Abstract: A processing device is to determine that a module, executed from a memory by the processing device, is an initialized module in view of the module previously opening a first database. The processing device is to create a slot to open a second database using the initialized module.

Abstract: A processing device is to determine that a module, executed from a memory by the processing device, is an initialized module in view of the module previously opening a first database. The processing device is to create a slot to open a second database using the initialized module.

Abstract: A processing device is to determine that a module, executed from a memory by the processing device, is initialized from opening a first database. The processing device is to identify a second database to be opened from a request from an application to access data that is stored in the second database. The processing device is to create, a slot, via the initialized module, to open the second database using the initialized module.

Abstract: An embodiment relates generally to a method of binding a token to a user. The method includes receiving a token embedded with an address and inserting the token into a computer. The method also includes connecting to the address stored on the token and binding a user to the token based on information from the address.

Abstract: A processing device is to determine that a module, executed from a memory by the processing device, is initialized from opening a first database. The processing device is to identify a second database to be opened from a request from an application to access data that is stored in the second database. The processing device is to create, a slot, via the initialized module, to open the second database using the initialized module.

Abstract: A security initialization system obtains load data that identifies a first database storing security data to be opened. The initialization system determines that a PKCS-based module for opening the first database is already initialized, where the PKCS-based module is already initialized from previously opening a second database. The initialization system causes the PKCS-based module to create a slot to open the first database, without shutting down the PKCS-based module, in response to determining that the PKCS-based module is already initialized.

Abstract: An embodiment generally relates to a method of increasing user convenience. The method includes displaying a log-in user interface and receiving an authentication attempt in the log-in user interface. The method also includes determining a status of the authentication attempt and delaying a completion of an authentication attempt by a time-based function in response to a status being a failed authentication attempt.

Abstract: An embodiment generally relates to a method of strong encryption. The method includes generating a first cryptographic key based on a random number and generating a second cryptographic key based on a password. The method also includes encrypting private data with the first cryptographic key to arrive at wrapped private data and encrypting the first cryptographic key with the second cryptographic key to arrive at a wrapped first cryptographic key.

Abstract: Methods and systems for encrypting and decrypting data are described. In one embodiment, a computing system determines a first initialization vector (IV) from another IV and a sequence number of a block of information, and hashes the first IV to create a hash. The computing system then determines a first block from the first block of information and the first hash and enciphers the first block to generate a block of ciphertext. In another embodiment, the computing system deciphers the block of ciphertext to generate the first block, and determines the first IV from the other IV and a sequence number of a block of information. The computing system hashes the first IV to create a hash and determines a block of information corresponding to the first block of ciphertext from the first block and the hash.

Abstract: A computer system, method and/or computer-readable medium provide independent data objects to a token in compressed form. The independent data objects are representative of security information associated with the token. The system includes an interface operable to communicate with a token, and a processor cooperatively operable with the interface. The processor is configured to determine a set of independent data objects that are associated with the token, and to aggregate the set of independent data objects associated with the token into a group. Also, the processor is configured for compressing the group into a unit of contiguous data, and writing the unit of contiguous data to the token via the interface.

Abstract: A server, method and/or computer-readable medium system for secure communication includes a certificate authority for generating certificates signed by the certificate authority and associated public and private keys for a client. The server further includes a directory of client attributes and client virtual attributes. At least one of the client virtual attributes is for, when receiving a query for a client that cannot be located in the directory, requesting the certificate authority to dynamically generate a certificate and associated public and private key for the client, and for storing the dynamically generated certificate and public key as a client attribute in the directory.

Abstract: Embodiments of the present invention provide a method and apparatus, including a client and security token, for managing cryptographic objects, such as public key cryptography standard (PKCS)#11 objects, in a computer system. A storage table for the cryptographic objects is established including rows for the cryptographic objects and columns corresponding to available attributes capable of being associated with the cryptographic objects. Actual attributes of the cryptographic objects are stored in ones of the plurality of columns corresponding to respective ones of the available attributes. The storage table is extensible such that additional columns are added corresponding to new attributes capable of being associated with the cryptographic objects.

Abstract: An embodiment relates generally to a method of assigning roles to a token. The method includes determining a first role for a first participant on a token and providing exclusive access to a first section of the token for the first participant base on the first role. The method also includes determining a second role for a second participant on the token and providing exclusive access to a second section of the token for the second participant based on the second role.

Abstract: A new form of DHTML behaviors, called ˜Element Behaviors,” wherein a behavior component is bound to an HTML element, and not just attached to the element as with attached behaviors. A special processing instruction is used to import the Element Behavior into a Web page. Upon parsing the Web page, the Element Behavior is initialized as soon as it has been downloaded and parsed. This immediate initialization makes the Element Behavior declaratively available to bind synchronously to the element(s) it is modifying. A viewLink is a feature of Element Behaviors that permits encapsulation of a behavior component file (e.g., an HTC file) so that the structure of the HTC file is transparent to a Web page (˜primary document”) to which the HTC file is linked, but the content of the HTC file may be displayed in the primary document.

Abstract: Methods and systems for encrypting and decrypting data are described. In one embodiment, a computing system determines a first initialization vector (IV) from another IV and a sequence number of a block of information, and hashes the first IV to create a hash. The computing system then determines a first block from the first block of information and the first hash and enciphers the first block to generate a block of ciphertext. In another embodiment, the computing system deciphers the block of ciphertext to generate the first block, and determines the first IV from the other IV and a sequence number of a block of information. The computing system hashes the first IV to create a hash and determines a block of information corresponding to the first block of ciphertext from the first block and the hash.

Abstract: An apparatus, method and/or computer-readable medium protects against use of a unity key in a public key infrastructure (PKI). A public key and a private key are acquired according to the PKI. A message is encrypted by the public key to obtain ciphertext. A portion of the ciphertext is compared with a portion of the message. If the portion of the ciphertext is substantially equal to the portion of the message, a larger portion of the ciphertext is compared with a larger portion of the message to determine if the ciphertext is substantially equal to the message. If the ciphertext is substantially equal to the message, the ciphertext is rejected.

Abstract: Embodiments of the present invention provide a method, a client and a token for providing a nonce during a login associated with the token in a multi-user computer system. A login process is activated after token insertion by a request to execute a user privileged operation made by a client application process. If a password provided to the login process by an access requester associated with authorized use of the token is validated in the token, a nonce is generated in the token. The password is passed to the token in a command and the nonce is passed to the client application process in a response to the command. The nonce is used by the client application process or any other additional processes during execution of the user privileged operation. Additional nonces, including those based on security level can be generated and passed to additional client application processes as execution of user privileged operations is requested.

Abstract: A security initialization system receives a first initialization request from a first requester to access a first database storing security data and stores context data for the first initialization request that identifies an initialization operation associated with the first database. The security initialization system receives a second initialization request from a second requester to access a second database storing security data and updates the context data to identify an initialization operation associated with the second database. The security initialization system receives a shut down request from one of the requesters, where the shut down request includes data for identifying a corresponding initialization operation in the context data. The security initialization system updates the context data to show that the corresponding initialization operation has a shut down request and determines whether a security module is to be shut down using the context data.

Abstract: A computer system, method and/or computer-readable medium provide independent data objects to a token in compressed form. The independent data objects are representative of security information associated with the token. The system includes an interface operable to communicate with a token, and a processor cooperatively operable with the interface. The processor is configured to determine a set of independent data objects that are associated with the token, and to aggregate the set of independent data objects associated with the token into a group. Also, the processor is configured for compressing the group into a unit of contiguous data, and writing the unit of contiguous data to the token via the interface.

Abstract: A computer system, method and/or computer-readable medium provide independent data objects to a token in compressed form. The independent data objects are representative of security information associated with the token. The system includes an interface operable to communicate with a token, and a processor cooperatively operable with the interface. The processor is configured to determine a set of independent data objects that are associated with the token, and to aggregate the set of independent data objects associated with the token into a group. Also, the processor is configured for compressing the group into a unit of contiguous data, and writing the unit of contiguous data to the token via the interface.