Abstract: A method may include authenticating a node over layer 2 in a network based on authentication rules; sending a node authentication code to the node; and providing layer 3 network access based on the node authentication code.

Abstract: A wireless communication circuit includes a receiver to receive at least one of a beacon frame and a probe response frame from a first wireless communication apparatus belonging to a first communication group, at least one of the beacon frame and the probe response frame including first security information indicating a first encryption method. The circuit includes a transmitter to transmit an association request frame to the first wireless communication apparatus, the association request frame including second security information indicating a second encryption method which is supported by the wireless communication circuit, after a determination that the second encryption method overlaps with the first encryption method. The transmitter declines to associate with the first wireless communication apparatus if the first encryption method fails to overlap with the second encryption method. The transmitter transmits a data frame including a frame body after a reception of an association response frame.

Abstract: The specification and enforcement of domain policies is disclosed. Input including a second level domain is received. The second level domain is associated with a particular top level domain. A determination is made as to whether a resource associated with the second level domain is consistent with a policy associated with the top level domain. A responsive action is performed based at least in part on the determination.

Abstract: There is described a key server which is connected to a local area network, and an encryption authority transfers private keys for clients of the local area network to the key server. In an embodiment, the key server encrypts outgoing emails using public keys for the recipients and decrypts internal emails using private keys for the recipients. In another embodiment, the clients of the local area network download their respective private keys from the key server so that encryption operations may be performed by client software.

Abstract: This invention describes a system and methods for media content subscription service distribution; typical services include cable television, premium content channels, pay-per-view, XM radio, and online mp3 services. Subscribers use portable electronic devices to store digital certificates certifying the subscriber's privileges and an assigned public key. The devices can communicate with specially enabled televisions, radios, computers, or other media presentation apparatuses. These, in turn, can communicate with central databases owned by the provider, for verification purposes. Methods of the invention describe media content subscription service privilege issuing and use. The invention additionally describes methods for protecting media content transmitted to users with a variety of encryption schemes.

Abstract: Accelerated computation of combinations of group operations in a finite field is provided by arranging for at least one of the operands to have a relatively small bit length. In a elliptic curve group, verification that a value representative of a point R corresponds the sum of two other points uG and vG is obtained by deriving integers w,z of reduced bit length and so that v=w/z. The verification equality R=uG+vQ may then be computed as ?zR+(uz mod n) G+wQ=O with z and w of reduced bit length. This is beneficial in digital signature verification where increased verification can be attained.

Abstract: The invention discloses an authenticating method and a system thereof, which relates to information security field and solves the problem that the user information is not safe in transaction process.

Abstract: The invention provides a low-cost access control device for identification and authentication in both the “digital” and “physical” worlds by contact-bound respectively contact-less interfaces and where individual users of the device can securely update access control credentials and cryptographic keys from a remote system without the need for any additional hardware or specialized software. The access control credentials and the at least one cryptographic key shall be readable by an access control system via the contact-less interface of the device, thereby enabling or denying the holder of the device access.

Abstract: Methods and systems for managing security during a divestiture may involve, for example, differentiating divested assets and employees from non-divested assets and employees and identifying non-divested assets which divested employees are permitted to access. In addition, divested employee access to the non-divested assets which divested employees are not permitted to access is locked down, and a separation firewall is deployed between divested networks and non-divested networks.

Abstract: A new trapdoor one-way function is provided. In a general sense, some quadratic algebraic integer z is used. One then finds a curve E and a rational map defining [z] on E. The rational map [z] is the trapdoor one-way function. A judicious selection of z will ensure that [z] can be efficiently computed, that it is difficult to invert, that determination of [z] from the rational functions defined by [z] is difficult, and knowledge of z allows one to invert [z] on a certain set of elliptic curve points.

Abstract: As opposed to utilizing a manufacturer provisioned EK Certificate for AIK processes, embodiments of the invention utilize EPID based data. EPID mitigates the privacy issues of common RSA PKI security implementations where every individual is uniquely identified by their private keys. Instead, EPID provides the capability of remote attestation but only identifies the client computing system as having a component (such as a chipset) from a particular technology generation. EPID is a group signature scheme, where one group's public key corresponds to multiple private keys, and private keys generate a group signature which is verified by the group public key. EPID provides the security property of being anonymous and unlinkable—given two signatures, one cannot determine whether the signatures are generated from one or two private keys. EPID also provides the security property of being unforgeable—without a private key, one cannot create a valid signature.

Abstract: A system and method for providing persistence in a secure network access by using a client certificate sent by a client device to maintain the identity of a target. A security handshake is performed with a client device to establish a secure session. A target is determined. A client certificate is associated with the target. During subsequent secure sessions, the client certificate is used to maintain persistent communications between the client and a target. A session ID can be used in combination with the client certificate, by identifying the target based on the session ID or the client certificate, depending on which one is available in a client message.

Abstract: A method of authenticating a user of a computing device is proposed, together with computing device on which the method is implemented. In the method a modified base image is overlaid with a modified overlay image on a display and at least one of the modified base image and modified overlay image is moved by the user. In addition to the moving, a change in orientation of at least one of the modified base image and the modified overlay image is required. Positive authentication is indicated in response to the base image reference point on the modified base image being aligned with the overlay image reference point on the modified overlay image after moving through at least one other pre-selected reference point.

Abstract: Methods and apparatus for providing data security, in particular for cloud computing environments, are described. In an embodiment, a software component monitors events at a node in a computing system and on detection of an event of a particular type, interrupts a message associated with the event. Before the message is allowed to continue towards its intended destination, a security template is selected based on the message (e.g. the data in the message and identifiers within the message) and this template is used to determine what data protection methods are applied to each data element in the message. A modified data packet is created by applying the security template and then this modified data packet is inserted into the message in place of the data packet in the interrupted message.

Abstract: The subject matter disclosed herein relates to distribution of media content.

Abstract: A network is protected from e-mail viruses through the use of a sacrificial server. Any executable programs or other suspicious parts of incoming e-mail messages are forwarded to a sacrificial server, where they are converted to non-executable format such as Adobe Acrobat PDF and sent to the recipient. The sacrificial server is then checked for virus activity. After the execution is completed, the sacrificial server is rebooted.

Abstract: Systems, methods, and techniques for treating video information are described. In one implementation, a method includes receiving video information, classifying one or more frames in the received video information as a scene, adjusting one or more coding parameters based on the classification of the frames, and coding the video information in accordance with the adjusted coding parameters.

Abstract: A method and system for entity public key acquiring, certificate validation and authentication by introducing an online credible third party is disclosed. The method includes the following steps: 1) an entity B transmits a message 1 to an entity A; 2) the entity A transmits a message 2 to a credible third party TP after receiving the message 1; 3) the credible third party TP determines the response RepTA after receiving the message 2; 4) the credible third party TP returns a message 3 to the entity A; 5) the entity A returns a message 4 to the entity B after receiving the message 3; 6) the entity B receives the message 4; 7) the entity B transmits a message 5 to the entity A; 8) the entity A receives the message 5.

Abstract: There are provided an apparatus and a method for privacy protection in association rule mining among data mining technologies. An apparatus for privacy protection in association rule mining according to an embodiment of the present invention comprises: a fake transaction inserter that generates fake transactions of a predetermined number each having a predetermined length and inserts the fake transactions between a plurality of transactions comprised in an original data set to generate a first virtual data set; and a distortion transaction generator that generates a second virtual data set by converting data of the transaction of the first virtual data set with a predetermined probability.

Abstract: The mock tool can be configured to create a mock execution environment for supporting software development processes. The mock execution environment is isolated from resources of the computing system supporting the mock execution environment and other mock execution environments. Further, the mock execution environment can be created to simulate disabling on any features of the operating system supporting the mock execution environment that could cause problems in the software development process.