Abstract: In a compression processing storage system, using a pool of encryption processing cores, the encryption processing cores are assigned to process either encryption operations, decryption operations, and decryption and encryption operations, that are scheduled for processing. A maximum number of the encryption processing cores are set for processing only the decryption operations, thereby lowering a decryption latency. A minimal number of the encryption processing cores are allocated for processing the encryption operations, thereby increasing encryption latency. Upon reaching a throughput limit for the encryption operations that causes the minimal number of the plurality of encryption processing cores to reach a busy status, the minimal number of the plurality of encryption processing cores for processing the encryption operations is increased.

Abstract: A method of dynamically adapting a graphical password sequence provides a secure means to access a restricted account through a dynamic password defined by element selection requirements. A selection grid is dynamically generated with graphical elements, and a password sequence is inputted by selecting certain grid cells containing graphical elements. Various preferences provide full customizability for the dynamic password, and security measures increase the difficulty of an undesirable user ascertaining the element selection requirements. The dynamic password can adapt over time through user input by designating one of the sequential locations of the password sequence as a sequence updating parameter.

Abstract: A access right estimation apparatus includes an extraction unit that extracts at least one first component from a first object which forms a first document, an access right being set up for the first document; an association unit that associates the extracted first component with access right information which indicates a user who is capable of accessing the first component based on the access right which is set up for the first document; and an access right estimation unit that estimates an access right that should be set up for a second document, which includes at least one second component extracted from a second object that forms the second document, an access right being not set up for the second document, the access right estimation unit estimating the access right based on the second component and the access right information which is associated with the first component.

Abstract: A semiconductor device may include a secure memory configured to store a programmable key, an interface for programming the programmable key in the secure memory, and a plurality of configurable features of the semiconductor device that are associated with the programmable key, each configurable feature having a set of multiple selectable configurations, wherein a value of the key defines a selection of one of the multiple configurations for each of the configurable features. For example, the key may include multiple sub-keys, each associated with one of the configurable features, wherein a value of each sub-key defines a selection of one of the multiple configurations for the configurable feature associated with that sub-key. In addition, the full programmable key may enable an additional functionality of the semiconductor device.

Abstract: A method and system for testing the cryptographic integrity of data m comprises at least the following elements: a module transmitting a message M, said module comprising a memory for storing the parameters used to execute the steps of the method, such as the key, the public data, a transmission medium, a receiver module also comprising storage means for storing at least the same parameters as in transmission. The system may comprise storage means for storing confidential data such as the secret keys, a processor suitable for executing the steps.

Abstract: Provided is a communication apparatus (121) that securely manages passwords for utilizing a server apparatus. A generator (203) generates a random table having the same number of rows and the same number of columns as a password table associated with a server name specified in an authentication request received by a receiver (202). An acceptor (205) accepts a key from a user to whom the random table is presented by a presenter (204). An identification unit (206) identifies, from the key and the random table, the user's of selection order of elements in the table. An acquirer (207) selects and arranges elements in the password table in the identified selection order, thereby acquiring a password. An output unit (208) displays the acquired password on a display or transmits the acquired password to the server apparatus, thereby allowing the user to utilize the server apparatus.

Abstract: A streaming environment includes at least a first processing element of a first compute node and a second processing element of a second compute node. A tuple encryption operation is determined of the first processing element and the second processing element. The first processing element includes a first encryption key for encrypting the tuples as the leave the first processing element. An encryption workload is measured of the tuple encryption operation of a processing workload of the use of the first encryption key of a transfer of the stream of tuples. A threshold of the tuple encryption operation is determined. The second processing element is migrated to the first compute node and fused to the first compute node with the first processing element. The tuple encryption operation is removed from the first processing element.

Abstract: Systems, apparatuses and methods may provide for receiving an incoming request to access a memory region protected by counter mode encryption and a counter tree structure having a plurality of levels. Additionally, the incoming request may be accepted and a determination may be made as to whether to suspend the incoming request on a per-level basis with respect to the counter tree structure.

Abstract: The present invention provides a new method of site and user authentication. This is achieved by creating a pop-up window on the user's PC that is in communication with a security server, and where this communication channel is separate from the communication between the user's browser and whichever web site they are at. A legitimate web site embeds code in the web page which communicates to the security server from the user's desktop. The security server checks the legitimacy of the web site and then signals both the web page on the user's browser, as well as the pop-up window to which it has a separate channel. The security server also sends a random image to both the pop-up window and the browser. If user authentication is requested by the web site the user is first authenticated by the security server for instance by out of band authentication. Then the security server computes a one time password based on a secret it shares with the web site and sends it to the pop up window.

Abstract: Provided is a transmitting terminal capable of sharing an encryption key among a number of specific apparatuses using fewer resources and securely. A transmitting terminal (400) has an inquiry ID generation unit (420) which embeds an encryption key in logical results of an XOR between an ID of a receiving terminal and random blocks according to predetermined key embedding rules in order to generate an inquiry ID. The key embedding rules are stipulations for inverting the values of bit positions corresponding to each bit value of the encryption key, in the block position correspondence relationships between the bit positions of the encryption key and the positions of the blocks into which the logical result of the XOR have been partitioned and the bit position correspondence relationships between the bit values of the encryption key and the bit positions within the blocks, which have been predefined.

Abstract: A processing device provides a method for protecting a program from unauthorized copying. The processing device may include an encrypted version of the program. According to one example method, the processing device creates a secure enclave, and in response to a request to execute the encrypted program, the processing device automatically generates a decrypted version of the program in the secure enclave by decrypting the encrypted program in the secure enclave. After automatically generating the decrypted version of the program in the secure enclave, the processing device may automatically execute the decrypted version of the program in the secure enclave. Other embodiments are described and claimed.

Abstract: A content-producing computer system can use a locally generated key or a client-generated key to communicate with a client device during a session over a named-data network. During operation, the computer system can receive an Interest packet that includes a name for a piece of data or a service. The Interest's name can include a routable prefix, a session identifier, and an encrypted suffix. In some embodiments, the system can generating a session key based on the session identifier and a secret value, and decrypts the encrypted suffix using the session key to obtain a plaintext suffix. The system processes the plaintext suffix to obtain data requested by the Interest, and encrypts the data using the session key. In some other embodiments, the system can use a local private key to decrypt the encrypted suffix, and uses an encryption key obtained from the Interest to encrypt the Content Object.

Abstract: A common security policy for a heterogeneous computer architecture environment is provided. A configuration of a security policy of a heterogeneous computer architecture is received from a management console. The security policy is stored on a policy server that is communicatively connected, by a management network, to a plurality of hardware platforms of the of the heterogeneous computer architecture. The security policy is distributed to a plurality of policy agents of the heterogeneous computer architecture over the management network. The security policy includes a security policy administrator role that permits management of (i) one or more subjects in a plurality of security zones and (ii) one or more objects in the plurality of security zones. The security policy also includes security zone administrator roles, wherein each security zone administrator role (i) is associated with a respective security zone and (ii) permits management of object(s) in the respective security zone.

Abstract: An order-preserving encryption (OPE) encryption method receives a plaintext (clear text) and generates a ciphertext (encrypted text) using a software arbitrary precision floating point libraries during initial recursive computation rounds. In response to the ciphertext space reducing to breakpoint, the OPE encryption method continues computations using a hardware floating point processor to accelerate the computation. In this manner, the OPE encryption method enables efficient order preserving encryption to enable range queries on encrypted data.

Abstract: A computer identifies each web method, of a web service, declared in a web services description language (WSDL) file. The computer adds a node within a directed graph for each web method identified. The computer identifies pairs of web methods declared in the WSDL file in which a match exists between an output parameter of one of the web methods and an input parameter of another one of the web methods. The computer adds an edge within the directed graph for each of the pairs of web methods identified. The computer generates one or more sequences of web methods based on nodes connected by edges within the directed graph, wherein each of the one or more sequences includes at least one of the pairs of web methods identified. The computer tests each of the one or more sequences of web methods to identify stored vulnerabilities in the web service.

Abstract: A method for any community of interest to conduct secure exchange of encrypted data using a three-party security mechanism consisting of key masters, registries and cloud lockboxes. The registries establish unique identities, verify authenticity, and create directories of individuals, members, cloud lockboxes and other registries. The registries manage permissions lists communicated to the cloud lockboxes as well as detecting and halting anomalous activity. The key masters operated by members to manage keys for individuals, handle encryption and decryption and conduct key exchanges with other members. The cloud lockboxes manage file storage, retrieval and access control. Related application programming interfaces support multiple levels of integration and generate metadata specific to the needs of the community of interest. Community of interest establishes operating parameters including: selecting an encryption algorithm, establishing identity verification processes and selecting a security level.

Abstract: Systems, methods, and software for operating communication systems are provided herein. In one example, method of operating a communication system to establish secure communications between a first user device communicating in a first communication network and a second user device communicating in a second communication network is presented. The method includes, responsive to a communication request received from the first user device, establishing a secure communication link between the first user device and a first security node. When a second security node has a security relationship established with the first security node, the method includes establishing the secure communication link for the secure communications between the first user device and the second user device using at least the security relationship between the first security node and the second security node, and exchanging the secure communications over the secure communication link.

Abstract: A system that incorporates teachings of the subject disclosure may include, for example, receiving multiple software agents and configuring a network of the multiple software agents according to a predetermined policy. The process can further include facilitating secure communications among software agents of the network of the multiple software agents according to the predetermined policy. A state of one of the system, a system environment within which the system operates, or a combination thereof can be determined, based on the secure communications among the software agents of the network of the multiple software agents. A computing environment can be facilitated conditionally on the state of the one of the system, the system environment, or the combination thereof, according to the predetermined policy to support a mission application. Other embodiments are disclosed.

Abstract: Techniques for improving computer system security by detecting and responding to attacks on computer systems are described herein. A computer system monitors communications requests from external systems and, as a result of detecting one or more attacks on the computer system, the computer system responds to the attacks by modifying the behavior of the computer system. The behavior of the computer system is modified so that responses to communications requests to ports on the computer system are altered, presenting the attacker with an altered representation of the computer system and thereby delaying or frustrating the attack and the attacker.

Abstract: An authentication apparatus includes a detection unit that detects whether or not communication with a portable storage medium storing identification information for identifying a user is able to be performed, a reading unit that reads identification information stored in the storage medium when the detection unit detects that the communication is able to be performed, a time counting unit that counts an elapsed time, a determination unit that determines whether or not the elapsed time counted by the time counting unit matches a predefined time for the identification information read by the reading unit, and an authentication unit that authenticates the storage medium with which the detection unit detects that the communication is able to he performed when the determination unit determines that the elapsed time counted by the time counting unit matches the predefined time.