Abstract: An efficient solution for secure implementation of indirect addressing (IA) is described. IA may be used, for example, in networks of which the routing algorithms are not capable of multicast but also contain very constrained devices that, although requiring multicast, are not capable of repeated unicast. This ID is useful in wireless networks containing low-power low-cost devices.

Abstract: A data migration system performs a tamper-resistant data migration for regulatory compliance systems. The system generates a secure hash for the data object, adds a timestamp to the hash, produces a signature for the data object using a private key, and includes the signature in a signature summary of data objects. Immediately prior to data migration, the system signs the signature summary of the set of data objects to be migrated. The signature of the data object maintains integrity of the data object by preventing undetectable modification to a data object during migration. The signed signature summary maintains completeness by preventing undetectable removal of a data object from or insertion of a data object into the set of data objects during migration.

Abstract: A method for analyzing a network element may include assigning values to each of a plurality of vulnerabilities. The method may also include identifying a vulnerability associated with the network element and generating a risk indicator for the network element based on the assigned value associated with the identified vulnerability.

Abstract: Accessing a data set with secret and non-secret data. A method includes accessing a data set image. The data set image comprises secret data. The data set image is derived from an authorized data set associated with a master key that authorizes access to the secret data. The master key is not provided with the data set image. The method further comprises restoring the data set image to a computing system to create a degraded data set. Data in the degraded data set other than the secret data is accessed without restoring the master key.

Abstract: A technique for acquiring information. In response to receiving a request to read data stored in a database, said data is read from said database. In response to receiving a request to deliver particular data among said read data at a point in time when said particular data is to be used, it is determined whether said delivery request satisfies predetermined criteria. Said particular data is delivered in response to determining that said delivery request satisfies said predetermined criteria.

Abstract: In a digital recording apparatus including a data control circuit 2a, a memory 4, an encryption circuit 5, an interface 6, a DVD drive 8, and a CPU 3, when encryption is required during recording, data is temporarily stored in the memory 4. After the encryption circuit 5 is enabled, the data is encrypted and recording by the DVD drive 8 on a recording medium is resumed. Thus, it is possible to make the encryption circuit operate only when recording a program requiring a content protection and to perform recording or reproducing from the required timing without interrupting the recording or reproducing even during start-up of the encryption circuit.

Abstract: A protocol management system is capable of detecting certain message protocols and applying policy rules to the detected message protocols that prevent intrusion, or abuse, of a network's resources. In one aspect, a protocol message gateway is configured to apply policy rules to high level message protocols, such as those that reside at layer 7 of the ISO protocol stack.

Abstract: A processing apparatus for transmitting electronic information on copyrighted work, which has a predetermined amount of data, with an electronic signature being added thereto, includes division-processing device which divides the electronic information on copyrighted work into at least two parts, electronic-signature-operating device which operates to add the electronic signature for every part of the electronic information on copyrighted work divided by the division-processing device, and information-transmitting device which synthesizes the electronic information on copyrighted work to which the electronic-signature-operating device operates to add the electronic signature and electronic signature information for determining whether the electronic signature is legitimate and transmits the synthesized information.

Abstract: Embodiments of methods, apparatuses, systems and/or devices for document control are described. For example, a document control policy may comprise a set of document control rules that may be applied to an electronic document. In one embodiment the policy may be at least partially represented by a language such as Portable Document Rights Language (PDRL), for example. PDRL, in at least one embodiment comprises a language that may be utilized for expressing the rights and conditions of a document control policy. A policy may be associated with one or more electronic documents, and may include a set of document control rules that may define rights associated with an electronic document, such as the right to access the electronic document by opening, editing, saving and/or printing the document, for example.

Abstract: A system comprises a processor, a display, an operating system executable on the processor and an executable application that is separate from the operating system. The operating system provides settings that can be used to control access to a removable storage medium. The application provides a graphical user interface (GUI) that permits a user to select a security setting from among a plurality of selectable security settings and that causes the operating system to implement the user-selected security settings to control access to the removable storage medium.

Abstract: A method and apparatus for electronic commerce using a digital ticket are provided. The method for electronic commerce using a digital ticket includes hiding a message comprising a random number and transmitting the hidden message to a ticket issuer, receiving the hidden message signed with a digital signature by the ticket issuer, verifying the digital signature on the message, and transmitting the message with the verified digital signature to the ticket issuer to consume a digital ticket.

Abstract: A user provides signature attributes to a computer system for generating a signature, such as content directories, a signature accuracy level, and whether an existing signature database exists. The computer system generates a signature and the user tests the signature against a test file system. Based on the test results, the user may refine the signature using a different file system or a different content installation. In one embodiment, a user may generate a parent signature from existing “child” signatures that correspond to different versions of particular content. For example, a user may wish to generate a “Program” parent signature using children signatures “program v.0,” “program v.1,” and “program v.2.” When the user is satisfied with the signature, the user may use the signature to detect content that is located in a computer device's file system.

Abstract: A method and apparatus for managing communication security in a wireless network are provided. The method includes receiving from a station that intends to associate in the wireless network including an access point, first key generation information provided by the access point and second key generation information provided by the station, providing third key generation information, generating a security key using the first key generation information, the second key generation information, the third key generation information, and an initial key, and sending the third key generation information and the security key to the station.

Abstract: The present invention is directed to a system and method for propagation of security information for secure information exchange. Existing and new authentication information are gathered and combined into the same header. The header is attached to electronic document data encrypted by a client device and sent via a computer network to a document processing device. The document processing device, upon receipt of the header and document first decrypts the header and uses the existing authentication information to qualify the new authentication information by validating the existing authentication information through a trusted authentication mechanism. Once validated, the new authentication information is available for future document processing operations by the document processing device and other trusted document processing devices.

Abstract: Access to information instances is administered using selectively activatable rules. A computer program product includes rules establishing authorizations to information instances in a computer system, each of the rules authorizing a predefined subject to perform a predefined action on a predefined object. The computer program product includes an activation function for an administrator to selectively activate at least one of the rules, the activated rule to be applied upon a user seeking to perform an action on any of the information instances.

Abstract: A document protection method may include retrieving a document from a memory device, encrypting the document using an encryption tool, imaging a decryption key on an imaging medium, and reading the decryption key to decrypt the document. A document protection system may include at least one controller configured to control imaging of a decryption key on a medium, a memory storage device configured to store a document, an decryption tool configured to encrypt the document, and a decryption tool configured to read the decryption key to decrypt the document.

Abstract: A field configurable device, such as an FPGA, supports secure field configuration without using non-volatile storage for cryptographic keys on the device and without requiring a continuous or ongoing power source to maintain a volatile storage on the device. The approach can be used to secure the configuration data such that it can in general be used on a single or a selected set of devices and/or encryption of the configuration data so that the encrypted configuration data can be exposed without compromising information encoded in the configuration data.

Abstract: Generally described, a method, software system, and computer-readable medium are provided for preventing a malware from colliding on a named object. In accordance with one aspect, a method is provided for creating a private namespace. More specifically, the method includes receiving a request to create a private namespace that contains data for defining the boundary of the private namespace from the current process. Then a determination is made regarding whether a principle associated with the current process has the security attributes that are alleged in the request. In this regard, if the principle that is associated with the current process has the security attributes that are alleged in the request, the method creates a container object to implement the private namespace that is defined by the data received in the request.

Abstract: A data encryption-decryption method includes the steps of receiving a data byte N and performing a triple-churning operation on byte N to obtain an encrypted byte N. Preferably, the triple-churning operation includes performing a first churning operation to obtain a first churned output, bit-wise XORing the first churned output with two values to obtain a first XOR result, performing a second churning operation on the first XOR result to obtain a second churned output, bit-wise XORing the second churned output with two values to obtain a second XOR result, and performing a third churning operation on the second XOR result to obtain encrypted byte N.

Abstract: A method, system and article for encrypting data by applying an encryption process, wherein the encryption process includes storing progress data relating to the progress of the encryption process so that the encryption process may be resumed after an interruption. Even more specifically, after the interruption, progress data relating to the progress of the encryption process is accessed. Portions of the progress data are compared to determine the last encrypted data segment. After the last encrypted data segment, the encryption process at the data segment is resumed.