Abstract: This invention pertains to methods and apparatus for accessing an electronic device by a data terminal, as well as a computer program product, an electronic device and a data terminal.

Abstract: A recording medium (100) for storing content that can be read and written by a host device stores a content key (a key that is used for encrypting content) (805a) encrypted in a first format, and a content key (805b) that is encrypted in a second format for content that is the same as the content related to the content key (805a) encrypted in the first format. The first format is, for example, a format used for distributed content, and the second format is a format used with local content.

Abstract: A quarantine method and system for allowing a client terminal to connect to a user network. An authentication apparatus recognizes that a communication means of the client terminal has been activated. The authentication apparatus is connected to a quarantine network, to the user network, and to the client terminal. The client terminal is permitted to connect to the quarantine network by confirming a common certificate for the client terminal followed by storing the common certificate in the client terminal. The client terminal is security checked to determine whether each check item of a plurality of check items has a violation. For each check item having a violation, a security measure is performed to improve the check item with respect to the violation. The client terminal is allowed to connect to the user network by confirming a user certificate for the client terminal followed by storing the user certificate in the client terminal.

Abstract: A configuration method of a cryptographically generated address (CGA) is disclosed. The configuration method is used to enable a generated CGA to satisfy requirements of a network configuration, and includes the following steps. A Dynamic Host Configuration Protocol (DHCP) server receives a client configuration information sent from a client. The DHCP server generates a CGA according to the client configuration and the network configuration from the DHCP server. The DHCP server delivers the CGA to the client. The network configuration is made as a reference when the CGA is generated, which overcomes a disadvantage that the CGA generated by the client cannot satisfy the requirements of the network configuration in the prior art. Thus, the generation of CGA can be intervened at a network management level, and a management capability of the network is improved.

Abstract: A method of countering side-channel attacks on an elliptic curve cryptosystem (ECC) is provided. The method comprises extending a definition field of an elliptic curve of the ECC to an extension ring in a first field; generating a temporary ciphertext in the extension ring and countering attacks on the ECC; and generating a final ciphertext for the first field if a fault injection attack on the ECC is not detected. The countering of attacks on the ECC may comprise countering a power attack on the ECC. Checking if there is a fault injection attack on the ECC may be performed by determining if the temporary ciphertext satisfies a second elliptic curve equation. The fault detection algorithms takes place in a small subring of the extension ring, not in the original field, to minimize the computational overhead. The method can improve the stability of the ECC and reduce computational overhead of the ECC.

Abstract: An example embodiment of the present invention provides processes relating to self-initiated end-to-end monitoring for an authentication gateway. In one particular implementation, the authentication gateway periodically creates and stores a temporary logon for access to a network and then sends a message including the temporary logon over a secure connection to a client. When the client receives the temporary logon, the client responds to the message by attempting to access a configurable network site. The authentication gateway redirects the client to a captive portal which prompts the client for a logon and the client enters the temporary logon at the captive portal. Then upon validating the temporary logon against the stored temporary logon, the authentication gateway authorizes access to the network. If the client successfully accesses the site, the client sends a verification report to the authentication gateway indicating successful access. Otherwise, the client reports on the failed access.

Abstract: A method of managing protected video content is presented that includes inspecting a packet stream received from a subscriber broadband interface, where the packet stream includes video content. The method also includes generating a signature based on the video content and comparing the generated signature with a stored signature corresponding to protected video content. In a particular embodiment, the method can include storing data indicating that the protected video content has been re-distributed from the subscriber broadband interface when the generated signature matches the stored signature.

Abstract: Secure network communications between a source computer and a destination computer utilizing a firewall. The firewall determines a remote endpoint and the local physical memory address associated with a local endpoint included in the outbound request. The remote endpoint and the local physical memory address are hashed to generate an index value corresponding to an entry in an internal state table of the firewall. When an inbound request is received, the firewall determines a remote endpoint and the local physical memory address associated with a local endpoint included in the inbound request. The remote endpoint and the local physical memory address of the inbound request are hashed to generate an index value corresponding to an entry in the internal state table of the firewall. The firewall forwards the inbound request to the local endpoint if a matching entry is found in the internal state table at the index value.

Abstract: Embodiments for validating protected data paths for digital rights management of digital objects are disclosed. Some embodiments disclosed herein may comprise processes or apparatus for transferring data from one or more peripherals to one or more computers or digital data processing systems for the latter to process, store, and/or further transfer and/or for transferring data from the computers or digital data processing systems to the peripherals. Some embodiments disclosed herein may comprise processes or apparatus for interconnecting or communicating between two or more components connected to an interconnection medium within a single computer or digital data processing system.

Abstract: A method includes determining whether new phishing site identifiers (URLs and/or IP addresses) have been created. Upon a determination that the new phishing site identifiers have been created, the new phishing site identifiers are compared to site identifiers of sites to which critical values have been provided in the past. Upon a determination that at least one of the new phishing site identifiers matches at least one of the site identifiers, a phishing notification is provided that the user was successfully phished in the past.

Abstract: A method for protecting objects in a computer system against malware is disclosed. An object is analyzed to determine whether it is infected by malware, and if it is determined to be infected, a backup copy of the object is located in a backup of the objects. The infected object is replaced with the backup copy.