Abstract: A system for secure information storage and delivery includes a vault repository that includes a secure vault associated with a user, wherein the secure vault is associated with a service level including at least one of a data type or a data size limit associated with the secure vault, the secure vault being adapted to receive and at least one data entry and securely store the at least one data entry if the at least one of a size or a type of the at least one data entry is consistent with the service level. A mobile vault server coupled to the vault repository creates a mobile vault on a mobile device based on the secure vault and is capable of authenticating the mobile device based on user authentication information. The mobile vault server includes a mobile device handler that communicates with the mobile device.

Abstract: In a service providing system, a plurality of application users can work together in real time, and an application can be created which can handle a plurality of protocols. In the system where the web-AP and SIP server environments are cooperative with each other, a web-AP execution server executing a web application associated with a web context is connected to a web context manager managing a context of the HTTP protocol. A SIP-AP execution server is connected to a SIP context manager managing a context of the SIP protocol for executing a SIP application associated with a SIP context related to a web context. A handler manager passing a message between HTTP and SIP handlers is connected to the web-AP execution server. The web and SIP context managers have cooperation managers working together.

Abstract: An architecture is presented that facilitates integrating memory, security functionalities and near field communication (NFC) capabilities in a mobile device. A memory module is provided that comprises non-volatile memory that stores security software, sensitive data, and keys and a security processor that accesses the security software from the nonvolatile memory and performs security functions based on the security software stored. A NFC radio frequency transmitter and receiver (RF) is directly integrated into the security processor to facilitate NFC capabilities within the secure environment of the memory module. Further, the non-volatile memory directly interfaces to an NFC antenna positioned outside of the memory module via the integrated NFC RF. The integration of the security processor, memory, and NFC RF into the memory module provides a trusted environment for the manipulation and decryption of data received through the NFC antenna.

Abstract: A license server generates USB serial IDs for USB memory secured in a multi-function machine and then makes electronic signature files using the USB serial IDs and firmware that is the target of installation at the multi-function machine. The license server further makes electronic signature files using the firmware installer and SD card serial IDs. The license server then stores data for installation use including the electronic signature files in an SD card inserted in a client device connected to the license server.

Abstract: A modified implementation of the Kasumi algorithm executes on a 32-bit processor using full 32-bit operations. The implementation comprises a series of four rounds, each round including an intermediate sub-function executed between two executions of an FL sub-function. The intermediate sub-function is functionally equivalent to two consecutive 16-bit FO sub-functions.

Abstract: A network node provides an Internet service executed in a server for Internet marketplace users. An outer connector receives a request initiated in a user computer, and transmits to the user computer a result from the provider server. The service is requested via an Internet marketplace website on a server connected to the user computer. The outer connector is adapted to change the format of the request and the result for the Internet marketplace. A transformation unit is connected to the outer connector, and adapted to ascertain a provider server for the service based on the request, and addressing the request to the provider server. The node comprises a unit adapted to verify user authorization to access the service, based on an Internet marketplace profile. An inner connector is connected to the transformation unit for transmitting the request to, and receiving the result from, the provider server.

Abstract: Described is an independent computation environment that is built into one or more hardware components of a computer system, wherein the independent computation environment hosts a logic that measures the health of other software code that executes in memory. Examples of ways to measure health include performing a mathematical computation such as a computing a hash/digital signature on the software code in the memory, and/or evaluating statistical information related to the execution of the code and/or the code's being loaded into memory. By executing the logic in an independent computation environment, the health of software code may be measured against policy/metadata in a tamper-proof or tamper-resistant environment. When the software code measurement does not comply with the policy, some action may be taken action to penalize the computer system.

Abstract: Method and apparatus for enabling applications on security processors of computer systems. In one aspect, a security processor apparatus includes a processor and a memory coupled to the processor and operative to store a secure table. The secure table stores different certified endorsement keys and different values, each value associated with one of the endorsement keys. Each stored value is derived from a different application that is certified by the associated endorsement key to be executed on the processor.

Abstract: A method is disclosed whereby two parties can establish a cryptographic key for secure communications without any prior distribution of secret keys or other secret data, and without revealing said key to any third party who may have access to all of the transmissions between them. The two parties agree upon a matrix M, and two commutative families of square matrices F and G. The sender chooses a matrix S from F and a matrix T from G. The receiver independently chooses a matrix R from F and a matrix Q from G. The sender transmits the matrix SMT to the receiver and the receiver transmits the matrix RMQ to the sender. The sender computes the matrix SRMQT from the received matrix RMQ, and the receiver computes the matrix RSMTQ from the received matrix SMT. Since the matrices S and R commute, and the matrices T and Q commute, SRMQT=RSMTQ. The value of the matrix SRMTQ is then used to produce the desired cryptographic key.

Abstract: A system, method and program product for securely saving a program context to a shared memory is presented. A secured program running on an special purpose processor core running in isolation mode is interrupted. The isolated special purpose processor core is included in a heterogeneous processing environment, that includes purpose processors and general purpose processor cores that each access a shared memory. In isolation mode, the special purpose processor core's local memory is inaccessible from the other heterogeneous processors. The secured program's context is securely saved to the shared memory using a random persistent security data. The lines of code stored in the isolated special purpose processor core's local memory are read along with data values, such as register settings, set by the secured program. The lines of code and data values are encrypted using the persistent security data, and the encrypted code lines and data values are stored in the shared memory.

Abstract: A method and a host bus adapter (HBA) are provided. The HBA includes a first port that is enabled for use in a storage area network; and a second port that is enabled after a user acquires a transceiver with a security key, wherein the HBA firmware reads the security key and validates the transceiver and enables a function for the second port. The method includes coupling a transceiver to an inactive port, wherein the transceiver stores a security key; validating the transceiver by reading the security key; enabling a function for the inactive port; downloading a software component for the inactive port; and operating the host bus adapter with more than one functional port.

Abstract: Systems, methods, and computer program products that can be used concurrently or alternatively to detect errors in data as well as to protect access to data are provided. Embodiments enable a coherent data set (CDS) which is a data set guaranteed to be genuine and error-free at run-time. Embodiments provide systems, methods, and computer program programs to create a CDS, identify a CDS, and verify the coherency of a data set purported to be a CDS. Embodiments further enable privileged functions which are functions that can only be accessed by a restricted set of other privileged functions. Embodiments provide systems, methods, and computer program products to create, identify, and protect access to privileged functions.

Abstract: An electronic message is accessed. The message comprises a number of headers and a signature comprising a digital signature and a version of the headers. The message is verified based on analysis of the version of the headers and the digital signature. The version of the headers is compared with the headers and a policy is applied based on results of the comparison to determine further processing of the electronic message.

Abstract: A method is disclosed whereby two parties can establish a cryptographic key for secure communications without any prior distribution of secret keys or other secret data, and without revealing said key to any third party who may have access to all of the transmissions between them. The two parties agree upon a matrix M, and independently choose matrices S and R from an established commutative family of square matrices. The sender transmits the matrix SM to the receiver and the receiver transmits the matrix RM to the sender. The sender computes the matrix SRM from the received matrix RM, and the receiver computes the matrix RSM from the received matrix SM. Since the matrices S and R commute, SRM=RSM. The value of the matrix SRM is then used to produce the desired cryptographic key. In the two-sided embodiments the two parties agree upon a matrix M, and two commutative families of square matrices F and G. The sender chooses a matrix S from F and a matrix T from G.

Abstract: An integrated security event management system (ISEMS) is disclosed and is based on service-oriented architecture (SOA) and includes one or more computers connected to one or more service-providing devices. At least one of the computers comprises one or more modules that are adapted to perform the following tasks: tasks to dynamically discover the service-providing devices and their services within a transit security domain in about real-time; tasks to acquire asynchronous state information notifications in about real-time from the discovered services; tasks to determine one or more Boolean outcomes from the asynchronous state information in about real-time via a configurable rules engine; and tasks to evaluate the one or more Boolean outcomes in about real-time via a configurable policy engine to determine state changes of one or more security policies.

Abstract: To provide an apparatus and method for realizing an improved content preview process in a content using mechanism based on content usage-right information. A client obtains default usage-right information (Default Usage Right) when it is registered to a license server, and determines, based on the default usage-right information, whether or not the content can be played back in a content preview process without purchasing the content. The client which is permitted to preview the content is limited to a client which has been registered to the license server to obtain the default usage-right information. This prevents preview-data from being randomly distributed.

Abstract: According to one embodiment, an information processing apparatus includes an input module to input a password, a biological authentication device including a storage unit for storing biological information and identification information, and an authentication control module which sets and holds identification information to be stored in the storage unit of the biological authentication device, and permits a password input using the input module to be substituted by authentication using the biological authentication device when the identification information held by itself and the identification information stored in the storage unit of the biological authentication device match.

Abstract: The objective of the present invention is a storage method in a decoder of an event encrypted by control words that guarantees the access to this event at whichever moment, even if certain keys of the system have changed for security reasons. This objective is achieved by a storage method of an event encrypted by control words in a reception and decryption unit connected to a security unit, said control words and the necessary rights being contained in management messages encrypted by system keys, comprising storing the encrypted event as well as the control messages in the storage unit, and storing in the storage unit the system keys encrypted by a predefined local key stored in the security unit.

Abstract: There is provided a processor operable in a first domain and a second domain, the processor comprising: monitoring logic operable to monitor the processor and capture diagnostic data; a storage element operable to contain at least one control parameter; control logic operable to control the monitoring logic in dependence on the at least one control parameter and the domain in which the processor is operating, to suppress capturing of diagnostic data relating to predetermined activities of the processor in the first domain. In some embodiments the first domain is a secure domain and the second domain is a non-secure domain, the monitoring function being debug or trace.

Abstract: A data handling mechanism, wherein a small binary tag is appended to data (each message and file) for controlling the access and handling of the data. The tag contains dedicated bits for indicating its various usage rights such as copying, forwarding, editing and also right to edit the tag itself. The tag is created by an author of the data or by any other party handling the data, including middleware agents and possible recipients of the data based on contextual information such as network or ownership domain of the author and/or of the recipient.