Abstract: A number of digital content rendering modules are equipped such that selective subsets of the modules may be employed to render digital content of different media, and of different format types. The modules are organized into a hierarchy, with a selected one occupying a root position of the hierarchy, to exclusively receive the digital contents to be rendered, and that each module is further responsible for verifying the integrity of its immediate downstream modules, to collectively protect the digital contents being rendered. Additionally, in accordance with another aspect, a tamper resistant module is employed to recover digital contents provided in a protected state, obfuscating the recovery. Further, the modules may be of different application domains.

Abstract: A system, method and software that secures system firmware located in shadow RAM from unauthorized tampering. The present invention adds protection, either as a whole, or to individual portions of shadow RAM, using a configuration register in a memory controller (or other chip containing shadow RAM attribute control), or an external trapping chip, that traps accesses to a register or registers normally used to enable reading, writing and/or caching of the shadow RAM and generates an interrupt. Only resetting of the trapping chip unlocks the shadow RAM and allows modifications to reading, writing and/or caching of the shadow RAM area. Since trusted code gains control after reset, malicious or run-away programs cannot gain control while the shadow RAM is vulnerable. The entire shadow RAM area or individual shadow RAM areas may be controlled. The present invention permits use of code in the shadow RAM without fear of its alteration, raising reliability from run-away applications or malicious attack.

Abstract: A computerized method and system for managing security risk, where risk associated with a breach of security is analyzed and quantified according to weighted risk variables. The analysis is accomplished by a computerized security risk management system that receives information relating to physical, informational, communication and surveillance risk, and structures the information such that it can be related to risk variables and a security risk level can be calculated according to a relevance of associated risk variables. The security risk level can be indicative of a likelihood that a breach of security may occur relating to a particular transaction or facility. Similarly, a security confidence level can be indicative of how secure a particular facility or practice is and a security maintenance level can be indicative of a level of security that should be maintained in relation to an analyzed subject.

Abstract: Virus control is provided for a plurality of clients of an e-mail server associated with a network by centrally monitoring for a pre-defined activity at any of the plurality of clients. On discovery of the pre-defined activity at a given one of the plurality of clients, e-mail traffic from the given client is blocked. The pre-defined activity may be monitoring for e-mail from clients which is addressed to any of a plurality of pre-defined addresses. These pre-defined addresses may be salted through the address book of a client such that they are likely to be utilised by a computer virus which tries to send e-mail.

Abstract: In a system for transmitting print data from a server apparatus for forming the print data to a client apparatus and performing print based on the print data, it is an object of the invention to improve security of printed matter by inhibiting reprint using the print data stored in the client apparatus and improve operability upon reprinting.

Abstract: A vulnerability checking tool for a host computer designed to examine security logs of attempted logins and revocations, to detect systematic attacks of a wide variety, and to generate a report file that can be examined for information concerning these types of events. Host computer files which contain data regarding attempted accesses and logins are used to create an event list based upon event criteria. The list is evaluated using a “floating period” time frame which advances by single event steps while no violation is detected within a particular floating period, and which advances by “jumps” when violations are detected in a time period so as to reduce the possibility of “over reporting” violations related to the same set of events.

Abstract: A method is disclosed for providing process-based security in a special purpose computer system, comprising the steps of: configuring the special purpose computer with an operating system and at least one application for operation as a computer appliance; associating a resource access table with the at least one application, addressable by the at least one application, containing statements corresponding to predetermined requests for access to at least a one specified resource during running of the at least one application wherein the resource access table statements include information defining an execution path for the at least one application; interpreting the resource access table statements upon a request for the specified resource by the at least one application, wherein at least one of the statements in the resource access table provides for performing a security check prior to granting access to the specified resource; and causing the execution of the at least one application, upon granting access to

Abstract: An online communication system (10) is comprised of a plurality of session clients (12) including a first session client (18) and a second session client (20), and a plurality of online servers (14). The online communication system (10) provides continuity of an online session (80) between the plurality of session clients (12). The first session client (18) participates in the online session (80) including accumulating a plurality of session information (182) for the online session (80). The first session client (18) transfers the plurality of session information (182) to the second session client (20), and the second session client (20) thereafter participates in the online session (80) using the plurality of session information (182).

Abstract: Systems and methods for detecting and preventing network security breaches are described. The systems and methods present a gateway-based packet-forwarding network security solution to not only detect security breaches but also prevent them by directly dropping suspicious packets and connections. The systems and methods employ multiple techniques to detect and prevent network security breaches, including stateful signature detection, traffic signature detection, and protocol anomaly detection.

Abstract: The present invention relates to a method and network element for providing secure access to a packet data network, wherein a first source information is derived from a message received from a terminal device (40, 60), and is compared with a second source information derived from a packet data unit used for conveying said message, or derived from a security association set up between the terminal device and the data network. A protection processing for protecting the packet data network from a fraudulent user attack is then initiated based on the comparing result. Thereby, a simple and efficient protection mechanism can be provided without sending any additional information or providing any additional fields in the message.

Abstract: A system, method, apparatus, means, and computer program code for facilitating security in a network, particularly a distributed network. According to embodiments of the present invention an apparatus or system may include a manager in communication with one or more mappers and one or more adapters for facilitating security requests that may be associated with an application or its environment. An adapter may be associated with an application to identify security requests associated with the application. Similarly, a mapper may be associated with a security service to facilitate communication to and from the security service regarding security requests.

Abstract: Storing events to enhance intrusion detection in networks is described. In one exemplary implementation, an event is received. The event includes a data section containing a set of strings each having an event field. A definition table is referenced to determine locations of event fields in the data section of the event. The event fields are stored in a database record corresponding to event field locations referenced from the definition table.

Abstract: A stand-alone security system controlling access to secured information and self-service functionality for a sponsor organization, usable for Web-based and IVR-based self-service functions, having five primary facets: (1) control of access to secured information and self-service functionality for a sponsor organization, (2) enabling access to users having indirect relationships to the sponsor organization and to users having a direct relationship with the sponsor organization, (3) distribution of security administration from a central information technology resource to various users of the security system, (4) support for integration into different kinds of environments, and (5) support for system integrators.

Abstract: A policy engine in a policy-based, outsourced, network management system. In one embodiment, the management system is multi-layered, modular and stores device configuration data in non-device specific format, which are subsequently translated to device-specific format by lower layers of the management system. The non-device specific format is the same (e.g., XML) as that used to create the policies with the user GUI (e.g., browser) and transport them to the service center over the internet. A database stores a policy directory in a hierarchical format that is separate from a policy store (configuration store) for devices in a flat (non-hierarchical or parallel) format. In one embodiment, a policy engine develops policies in a hierarchical format, but then stores the device schema, or objects, in a low-level, flat database.

Abstract: Information processing methods, systems and ancillary apparatus are disclosed which are generally concerned with the principle of making use of verified information concerning a user whose identity has been verified and stored on a secure server. The server effectively provides a point of presence which third parties may make use of to send or receive information to or from or concerning a specific user reliably, whilst enabling the user to retain control over the information, typically by means of a key such as a smartcard. This may facilitate a variety of transactions over a network, such as the Internet, which would otherwise require separate verification processes to provide the same level of reliability and thereby lead to a surprising improvement in efficiency of the network.

Abstract: A computer system to authenticate users of vendors supplying services and/or products to the users, the system having programmed processors providing authentication rules, authenticating users according to the authentication rules responsive to user authentication requests, configuring the authentication rules in real-time, thereby allowing real-time customization of the system, providing multi-factor user authentication processes, using any data sources providing information about and/or known to the users to authenticate the users, thereby providing a data agnostic system, and authentication strategies correspond to the authentication rules, thereby allowing the system to support authentication strategy experimentation.

Abstract: In a single-sign on system provided, being prevented from centralization of communication load and processing load onto a central system, with taking security and privacy into the consideration, an authentication portion of a field server makes check on an authentication information received from the portable terminal. A ticket issue portion issues a ticket, and then registers it in a ticket DB, as well as, transmits to the portable terminal. Receiving a permission certificate and the ticket from the portable terminal, a service provider portion provides service to the user within an area permitted by the permission certificate, while the ticket issue portion issues a new ticket to be transmitted to the portable terminal, when the ticket received is correct one. A past record inquiring portion gives an inquiry on correctness of the ticket to that field server when receiving the ticket issued by other field server.

Abstract: A method of building a secured unified public network for providing voice, video and data based on Internet Protocol (IP) and secured common channel signaling is disclosed. The network comprises a signaling network for common channel signaling; a data network for video, voice and data; a database for storing and processing digital keys and digital signatures; and the subscriber terminal devices connected to both the signaling network and the data network; The signaling network and database provide sign-on services, key exchange services, digital signature services and call processing services. The encrypted data are transmitted through the data network with shared keys of the caller and called parties.

Abstract: The present invention provides a mobile communications terminal and a data transmitting method which can prevent the alteration of programs that are the object of virus protection study. In the mobile communications terminal 10 of the present invention, a digital signature is applied to the program 26 that is the object of virus protection study using (for example) a public key encryption program stored in an IC chip 12 such as a UIM or the like. Accordingly, in cases where this program is transmitted via a network 28 by the user, the alteration of the program 26 by a third party at an intermediate point in the network 26 can be prevented. Furthermore, the presence or absence of any alteration can be verified in the virus protection study object program receiving server 32 that receives this program 26.

Abstract: A multimedia firewall adapter supplements a conventional firewall to allow transmission of videoconferencing data (e.g., audio and video data) associated with a protocol, such as the H.323 protocol. The multimedia firewall adapter supplements the conventional firewall so that audio and video data associated with the H.323 protocol are allowed to pass through the multimedia firewall adapter, thus circumventing the conventional firewall. The multimedia firewall adapter receives signals from an intranet and Internet, decomposes the signals, and attempts to authenticate the decomposed signals according to the H.323 protocol. If the decomposed signals are authenticated to contain videoconferencing data, the multimedia firewall adapter negotiates and establishes a connection, and allows the videoconferencing data to pass through. However, if the signal is not authenticated, then the signal is blocked from passing. The blocked signal is redirected to the conventional firewall for analysis.

Abstract: A personal medical records retrieval system that allows a person to access their personal medical records from a remote medical records database 24 hours a day, 365 days a years from locations throughout the world. The remote medical records database has an Internet website and the person has a personalized access code for viewing his medical records from the database over the Internet. The database has a Firewall security and privacy/pirating protection system. A personalized access code can only be obtained by becoming a subscribing member to the personal medical records retrieval system. A subscriber may also receive a Smart Health Card that has a small computer (in the form of a computer chip with a memory embedded in it) that contains a person's medical history that can be read on a card reader in a physician's office, in a hospital, in emergency vehicles and any other place that is equipped with a card reader.

Abstract: A data cache for an iSCSI network caches block-level data from WAN servers for use by clients (e.g., LANs). The cache authenticates itself to the WAN servers, and authenticates clients requesting cache access. Mechanisms are provided to prevent clients from accessing cached data intended for other clients.

Abstract: Disclosed is an information processing device suited to enhancing a usability by simplifying an input operation, etc. of user authentication information while assuring a data confidentiality. A retaining means 301 retains information showing whether or not there has already been done initial authentication executed when accessing for the first time a function providing party for providing a cabinet function with authentication. An acquiring means 303, if the initial authentication has been done based on the information within the retaining means 303, acquires authentication information when making the initial authentication. A setting means 305, if the initial authentication has been done based on the information within the retaining means 301, sets the authentication information acquired by the acquiring means 303 as authentication information for using the cabinet function this time.

Abstract: A magnetic stripe card manual swipe reader (MSR) unit capable of attaching to and communicating with a conventional personal digital assistant (PDA) from various manufacturers, using only the electrical power available as supplied by the PDA device, and capable of effective electrical power management and conservation operations. Additionally, this PDA attachable MSR unit is capable of recognizing multiple magnetic encoding formats and data record formats and converting said formats to a standardized output format, includes the capability of updating and adding new formats while in field service, and is readily allows verifying card data and encoding sensitive material prior to transmission to the PDA. These custom formats can then be used to fulfill current needs in age verification, law enforcement, security, and numerous other applications.

Abstract: A system and method for providing a power supply dual remote sense. A power supply with a positive remote sense input is coupled to first and second load positions. The load positions are each coupled to a pull-down circuit to provide first and second voltages, respectively, to the inputs of the pull-down circuit. The pull-down circuit output is coupled to the positive remote sense input of the power supply. The voltage level of the pull-down circuit output is no greater than either of the first or second voltages provided at its inputs.

Abstract: A memory system and method according to various aspects of the present invention comprises a memory and an adaptive timing system for controlling access to the memory. The adaptive timing system captures data in a data valid window (DVW) in a data signal. In one embodiment, the adaptive timing system comprises a delay circuit for sampling the data signal at a midpoint of the DVW. The adaptive timing system may also comprise an identifying circuit for identifying whether the midpoint of the DVW corresponds to an actual midpoint of the DVW and adjusting the delay circuit accordingly.

Abstract: The delay locked loop (“DLL”) delay interval can be locked to stop the DLL from wasting power in unnecessarily switching to synchronize the device with the DLL is associated to the system clock. This is achieved by adding logic sensing when a DRAM device will not imminently be called upon to output data and when the device has stabilized. Waiting for the DLL delay interval to stabilize before locking the delay interval still allows the DLL to immediately and effectively resume operations when the DLL is needed to synchronize the output of the DRAM device with the system clock. The DLL delay interval can be locked, together with the DLL clock, after the DRAM device is deselected by the chip select control line, after a number of no operation commands have been received, and/or after any command issued to the DRAM device has been completed.

Abstract: The present invention is related to a method for treating a digital signal within a protocol handler which is part of a module coupled to a multiplex bus. The method consists in detecting the duty cycle of the digital signal, and in modifying said digital signal so that the modified signal contains the same data, but has a duty cycle of approximately 50%.

Abstract: In one embodiment of the invention, a first last use of a first canonical register in a block of code is recorded after a renaming. The first canonical register is mapped to a first original register. One of a first rollback and a first recovery is applied to the first original register based on whether the recorded first last use occurs before a first last definition of the first original register in the block of code.

Abstract: A communications system comprising a plurality of islands, a media path comprising resources for carrying data in a plurality of calls between first and second ones of the islands in which each of the first and second islands comprises control means for managing allocation of the resources of the media path between the plurality of calls; in which the system also comprises means for detecting a faulty control means and either replacing the faulty control means with a working replacement control means or recovering the faulty control means to working order; in which the system also comprises means for providing from a further control means to the replacement or recovered control means on replacement or recovery information on the allocation of the resources of the media path.

Abstract: A storage device, as an example of an information processing device, includes an executing unit for executing any one of normal processing, first fault recovery processing and second fault recovery processing, a fault recovery processing unit for allowing the executing unit to initiate the first fault recovery processing with a prerequisite that the executing unit is not operating normally in a first period during the normal processing and for allowing the executing unit to initiate the second fault recovery processing with a prerequisite that the executing unit is not operating normally in a second period during the first fault recovery processing, and a failure information obtaining unit for obtaining an internal state of the executing unit after initiating the first fault recovery processing, the internal state being unobtainable after initiating the second fault recovery, as failure information.

Abstract: A block repair device is used in a Dynamic Random Access Memory (DRAM) having a primary array with a defective cell and a redundant array with a redundant row. The block repair device stores a block repair configuration that determines the dimensions (e.g., the number of rows and columns spanned) of a repair block. Routing circuitry is configured by the stored block repair configuration to output some row and column address bits from received row and column addresses in a selected ratio. Comparison circuitry compares the row and column address bits output by the routing circuitry with the address of the defective cell that defines the repair block. When a match occurs, the comparison circuitry implements a block repair by activating the redundant row and by causing data to be written to or read from the activated redundant row instead of the primary array.

Abstract: A data processing system participating in two-phase transaction processing operations which, when a system failure occurs while one or more transactions are in process, can successfully rebuild “in-doubt” states even when another system failure occurs during an attempt to effect the rebuild. The system includes a file management system having exclusive access to reserved locations in the memory for reading and writing meta-data therein and physical file access logic selectively coupling the memory and the database access application, the physical file access logic incorporating file protections which are controlled by the file management system; such that, in the event of a failure, the local state of the transaction can be faithfully rebuilt after restart by accessing the meta-data.

Abstract: System-managed duplexing of coupling facility structures. A plurality of instances of coupling facility structures are maintained in a plurality of coupling facilities. Duplexing processing associated with the plurality of instances is managed by one or more operating systems, making many of the steps associated with duplexing transparent to the exploiters of the coupling facility structures. System-managed duplexing provides high availability for coupling facility structure data via a robust recovery mechanism (i.e., duplexing failover).

Abstract: A method that automatically downloads a device driver through the Internet when installing a peripheral device to a host, a method for fixing errors in the device, and a system thereof. A first embodiment includes receiving an error code and/or a server address corresponding to an error from the device when a device error occurs, connecting to a server using the received address to transfer the error code, and receiving a service page from the server with reference to the error code. A second embodiment includes detecting whether the device is connected, receiving device information including a server address, which provides the device driver and/or interface information, from the device and connecting to the received address to transfer the device information and/or operation system information, and receiving a device driver corresponding to the interface information from a server corresponding to the address and installing the device driver.

Abstract: Hardware or software to test a memory device by loading a value into a register and generating a test sequence in response to the value. Storing a signature of the result of the test sequence in a shift register. An optional error counter to detect the location and type of defect.

Abstract: Method for ensuring the fail-silent property in the time domain of remote communication computers (111, . . . 114) of a fault-tolerant distributed computer system, in which a plurality of remote computers are connected via a distributor unit (101, 102), each remote computer has an independent communications controller unit with the corresponding connections to the communication channels (121), and the access to the communication channels occurs by a cyclical time-division multiple access method. The at least one distributor unit makes sure, by virtue of the correct sending behavior of the remote computer that is known a priori by it, that a remote computer can only send to the other remote computers within its statically assigned time slice.

Abstract: An improved method of testing a computer system comprises a sequence of tests that are performed when the computer system is first turned on, according to one embodiment. The operation of various components of the computer system, such as a chipset, a random access memory, a cache memory, a video controller, a keyboard controller, peripheral memory controllers, busses, and the like, is tested by a test program stored in read only memory (ROM). If the components successfully pass, an address is permanently changed in ROM, so that the test sequence is bypassed whenever the computer system is subsequently booted, saving significant time during future reboots. An improved computer system and a machine-accessible medium are also described.

Abstract: A method of debugging using a USB connecting system. A debug signal function is installed in the BIOS of a target PC, and a host PC is provided with monitor software. A USB interface is used to connect the target PC and the host PC, using the host PC to monitor the debugging state of the BIOS of the target PC. The invention thus achieves the goal of debugging a system through a USB.

Abstract: An electronic control unit (ECU) includes a central processing unit (CPU), a non-volatile memory bank, a volatile memory bank and a state machine. The state machine is in communication with the CPU and functions to selectively capture information available on an internal bus of the CPU on a cycle-by-cycle basis and store the captured information in the volatile memory, which is also coupled to the CPU.

Abstract: A method for recovering from malfunctions in a primary agent module of a modular network device. The primary agent module is installed in a modular network device having a number of network interface modules housed in a chassis. A backup agent module is installed in the chassis when the modular network device is powered on. The backup agent module determines if the primary agent module has been installed when three dedicated signals of the primary agent module are asserted. The network device then synchronizes all configuration information of the network interface modules from the primary to the backup agent module. The backup agent module detects that the primary agent module has failed if it cannot receive a message sent from the primary agent module within a predetermined time interval. As a result, the modular network device is rebooted and the backup agent module becomes the primary agent module.

Abstract: A method for identifying, by way of a genetic algorithm, test points to be inserted in an integrated circuit (IC) chip to improve the testability of the IC is described. The algorithm is particularly well suited for large circuit designs (several million gates) because it allows to simultaneous insert multiple additional test points at critical locations of the IC to gain supplemental controlability and/or observability and thereby eliminating the drawbacks associated with the single test point approach. To further improve performance, cost function gradient techniques are applied to guide the selection of potential test points for consideration by the algorithm. Fault simulation of random patterns is used to more accurately distinguish between random pattern testable and random resistant faults, and to provide a more accurate set of initial probabilities for the cost function calculations.

Abstract: A broadcaster, system, and method for reducing test data volume and test application time in an ATE (automatic test equipment) in a scan-based integrated circuit. The scan-based integrated circuit contains multiple scan chains, each scan chain comprising multiple scan cells coupled in series. The broadcaster is a combinational logic network coupled to an optional virtual scan controller and an optional scan connector. The virtual scan controller controls the operation of the broadcaster. The system transmits virtual scan patterns stored in the ATE and generates broadcast scan patterns through the broadcaster for testing manufacturing faults in the scan-based integrated circuit. The number of scan chains that can be supported by the ATE is significantly increased. Methods are further proposed to reorder scan cells in selected scan chains, to generate the broadcast scan patterns and virtual scan patterns, and to synthesize the broadcaster and a compactor in the scan-based integrated circuit.

Abstract: A self testing-and-repairing data buffer and method for operating the same are disclosed. The data buffer comprises a plurality of flip flops, a multiplexer, a test platform, a repair unit, and a buffer rearrange manager. The test platform generates test signals for checking each flip flop. If any damage is found, the repair unit is used to replace the damage flip flops for storing data. The buffer rearrange manager rearranges the address of the damage flip flops to the repair unit so that the data buffer can be operated normally. By the circuit layout and the precise calculation about time delay, the gated clock signal not used currently is used to form the working frequency of the flip flops of the data buffer so as to reduce the power as the IC is inoperative. Furthermore, the area of the data buffer and number of gates are reduced greatly.

Abstract: A radio telecommunications receiver operates to receive digital data symbols or bits by iterative determination of soft estimates of symbols or bits followed by a hard decision as to what symbol or bit was intended. The receiver comprises a first processor operative to provide first soft estimates of symbols or bits, of the received signal and a second processor operative to decode the first soft estimates and to provide second soft estimates of the symbols or bits. The receiver also comprises a combiner operative to provide third soft estimates back to the first processor for subsequent further decoding, the third soft estimates of each symbol or bit being dependent upon the respective second soft estimate and a respective previous second soft estimate.

Abstract: A K-bit information signal represented by a polynomial U(x) having a degree K−1 is received. The information signal is transformed to form a transformed information signal using a first transform represented by a polynomial G1(x) having a degree P. The transformed information signal is represented by a polynomial T(x) having a degree K+P−1. T(x) equals U(x)G1(x). An initial cyclic code represented by a polynomial R1(x) is generated for the transformed information signal using a second transform represented by a polynomial G2(x), where G2(x) has high-order leading-zero terms. R1(x) equals the remainder obtained by dividing T(x) by G2(x). The initial cyclic code is transformed to form a final cyclic code represented by a polynomial R2(x) using the first transform. R2(x) equals R1(x)/G1(x).

Abstract: Methods and systems for improving repairing efficiency in non-volatile memory. Repairing data may be read from an information array associated with the non-volatile memory. The repairing data is generally read to a volatile latch associated with the non-volatile memory. An error correction coding circuit (ECC) circuit can be enabled during reading of the repairing data to thereby identify and repair defective columns or rows associated with the non-volatile memory, regardless of the corruption of the columns.

Abstract: A method and apparatus for decoding a frame of interleaved information bits in a communications system, where the decoding of the frame of interleaved information bits may begin before all of the bits in the frame are received at a decoding site. The frame of interleaved information bits has a frame start time and a frame end time. The frame also includes a first fractional segment that has a start time that is the same as the frame start time and an end time that is before the frame end time. Prior to transmission of the frame of interleaved information bits to a decoding site, all bits in the frame are encoded at a code rate R to provide encoded bits, and the encoded bits are positioned in the interleaved frame in accordance with an interleaving pattern that stores bits having a code rate R1 within a first fractional segment of the interleaved frame. In one embodiment, R1=R/a1, and a1 corresponds to the first fractional segment of the frame.

Abstract: A code generator circuit according to the invention comprises a divider circuit configured as a shift register where flip-flops F1-F8, selectors 130-137, and exclusive-OR circuits 110, 111, 112, 113 are serially connected, and a division remainder decision circuit 101 including a remainder shift circuit that compares the number of digits of leading 0s of the value on the shift register with the number of leading 0s of the subsequent input data and assumes the number of digits of the smaller as the number of skip digits, then outputs the value on the shift register shifted by the number of skip digits, characterized in that the selector circuits select the output of the remainder shift circuit when the number of skip digits is 1 or more and select the output of the flip-flops connected immediately before the respective selector circuits when the number of skip digits is 0

Abstract: The present invention provides for smaller, faster Reed-Solomon encoders, while at the same time providing support of multiple codes in a simple architecture having a reduced number of Galois field multipliers. In accordance with the principles of the present invention, a polynomial is factored differently than conventional Reed-Solomon encoders, resulting in enhanced performance, simplified circuitry, and/or a reduction of critical paths in the Reed-Solomon encoders. Thus, not only are the number of required Galois field multipliers reduced, but support for three different Reed-Solomon codes is provided with a minimized number of Galois field multipliers. In the disclosed embodiments, rather than implementing n subfilters each representing an individual degree polynomial filter as in Cox's conventional Reed-Solomon encoder, the present invention implements multiple degree polynomials factored in a way which is convenient to a desired plurality of Reed-Solomon codes.