Abstract: In accordance with one aspect, a client device is sent an indication of one or more types of information available for the client device. In response to the indication, a request is received from the client device to retrieve the information available for the client device. The information is identified and sent to the client device. In accordance with another aspect, one or more friends of the user are identified from persistent data, and a check made as to whether each of them is logged in to the system. For each of them that is logged in to the system, the user is subscribed to the friend's information and the friend is subscribed to the user's information. In accordance with another aspect, a user is allowed to be a friend of another user only if the other user is also a friend of the user.

Abstract: A system for processing multiple types of security schemes includes a server having a claims engine that extracts claim(s) from security token(s) and maps extracted claims to other claims. The term claim as used in this context is a statement about a token's subject. The claims engine can extract claim(s) from one or more different types of security tokens corresponding to the multiple security schemes. These extracted claim(s) can then be selectively mapped to other claims using mapping information that is accessible to the server. The security decision can then be based on the extracted and/or derived claim(s) rather than tokens. This system can thereby support multiple security schemes and simplify the security process for the user.

Abstract: A repair mechanism within a code management library system for repairing build code that is infected with malicious code. When a virus pattern is detected in a component of a source code, other components in the source code containing dependencies upon the first component are identified. This identification may be based on rules defined from relationships between the infected component and the other components in the source code. The component and the other components that are identified as having dependencies upon the infected component are retracted from the software product build. The infected component and the other identified components are then replaced with a previous archive of the code build. The software product build of the source code may then be performed.

Abstract: A television signal receiver device consistent with certain embodiments has a receiver that receives a digital television signal including a plurality of unencrypted packets, and a plurality of encrypted packets, wherein the encrypted packets are of at least one selected packet type. The at least one selected packet type has packets occurring in a star pattern approximately situated at an upper center of an image. A decrypter decrypts the encrypted packets. A decoder decodes the unencrypted packets and the decrypted packets to produce a signal suitable for play on a television set. This abstract should not be considered limiting since embodiments consistent with the present invention may involve more, different or fewer elements.

Abstract: A system, method, and computer program product for scanning downloaded files providing improved performance relative to conventional download scanning techniques by performing the download and scanning functions in parallel and random order, thus improving overall performance. A method of scanning a requested file for a computer malware comprising the steps of: receiving a request from a user system to transfer a file from a server. Starting to transfer said file, and at the same time, handing a partial copy of the file to computer malware scanning software, receiving requests from the computer malware scanning software for data comprising additional arbitrary portions of the requested file, transferring only the requested portion of the file and supplying the requested data to the computer malware scanning software until the malware scanning software can produce a clean/infected indication. Then completing the transfer of the entire file from the server and handing it off to the user system in parallel.

Abstract: The system, method and apparatus for securing network data of the present invention provide security for internal networks by utilizing a common storage element for the exchange of data between the external and internal components, without creating a concurrent session between the external and internal components. In addition, when the protocol of the external network is Internet Protocol (IP), the protocol used for the internal network may be a non-IP messaging protocol that is a more secure protocol than IP, and insulates the internal network from the type of attacks that are common in IP networks. These security measures may be implemented without a significant change to the hardware or software elements of the internal or external networks, and, therefore, without adding significant cost to the network administration and without the network performance degradation that is characteristic of conventional security measures.

Abstract: Identity data of an operational unit and a verification key of the cryptographic method employed by the service provider are protected with a key of the cryptographic method employed by the manufacturer of the operational unit. The verification key of the cryptographic method employed by the manufacturer of the operational unit is stored in the operational unit of the electronic device. The identity data of the operational unit and the identity data of the service provider are protected with a key of the cryptographic method employed by the service provider. The identity data of the operational unit and the verification key of the service provider are verified with the verification key of the manufacturer of the operational unit. The identity data of the operational unit and the identity data of the service provider are verified with the verified verification key of the service provider. The identity data stored in the user-specific module are compared with the verified identity data.

Abstract: A computing system configured to detect and/or remove a rootkit. For detection, a snapshot component takes a snapshot of a storage unit. A rootkit detection component accesses an enumeration of individual files stored on the storage unit using an alternative file system I/O to detect the presence of a rootkit. For removal, the location of a rootkit is identified and a computing system shutdown is initiated. A snapshot component pauses the shutdown operation prior to the completion of the shut down and takes a snapshot of a file storage unit. A rootkit repair component accesses the identified location of the portion of the file storage unit containing the rootkit and modifies the portion of the snapshot of the file storage unit so as remove the rootkit.

Abstract: A quantum cryptographic key distribution (QKD) endpoint (405) includes a QKD receiver and a feedback system (1600). The QKD receiver receives symbols transmitted over a QKD path. The feedback system (1600) controls a length of the QKD path based on the received symbols.

Abstract: Disclosed is framework for aggregating network attack graphs. A network may be represented as a dependency graph. Condition set(s), exploit set(s) and machine set(s) may be generated using information from the dependency graph. Exploit-condition set(s) may be generated using the condition set(s) and the exploit set(s). Machine-exploit set(s) may be generated using the exploit-condition set(s) and machine set(s).

Abstract: The present application relates to an authentication process and system for a wireless communication system between a host device and a client device. This authentication process and system can make the confirmation of the authentication easier and clearer.

Abstract: A communication device (and its related method of operation), when accessing password protected voicemail services, may invoke an enhanced security feature which effectively masks at least the password digit values from being discernible by feedback to the user. This is especially important where portable wireless communication devices may have pre-stored password data for use with automated voicemail access—even in a “locked” mode. Unauthorized possessors of such a device might utilize conventional audible feedback during password transmission to decipher the password value. However, such lack of security is avoided by masking the password data values from the audible and/or visual user feedback, if any.

Abstract: A scanner device that optically reads an image comprises a protect specification data detection unit that detects a protect specification data which is contained in the read image to request protection of image data of the image. A protected image data creation unit encrypts the image data of the image containing the protect specification data, in response to a detection signal of the protect specification data detection unit that indicates that the protect specification data in the image has been detected, so that a protected image data is created.

Abstract: The invention relates to a method for authenticating a radio communication network vis-à-vis a mobile station. In such a method, batches of authentication vectors that each contain an authentication token with a pertaining sequence number are generated on the network side. At the mobile station side an identity module of the mobile station decides whether a sequence number contained in a previously selected authentication vector is accepted for authentication or rejected. The identity module is informed by the radio communication network which authentication tokens with the pertaining sequence numbers are present in the same batch. One sequence number per batch is stored by the identity module and is used to decide whether the sequence number received is accepted or rejected.

Abstract: An apparatus for default encryption of content for distribution, consistent with certain embodiments, has a conditional access system. A conditional access management system communicates with and manages the conditional access system. A memory stores default encryption information for use by transmission equipment containing content encryption capability to encrypt certain content upon a communication failure between the content encryption system and the conditional access management system controlling it. This abstract is not to be considered limiting, since other embodiments may deviate from the features described in this abstract without departing from certain embodiments of the invention.

Abstract: An integrity signature may provide information about a platform used to create a digital signature. The value of a digital signature may be related to the integrity and trustworthiness of the platform on which it is created. Signed platform integrity information provides a measure of trust regarding the platform used to create the digital signature. The integrity signature may be created separately from a document signature, or a combined integrity and document signature may be provided.

Abstract: A method, apparatus, and computer instructions for responding to a threat condition within the network data processing system. A threat condition within the network data processing system is detected. At least one routing device is dynamically reconfigured within the network data processing system to isolate or segregate one or more infected data processing systems within the network data processing system. This dynamic reconfiguration occurs in response to the threat condition being detected.

Abstract: Method and apparatus for inhibiting unauthorized copying of data content of DVDs or CDs or other types of optical discs. DSV (digital sum value) data patterns are inserted into selected sectors of the data to be recorded on the optical disc. These selected data sectors are also those to which is applied the conventional CSS (content scrambling system) encryption conventionally used to copy protect DVD content. Only those sectors (e.g., one out of four) subject to the CSS encryption have the DSV data patterns inserted therein. This advantageously results in the CSS encryption effectively hiding these inserted DSV data patterns from the mastering DVD encoder used in producing DVDs. Effectively thereby the DSV data patterns “tunnel through” the mastering DVD encoder. The hidden DSV data patterns are only revealed when the CSS sectors are decrypted prior to the action of the writer used to copy the DVD/CD content.

Abstract: In one embodiment, a technique for managing an electronic data representation includes storing first and second attributes in response to the creation of the electronic data representation by a user. The electronic data representation may be any type of digital asset, for example. The first and second attributes may be accessed in response to a message including the digital asset being sent by another or the same user. The message may be allowed to pass from a first domain (e.g., a trusted domain) to a second domain (e.g., an open domain) or the message may be maintained in the first domain in response to the first and second attributes. The first attributes may be an asset signature including an identifier and a digital watermark, for example. The second attributes may be an asset policy including distribution lists for sending and/or receiving the message, a content appropriate for sending field, and a time frame for message sending, for example.

Abstract: The method and network ensure secure forwarding of a message in a telecommunication network that has at least one first terminal and another terminal. The first terminal moves from a first address to a second address. A secure connection between the first address of the first terminal and the other terminal defining at least the addresses of the two terminals is established. When the first terminal moves from the first address to a second address, the connection is changed to be between the second address and to the other terminal by means of a request from the first terminal and preferably a reply back to the first terminal.