Abstract: The present invention provides a method involving a mobile node, a home agent, and an authentication server in a wireless communication system. The method includes generating, at the authentication server, a first security key that indicates a secure association between the home agent and the mobile node based on a second security key that indicates a secure association between the mobile node and the authentication server. The method also includes generating, at the authentication server, at least one first index associated with the first security key. The first index is also generated by the mobile node. The method also includes storing, at the authentication server, the first index and the first security key.

Abstract: An information processing apparatus encrypts data that is to be printed by a printing apparatus and stored in a storage device detachably connected to the information processing apparatus so that the encrypted data can be decrypted by the printing apparatus. Once the data has been encrypted, the information processing apparatus stores the encrypted data in the storage device. After the storage device including the encrypted data has been detached from the information processing apparatus and connected to the printing apparatus, the printing apparatus decrypts the encrypted data stored in the storage device and executes a printing process according to the decrypted data.

Abstract: A method of defending against a denial-of-service (DoS) attack on an IPv6 neighbor cache includes steps of determining a number of neighbor cache entries currently stored in the neighbor cache and then determining whether the number of entries exceeds a neighbor cache threshold that is less than a neighbor cache limit defining a maximum capacity of the neighbor cache. When the number of entries in the neighbor cache exceeds the neighbor cache threshold, stateless neighbor resolution is triggered. Stateless neighbor resolution entails sending a neighbor solicitation to resolve an address for an incoming packet without logging a corresponding entry in the neighbor cache. Additional techniques that complement the above method involve purging of neighbor cache entries designated as incomplete, prioritization of the entries based on trustworthiness, shortening the incomplete-status timer to less than 3 seconds, and curtailing the number of retransmissions of the neighbor solicitations.

Abstract: The present invention provides an interconnect device that connects a source device to a destination device, and allows the source device's non-compliant rights management (RM) interface to deliver media content with little or no restriction to the destination device's compliant RM interface.

Abstract: A method is disclosed for protecting secret data, which is intended to be processed by an original function, from being deduced by a side-channel attack upon execution of the original function by an electronic computing device. The method includes creating hardware circuitry which replaces the original function with one or more pairs of replacement functions, by applying a predetermined masking algorithm which performs a recursive protection process. Further disclosed is an apparatus for protecting secret data, which is intended to be processed by an original function, from being deduced by a side-channel attack upon execution of the original function by an electronic computing device.

Abstract: A malware spoof component may be a formed component which has some but not all characteristics of an actual malware file or other component. Alternately, a spoof component may be an isolated component extracted from actual malware. Malware spoof components may be placed on a target system, after which a listing is obtained and checked. If the placed spoof component does not appear in the listing, then the spoof component may have been filtered out by malware infecting the system, thereby revealing the malware's presence.

Abstract: A method and data processing system for intercepting communication between a user and a service. An authentication component receives, from the user, a user request directed to the service. The authentication component adds a user-specific token to the user request to generate a tokenized request. The tokenized request includes the user request and the token. The token includes a unique user identifier that identifies the user. The authentication component sends the tokenized request to a proxy. The proxy sends the tokenized request to the service. The proxy invokes an interceptor plug-in that is plugged into the proxy. The interceptor plug-in ascertains that the unique user identifier in the tokenized request is present in an interception control list of unique user identifiers. The interception control list is accessible to the interceptor plug-in. The interceptor plug-in sends the tokenized request to an interceptor manager who stores the tokenized request.

Abstract: A computer implemented method, apparatus, and computer program product for port scan protection. A reply data packet having a modified transmission control protocol header is generated to form a modified reply data packet, in response to detecting a port scan. The modified reply data packet will elicit a response from a recipient of the modified data packet. The reply data packet is sent to a first Internet protocol address associated with the port scan. A second Internet protocol address is identified from a header of the response to the modified reply data packet. The second Internet protocol address is an actual Internet protocol address of a source of the port scan. All network traffic from the second Internet protocol address may be blocked to prevent an attack on any open ports from the source of the port scan.

Abstract: Disclosed is a mechanism for securely coupling a security IC and an FPGA. This mechanism creates a shared secret key; creates a password key; generates an encrypted shared secret key by encrypting the “shared secret key” with the password key; incorporates the “encrypted shared secret key” into an FPGA net list; programs the FPGA using the “FPGA net list”; transmits the “password key” from the security IC to the FPGA; allowing the FPGA to: obtain the “shared secret key” by decrypting the “encrypted shared secret key”; and store the “shared secret key” in at least one volatile memory location.

Abstract: The present invention discloses a method and system for remote password based authentication using smart cards for accessing a communications network. The disclosed method does not require a remote authentication sever to maintain a table of passwords for all users. The disclosed method and system also support mutual authentication. It not only prevents the illegal use of system resources by an impersonator, the user can also authenticate the identity of the remote authentication server.