Abstract: Under the present invention, when an event is received on a server, it is stored and then categorized. In being categorized, an event group pertaining to the event is identified. Based on the group of events, a set (e.g., one or more) of destinations to which the event should be routed can be determined. The group of events is then associated with an access control list (ACL) that contains entries identifying users (or groups of users) and their permissions to interact with events in that group. Once the association is made, the event and optionally the ACL is routed to the appropriate destinations. Based on the permissions contained in the ACL, the destinations will interact with the event accordingly.

Abstract: This invention is to minimize influence to other network by preventing unauthorized accesses such as DDoS attacks and probing by worms. When the blocking apparatuses 10a and 10b detect outbound packets by the DDoS attacks or by the probing by the worm, they carry out the Egress filtering for such outbound packets to prevent the packets relating to the unauthorized access from being sent to the backbone network 1000. Moreover, because a notice to the effect that the unauthorized access is detected is sent to other blocking apparatuses 10c and 10d via the management apparatus 16, for example, the blocking apparatuses 10c and 10d precautionarily carry out the Ingress filtering to prevent the packets relating to the unauthorized access from being sent to the network C and D.

Abstract: A network correction security system. The network correction security system connected between a network node and a security-related external system, detects attacks on the network node, corrects weak parts of the performance of the network node, collects information for improving the security performance of the network node from a security-related external system, analyzes the information, monitors principal resources of the network node to detect a fault, and removes the fault according to a measure corresponding to a grade of the fault. The network correction security system carries out a recovery process when the fault has not been corrected, and recovers the functions of the network node according to a recovery mechanism when the fault has not been removed after the recovery process.

Abstract: A set of methods, and systems, for use in an identity management system are disclosed herein. A modular user identity information datastore using hardware accelerated encryption for user data security operates in a network for receiving requests for, and issuing responses containing user information including third party accredited assertions.

Abstract: An exemplary embodiment of a method (10) for authenticating software in a cable modem makes use of a secure key and certificate stored in flash memory. In this exemplary embodiment, the code employs a key to validate (16) a signature that is generated for each new build of the code. During build of the code, the code is digitally signed (12) using e.g., a Motorola RSA private key. The message digest and the signature are then stored at the end of code file itself (13). Each time the modem (52) reboots, the code can validate (16) that the image in flash has not been modified. This validation function (16) can be accomplished e.g., by calling an RSA Signature Verification function to confirm that the signature in the header equals the message digest signed by the manufacturer's private key or the manufacturer's CVC.

Abstract: An information processing apparatus, a session recovery method and a recording medium for storing a session recovery program are disclosed. According to one aspect of the present invention, even if a session with a server apparatus connected via a network is invalidated, it is possible to resume the session without user's recognition of the session invalidation. The information processing apparatus includes an authentication information maintain part maintaining authentication information supplied to establish the session, a session invalidation detection part detecting that the session is invalidated, and a session recovery part, when the session invalidation detection part detects that the session has been invalidated, requesting the server apparatus to establish a session by using the authentication information in the authentication information maintain part.

Abstract: One aspect of an embodiment of the invention provides a method, system, and device to prove to a challenger that a prover device has a signature from a device manufacturer without revealing the signature to the challenger. According to one implementation, a challenger is provided with the result of a one-way function of a secret held by a prover device. An interactive proof is employed, between the prover device and the challenger, to prove to the challenger that the secret used in the one-way function has been signed by a device signature without revealing the secret or the device signature or the prover device's identity to the challenger.

Abstract: A method of synchronizing the operation of a two-way QKD system by sending a sync signal (SC) in only one direction, namely from one QKD station (ALICE) to the other QKD station (BOB). The one-way transmission greatly reduces the amount of light scattering as compared to two-way sync signal transmission. The method includes phase-locking the sync signal at BOB and dithering the timing of the quantum signals so as to operate the QKD system in three different operating states. The number of detected quantum signals is counted for each state for a given number of detector gating signals. The QKD system is then operated in the state associated with the greatest number of detected quantum signals. This method is rapidly repeated during the operation of the QKD system to compensate for timing errors to maintain the system at or near its optimum operating state.

Abstract: An execution system including a loader which (i) causes an error in a program which has been started within a range in which the caused error is correctable based on an error correcting code, and (ii) loads the program, in which the error is caused, into a main memory. Further, the execution system includes a processor which simultaneously corrects the error and executes the program.

Abstract: A method for selectively enhancing a voice telephone call from a first location to a second location over a public switched telephone network, including receiving audio signals from a conventional telephone using a first device positioned at the first location; and, in a first mode, passing the received audio signals to the public switched telephone network in a substantially unaltered manner; and, in a second mode, generating data indicative of the received audio signals using the first device; multiplexing the generated data with other data desired to be communicated using the first device; and, transmitting the multiplexed data over the public switched telephone network; wherein, the transmitted data is suitable for being received from the public switched telephone network and de-multiplexed to generate reproduced audio signals indicative of the received audio signals and the other data by a second like device.

Abstract: A system and method is provided for confirmation of the identity of a contact on the network. A notification that a nearby user is present on a network is signed with a private key associated with the nearby user. The private key is also associated with a public key. A local user that has the nearby user's public key can verify the signature on the notification and confirm that the nearby user is the source of the notification. The verification of identity of the nearby user allows rich content previously stored for the nearby user to be displayed along with the nearby user's presence information.

Abstract: A method and apparatus is provided for authenticating a candidate user of a microprocessor based system by using performance measures obtained through monitoring the behavior of the candidate user as he participates in an interactive procedure. The candidate user is authenticated if the performance measures compare favorably with predetermined requisite performance measures. The performance of an authorized user during the interactive procedure, as judged by the performance measures, must be reliably repeatable. The requisite performance measures are effectively disguised from the user and any potential onlookers, at once ensuring the integrity of the authentication method against sharing, eavesdropping, and coercion. In essence, the interactive procedure must elicit consistent performance from an authorized user, but in a manner that is not easily described or even understood by the authorized user or any onlookers.

Abstract: A portable security device for providing secure communications over a plurality of networks is presented. In one embodiment, the device comprises, at least one communication port for transfer of audio data, at least one communication port for transfer of digital data, a keypad, an encoding/decoding device, a conversion device operable to covert between audio and digital data and a processor, in communication with a memory, the keypad, the said encoding/decoding device, operable to execute code for selecting a configuration of a transmission and a reception port from among said communication ports dependent upon the presence of a network communication device and an input/output device in communication with said selected ports, providing data received from said selected reception port to said encryption/decryption device for encrypting; and providing said encrypted data to said selected transmission port.

Abstract: An image forming apparatus which is connected to an external device via a communication unit includes a launching program identification unit which stores launching program information for specifying a program module to be executed upon launching from a plurality of program modules for realizing a plurality of functions, and a program management unit which executes a program module corresponding to the launching program information when the image forming apparatus is activated, on the basis of the launching program information stored in the launching program identification unit. License information containing the identification information and launching program information of the apparatus is acquired from a PC via the communication unit. The launching program information stored in the launching program identification unit is updated on the basis of the acquired license information, thereby changing the program module to be executed upon activating the apparatus.

Abstract: A method for delivering an update to at least one user, including creating an electronic communication including an update and a unique signature identifying, the electronic communication as including the update and sending the electronic communication to the user.

Abstract: Apparatus, methods, and computer program products are disclosed that use a lease to manage interpersonal communications over a computer-mediated network such as a telephone network or the Internet, whether using textual, audio, or video communication means. The use of the lease allows enables negotiated evolution and revocation of a communication privilege in a socially-acceptable manner.

Abstract: Disclosed herein are several digital certificate discovery and management systems. Detailed information on various example embodiments of the inventions are provided in the Detailed Description below, and the inventions are defined by the appended claims.

Abstract: An apparatus, a method, and a computer program are provided for distinguishing relevant security threats. With conventional computer systems, distinguishing security threats from actual security threats is a complex and difficult task because of the general inability to quantify a “threat.” By the use of an intelligent conceptual clustering technique, threats can be accurately distinguished from benign behaviors. Thus, electronic commerce, and Information Technology systems generally, can be made safer without sacrificing efficiency.

Abstract: A system on a chip (SOC) device is disclosed comprising external outputs, and external inputs. A first secure storage location is operably decoupled from all of the external outputs of the SOC device during a normal mode of operation. By being decoupled from all external outputs, representations of the data stored at the first secure device are prevented from being provided to the external outputs. The decryption engine is also included on the system on a chip, comprising a first data input, and a private key input coupled to a first portion of the first secure storage location, and an output coupled to a second secure location. The decryption engine is operable to determine decrypted data from data received at the first data input based upon a private key received at the private key input. The decryption engine is further operable to write the decrypted data only to the first secure memory location and the second secure location.

Abstract: A device and method for scrambling data by means of address lines is disclosed, which includes a seed generator, a first parameter generator, a data scrambler and a de-scrambler. The seed generator is connected to an address bus for generating a seed in accordance with a specific address on the address bus. The first parameter generator is connected to the seed generator for generating a first parameter based on the seed. The data scrambler is connected to a data bus for scrambling data based on the first parameter when a CPU core is to write the data to the specific address. The de-scrambler is connected to the data bus for de-scrambling the data based on the first parameter when the core is to read the data from the specific address.