Abstract: In an information management system, policies are deployed to targets and targets can evaluate the policies whether they are connected or disconnected to the system. The policies may be transferred to the target, which may be a device or user. Relevant policies may be transferred while not relevant policies are not. The policies may have policy abstractions.

Abstract: A method and system to transport encrypted keys among the participants of a real time communications session are provided. The system may include a message detector, a carrier packet detector and a decrypting module. The message detector may be configured to receive, at a target device, a first communication from a source device. The first communication may comprise a first message. The carrier packet detector may be configured to receive, at a target device, a second communication from a source device. The second communication may comprise a first encrypted key to decode the first message. The decrypting module may be configured to decode the message, utilizing the first encrypted key.

Abstract: A command processor providing user authentication and message tamper detection, comprising: an interface to read email; and a processor for (i) analyzing command processor messages to determine an authentication of a sender; (ii) analyzing command processor messages to determine if the command message has been altered from an authentic message content; and if the command processor message is from an authenticated sender and unaltered, passing the message to a command processor.

Abstract: Embodiments are directed to the providing a cloud keying and signing service and to securing software package distribution on the cloud. In an embodiment, a computer system instantiates a signing service configured to sign software packages. The computer system receives a signing request from a computer user requesting that a selected software package be signed. The signing request includes a computed hash of the selected software package. The computer system generates a private and public key pair on behalf of the computer user and stores the private key of the generated key pair in a secure data store.

Abstract: An apparatus and method for encoding and decoding additional information into a stream of digitized samples in an integral manner. The information is encoded using special keys. The information is contained in the samples, not prepended or appended to the sample stream. The method makes it extremely difficult to find the information in the samples if the proper keys are not possessed by the decoder. The method does not cause a significant degradation to the sample stream. The method is used to establish ownership of copyrighted digital multimedia content and provide a disincentive to piracy of such material.

Abstract: An encrypted-stream processing circuit includes: a decryption mechanism decrypting an encrypted stream; a stream-data processing mechanism separating a plurality of packets included in a stream decrypted by the decryption mechanism in accordance with a packet identifier identifying the packet, and creating a partial stream by extracting a part from the stream under the control of a CPU (Central Processing Unit); and an encryption mechanism encrypting the partial stream, wherein the decryption mechanism, the stream-data processing mechanism, and the encryption mechanism are included in a packaged integrated circuit, and are connected to the CPU through a bus.

Abstract: A packet based high bandwidth copy protection method is described that includes the following operations. Forming a number of data packets at a source device, encrypting selected ones of the data packets based upon a set of encryption values, transmitting the encrypted data packets from the source device to a sink device coupled thereto, decrypting the encrypted data packets based in part upon the encryption values, and accessing the decrypted data packets by the sink device.

Abstract: A method for long impulse response digital filtering of an input data stream, by use of a digital filtering system. Where the input data stream is divided into zero-input signals and zero-state signals. One of the zero-input signals and a corresponding impulse response of the digital filtering system is converted to the frequency domain to determine a respective zero-input response of the digital filtering system. One of the zero-state signals is convolved with a corresponding impulse response of the digital filtering system to determine a respective zero-state response of the digital filtering system, wherein at least part of the zero-input signal precedes the zero-state signal. The zero-state response of the digital filtering system is added to the zero-input response of the digital filtering system to determine the response of the digital filtering system. Apparatus for effecting this method is also disclosed.

Abstract: An apparatus and method for preventing information leakage attacks through a polarized cryptographic bus architecture. The polarized cryptographic bus architecture randomly changes the polarity of the target bit such that the leaked information cannot be consistently averaged to yield statistical key material. Further, to increase the prevention of information leakage attacks, a set of dual rails is used to write data to a given register bit.

Abstract: Intelligent hardware token processors (5) are capable of sending and receiving encrypted messages. Generic initialization with non-user-specific certificates comprising public and private keys allows a certificate authority (210) to securely communicate with the hardware token. New users enrolling with the certificate server (210) have their hardware tokens securely reprogrammed with user specific certificates.

Abstract: Computer-implemented methods, apparati, and computer-readable media for detecting malicious computer code in a file (2) associated with a computer (10). A method of the present invention comprises the steps of determining whether there is more than one hard link (1) to the file (2); and when there is more than one hard link (1), ascertaining the identities of all the hard links (1), and performing an antivirus scan on the file (2) based upon the hard link(s) (1) having the most restrictive scanning criteria of all the hard links (1), or upon the union of scanning criteria amongst all the hard links (1).

Abstract: Two methods for random number generation are modified to make them more resistant to attacks by current measurements. The methods are particularly designed to be implemented in electronic devices such as smart cards, PCMCIA, badges, contactless cards or any other portable device. The DES algorithm is encrypted using a key K having a value D representing date information, to generate an integer variable I. For j ranging from 1 to m, the following steps are carried out: substituting s with s XOR I; introducing in the integer variable y the result of the encryption of s with the DES algorithm using the key K; introducing in xj the result of y or s; substituting s with y XOR I; and introducing in s the result of the encryption of s with the DES algorithm using the key K. The sequence (x1, x2, xm) is then restored in the output.

Abstract: Methods, systems and computer program products are provided for determining if a packet has a spoofed source Internet Protocol (IP) address. A source media access control (MAC) address of the packet and the source IP address are evaluated to determine if the source IP address of the packet has been bound to the source MAC address at a source device of the packet. The packet is determined to have a spoofed source IP address if the evaluation indicates that the source IP address is not bound to the source MAC address. Such an evaluation may be made for packets having a subnet of the source IP address which matches a subnet from which the packet originated.