminal ID that are stored in a terminal information memory unit (25), decrypts the received random number R using a terminal key (SK_X) (S308) and sends this and the terminal ID (ID_X) to the authentication server (40) (S310). The authentication server (40) verifies the random number R and the terminal ID that are received from the DVD terminal (20) and encrypted, and judges whether the DVD terminal (20) is the authenticated terminal or not (S312).

Abstract: In a wireless communication system with an air interface comprised of a plurality of bursts, a communication device (102) receives a burst (200). The burst comprises payload (206, 208), a first indicator (202) and a second indicator (204). Upon receipt of the burst, the communication device determines a value of the first indicator to determine whether end-to-end encryption is applied to at least a portion of the payload, and determines a value of the second indicator to determine whether air interface encryption is applied to at least a portion of the payload.

Abstract: A system for distributing digital content over a computer network (e.g., the Internet) uses certificates to establish a trust relationship between a content provider and a display device. The certificates identify the display device and the content provider as well as unique characteristics of the distribution. For example, the content provider may be a book publisher and the display device may be a printer/binder.

Abstract: A method, apparatus, and system for compensating for lamp lumen depreciation. The method includes operating the lamp under rated wattage for a period towards the first part of operating life of the lamp. Operating wattage is increased at one or more later times. Energy savings are realized. The increases also restore at least some light lost by lamp lumen depreciation. The apparatus uses a timer to track operating time of the lamp. A few wattage changes made at spaced apart times can be made in a number of ways, including changing capacitance to the lamp, or using different taps on the lamp ballast.

Abstract: Example embodiments provide for a rule-based wizard type tool for generating secure policy documents. Wizard pages present a user with general Web Service security options or questions at a user interface, which abstracts the user from any specific code, e.g., XML code, used for creating a Web Service policy document. Based on user input selecting general criteria, security rules are accessed and evaluated for automatically making choices on behalf of the user for creating a secure policy document. Other embodiments also provide for presenting the user with an easily understandable visual representation of selected criteria of a policy document in, e.g., a tree like structure that shows relationships between various elements of the criteria.

Abstract: Example embodiments provide for a rule-based wizard type tool for generating secure policy documents. Wizard pages present a user with general Web Service security options or questions at a user interface, which abstracts the user from any specific code, e.g., XML code, used for creating a Web Service policy document. Based on user input selecting general criteria, security rules are accessed and evaluated for automatically making choices on behalf of the user for creating a secure policy document. Other embodiments also provide for presenting the user with an easily understandable visual representation of selected criteria of a policy document in, e.g., a tree like structure that shows relationships between various elements of the criteria.

Abstract: The present invention provides a flexible light emitter driver circuit which adjusts the luminance of the light emitter diodes (LED) by a manual input signal. The light emitter driver circuit comprises a Duty Ratio Change Logic, a PWM Generate and Control Logic, an oscillator, and a gate driver. The Duty Ratio Change Logic adjusts the duty cycle of the output signal according to the manual input signal. The PWM Generate and Control Logic generates a PWM signal according to the output signal to control the current of the LED, thus adjusts the luminance of the LED. The present invention further provides a highly flexible display system that comprises a light emitter driver circuit which can adjust the LED luminance by manual input signal.

Abstract: The present invention offers a prime calculating apparatus for achieving prime calculation where producing identical primes is avoided by simple management techniques. The prime calculating apparatus stores a known prime q and management information unique in the use range of primes. The prime calculating apparatus reads the management information; generates random information R based on the read management information; reads prime q; calculates prime candidate N, according to N=2×random information R×prime q+1, using the read prime q and generated random information R; tests whether the calculated prime candidate N is a prime; and outputs the calculated prime candidate N as a prime when the primality of the calculated prime candidate N is determined. Herewith, the prime calculating apparatus is able to calculate prime candidates from unique management information while avoiding producing identical primes.

Abstract: A prevention-based network auditing system includes a central compliance server generating network policies and configuring audits of the data communications network. The compliance server presents a graphical user interface (GUI) to describe the specific data gathering parameters, policies to be analyzed, and the schedule of analysis. One or more audit servers strategically deployed around the network employ heterogeneous data-gathering tools to gather information about the network in response to the configured audits, and transmit the gathered information to the compliance server. An audit repository stores the gathered information for use by the compliance server for security and regulatory policy assessment, network vulnerability analysis, report generation, and security improvement recommendations.

Abstract: A communication system, which performs communication using a transmission packet encrypted by an IP-SEC encrypting method, includes a first encrypting circuit that encrypts a transmission packet by an IP-SEC encrypting method, a second encrypting circuit that encrypt header data to be used to decode the transmission packet encrypted by the first encrypting circuit, and a transmitting circuit that transmit the transmission packet whose header is encrypted by the second encrypting circuit. The communication system further includes a first decoding circuit that decode the authentication data of the reception packet using information to be used to decode the authentication data recorded in the IP-SEC header of the transmission packet and a second decoding circuit that decodes the reception packet using the authentication data decoded by the first decoding circuit.

Abstract: A load control device for controlling the amount of power delivered to an electrical load from a source of AC power comprises a controllably conductive device and a variable gate drive circuit. The controllably conductive device is coupled in series electrical connection between the source and the electrical load to control the amount of power delivered to the load. The variable drive circuit is thermally coupled to the controllably conductive device and provides a continuously variable impedance in series with the control input of the controllably conductive device. The impedance of the variable drive circuit is operable to decrease as a temperature of the controllably conductive device increases and vice versa. Preferably, the variable drive circuit comprises an NTC thermistor. Accordingly, the switching times of the controllably conductive device, i.e.

Abstract: An encryption capable communication device (10) can include a transceiver (38 and 44) and a processor (12) coupled to the transceiver. The processor can be programmed to receive notification of a secure call alert indicative of a desire for secure communications between an alerting device and the encryption capable communication device serving as a recipient device and further cause the recipient device to switch (64) to a secure mode in response to receipt of the notification. The processor can be further programmed to initiate a key exchange (67) between the alerting device and the recipient device if needed and automatically respond (70) to the secure call alert by the recipient device in the secure mode when a user of the recipient device selectively responds to the secure call alert. The processor can also establish a symmetric traffic key during the key exchange using Automatic Public Key exchange techniques.

Abstract: A computing system includes data encryption in the data path between a data source and data storage devices. The data storage devices may be local or they may be network resident. The data encryption may utilize a key which is derived at least in part from an identification code stored in a non-volatile memory. The key may also be derived at least in part from user input to the computer. In a LAN embodiment, public encryption keys may be automatically transferred to a network server for file encryption prior to file transfer to a client system.