Abstract: A method and an apparatus to perform multiple packet payload analysis have been disclosed. In one embodiment, the method includes receiving a plurality of data packets, each of the plurality of data packets containing a portion of a data pattern, determining whether each of the plurality of data packets is out of order, and making and storing a local copy of the corresponding data packet if the corresponding data packet is out of order. Other embodiments have been claimed and described.

Abstract: A client device, system, and method for constructing a two-factor password utilized by an authentication device to authenticate an accessing computer. The client device connects to the accessing computer through an input/output (I/O) port such as a USB connection. When a user desires to access a network, he enters a user ID, which is sent from the accessing computer to the client device. The client device includes a client application, which retrieves a second factor from an internal database, and combines the user ID and the retrieved second factor to form the two-factor password. The two-factor password is sent to the accessing computer, which transmits it to the authentication device. The accessing computer is authenticated only if both the user ID and the second factor match a user ID and second factor stored in the authentication device.

Abstract: Accumulated proof-of-work approaches for protecting network resources against denial-of-service attacks are disclosed. A client computer or other requester is required to perform work, such as repeatedly hashing a message until a specified number of bits is zero, as a condition for accessing a resource. Proof of the work performed by a legitimate requester is accumulated across multiple requests, so that established users of a resource are not penalized when proof-of-work is used to prevent a denial of service attack. Requesters who cannot show accumulated work greater than a specified threshold are required to perform additional work. In certain embodiments, work may be accumulated only within a specified time window, and the threshold may vary according to resource capacity or loading. Proof-of-work values may be communicated between the user and the resource in cookies.

Abstract: A mobile terminal, method and computer program product are provided for storing sets of parameters, including the encryption keys, utilized during prior communication sessions with various networks such that those sets of parameters may be retrieved and reused during subsequent communication sessions with the same networks.

Abstract: Methods and systems thereof for controlling access to resources are described. When a user attempts to access a resource via a remote interface such as a Web server, the request is initially evaluated by a source of policy definitions such as a policy server. This source returns a policy decision to the remote interface. The policy decision is stored in memory by the remote interface. The remote interface can then evaluate subsequent requests from the user for the resource using the stored policy decision instead of having to communicate again with the source for the policy decision. Enhancements to this approach are also described. Accordingly, policy definitions and decisions are more efficiently implemented.

Abstract: The invention provides method and apparatus for maintaining a networked computer system including first and second nodes and an event processing server, the method comprising the first and second nodes detecting changes in state, the event processing server receiving notification of the changes in state from the first and second nodes, the event processing server correlating changes in state detected in the first and second nodes, and the event processing server executing a maintenance decision which affects the first and second nodes. The detecting, transmitting, correlating, and executing occurs without human intervention.

Abstract: When a channel which is not scrambled is selected, an error occurs in a digital stream processed in a CA processing module, which causes noises to occur in video and audio signals to be viewed. If a FAT channel to be received is a channel that is not CA-scrambled, a digital stream is directly supplied from a FAT demodulator to a demultiplexer without passing the digital stream through an external processing module. As a result, no noise occurs in video and audio signals to be viewed because the video and audio signals are not influenced by an error of the digital stream that occurs in the processing module.

Abstract: A method or system for providing a level of data security dependent on the location of the user of a wireless device is disclosed. One exemplary embodiment relates to a method of adjusting security for a network user node in communication with a network based upon the location of the node. The method is performed by determining the location of a network user node, selecting a single level of security from a group of more than two security levels based on the determined location, and modifying the security protection for the network user node based upon the selected level of security.

Abstract: An Elliptic Curve Cryptography reduction technique uses a prime number having a first section of Most Significant Word “1” states, with N=nm-1+N1B+n0 and a second section with a plurality of “1” or “0” states. The combination of the first section and the second section is a modulus.

Abstract: A system and method for enhanced security for external system management. A request to manage a system is received from a client at an interface. A determination is made whether a level of security is desired for the interface. If a level of security is desired for the interface, then identification information is obtained from the request and is converted into a format that is compatible with the system to be managed. A determination is made whether the system provides authorization for the client to manage the system.

Abstract: A method for processing data involving receiving a scrambled program and encrypted data including at least one control word used to descramble the scrambled program at a receiver/decoder operatively connected to a mass storage device. If a user does not initially have the necessary access rights, the scrambled program and the encrypted data are stored by the receiver/decoder. When the user obtains the access rights, the encrypted data is read and the at least one control word is extracted. The encrypted data is then replaced by the control word.

Abstract: Mobile unit 16 which can activate Java-AP software obtains ADF 205 from IP server unit 13, receives SDF (security descriptive file) 204 by using ADF 205 from administering server unit 18 which a trustworthy organization (a communication provider which administers mobile packet communication network 15) administers, and obtains Jar file 206 by using ADF 205 from IP server unit 13. Then, mobile unit 16 installs Java-AP software containing these files. Java-AP, which is achieved by activating the installed Java-AP software, operates within the range of authorization expressed by policy information contained in SDF 204.

Abstract: A system for selectively enabling a microprocessor-based system is disclosed. State information that describes the operating conditions or circumstances under which a user intends to operate the system is obtained. In the preferred embodiment of the invention, a valid hash value is determined, preferably based on the state information and preferably by locating the valid hash value within a table of valid hash values indexed by the state information. Candidate authorization information is obtained from the user, and a candidate hash value is generated by applying a hashing algorithm to the candidate authorization information, the state information, or a combination of the candidate authorization information and state information. The candidate hash value and the valid hash value are then compared, and the microprocessor-based system is enabled if the candidate hash value matches the valid hash value.

Abstract: According to one embodiment of the invention, a session list identifying communication sessions relating to supplicants that access a computer network through an access device is created and stored at an authentication server. Then, an event is received from an anti-virus system announcing an updated anti-virus policy. User input is received that requests performing posture validation for all the supplicants. Next, in response to the information received, a time value for starting the posture validation for a particular supplicant identified in the session list. Finally, in response to the information received, a request to perform posture validation is generated and sent to the access device, wherein the request includes supplicant identifying information, the time value, and instructions that instructs the access device to initiate the posture validation for that supplicant only after the time value has expired. The steps are repeated for all supplicants in the session list.

Abstract: According to the invention, a video system for playing licensed video content is disclosed. The video system includes a video, a video selection interface, a video storage device, and a license control process. The video is selected from a plurality of videos stored on the video storage device. There is a plurality of content licenses for the video, where the plurality of content licenses is comprised of at least a first content license and a second content license. The first content license has a first time period where viewing is allowed and the second content license has a second time period where viewing is allowed, where the first time period is different from the second time period. The license control process enforces the content licenses.

Abstract: An information processing system for protecting against denial of service attacks comprises an interface (310) to receive and send packets, wherein the packets comprise at least one synchronization packet that is part of a handshake process for establishing the connection between the source client computer (118) and the target server computer (102); a crypto engine (306) adapted to create a unique sequence number for inclusion in a packet to be sent to a client (118) requesting establishment of a connection between a client (118) and server (102), wherein the crypto engine (306) is further adapted to validate unique sequence numbers in received synchronization packets that are part of a handshake process for establishing the connection between the source client (118) and the protected server (102); and a lookup table (304) for storing information defining established connections between the server (102) and clients so that arriving packets that purport to be part of an established connection can be validated

Abstract: At step S372, permission information about video data that are being reproduced is obtained from permission information that represents whether video data corresponding to encoded video data equal to or larger than an access unit are permitted to be secondarily used. At step S373, it is determined whether the video data that are being reproduced have been permitted to be secondarily used corresponding to the permission information. When it has been determined that the video data that are being reproduced have been permitted to be secondarily used, at step S376, the video data that are being reproduced are captured. At step S381, a process using the captured video data is executed. The present invention can be applied to for example a game device that uses a DVD.

Abstract: A computer system includes a security subsystem which is able to trustfully track which files or storage areas of a storage device have been altered since a last virus scan. The trusted information can then be used to accelerate scans for undesirable code or data such as viruses and invalid or corrupt registry entries. In the case of viruses, files or storage areas which have been altered are scanned against a super-set of virus definitions. Unaltered files or storage areas are scanned against a subset of virus definitions.

Abstract: A method for controlling access to a process to be executed on a data processing system is provided. An interface is provided for coupling a security device to the data processing system. The security device is a separate hardware device from the data processing system. User input of an identifier for accessing the security device is received, the identifier is verified, and the security device is accessed, in response to the identifier being verified, to obtain authentication data for the process to be executed on the data processing system. The authentication data is injected into a login process associated with the process to be executed to automatically authenticate a user to the process to be executed. The security device uses private-public key authentication to authenticate the user to the process to be executed without the user being aware that private-public key authentication is being performed.

Abstract: A system and method for generating and authenticating a password to protect a computer system from unauthorized access. The characters of the password are placed in data packets by an access device. Prior to sending the packets, the device inserts predefined time intervals between each of the data packets. The value of the time intervals is retrieved from a sequence of time intervals that is shared between the access device and an authentication device. The authentication device determines whether the received set of password characters matches a stored set of password characters, measures the time intervals between the packets, and determines whether the measured time intervals match the predefined time intervals. The authentication device positively authenticates the access device only if both the characters and the time intervals match. Periodically, different time intervals from the sequence are inserted to change the password.