Abstract: Some embodiments of a method and apparatus for encrypting and decrypting data have been presented. In one embodiment, a stream cipher is run in parallel with a block cipher to output a stream of bits with a length equal to a number of ciphertext blocks in an output stream of the block cipher. The method may further include pre-processing a current plaintext block based on the stream of bits and the number of ciphertext blocks in the output stream of the block cipher. Then the block cipher may encipher the pre-processed block to generate a current ciphertext block.

Abstract: A method and system distributes shares of a secret among cooperating entities using linear interpolation. In one embodiment, a linear equation is formed using the secret and random elements. The linear equation represents a K-dimensional hyperplane, where K is the number of shares to reconstruct the secret. Shares of the secrets are created, with each share corresponding to a point on the secret hyperplane. The shares are then distributed to cooperating entities for secret sharing.

Abstract: Some embodiments of a method and an apparatus to generate pseudo random bits from polynomials have been presented. In one embodiment, a set of finite field polynomials is used to generate a series of pseudo random bits in one or more cycles. Then a cryptographic key is generated from the series of pseudo random bits.

Abstract: A method and system for generating identity certificates. The method may include receiving a user request to activate a network appliance, and causing a network appliance identifier and a transaction identifier of an activation transaction associated with the user request to be transmitted to the network appliance. A certificate signing request (CSR) and the transaction identifier may be received from the network appliance, the CSR including the network appliance identifier. A certificate may be generated for the network appliance if the activation transaction is valid.

Abstract: In one embodiment, a mechanism for separating content from noisy context in template-based documents for search indexing is disclosed. In one embodiment, a method includes selecting a plurality of documents for index comparison, identifying one or more identical elements found in each of the plurality of documents, and removing the one or more identical elements from consideration in an indexing process of the plurality of documents.

Abstract: A method and system distributes N shares of a secret among cooperating entities by forming a mathematical construct that has an embedded internal structure to allow authentication of a reconstructed secret. The mathematical construct can be a splitting polynomial constructed using the secret, a key and a message authentication code (MAC) as coefficients. The splitting polynomial is evaluated at N random evaluation points to obtain N result values. N shares of the secret are generated and distributed among the cooperating entities for storage. A reconstructed secret can be authenticated by computing the MAC of the reconstructed secret and verifying a relationship among the coefficients of a reconstructed splitting polynomial using the MAC. If the coefficients do not satisfy the relationship, one or more additional shares of the secret can be used to reconstruct the splitting polynomial and the secret.

Abstract: Techniques for thwarting keylogger using a proxy are described herein. According to one embodiment, in response to a request received from a client for accessing a Web page provided from a remote Web server over a network, a proxy server retrieves the Web page from the remote Web server and presents the Web page to the client. The proxy server further presents a virtual keyboard to the client to allow a user of the client to enter one or more keys in an input field of the Web page without having to type at the client for the purposes of logging into the Web site. Thereafter, the proxy server directs traffic between the client and the remote Web server over the network. Other methods and apparatuses are also described.

Abstract: A method and apparatus for converting a function call to a method call. In one embodiment, the method comprises receiving a call on a method and determining whether the call is an object method call. In response to a determination that the call is not the object method call, the method comprises instantiating a new object to convert the call into the object method call.

Abstract: A method and apparatus for upgrading a network appliance. In one embodiment, a network appliance determines that it should be upgraded using a full install image. The network appliance then reserves an upgrade staging area in its memory device, downloads the full install image from a server to the upgrade staging area, and marks the upgrade staging area as bootable. Further, the network appliance reboots itself, and installs the full install image.

Abstract: A method and system distributes shares of a secret among cooperating entities using linear interpolation. In one embodiment, a linear equation is formed using the secret and random elements. The linear equation represents a K-dimensional secret hyperplane, where K is the number of shares to reconstruct the secret. Shares of the secrets are created, with each share containing a point on the secret hyperplane. The shares are then distributed to cooperating entities for secret sharing.

Abstract: A client-server communication protocol permits the server to authenticate the client without requiring the client to authenticate the server. After establishing the half-authenticated connection, the client transmits a request and the server performs or responds accordingly. A network management system and environment where this protocol can be used is also described and claimed.

Abstract: A method and system distributes N shares of a secret among cooperating entities by calculating the multiplicative inverses of the secret. In one embodiment, a distributor selects N distinct prime numbers and forms unique subsets of the prime numbers, with each subset containing K of the N prime numbers (N>=K), where K is a threshold number of shares necessary to reconstruct the secret. The distributor calculates a product of the prime numbers in each subset, and, for each subset, calculates the multiplicative inverse of the secret modulo the product. A total of N shares are generated, with each share containing the multiplicative inverses and one of the prime numbers. The N shares are distributed to the cooperating entities for secret sharing.

Abstract: A method and system for activating a network appliance. The method may include providing a user interface for a network appliance, and allowing a user to request an activation of the network appliance via the user interface, without requiring the user to specify the identity of the network appliance. The method may further include sending an activation request to a server, receiving a response triggering an activation process on the network appliance from the server, and performing the activation process on the network appliance.

Abstract: A method and system extends a secret bit string to safeguard the secret. In one embodiment, the method comprises adding a secret bit string of length s to a product of two random bit strings using arithmetic defined for polynomials over GF(2) to produce an extended bit string. The extended bit string has a length m that is longer than s. A total of n shares are generated from the extended bit string, of which at least k shares are needed to reconstruct the secret bit string. The n shares are distributed to a plurality of cooperating computing entities for secret sharing.

Abstract: A method for facilitating distributed hosting of web application styles may include storing original style sheets at a first location, where the original style sheets pertain to a user interface (UI) provided by the service provider, and allowing a third party to customize a subset of the original style sheets and to store the customized style sheets at a second location. The method may further include causing the customized style sheets to be combined with the original style sheets when the user interface is presented to a user associated with the third party.

Abstract: Techniques for implementing security within a browser of a data processing system are described herein. According to one embodiment, first data representing a user interaction with a Web page presented by a browser application is encrypted at an application level by a cipher module communicatively coupled to the browser application running at a local client. A JavaScript module embedded within the browser application is configured to transmit the encrypted first data over a network to a remote server for updating the Web page. In response to second data received from the remote server, the cipher module is configured to decrypt the second data at the application level and the decrypted second data is then rendered by the browser application to update the Web page without having to reload the entire Web page. Other methods and apparatuses are also described.

Abstract: In one embodiment, a mechanism for generating pseudo-random number sequences is disclosed. In one embodiment, a method includes receiving seed values for a pseudorandom number generator (PRNG) in a computing system, the seed values being polynomials. The method further includes running the PRNG using the seed values as initialization parameters, the running including performing operations of the PRNG over GF(2n), and generating a sequence of pseudorandom numbers.

Abstract: A method and apparatus for distributing objects over a network. In one embodiment, the method comprises sending a request from a first network entity to a second network entity, the request including a compressed representation of deployed objects that are currently deployed at the first network entity. The method further comprises the first network entity receiving from the second network entity a difference between the deployed objects and objects to be deployed on the first network entity as indicated by the second network entity.

Abstract: Methods and systems for distributing objects over a network. In one embodiment, the system includes at least one primary network device, and multiple secondary network devices coupled to the primary network device via a network. The primary network device may receive, from a server, objects for the devices managed by the server. The secondary network devices may receive an identifier of the primary network device from the server and may request updates for objects deployed at individual secondary network devices from the primary network device.

Abstract: Some embodiments of a method and an apparatus to a method and an apparatus to implement secure system call wrapper have been presented. In one embodiment, a system call wrapper is used to validate parameters of a system call directed to a kernel from a user-space process. The user-space process supplies the parameters of the system call. The parameters are protected from being accessed by processes in the user-space after the parameters have been validated.