Abstract: A system and method is provided which allows multicast communications encrypted using IPSec protocol to be received by receivers in a network. In order to allow the receivers to receive the encrypted multicast communication, the address information of the received multicast communication is modified to appear as a unicast communication being transmitted directly to the address of the receiver, such that the receiver may then decrypt the received multicast communication using IPSec decryption capabilities or may, alternatively, forward the received multicast communication in its encrypted state to other devices. The system and method further provide IPSec encryption key delivery to the receiver using an encrypted markup language file. Multiple keys may also be generated for a given IP address of a receiver with each key being generated for a particular multicasting hierarchical classification.

Abstract: The invention relates, mainly to a cryptographic process using an elliptic curve represented by means of an equation containing first and second parameters (a, b), a bilinear matching, and calculations in a finite group of integers constructed around at least one first reduction rule reducing each integer to its remainder in a whole division by a first prime number (p) that constitutes a third parameter, the elements of the finite group being in bijection with points selected on the elliptic curve, and the number of which is linked to a fourth parameter (q), where this process uses public and private keys, each of which is represented by a given point of the elliptic curve or by a multiplication factor between two points of this curve. According to the invention, the first reduction rule is the only reduction rule implemented, and the elliptic curve is obtained through a step-by-step construction process, directly allocating to the finite group q*q q-order points in the elliptic curve.

Abstract: A key calculation method and a shared key generation method, the key calculation method including: generating two keys to perform a key calculation; calculating a first value based on coefficients having an identical coefficient value among coefficients included in each of the two keys; and performing a coordinates operation or an exponentiation operation based on the first value, wherein the calculating of the first value is performed with respect to each of coefficient values included in the two keys, excluding 0.

Abstract: An embodiment relates generally to a method of preventing resource access conflicts in a software component. The method includes intercepting a lock operation in the software component and testing an associated lock type of the lock operation against a set of rules. The method also includes determining an action based on the associated lock type conflicting one of the rules of the set of rules.

Abstract: At a transmitter, a program is encrypting according to a one program key, the program key is encrypted, and the encrypted program, the encrypted program key, and non-encrypted PSI data to a receiver are transmitted. At a receiver, the encrypted program, the encrypted program key, and the non-encrypted PSI data are received, the encrypted program key is decrypted, the encrypted program is located according to the non-encrypted PSI data, and the located encrypted program is decrypted according to decrypted program key.

Abstract: Method and apparatus for managing digital certificates are described herein. In one embodiment, an encryption certificate is extracted from an email received from an owner of the encryption certificate, where the encryption certificate being issued from a trusted party other than the owner. Then the encryption certificate is associated with an entry of a directory based on an identity (ID) of the owner, where the directory provides directory services to one or more email servers. Other methods and apparatuses are also described.

Abstract: A network switch detects at least two simultaneous connections on a single network port. The simultaneous connections use different protocols despite using the same port. The network switch mirrors network traffic associated with the simultaneous connections to a security management device on the network. The security management device then determines a source or destination of the network traffic.

Abstract: A transmitting/receiving system includes a transmitting apparatus that transmits, to another apparatus, first encrypted data obtained by encrypting stream data including consecutive unit data items in accordance with a first encryption technique prescribing that, when the stream data is encrypted for each item, keys used for encrypting the items are updated, and a receiving apparatus that receives and decrypts the first data from the transmitting apparatus in accordance with a first decryption technique. The transmitting apparatus includes an encryptor that outputs second encrypted data obtained by generating data including a predetermined number of keys, and encrypting the data in accordance with a second encryption technique, a transmitter that transmits the second data from the encryptor to the receiving apparatus.

Abstract: Techniques are disclosed for providing connection data related to a firewall. In one aspect, computer-readable media provide a method that includes receiving a request for a set of connection parameters of a firewall related to data packets processed by at least one non-CPU device of the firewall. The method further includes identifying raw data of a session table that corresponds to the requested connection parameters. The method additionally includes calculating a result for the requested connection parameters from the raw data, and providing the result in a format detailing a number of connections for each connection parameter.

Abstract: A method for generating a network address, called a multi-key cryptographically generated address (MCGA), enables the network address to be claimed and defended by multiple network devices. The network address can be generated by (a) obtaining a cryptographically generated identifier using public keys corresponding to the network devices, and (b) applying an address generation function to the cryptographically generated identifier. The address generation function may be a one-way coding function or cryptographic hash of the public keys from all hosts that will advertise or claim the right to use the address. A message that claims authority over the MCGA may include an encrypted digest of the message which is encrypted using the private key of the sender. Authentication of the sender may be achieved by obtaining a test digest from the message using the digest function, decrypting the encrypted digest, and comparing the decrypted digest to the test digest.

Abstract: A data encryption device that is capable of stopping power analysis attacks and reducing instances of speed drops and memory amount increases in encryption processing more effectively than in the past; the data encryption device performs a predetermined encryption, based on a key, on a plain text, and includes a random number generation unit (410a) which generates one core random number per round, concatenates a predetermined amount of plural core random numbers and generates a first random number; an exclusive OR unit which data-merges the plain text with the first random number and generates intermediate data (410b); and a data randomizing unit (410f, 410k) which performs a data randomizing process on the intermediate data, the data randomizing process being based on the first random number, a second random number and the key.

Abstract: A universal anonymous data collection and exchange service is provided where individuals and entities initially register with the service utilizing “legally authentic” identity documentation to obtain a “universal ID” (UXID). The UXID consists of a sting of alphanumeric digits selected from a hash function that is performed on a string of personally identifying information. Once registered, the individual and entity UXIDs are used as a means by the service to engage in a pre-defined confidential data collection and exchange protocol between participating, registered UXID holders. The service is designed for use across many applications, individuals and entities, and may support one-time or recurring collection of data.