Abstract: A method for generating a system specific security-definition for a heterogeneous subsystem of a computing system is provided. A natural-language security-definition is stored in a rule-repository. A machine-readable security-definition is stored and a first mapping of a natural-language security-definition onto a machine-readable security-definition is stored in the rule-repository. A system-specific security-definition is generated from a machine-readable security-definition by a rule-converter that corresponds to a heterogeneous subsystem. The generation is based on a second mapping of each machine-readable security definition onto indications of system-specific security-definitions.

Abstract: The invention provides a data processing system for the support of secure networking on a single, virtualized hardware platform. The data processing system comprises a Network Interface Controller NIC to control access to a physical network; a first operating system comprising an NIC driver to manage the NIC, and a first Virtual Network Interface Controller VNIC driver. The system further comprises at least one second operating system comprising at least one second VNIC driver associated with a networking stack; and a Virtual Machine Monitor VMM to enable concurrent operation of the first and second operating systems, and to emulate a virtual network, the VMM comprising first and second VNICs to provide access to the virtual network by the first and second operating systems through the first and second VNIC drivers, respectively.

Abstract: A slide customization system, comprising an administrator, wherein at least one information presentation is received at the administrator, at least one database, wherein the at least one information presentation is stored, a validator, wherein validation of the at least one information presentation is performed by the validator by validating the at least one information presentation with at least one validation attribute selected by the administrator from a plurality of validation attributes, and wherein the validation of the selected ones of the validation attributes against the at least one information presentation is stored to said at least one database, and a compiler.

Abstract: A RAID system includes a RAID controller that sends to a disc apparatus data to be encrypted by a data relay apparatus connected to the RAID controller and the disk apparatus. When receiving a data transfer request packet indicating a first receivable size, the data relay apparatus establishes a second receivable size that is equal to or greater than the first receivable size and that is a multiple of an encryption data size. When the RAID controller receives a data transfer request packet containing the established second receivable size, and in response to the data transfer request packet thus received, the data relay apparatus receives data of the second receivable size sent from the RAID controller. The data relay apparatus also encrypts the received data in units of the encryption data size, and then the encrypted data is sent to the disk apparatus in units of the first receivable size.

Abstract: Disclosed herein are methods and systems for transmitting streams of data. The present invention also relates to generating packet watermarks and packet watermark keys. The present invention also relates to a computerized system for packaging data for transmission to a user. The system may utilize computer code to generate a bandwidth rights certificate that may include: at least one cryptographic credential; routing information for the transmission; and, optionally, a digital signature of a certificate owner; a unique identification code of a certificate owner; a certificate validity period; and pricing information for bandwidth use. The present invention also relates to an electronic method and system for purchasing good and services by establishing an account whereby a customer is credited with a predetermined amount of bandwidth usage, and assesses charges against the account in an amount of bandwidth usage corresponding to the agreed upon purchase value for the selected item.

Abstract: Disclosed is an authentication mechanism that enables an information recipient to ascertain that the information comes from the sender it purports to be from. This mechanism integrates a private/public key pair with selection by the sender of a portion of its address. The sender derives its address from its public key, for example, by using a hash of the key. The recipient verifies the association between the address and the sender's private key. The recipient may retrieve the key from an insecure resource and know that it has the correct key because only that key can produce the sender's address in the message. The hash may be made larger than the sender-selectable portion of the address. The recipient may cache public key/address pairs and use the cache to detect brute force attacks and to survive denial of service attacks. The mechanism may be used to optimize security negotiation algorithms.

Abstract: The invention is directed to techniques for allowing a user to remotely interrogate a target computing device in order to collect and analyze computer evidence that may be stored on the target computing device. A forensic device receives input from a remote user that identifies computer evidence to acquire from the target computing device. The forensic device acquires the computer evidence from the target computing device and presents a user interface for the forensic device through which the remote user views the computer evidence acquired from the target computing device. In this manner, forensic device allows the user to interrogate the target computing device to acquire the computer evidence without seizing or otherwise “shutting down” the target device.

Abstract: A method for authentication authorization and accounting (AAA) in an interworking between at least two networks. The at least two networks are capable of communicating with a broker and include a first network and a second network to user certificate from a user device corresponding to a user of the first network. The first network to user certificate is signed by at a first network private key and includes a broker to first network certificate and a user public key. The broker to first network certificate is signed by a broker private key and includes a first network public key. A session key is sent from the second network to the user device when the broker to first network certificate and the first network to user certificate are determined to be authentic by the second network based upon the broker public key and the first network public key, respectively. The session key is encrypted with the user public key. The session key is permitting the user device to access the second network.

Abstract: Accelerated computation of combinations of group operations in a finite field is provided by arranging for at least one of the operands to have a relatively small bit length. For example, a technique for verifying a signature of a message can include applying a first mathematical function to a combination of the first signature component and the second message portion to obtain an intermediate component, using the intermediate component to generate a first value and a second value, where a second mathematical function applied to the first value and the second value obtains the intermediate component, and determining the ephemeral public key based on the first value, the second value, the second signature component, the base point of the elliptic curve, and a long-term public key of the long-term private-public key pair. The technique can include verifying whether a representation of the first message portion satisfies a predetermined characteristic.

Abstract: A system, business methodology and apparatus for facilitating controlled dissemination of digital works is disclosed. An audio and video organizer, entertainment, and communication unit that plays back audio and video media content received from a central storage server. The unit relies on a smartcard, which has a personalized key that unlocks encrypted content. Using the unit, a user can purchase music or other types of media using an appropriate ordering method. The central storage server then transmits a double-encrypted, compressed audio file to the unit, where it is decrypted based on the smartcard key, and available for listening.

Abstract: Systems and methods for wirelessly exchanging an encryption key between a first device and a second device are disclosed herein.

Abstract: A forensic device allows a user to remotely interrogate a target computing device in order to collect and analyze computer evidence that may be stored on the target computing device. The forensic device acquires the computer evidence from the target computing device and filters the computer evidence using an application-specific system-level privilege profile that describes the aggregate exercise of system-level privileges by a plurality of software application instances executing throughout an enterprise. The forensic device presents a user interface through which the remote user views the filtered computer evidence acquired from the target computing device. In this manner, forensic device allows the user to filter the collected computer evidence to data that is likely to have forensic relevance.

Abstract: A computer-implemented method may include generating a first region-of-interest identifier that represents a region of interest within an executable file at a first time. The computer-implemented method may also include receiving, at a second time, a request to scan the executable file for malware and generating a second region-of-interest identifier that represents the region of interest within the executable file at the second time. The computer-implemented method may further include comparing the first and second region-of-interest identifiers to determine that the region of interest at the second time is different than the region of interest at the first time. In addition, the computer-implemented method may include using the difference between the region of interest at the first and second times to determine whether the executable file comprises malware. Various other systems, methods, and computer-readable media are also disclosed.

Abstract: A system and method are provided for pre-processing encrypted and/or signed messages at a host system before the message is transmitted to a wireless mobile communication device. The message is received at the host system from a message sender. There is a determination as to whether any of the message receivers has a corresponding wireless mobile communication device. For each message receiver that has a corresponding wireless mobile communication device, the message is processed so as to modify the message with respect to one or more encryption and/or authentication aspects. The processed message is transmitted to a wireless mobile communication device that corresponds to the first message receiver. The system and method may include post-processing messages sent from a wireless mobile communications device to a host system. Authentication and/or encryption message processing is performed upon the message. The processed message may then be sent through the host system to one or more receivers.

Abstract: A method and apparatus for identifying web attacks is described. In one embodiment, a method of securing a computer comprises generating origin information for a portion of a web page and identifying a modification in the origin information. The identified modification is used to determine an indicia of suspicious behavior at a computer.

Abstract: A method for protecting data stored in a data repository. The method includes verifying authenticity of a user at each of a plurality of levels. Furthermore, the method includes directing the user to one of a first path or a second path based on the verification of the authenticity of the user at each of the plurality of levels. Systems and computer-readable medium that afford functionality of the type defined by this method are also contemplated.

Abstract: A system and method for remote device registration, to monitor and meter the injection of keying or other confidential information onto a device, is provided. A producer who utilizes one or more separate manufacturers, operates a remote module that communicates over forward and backward channels with a local module at the manufacturer. Encrypted data transmissions are sent by producer to the manufacturer and are decrypted to obtain sensitive data used in the devices. As data transmissions are decrypted, credits from a credit pool are depleted and can be replenished by the producer through credit instructions. As distribution images are decrypted, usage records are created and eventually concatenated, and sent as usage reports back to the producer, to enable the producer to monitor and meter production at the manufacturer.

Abstract: Systems and methods for screening applicants are disclosed herein. A method of screening applicants is performed by a screening server. The server begins by receiving a selection of screening services and an applicant profile that identifies an applicant. The screening continues by generating screening results specified by the selection of screening services based on the applicant profile. A property manager is then notified that the screening results are available for the applicant based upon the applicant profile. The screening results are then provided to the property manager based upon the applicant profile. Based on these screening results, the screener or porperty manager can make a decision about the applicant and communicate a decision action to the applicant.

Abstract: Disclosed herein are methods and systems for transmitting streams of data. The present invention also relates to generating packet watermarks and packet watermark keys. The present invention also relates to a computerized system for packaging data for transmission to a user. The system may utilize computer code to generate a bandwidth rights certificate that may include: at least one cryptographic credential; routing information for the transmission; and, optionally, a digital signature of a certificate owner; a unique identification code of a certificate owner; a certificate validity period; and pricing information for use of bandwidth. The present invention also relates to an electronic method and system for purchasing good and services by establishing an account whereby a customer is credited with a predetermined amount of bandwidth usage, and then charges are assessed against the account in an amount of bandwidth usage which corresponds to the agreed upon purchase value for the selected item.

Abstract: Disclosed herein are methods and systems for transmitting streams of data. The present invention also relates to generating packet watermarks and packet watermark keys. The present invention also relates to a computerized system for packaging data for transmission to a user. The system may utilize computer code to generate a bandwidth rights certificate that may include: at least one cryptographic credential; routing information for the transmission; and, optionally, a digital signature of a certificate owner; a unique identification code of a certificate owner; a certificate validity period; and pricing information for use of bandwidth. The present invention also relates to an electronic method and system for purchasing good and services by establishing an account whereby a customer is credited with a predetermined amount of bandwidth usage, and then charges are assessed against the account in an amount of bandwidth usage which corresponds to the agreed upon purchase value for the selected item.