Abstract: An exemplary method involves receiving a request to process a file comprising computer instructions. The file may be a script, a source code file, a binary file, etc. The method also involves identifying a digital signature embedded in comments within the file. The method also involves attempting to validate the digital signature. If the digital signature is validated, the file is processed. If the digital signature is not validated, the file is not processed. The file may include multiple digital signatures. When this occurs, the file may be processed only if all of the multiple digital signatures are validated. Alternatively, the file may be processed if any of the multiple digital signatures are validated.

Abstract: A reader device includes a housing for receiving a smart card, a processor in electronic communication with an integrated circuit chip of the smart card when the smart card is received in the housing, a wireless communications device in electronic communication with the processor for enabling the reader device to transmit first encrypted information wirelessly and to receive second encrypted information wirelessly, and a memory in electronic communication with the processor that includes one or more routines executable by the processor. The one or more routines include a cryptographic module adapted to encrypt first information to create the first encrypted information and decrypt the second encrypted information to obtain second information. In addition, a communication system that includes the reader device and a computing device, wherein the reader device and computing device are able to wirelessly exchange information in a secure manner.

Abstract: A method for proactively enforcing security in a computer system is provided. A plurality of security modification rules is stored for a system. A set of conditions is associated with each security modification rule. Based on one or more audit records generated for the system, the system determines whether the set of conditions associated with any security modification rule has been satisfied. If the system determines that the set of conditions associated with a particular security modification rule has been satisfied, then the system performs an action that modifies one or more security parameters associated with the system, where the action is associated with the violated security modification rule.

Abstract: Systems and/or methods are described that strengthen secure hash functions. These systems and/or methods may, in some embodiments, create a random-appearing element based on a message and using a process. The element may then be assembled with the message. This assembly may be hashed using a secure hash function. Using the same process and secure hash function, the message may later be authenticated.

Abstract: A pipeline processing system and an information processing apparatus not malfunctioning even if there is a pipeline stage in which data is not correctly written, including a plurality of processing circuits for applying predetermined processing to a plurality of data blocks; memories accessed by any circuit of a plurality of processing circuits, encryptor for encrypting the data based on key information set for each series of pipeline processings continuously processed when storing processing results of the circuits in the memories; and decoders for decoding data based on set information used for the encrypting when reading the data encrypted and stored in the memories.

Abstract: Disclosed is a method for providing secure access to multiple secure networks from a single workstation. The architecture can use multiple layers of protection to isolate applications running at different security levels. The first means of isolation is a virtual machine monitor that isolates multiple operating systems running within separate virtual machines on the host operating system. The second layer is the use of multiple user security contexts on the host operating system to isolate each virtual machine. The third level of protection is a highly secured and restricted host operating system where all unnecessary services are removed and user actions are restricted to just the virtual machine monitor using software restriction policies. Finally, the operating system and virtual machine monitor can be run from read-only media to prevent any changes by an attacker from persisting.

Abstract: The present invention provides an electronic communication system and method for conducting business transactions. The present invention requires a customer to access a proprietary e-mail application residing behind one or more firewalls to enable one to one communication with a customer service representative. The electronic mail system of the present invention is equipped with workflow component(s), mainframe system tie-ins, human resource system(s) capable of accessing CRM information, and archiving/storage capabilities to ensure accurate records of all electronic communication. The system further utilizes a series of attractive graphic interfaces to ensure that both the organization and the customer are provided with the requisite information for transacting business via electronic mail.

Abstract: The invention relates to a system for providing customer requested services relating to security, monitoring and/or data acquisition in relation to a data processing device and/or a data network of a customer, where one or more of a plurality of tests are selected to be executed in relation to the data processing device and/or a data network, the selection of one or more tests being executed from a server which is connectable to the data processing devices and/or data network via a communication network, and where data representing results of the selection of tests may be accessed by the customer via a communication network and/or transmitted to the customer.

Abstract: In accordance with embodiments of the present invention a present authentication or identification process includes iterative and successive cross-hatching of biometric components such as voice print, fingerprint, hand analysis, retina scan, iris scan, and/or features (such as facial characteristics, scars, tattoos and/or birthmarks) with other identifying data such as a PIN, password phrase, barcode, or identification card.

Abstract: Systems and methods of mitigating DOS attacks on a victim node in a computer based communication system are presented. According to the methods a node such as a router upstream from the victim analyzes traffic flow directed to the victim node and if a pattern indicating a possible attack is detected a notification to the effect is sent to the victim node. The victim can either ignore the notification or chose to suggest or request attack mitigation measures be implemented by the upstream router. Alternatively the upstream router can implement attack mitigation measures without waiting for input from the victim node.

Abstract: A method of decrypting a message encrypted using a truncated ring cryptosystem. The method comprises selecting a window parameter T determining a plurality of windows of a predetermined size, each window being shifted by an amount less than or equal to the window parameter T. A decryption candidate is determined for each possible window. Each decryption candidate is tested to determine whether it is a valid message. The result of the decryption is chosen to be a valid message found in the previous step or if no valid message is found it is indicated that the message could not be decrypted. By this method, a constant number of decryption candidates are determined for each decryption.

Abstract: A method of protecting the integrity of a computer program running on a computer device includes a procedure of detecting whether or not an unauthorized modification of the address space of the program has occurred and terminating program execution if an authorized modification is detected and continuing program execution if no such modification has been detected. A communication method between at least two communication parties of a computing device includes the step of generating at each of the communication parties for every communication sequence at runtime a private key and a public key for a digital signature, making available the public key to the other communication parties and performing the communication between the communication parties using a digital signature based on the private and public keys. Both methods provide improved protection against possible violations of integrity and authenticity by malicious programs on a local computer system.

Abstract: Methods and home agent for building a plurality of individual binding updates in the home agent on behalf of a mobile node. One of the methods and the home agent is directed to receiving an Aggregated Binding Update (ABU) at the home agent from the mobile node, building the plurality of individual binding updates from the ABU and sending from the home agent each of the plurality of individual binding updates toward each of the different destination addresses. Each of the plurality of individual binding updates has a different destination address, which is specified in the ABU. Another of the methods and the home agent is directed to intercepting a plurality of binding acknowledgments destined to the mobile node, building an Aggregated Binding Acknowledgment (ABA) from the plurality of binding acknowledgments and sending the ABA toward the mobile node.

Abstract: Network appliances for use in combination with a network based full service, multi-media surveillance system provide a wide range of monitoring techniques utilizing digital network architecture. The appliances may be connected to the surveillance system for transmitting event data, video and/or image monitoring information, audio signals and other data over significant distances using digital data transmission over networks such as a local area network (LAN), a wireless LAN (WLAN), a wide area network such as the Internet for other networks, permitting remote manual and/or automatic assessment and response. The wireless LAN connectivity permits local distribution of sensor information audio, video and image data with relatively high bandwidth without requirement of a license and without relying on a common carrier and the fees associated therewith.

Abstract: An aspect of the of the invention may include the transfer of a block of data from a first memory location to a second memory location in a DRAM. During the transfer of the block of data from the first memory location, if an encryption mode is selected, the data may be buffered, encrypted, and then stored in the second memory location. If a decryption mode is selected, the transferred data may be buffered, decrypted and then stored in the second memory location. If a bypass mode is selected, the data may be buffered and then stored in the second memory location. In this regard, the encryption/decryption operations may be bypassed.

Abstract: In a disclosed method for authenticating a digital signature key, a record is prepared that includes an integrated combination of indicia uniquely corresponding to the key, and indicia of a covenant not to repudiate any digital signature made with the key except under specified conditions. The owner of the key performs a legally accepted execution of the record, whereby he enters into a covenant with any bearer of the record not to repudiate any digital signature made with the key except under the specified conditions.

Abstract: Methods for transmitting digitized x-ray radiographs are disclosed. Digitization may be carried out through use of a digital camera or through digital radiography. After digitization is complete, in certain embodiments of the present invention, the digitized x-ray radiograph is encrypted. In other embodiments, a virtual private network is established. In still other embodiments, either before or after generating a digitized x-ray image, written notice to a human subject concerning the identity of one or more authorized intended recipients may be provided. All embodiments include transmission of the digitized x-ray radiograph.

Abstract: Reliable end-to-end messaging in which tracking and acknowledgement information are contained in the electronic message that is visible to layers above the transport layer, thereby being independent of what transport protocols, and whether different transport protocols, are used to communicate between the two end points. Furthermore, acknowledgment messages may identify multiple ranges of sequence numbers corresponding to received electronic messages, thereby permitting further flexibility and completeness in acknowledging received messages.

Abstract: A digital device operatively coupled to a computer network including first and second networked components receives unitary data stream having N fields of data and an associated Nth field label, and distributes the contents of each of the N fields to one of the first and second networked devices in response to the N field labels included in the unitary data stream, where N is a positive integer. A method for operating the digital device is also described.

Abstract: The present invention provides for validating downloaded code. Code is transferred to a volatile memory of a system on a chip from a source. The volatile memory is decoupled from the source of the transferred code through employment of an isolation bus. An embedded security value, associated with the downloaded code, is determined. The security value is compared to an unlock sequence stored within the non-volatile memory in the system on a chip. If the security value matches the unlock sequence, the downloaded code is allowed access to secure data stored in the non-volatile memory. If the security value does not match the unlock sequence, the downloaded code is denied access to the secure data stored in the non-volatile memory.