Abstract: One of the main obstacles of securing industrial control systems is the lack of an appropriate security model that is both implementable by vendors and addresses the inherent security and usability issues needed by organizations. Current solutions such as device passwords and IPSec lack scalable key management infrastructure and fine granularity access control mechanisms. A security model for industrial control systems that supports organizational level authorizations and authentication requirements, while hiding the low-level details (e.g., keys and passwords) from the users is disclosed. It also enables easy addition and removal of PLCs, engineering station, HMI devices and users, and assigning permission to them. A major advantage is its support for hybrid ICS systems, characterized by co-existence of legacy devices and new devices, while using the same protocol. Devices may communicate therein either natively, or by a connected converter.

Abstract: A system for authenticating messages transmitted on a bus based on physical location of transmitting units, comprising a reflector adapted to inject a plurality of reflection signals at a first point of a line topology bus, each in response to each of a plurality of messages transmitted by a plurality of bus connected units and a probe adapted to intercept the messages and the reflection signals at a second point of the bus. The probe calculates propagation timing between a reception time of the message and a reception time of an associated reflection signal transmitted in response to the message and determines validity of the message according to a match between the calculated propagation timing and a predefined propagation timings associated with the bus connected units. Wherein the bus connected units are statically connected to the bus between the first point and the second point.

Abstract: A system for authenticating messages transmitted on a bus based on physical location of transmitting units, comprising a reflector adapted to inject a plurality of reflection signals at a first point of a line topology bus, each in response to each of a plurality of messages transmitted by a plurality of bus connected units and a probe adapted to intercept the messages and the reflection signals at a second point of the bus. The probe calculates propagation timing between a reception time of the message and a reception time of an associated reflection signal transmitted in response to the message and determines validity of the message according to a match between the calculated propagation timing and a predefined propagation timings associated with the bus connected units. Wherein the bus connected units are statically connected to the bus between the first point and the second point.

Abstract: Device, system, and method of executing secure-processing (SEP) applications. Some demonstrative embodiments include a secure-processing (SEP) hardware module including a processor capable of executing at least one SEP application, wherein the SEP hardware module is configured to perform at least one of encrypting and decrypting data handled by the SEP application using an application-specific application-key corresponding to the SEP application, only if the processor begins execution of the SEP application at an approved entry point of the SEP application, and wherein the application-key corresponding to the SEP application is based at least on an internal key internally stored by the SEP hardware module and on application-specific information corresponding to the SEP application. Other embodiments are described and claimed.

Abstract: A multiple entity gateway for supporting cellular authentication from a non-cellular network, the gateway comprising a plurality of entities each located at a different one of a plurality of secure zones and having at least one gap between said entities across said secure zones, said gateway being configured to predefine communication signals allowed across said gap between said entities, thereby to filter out non-allowed signals, and provide secure cellular authentication for a communication originating from said non-cellular network. The gateway allows cellular users to connect to a cellular network via a wireless local area network such as a hotspot, use the services of the cellular network, the Internet and the hotspot at will, and be securely authenticated and charged through the cellular infrastructure.

Abstract: Device, system, and method of executing secure-processing (SEP) applications. Some demonstrative embodiments include a secure-processing (SEP) hardware module including a processor capable of executing at least one SEP application, wherein the SEP hardware module is configured to perform at least one of encrypting and decrypting data handled by the SEP application using an application-specific application-key corresponding to the SEP application, only if the processor begins execution of the SEP application at an approved entry point of the SEP application, and wherein the application-key corresponding to the SEP application is based at least on an internal key internally stored by the SEP hardware module and on application-specific information corresponding to the SEP application. Other embodiments are described and claimed.

Abstract: A system and apparatus for content delivery to storage. Delivery may be performed according to content types, which may be, for example, content object identifier, a flow of content objects, and store channel levels. Delivery may be performed according to a virtual network defined over a physical network infrastructure and further using peer-to-peer, multicast and/or unicast protocols.

Abstract: A system, method, and apparatus for downloading advertisements, storing advertisements on a storage device, selecting advertisements for presentation, and presenting selected advertisements. In some embodiments of the invention, advertisements may be dynamically associated and presented in coordination with content according to predefined parameters, stored information, and other criteria. Advertisement credits may be allocated in exchange for advertisement consumption. Advertisements and other information may be exchanged with remote servers. Other embodiments are described and claimed.

Abstract: According to embodiments of the present invention, a user's local storage system may be used to create a virtual personal mall comprising one or more virtual personal stores and configured for purchasing products by one or several providers. The virtual personal store and/or virtual personal mall may be organized in virtual shelves. Each virtual shelf may contain a group of products with one or more common properties, for example, books by a certain author and/or published by a certain publisher, and/or supplied by the same virtual personal store provider, etc. The groups may be defined by the virtual personal store provider and/or by the user and/or by a group of users.

Abstract: A multiple entity gateway for supporting cellular authentication from a non-cellular network, the gateway comprising a plurality of entities each located at a different one of a plurality of secure zones and having at least one gap between said entities across said secure zones, said gateway being configured to predefine communication signals allowed across said gap between said entities, thereby to filter out non-allowed signals, and provide secure cellular authentication for a communication originating from said non-cellular network. The gateway allows cellular users to connect to a cellular network via a wireless local area network such as a hotspot, use the services of the cellular network, the Internet and the hotspot at will, and be securely authenticated and charged through the cellular infrastructure.