Abstract: Fast string search and matching is critical for many security tasks in particular if these have “gate functionality” for instance as found in access control applications, firewalls, routers, and load balancers. The fast matching of strings is essential to impose and enforce access control policies without creating bottlenecks. Firewalls protect networks by monitoring the traffic crossing the network perimeter. The number of packet matching rules firewalls can effectively handle is limited by the matching time and space complexity of the algorithms employed. A new approach implements matching independent of the number of rules and linear in the length of the rule to be matched. A data structure used in this approach is referred to as a “Bipartite Concatenated Representation” (BCR). The space complexity of the BCR within this application scenario scales as O(N log2 N) where N is the number of rules.

Abstract: The present invention relates to a device that allows the certification the entire life cycle of an organic product. The invention is characterized by four basic aspects: —it allows to carry out automatic samplings to detect the water quality, including that in which fish/shellfish/mussel are bred; the biological liquids (urine), the solute in distilled water, the content of litter of farming livestock; —it checks and guarantees that the sampling system has not been opened or modified; —it generates alarms in real time and keeps track of them, for the purposes of the certification of the agro-alimentary product; —it stores the information/samples in a “black box” accessible only to the analyzing and certifying bodies.

Abstract: The present invention relates to a device that allows the certification the entire life cycle of an organic product. The invention is characterized by four basic aspects: —it allows to carry out automatic samplings to detect the water quality, including that in which fish/shellfish/mussel are bred; the biological liquids (urine), the solute in distilled water, the content of litter of farming livestock; —it checks and guarantees that the sampling system has not been opened or modified; —it generates alarms in real time and keeps track of them, for the purposes of the certification of the agro-alimentary product; —it stores the information/samples in a “black box” accessible only to the analyzing and certifying bodies.

Abstract: Fast string search and matching is critical for many security tasks in particular if these have “gate functionality” for instance as found in access control applications, firewalls, routers, and load balancers. The fast matching of strings is essential to impose and enforce access control policies without creating bottlenecks. Firewalls protect networks by monitoring the traffic crossing the network perimeter. The number of packet matching rules firewalls can effectively handle is limited by the matching time and space complexity of the algorithms employed. A new approach implements matching independent of the number of rules and linear in the length of the rule to be matched. A data structure used in this approach is referred to as a “Bipartite Concatenated Representation” (BCR). The space complexity of the BCR within this application scenario scales as O(N log2 N) where N is the number of rules.

Abstract: An approach to generating and regenerating a profile value from features of a system (e.g., a computer system), allows for certain changes of features of the system over time. The system may correspond to a client computer or a particular component of the client computer or a user of a client computer, and may also correspond to a combination of the user (i.e., a biometric characterization of the user) and the client computer or a component of the computer. The profile value may be used, for example, for purposes including identification, authentication, key generation, and other cryptographic functions involving the system.

Abstract: An approach to generating and regenerating a profile value from features of a system (e.g., a computer system), allows for certain changes of features of the system over time. The system may correspond to a client computer or a particular component of the client computer or a user of a client computer, and may also correspond to a combination of the user (i.e., a biometric characterization of the user) and the client computer or a component of the computer. The profile value may be used, for example, for purposes including identification, authentication, key generation, and other cryptographic functions involving the system.

Abstract: An approach to generating and regenerating a profile value from features of a system (e.g., a computer system), allows for certain changes of features of the system over time. The system may correspond to a client computer or a particular component of the client computer or a user of a client computer, and may also correspond to a combination of the user (i.e., a biometric characterization of the user) and the client computer or a component of the computer. The profile value may be used, for example, for purposes including identification, authentication, key generation, and other cryptographic functions involving the system.

Abstract: A system and method are disclosed that separate control functionality from the management functionality for conducting electronic transactions. The control functions are performed by a third party resulting in a low overhead since significant overhead is incurred in response to an anomalous event, thus facilitating high throughput electronic transactions when anomalous events are infrequent. Further, the third party does not need to have access to confidential information since it only controls by observing, validating and certifying the observed communications in a specified manner to prevent confidential information from leaving the context of the transaction. Management of the transactions based on consideration of substantive information is provided by the participants.

Abstract: In some embodiments, a user has use a single universal text—or image-based secret for generating a service-provider specific identity credential, for example username plus password, for authentication is derived. A human (i.e., the user) must interpret an image to enter this universal text (or image) based secret. For example, an image based challenge is presented to the user, and a credential is obtained based on the user's response to the challenge.

Abstract: A system and method are disclosed that separate control functionality from the management functionality for conducting electronic transactions. The control functions are performed by a third party resulting in a low overhead since significant overhead is incurred in response to an anomalous event, thus facilitating high throughput electronic transactions when anomalous events are infrequent. Further, the third party does not need to have access to confidential information since it only controls by observing, validating and certifying the observed communications in a specified manner to prevent confidential information from leaving the context of the transaction. Management of the transactions based on consideration of substantive information is provided by the participants.

Abstract: In some embodiments, a user has use a single universal text- or image-based secret for generating a service-provider specific identity credential, for example username plus password, for authentication is derived. A human (i.e., the user) must interpret an image to enter this universal text (or image) based secret. For example, an image based challenge is presented to the user, and a credential is obtained based on the user's response to the challenge.

Abstract: A system and method are disclosed that separate control functionality from the management functionality for conducting electronic transactions. The control functions are performed by a third party resulting in a low overhead since significant overhead is incurred in response to an anomalous event, thus facilitating high throughput electronic transactions when anomalous events are infrequent. Further, the third party does not need to have access to confidential information since it only controls by observing, validating and certifying the observed communications in a specified manner to prevent confidential information from leaving the context of the transaction. Management of the transactions based on consideration of substantive information is provided by the participants.

Abstract: A system and method are disclosed that separate control functionality from the management functionality for conducting electronic transactions. The control functions are performed by a third party resulting in a low overhead since significant overhead is incurred in response to an anomalous event, thus facilitating high throughput electronic transactions when anomalous events are infrequent. Further, the third party does not need to have access to confidential information since it only controls by observing, validating and certifying the observed communications in a specified manner to prevent confidential information from leaving the context of the transaction. Management of the transactions based on consideration of substantive information is provided by the participants.

Abstract: A system and method are disclosed that separate control functionality from the management functionality for conducting electronic transactions. The control functions are performed by a third party resulting in a low overhead since significant overhead is incurred in response to an anomalous event, thus facilitating high throughput electronic transactions when anomalous events are infrequent. Further, the third party does not need to have access to confidential information since it only controls by observing, validating and certifying the observed communications in a specified manner to prevent confidential information from leaving the context of the transaction. Management of the transactions based on consideration of substantive information is provided by the participants.

Abstract: A system and method are disclosed that separate control functionality from the management functionality for conducting electronic transactions. The control functions are performed by a third party resulting in a low overhead since significant overhead is incurred in response to an anomalous event, thus facilitating high throughput electronic transactions when anomalous events are infrequent. Further, the third party does not need to have access to confidential information since it only controls by observing, validating and certifying the observed communications in a specified manner to prevent confidential information from leaving the context of the transaction. Management of the transactions based on consideration of substantive information is provided by the participants.

Abstract: A network access control device for deterministic recognition of application frames satisfying a set of predetermined rules comprises: means (205) for monitoring and interpretation of the application frames to recognize; means (201) for storing the predetermined rules; means (202) for compiling the predetermined rules in a direct access data structure; means (203) for storing the direct access data structure; and means (204) for comparing the application frames to be recognized with the direct access data structure, wherein the recognition is able to be performed on any frame component and the direct access data structure allows an access time substantially independent from the number of rules.

Abstract: A system and method are disclosed that separate control functionality from the management functionality for conducting electronic transactions. The control functions are performed by a third party resulting in a low overhead since significant overhead is incurred in response to an anomalous event, thus facilitating high throughput electronic transactions when anomalous events are infrequent. Further, the third party does not need to have access to confidential information since it only controls by observing, validating and certifying the observed communications in a specified manner to prevent confidential information from leaving the context of the transaction. Management of the transactions based on consideration of substantive information is provided by the participants.

Abstract: An apparatus for control and certification of the delivery of goods and for the concurrent control and certification of the execution of the related payment includes a system for reading an electronic card and for managing authorization processes by the electronic card issuing company, an apparatus for monitoring and interpretation of application protocols for network data transmission systems connected to the system for reading an electronic card, and a data storing unit of the various transactions monitored and interpreted by means, of the apparatus for monitoring and interpretation of the application protocols.

Abstract: An apparatus and a method for monitoring and interpretation of application protocols for network data transmission systems are provided, wherein the apparatus comprises: a data packets monitoring device (9); a control unit (15) receiving the data coming from the monitoring device (9) and discriminating them in control and information frames; a dating unit (16) connected to the control unit (15), for obtaining a reconstruction of a tree structure containing statistic information depending on the kind of communication for a certification of the communications and a monitoring of possible anomalies.