Abstract: A method and system for embedding a secret in a bit string for safeguarding the secret. In one embodiment, the method comprises computing the length of the overall bit string as a function of q and t, where q and t are determined from the length of the secret. The method further comprises generating a plurality of information pieces based on q and t, the information pieces including a transformed secret and information for extracting the secret from the overall bit string. The method further comprises concatenating the plurality of information pieces to form the overall bit string.

Abstract: The present invention relates to a method for configuring a policy management protocol for a web crawler, the method further comprising the steps of determining a web space that is to be crawled by a web crawler, wherein the web space is comprised of an IP address and/or a range of IP addresses, and determining additional hostnames that are associated with the IP address and/range of IP addresses. The method further comprises the steps of configuring the web crawler to crawl the IP address and/range of IP addresses, and determine additional hostnames that are associated with the IP address or range of IP addresses, and performing a web crawling function upon the determined additional hostnames by the web crawler.

Abstract: The present invention provides methods and apparatus that implement techniques for detecting modifications of a form template. The techniques feature receiving a document containing a template definition, and receiving one or more modifications to the document. The techniques further feature identifying one or more data bind nodes within the template definition. The techniques also feature finding any corresponding predetermined hash associated with the document for each of the identified data bind nodes. The techniques additionally feature calculating a hash for each identified data bind node, and comparing the calculated hash for each identified data bind node with the corresponding predetermined hash. The techniques further feature flagging the document if either the calculated hash for each data bind node does not match up with the corresponding predetermined hash or if no corresponding predetermined hash exists for one or more of the data bind nodes.

Abstract: System and method for authenticating data or program code via a configurable signature. Configuration information is retrieved from a protected first memory, e.g., an on-chip register, where the configuration information specifies a plurality of non-contiguous memory locations that store the signature, e.g., in an on-chip memory trailer. The signature is retrieved from the plurality of non-contiguous memory locations based on the configuration information, where the signature is useable to verify security for a system. The signature corresponds to specified data and/or program code stored in a second memory, e.g., in off-chip ROM. The specified data and/or program code may be copied from the second memory to a third memory, and a signature for the specified data and/or program code calculated based on the configuration information. The calculated signature may be compared with the retrieved signature to verify the specified data and/or program code.

Abstract: A method of attempting a write to an entity to cause performance of an action is provided in which a first message is sent to the entity which causes performance of the action and adjustment of initial values in respective security fields of the entity to respective first adjusted values, and a second message is sent to the entity which causes adjustment of the initial values to respective second adjusted values. The security fields have write restrictions which prevent values in the security fields being adjusted, in accordance with the first message, if the initial values have been adjusted in accordance with the second message, and vice versa. The action is only performed when the initial values have been adjusted in accordance with the first message. The respective first adjusted values are different than the respective second adjusted values.

Abstract: A method of and an apparatus for copying and decrypting encrypted digital data. The method of copying encrypted digital data includes encrypting a first media key block to be used for decryption of the encrypted digital data using a predetermined key of a second information storage medium and storing the encrypted digital data and the encrypted first media key block in the second information storage medium. Security of data encryption is heightened by not discarding an encryption key used for an initial encryption, encrypting the encryption key used for initial encryption using another encryption key used for a second encryption, and storing the encrypted encryption key with the data. Also, since unnecessary decryption and encryption of data are not repeated, the time required for copying data is reduced, and since data is transferred between apparatuses in an encrypted state, a security level is higher.

Abstract: A system and method are provided for imaging job authorization. The method comprises: an authorization server receiving a request from a first node print subsystem to communicate an imaging job; in response to analyzing imaging job information, sending an access inquiry to a second node; the authorization server receiving an authorization, including a one-time use public encryption key, from the second node; sending a confirmation, including the public key, to the first node print subsystem; the first node encrypting the imaging job using the public key; sending the encrypted imaging job to the second node from the first node; and, the second node decrypting the imaging job using a private key corresponding to the public key. The analyzed imaging job information used for access control may include user ID, job content, first node ID, first node communication address, imaging job access control, time/date, imaging job size, or imaging job options.

Abstract: In one embodiment, cryptographic transformation of a message is performed by first performing a table initiation phase. This may be accomplished by creating a permutation of an order of powers and then performing a table initiation phase using a part of a key and the permuted order of powers to populate a data structure.

Abstract: An electronic device as described herein implements a scheme to secure a data mapping function from scan access. The protection scheme can be used as a security measure for proprietary lookup tables, secret constants, digitally implemented algorithms, and the like. The electronic device employs a reconfigurable data mapping arrangement that can be reconfigured for a normal operating mode and a scan testing mode. While in the normal operating mode, a normal data mapping arrangement generates valid output data in accordance with the data mapping function. While in the scanning mode, however, a scanning data mapping arrangement generates invalid but testable output data in accordance with a data masking function that conceals, hides, masks, or obfuscates the data mapping function. Using the data masking function in this manner protects the data mapping function against reverse engineering attacks that attempt to derive the data mapping function from scan testing results.

Abstract: The present invention relates to a method for traitor tracing. One embodiment of a method for determining at least one traced private key used by a decoder to decrypt an encrypted message includes defining an input ciphertext, the input ciphertext being associated with a tracing private key and having a sublinear size, calling the decoder on the input ciphertext, and associating the tracing private key with a set of traced private keys if the decoder is able to correctly decrypt the encrypted message in accordance with the input ciphertext, the set of traced private keys including at least one private key.

Abstract: Methods, systems, and products are disclosed for detecting an intrusion to a communications network. One embodiment describes a system for detecting intrusions. The system has a peripheral card coupled to a host computer system. The peripheral card has a communications portion and a processor managing the communications portion. The communications portion has only a capability for receiving data packets via a communications network. The communications portion lacks capability of transmitting the data packets via the communications network. The communications portion of the peripheral card reduces intrusion of the communications network.

Abstract: A message gateway apparatus is provided for use in a web service system to process a message containing a request for a destination web service application, in which the message includes a plurality of events within a structured document conforming to a web service protocol and each event of the plurality of events has a name and a content thereof.

Abstract: Disclosed is a digital broadcast reception apparatus which performs a scramble judgment by obtaining a judgment PID corresponding to PCR_PID and a judgment packet corresponding to the judgment PID and judging whether the judgment packet is obtained within a first time, subsequently by a value of tsc bit, subsequently by detecting a PES packet where payload starts and judging whether it is detected within a second time, subsequently by detecting packet_start_code_prefix and judging based on the detected value, and subsequently by a value of PES_scrambling_control.

Abstract: Key diversification is performed during a mutual authentication between a SAM integrated circuit (IC) card storing a master key, and a user IC card storing an identification number. The user IC card is connected to the SAM IC card through a communications interface. The key diversification includes deriving sub keys from the master key, and computing ciphered strings through corresponding cryptographic computations on a string obtained by an elaboration on the identification number with the sub keys. A diversification key is generated by linking together a combination of bytes of the ciphered strings.

Abstract: A method for reducing the memory requirements of executing ciphering processes is disclosed which utilizes sequential key extraction and ciphering. By providing a base key for extracting therefrom multiple first sequential security keys; each key is sequentially extracted and employed. During the process overwriting of each sequential security key occurs with the next subsequently extracted sequential security key. In this manner memory requirements are lowered, power consumption reduced which are important in mobile applications.

Abstract: A system, method, and program product is provided that provides authentication on a per-role basis in a Role-Based Access Control (RBAC) environment. When a user attempts to acquire a role, the improved RBAC system determines whether (a) no authentication is required (e.g., for a non-sensitive role such as accessing a company's product catalog), (b) a user-based authentication (e.g., password) is required, or (c) a role-based authentication (e.g., role-specific password is required).

Abstract: Resources of a contact center are allocated by electronically monitoring at least one operational parameter of the contact center and performing a comparison between the operational parameter and a threshold value for the operational parameter. An indication of an action to be taken to affect allocation of resources of the contact center is then developed based on the comparison. This allocation also may be performed using an apparatus having a processing unit coupled with a memory, and instructions that are storable in the memory and executable by the processing unit. The instructions could be for monitoring at least one operational parameter of the contact center, performing a comparison between the operational parameter and a threshold value for the operational parameter, and developing an indication of an action to be taken to affect allocation of resources of the contact center.