Abstract: The invention provides a form of reacting on security or vulnerability information relevant for a system comprising computer software and/or hardware or electronics, wherein a service provider with a first subsystem (1) is providing activation tokens to be received by a customer with a second subsystem (2). The activation tokens including activation information and naming of system characteristics in machine readable and filterable manner. The second subsystem (2) comprises receiving means (11) for controlling the receiving of the activation tokens, checking means (12) for automatically determining whether the activation information is relevant for the second subsystem (2) by checking whether the second subsystem has characteristics corresponding to the naming of an activation token, and transforming means (13) for transforming relevant activation information into at least one activation measure for the second subsystem (2). The activation measures will reduce the vulnerability of the second subsystem.

Abstract: A method and apparatus are provided for detecting peer-to-peer communication on a data communication network, between an internal client machine within an internal address space and an external client machine. The method includes routing all messages addressed to internal client machines to an analysis device. The analysis device identifies messages pertaining to peer-to-peer communication and identifies the internal client machine to which the messages of a specified nature were addressed. The analysis device terminates the connection with the external client machine if the establishing of the peer-to-peer communication is in violation of a pre-determined internal network rule.

Abstract: An embedded cryptographic system comprises at least one test plaintext/ciphertext pair Pi, Ci for which the key has been destroyed or stored at a very safe place. If at some later date, at least one apoptosis key Ki is presented to the cryptographic system which has the property that Ci is the enciphered image of Pi under Ki, then the algorithm could be broken and should not be used any more. Instead a more conservative algorithm should be used. The method for changing the ciphering by an embedded cryptographic system includes the step of checking whether at least one test ciphertext Ci is the enciphered image of a corresponding test plaintext Pi under a apoptosis key Ki and the step of switching off the used cryptographic mode or the step of switching to an other cryptographic mode in case of a positive checking result. In order to enable the step of checking a protocol has to define a control stream with at least one key to be checked.

Abstract: The invention provides a form of reacting on security or vulnerability information relevant for a system comprising computer software and/or hardware or electronics, wherein a service provider with a first subsystem (1) is providing activation tokens to be received by a customer with a second subsystem (2). The activation tokens including activation information and naming of system characteristics in machine readable and filterable manner. The second subsystem (2) comprises receiving means (11) for controlling the receiving of the activation tokens, checking means (12) for automatically determining whether the activation information is relevant for the second subsystem (2) by checking whether the second subsystem has characteristics corresponding to the naming of an activation token, and transforming means (13) for transforming relevant activation information into at least one activation measure for the second subsystem (2). The activation measures will reduce the vulnerability of the second subsystem.