Abstract: A solution for managing communicative interactions between network elements is described herein. A system incorporating teachings of the present disclosure may include a processor module that monitors communications between a program resident on a user machine and a server program resident on a computing device remote from the user. The processor module may be utilized to effectively reduce the processing overhead of a server program and the number of communications actually transmitted between the client program and the server program. For example, the processor module may intercept certain client or server initiated communications intended for the server or client program and process those communications internally. The results of the processing which may require an updating to all object groups which may be associated with client programs. The updating of said client programs is then executed without server program involvement.

Abstract: Automated secure registration techniques for communication devices are provided which address the problem of allowing multiple clients to gain access to one system, and thus provide a solution to the “reverse single sign-on” problem. For example, a method for registering a group of two or more communication devices in a communication network comprises the following steps. A group challenge message is sent from a network device to the group of two or more communication devices. The network device receives one or more response messages to the group challenge respectively from one or more of the group of two or more communication devices, wherein the response message from each of the responding communication devices in the group comprises a group credential corresponding to the group.

Abstract: A dynamic configuration system can manage and configure switches or other network devices that come online in a network. When the dynamic configuration system determines that a network device has come online, the dynamic configuration system can identify the network device (e.g., based on its network location, neighbors, fingerprint, identifier, address or the like), select the appropriate configuration data for the network based on the desired network topology, and transmit the configuration data to the network device. The network device can then load the configuration data and function as a component of the desired network topology.

Abstract: MAC addresses are flexibly and dynamically allocated across groups of devices that need MAC addresses. MAC address pools are defined for the groups by non-overlapping ranges of MAC addresses. The range of MAC addresses defined for any pool may be shrunk to support an expansion of the range of MAC addresses of another pool. The maximum number of universally-administered MAC addresses that can be defined for any MAC address pool is greater than 216, and the maximum number of locally-administered MAC addresses that can be defined for any MAC address pool is greater than 238.

Abstract: Systems, methods and consumer-readable media for providing an system implementing an information lock box. Sensitive files may be identified by the system prior to engagement of the protection system. One method according to the invention may preferably include hiding and/or encrypting sensitive files upon detecting changes of the network status. The information lock box may utilize a file-system driver to control access to files. The system may communicate with administrative serve and communicating messages to a user.

Abstract: Systems and methods for enciphering data are provided. In one embodiment, information is enciphered using a variable block length cipher that returns the encrypted symbol set in the same format as the plaintext symbol set. The cipher can be based on DES, AES or other block ciphers. In one example implementation a method for enciphering token information the invention provides for enciphering token information by constructing a tweak of a defined length using token information; converting the tweak to a bit string of a defined size to form a first parameter; converting a number of digits of plaintext to a byte string of a defined size to form a second parameter, wherein the number of digits converted varies; defining a data encryption standard key; applying the data encryption standard key to the first and second parameters; computing a specified number of encryption rounds; and receiving enciphered token information.

Abstract: A processor including instruction support for implementing the Camellia block cipher algorithm may issue, for execution, programmer-selectable instructions from a defined instruction set architecture (ISA). The processor may include a cryptographic unit that may receive instructions for execution. The instructions include one or more Camellia instructions defined within the ISA. In addition, the Camellia instructions may be executable by the cryptographic unit to implement portions of a Camellia cipher that is compliant with Internet Engineering Task Force (IETF) Request For Comments (RFC) 3713. In response to receiving a Camellia F( )-operation instruction defined within the ISA, the cryptographic unit may perform an F( ) operation, as defined by the Camellia cipher, upon a data input operand and a subkey operand, in which the data input operand and subkey operand may be specified by the Camellia F( )-operation instruction.

Abstract: A third secure computing apparatus generates data Wb associated with each bit b of a segment t that satisfies a relation mA=s*t for a first input value mA and an operator * and data W(1-b) associated with an inversion bit (1-b) of the bit b, transmits the data Wb to a first secure computing apparatus, and transmits data W including the data Wb and the data W(1-b) to a second secure computing apparatus. The second secure computing apparatus uses a segment s that satisfies the relation mA=s*t, a logic circuit function f and the data W to generate data T in which a logic circuit function f(s*X), which is the logic circuit function fin which the segment s is substituted, is concealed, and transmits the data T to the first secure computing apparatus. A computation result f(mA) can be determined from the data T and the data Wb. The first secure computing apparatus obtains the computation result f(mA) using the data T and the data Wb.

Abstract: A system and method for a secure supervisory control and data acquisition (SCADA) system. Secure SCADA elements (SSEs) have individual system security monitoring and enforcement of policies throughout the SCADA system. And isolation core ensures that a system security monitor monitors and takes appropriate action with respect to untrusted applications that may impact an SSE. The system security server provides policy enforcement on all of the SSEs that exist on the system. New security policies are created that are populated to individual SSEs in the system. Biomorphing algorithms allow for system uniqueness to be derived over time further enhancing security of SSEs.

Abstract: A method, system and device for allowing the secure collection of sensitive information is provided. The device includes a display, and a user interface capable of receiving at least one user-generated interrupt in response to a stimulus generated in response to content received by the device, wherein the action taken upon receiving the user-generated interrupt depends on a classification of the content, the classification identifying the content as trusted or not trusted. The method includes detecting a request for sensitive information in content, determining if an interrupt is generated, determining if the content is trusted, allowing the collection of the sensitive information if the interrupt is generated and the content is trusted, and performing an alternative action if the interrupt is generated and the content is not trusted. The method may include instructions stored on a computer readable medium.

Abstract: An apparatus, and an associated method, facilitates security at a wireless device, such as a wireless device comprising a mobile computing platform. A security decision engine is provided that monitors for an event necessitating a security decision. When a security decision is required, request is made of a knowledge fetcher, provided by a trusted third-party, installed at the wireless device for the security decision. The knowledge fetcher obtains the security decision, such as by obtaining the security decision from a remote, trusted third-party server, and provides the security decision to the decision engine. Use is made of the security decision pursuant to a setting for which the security decision is needed.

Abstract: A data processing system having a host computer including a key manager, a control unit connected to the host computer, a data storage unit (such as a tape drive) controlled by the control unit, and data storage medium for storing data thereon to be written to or read from by the data storage unit. The key manager stores a data structure having at least one record having a volume serial number, as start location, a length entry, and a key for encrypting and decrypting data on the data storage medium. A data storage medium (such as data tape) is mounted on the data storage unit, and a volume recorded on the tape is retrieved. The control unit retrieves the data structure from the key manager and matches the volume serial number recorded in the retrieved data structure with the volume serial number retrieved from the data storage medium.

Abstract: A environment and method are provided for increasing the storage capacity of a data storage environment. Additional storage clusters may be added to the storage environment without affecting the performance of each individual storage cluster. When data is written to the storage environment, a selection may be made as to which storage cluster is to store the data. When data is read from the storage environment, it may be determined which storage cluster stores the data and the data may be retrieved from that storage cluster.

Abstract: Mixed mode security is provided for a mesh network comprising a plurality of open mesh points and at least one secure mesh point that is capable of sending and receiving encrypted traffic. Aspects of the exemplary embodiment include configuring the secure mesh point to forward unencrypted traffic received from one of the plurality of open mesh points; and configuring the secure mesh point to be a source of unencrypted source traffic, and to receive unencrypted traffic that is destined for the secure mesh point to enable routes in the mesh network to terminate at the secure mesh point.

Abstract: A method of transmitting data over a network, wherein data is transmitted in packets from a first station to a second station, data is transmitted in packets from said second station to said first station, a first data packet transmitted from said first station is modified to measure connection latency, said modified first data packet is identified by said second station and a second data packet sent from said second station to said first station is also modified, and connection latency is determined at said first station with reference to (a) the time at which said first station transmitted said first modified packet, and (b) the time at which said second modified packet was received.

Abstract: A document processing method and system are provided. A client divides at least one document into a plurality of document pages, and individually encrypts the document pages by a first key to obtain a plurality of encrypted pages. The client removes a part of words from the document pages to obtain a plurality of significant words, and individually encrypts the significant words by a second key different to the first key to obtain a plurality of encrypted significant words. The client records the encrypted significant words and a plurality of first index information in a significant word set (SWS), where the first index information indicates a page in the encrypted pages where the encrypted significant word comes from. Then, the client transmits the encrypted pages and the SWS to a remote server for storage.

Abstract: A login credentials identification component uses analysis of the relative positions of text entry fields to identify login credentials on a web page. The login credentials identification component identifies both a password entry field on a web page, and the text entry field immediately preceding the identified password entry field. The login credentials identification component uses the positional relationship between the identified password entry field and the immediately preceding text entry field, as well as other supplemental factors, to determine that the identified text entry field immediately preceding the password entry field comprises a user name entry field.

Abstract: The invention includes a method and apparatus for synchronizing an asset within application space. The method includes receiving asset information comprising an original position of the asset within application space on a sending system and a trajectory of the asset within application space on the sending system, and determining an updated position adapted for placing the asset within application space on a receiving system, wherein the updated position is determined using the original position, the trajectory, and an expected propagation delay from the sending system to the receiving system. The expected propagation delay between the sending and receiving systems is determined by one or more network proxies. The original position and trajectory of the asset may be received in a data structure which may be modified to include the updated position for use by the receiving system in placing the asset within application space on the receiving system.

Abstract: A system and method for enabling the interchange of enterprise data through an open platform is disclosed. This open platform can be based on a standardized interface that enables parties to easily connect to and use the network. Services operating as senders, recipients, and in-transit parties can therefore leverage a framework that overlays a public network.

Abstract: An apparatus for displaying information received from a communication apparatus including a key information producing unit configured to produce key information used to authenticate the communication apparatus; a key information distributing unit configured to distribute the key information; an authentication information receiving unit configured to receive authentication information; an authenticating unit configured to authenticate the communication apparatus by verifying whether or not the authentication information was formed based upon the key information; and a display information receiving unit configured to receive display information from the authenticated communication apparatus, wherein the authenticated communication apparatus has a distribution range during reception of the key information such that the outputted key information can be acquired.