Abstract: Techniques for identity enabled virtualized edge processing are provided. A target service, its data content, and its processing context are packaged with an identity as a self-contained virtual distribution within an enterprise environment and distributed to a host environment in accordance with distribution policy. The host environment represents an edge of a network, and the virtual distribution's identity is validated and the virtual distribution is subsequently deployed as a virtual machine at the edge in accordance with deployment policy.

Abstract: A system for providing access control for an information server implemented by a mobile terminal includes a proxy gateway configured for receiving a set of control rules, the rules identifying one or more clients by respective telephone numbers associated therewith. The proxy gateway receives a client request across a network to access a resource of the information server, where the request reflects a network address of the proxy gateway, and an identity of the information server outside the network. The proxy gateway determines if the client is authorized to access the requested resource based upon a telephone number associated with the client and the set of control rules, the proxy gateway having received the telephone number associated with the client before the request. If the client is authorized, the proxy gateway sends the request to the information server based upon the identity of the information server reflected in the request.

Abstract: Random partial shared secret recognition is combined with using more than one communication channel between server-side resources and two logical or physical client-side data processing machines. After a first security tier, a first communication channel is opened to a first data processing machine on the client side. The session proceeds by delivering an authentication challenge, identifying a random subset of an authentication credential, to a second data processing machine on the client side using a second communication channel. Next, the user enters an authentication response in the first data processing machine, based on a random subset of the authentication credential. The authentication response is returned to the server side on the first communication channel for matching. The authentication credential can be a one-session-only credential delivered to the user for one session, or a static credential used many times.

Abstract: A computer readable medium includes instructions for managing execution of an application module by receiving a request to execute the application module, where the application module is configured to execute on a virtual machine, retrieving license registration information and license status information associated with the application module, communicating the license registration information and the license status information to a license validation module to obtain an authorization response, where the license validation module is associated with the application module and registered with the virtual machine, and executing the application module, if the authorization response indicates that the license registration information and the license status information are valid.

Abstract: An authentication system includes: a first information processor; a second information processor; an authentication-service-providing device; and an authentication device, wherein the authentication-service-providing device has: an unit that receives second authentication information for authenticating a user from the second information processor and executes a second authentication based on the second authentication information; and an unit that issues third authentication information to the second information processor when the second authentication is successful; and the authentication device has: an unit that receives first authentication information for authenticating the user from the first information processor and executes a first authentication based on the first authentication information; and an unit that receives, from the first information processor, third authentication information obtained by the second information processor and input to the first information processor and cooperates with the a

Abstract: The present invention is a procedure for a self configuring eNB/E-UTRAN. The eNB/E-UTRAN interacts with the Enhanced Packet Core (EPC) of the LTE network in order to complete the mutual authentication task between the eNB and the EPC and other operating procedures in the eNB self configuration phase.

Abstract: One embodiment in accordance with the present invention includes implementing a personal digital assistant (PDA) with a wireless personal identification mechanism. Specifically, the wireless identification mechanism can be a radio frequency identification (RFID) integrated circuit which is incorporated on the inside of the rear housing (e.g., plastic) of the personal digital assistant. Once the radio frequency identification integrated circuit has been implemented with an authorized security code, the personal digital assistant in accordance with the present embodiment is capable of functioning as a “key” enabling entry into restricted areas which are secured with non-contact radio frequency security systems such as corporate campuses, buildings, and/or laboratories. In this manner, an authorized person does not have to carry around a separate radio frequency keycard in order to gain access to restricted areas.

Abstract: A verification device transmits challenge information to a first entity device, and for each authentication context received in return, verifies that challenge information identical to the challenge information transmitted in advance is described, to thereby confirm that the authentication context is the current one. As a result, a repetitive attack in which the past authentication context is repeatedly used is prevented and the security against repetitive attacks is improved.

Abstract: A device capable of communicating with a computer via a USB interface, the device comprising a USB hub and a wireless USB network adapter which is connected to the USB hub, and being adapted such that a smart card capable of communication using the USB protocol can be connected to the USB hub.

Abstract: An apparatus and method of modular manufacturing process for a transmitter, receiver and/or transceiver is disclosed. The modular process assembles an array of optoelectronic devices to an array header to form an optoelectronic array package. Once the optoelectronic array package is assembled, it is tested and verified the functionality and alignment between the optoelectronic devices and optical fibers. The optoelectronic array package is subsequently coupled to an optical lens array to form an array optical subassembly. After the array optical subassembly is tested, it is coupled to an optical fiber connector to form an optical module. The optical module is then tested to verify its functionality and alignment.

Abstract: A VPN connection method and a communication system are provided, each which can omit the setting of a firewall and the installation of a relay server and can establish communications from the outside of a firewall to the inside thereof. The internal network 2 is connected to the external network 1 via the firewall 13. The internal network 2 enables communications by an e-mail from the external network 1 (outside the firewall) to the mail server 21 in the internal network 2 (inside the firewall) or communications by telephone or radio, which is not via the firewall 3. The feature of the firewall 3 is utilized that access from the outside to the inside of the firewall through VPN connection is very difficult but the access in the reverse stream can be simply performed. Using the mail server, telephone line or radio line, the internal network 2 receives an e-mail, which requires for VPN connection from the external network 1, or control information through the telephone line.

Abstract: The present invention provides a method, a device and a system for controlling VoIP border security. The system includes: a border security controller, which includes two dynamic information tables, an active session information table and a registered user information table, acting as the basis of security control; and a security policy server, in communication with the border security controller, adapted to provide a security policy to the border security controller and check the security of a signaling packet forwarded by the border security controller. The border security control system first checks the security and processes the packets of a user datagram received according to the active session information table and the registered user information table, and allows a packet which passed the security processing to pass, and then performs protocol processing on the media packet and signaling packet which are allowed to pass.

Abstract: When a process (interrupt process) causing no problem in the content copyright management but to be executed with a higher priority than a content reproduction such as a telephone call or alarm display is started or ended during a content reproduction/execution, process judgment means (308) reports it to control means (305). The control means (305) outputs a reproduction interrupt instruction for temporarily stopping the use time measurement and interrupting the content reproduction to reproduction/execution means (304) and outputs a reproduction resume instruction for resuming the use time measurement and resuming the content reproduction to the reproduction/execution means (304) in accordance with the end report of process judgment means (308).

Abstract: The present invention provides a method, apparatus, and computer instructions for warning of a presence of a person in a zone having an inadequate security clearance. Movement of the person in the zone is detected. A message is broadcast to selected data processing systems associated with the zone, wherein the data processing systems initiate actions to protect data in the selected data processing systems.

Abstract: Honey pots are used to attract computer attacks to a virtual operating system that is a virtual instantiation of a typical deployed operational system. Honey nets are a collection of these virtual systems assembled to create a virtual network. The subject system uses a forward deployed honey net combined with a parallel monitoring system collecting data into and from the honey net, leveraging the controlled environment to identify malicious behavior and new attacks. This honey net/monitoring pair is placed ahead of the real deployed operational network and the data it uncovers is used to reconfigure network protective devices in real time to prevent zero-day based attacks from entering the real network.

Abstract: In one embodiment, a technique for enhancing the inspection of data sent from a server is provided. By modifying a client request in an effort to prevent the transformation (e.g., encoding and/or compression) of data by the server, unencoded data may be received, which can be inspected without the overhead associated with first decoding the data. Further, in the event the data is encoded despite modifying the client request to prevent such encoding, the server may be untrustworthy and one or more appropriate actions may be taken.

Abstract: A system, method and computer program product for administering trust dependent functional control over a portable endpoint security device (PEPS). A reconnoitering application in conjunction with a trust enforcement policy determines a relative trusted state of the host processing unit and administers trust dependent functional control over the PEPS in dependence on one or more trust dependent characteristics reconnoitered from the host processing unit. The trust dependent characteristics reconnoitered from the host processing unit may be location dependent, context dependent, hardware configuration dependent and logical state dependent.

Abstract: Methods of simulating vulnerability are provided. In an example, multi-stage vulnerability across multiple systems may be simulated by first simulating a probing of at least one intermediate entity, the at least one intermediate entity connected to a target system, second simulating a probing of the target system if the first simulated probing is successful and generating an attack graph based on the results of the first and second simulating steps. In another example, multi-system vulnerability may be simulated by receiving a plurality of attributes associated with vulnerabilities of a plurality of systems within a network, the plurality of systems including at least one target system and generating an attack graph including one or more attack chains based at least in part on the received plurality of attributes. In another example, system (e.g.

Abstract: A method and apparatus associate different characteristics with different information portions and selectively distribute or provide access to the different portions based on the different characteristics associated with the portions.

Abstract: Provided is digital rights management (DRM) provision technology, and more particularly, are an apparatus, system, and method which can easily provide content using one or more DRM systems. A DRM provision apparatus includes a content download unit which downloads encrypted real content and dummy content from a download server and which manages the downloaded real content and dummy content; a license management unit which manages a license issued by a license server; and a processing unit which manages the downloaded real content and dummy content and the issued license.

Abstract: Systems and methods for binding a secret to a computer system are disclosed. Systems and methods for generating a strong hardware identification (SHWID) for a given computer system are also disclosed. The strong hardware identification (SHWID) is coupled to a bound secret. The strong hardware identification (SHWID) may be used to control the use of software on the given computer system depending on the degree of hardware changes to the computer system.

Abstract: A system and method for securing and tracking an electronic device. The system includes hardware, software and firmware components that cooperate to allow tracking, disabling, and other interaction with the stolen electronic device. The system includes an application component, non-viewable component and Basic Input/Output Subsystem (BIOS) component that are present on the electronic device. The BIOS component maintains the secured environment of the application and non-viewable components. If only the application component was provided, a simple low level format of the hard disk drive would remove the application and bypass the security features. The system implements an “application and BIOS” based solution to electronic device security.

Abstract: Exemplary embodiments provide a method and system for self-service resource provisioning having collaborative compliance enforcement. Method and system aspects of the exemplary embodiments include displaying a hierarchical list of resources for selection of at least one privilege associated with the resources; in response to a user selecting least one of the privileges from the hierarchical list, adding the selected privilege to a request cart to enable the user to initiate a request for the privilege; and in response to a user submitting the request cart, automatically invoking a workflow process to approve a request for the privilege, wherein the workflow is dynamically generated at least in part from the structure of the hierarchical list of resources and a location of the privilege within the hierarchical list.

Abstract: Exemplary embodiments provide a method and system for providing a hybrid meta-directory for recording a grant of privileges. In one embodiment method and system aspects of the exemplary embodiment include: assigning a privilege identifier to each privilege stored in a privilege repository; in response to a granting of one of the privileges to a target user, storing the privilege identifier assigned to the granted privilege in an authoritative source domain record for the target user; and in response to receiving a query of the authoritative source domain based on a user ID, retrieving a list of privileges granted to the corresponding target user based on the privilege identifiers associated with the user ID.

Abstract: An application portal selectively provides a user selective access to data. A data access layer is included in the portal and includes a map associating the user with a permission and further associating a combination of the user and the permission with a data entity, whereby it may be determined whether the user is permitted to access data identified with the data entity. A data stage included in the portal selectively undergoes a synchronization with a remote data store, the synchronization providing data access information that is used to update the map.

Abstract: An AV communication control circuit suitable for a radio LAN-LSI in a radio AV transmission/reception device is formed by a copyright protection processing unit configured to carry out a copyright protection processing with respect to AV data entered from an AV stream signal line, a selection unit configured to select either one of AV data entered from an AV stream signal line through the copyright protection processing unit and AV data entered from a general purpose bus, and a transmission control unit configured to carry out control for transmitting AV data selected by the selection unit to a network.

Abstract: A component has a substrate (1) made of a transparent material, for example glass. On this layer (1), there is a linear polarizer (2) on which there is a layer (3) of a photo-oriented polymer network (PPN)(-LPP) which is oriented in locally varying fashion via its surface which covers the substrate. The layer (3) is adjoined by an anisotropic layer (4) of cross-linked liquid-crystal monomers. This layer (4) then has a molecular arrangement whose orientation is defined by the underlying orientation layer (3). The layer (4) will have been photocross-linked by exposure to a suitable wavelength of light, with the result that the molecular orientation defined by the PPN layer (3) is fixed. The element, denoted as a whole by 7, can then be used as an optical component which is protected against forgery, it being possible for the orientation pattern of the liquid-crystal layer or the optical information stored therein to be made visible by means of an external polarizer (5), for example.

Abstract: The invention relates to a system for protecting a portable computing device wherein the system comprises a device housing adapted to protectively encase the portable computing device to prevent exposure of the portable computing device to potentially harmful operational conditions and a protectively hardened user input device in communication with the device housing. The system may further include a protectively hardened display in communication with the device housing, wherein the device housing allows a user of the portable computing device to operate the portable computing device via the protectively hardened user input device and the protectively hardened display.

Abstract: The present invention relates to transgenic non-human animals that are engineered to contain human immunoglobulin gene loci. In particular, animals in accordance with the invention possess human Ig loci that include plural variable (VH and V?) gene regions. Advantageously, the inclusion of plural variable region genes enhances the specificity and diversity of human antibodies produced by the animal. Further, the inclusion of such regions enhances and reconstitutes B-cell development to the animals, such that the animals possess abundant mature B-cells secreting extremely high affinity antibodies.

Abstract: Embodiments of the invention provide mouse tumor models involving either the B16 mouse melanoma or MXT mouse mammary tumor, untreated or treated with chemotherapy and/or anti-cachectic agents, for the study of tumor-generated or cancer therapy-generated cachexia-inducing signals and mechanisms. Other embodiments of the invention also provide additional models, including pre-treatment of mouse skin with anti-cachectic proteins prior to tumor implantation, for the study of anti-cachectic signals and mechanisms generated by the skin. To reduce or reverse tumor- and chemotherapy-induced cachexia, embodiments of the invention use the human proteins placental alkaline phosphatase, transferrin, ?1-antitrypsin preparations or combinations thereof as well as chemically synthesized CCDTHT or N,N-diethyl-N-methyl-2-[(9-oxo-9H-thioxanthen-2-yl)methoxy]-ethanaminium iodide or CCDTHT-like compounds.

Abstract: The invention relates to the field of crop selection and crop breeding, particularly to selection methods for breeding colony varieties of crops involving self-pollination and normal cross-pollination. Selection methods include crossing male parents with female parents to obtain crop populations, wherein the female parents are individual plants in a segregation population or self-crossed descendants of early segregation generations, said segregation population obtained by hybridizing pairs of parental plants with different desired characteristics to produce population F1, and then hybridizing pairs of F1 one more time. The male parents are homozygous breeding lines, varieties, F1, heterozygous plants in the segregation generations or individual plants produced in the same manner as for the female group.

Abstract: The present invention relates to carrot lines having roots containing increased levels of lycopene, as well as containers of such carrots. The present invention also relates to parts of carrot plants from lines having roots with increased lycopene content, including seeds capable of growing carrot plants with increased root lycopene content. The invention also provides seed and plants of the carrot lines designated RN 71-4904C, RF 71-4911A, RF 71-4912A, RIF 71-4966C, RIF 71-4967B, or RIF 71-4968B. The invention thus relates to the plants, seeds and tissue cultures of carrot line RN 71-4904C, RF 71-4911A, RF 71-4912A, RIF 71-4966C, RIF 71-4967B, or RIF 71-4968B, and to methods for producing a carrot plant produced by crossing a plant of carrot line RN 71-4904C, RF 71-4911A, RF 71-4912A, RIF 71-4966C, RIF 71-4967B, or RIF 71-4968B with itself or with another carrot plant, such as a plant of another line. The invention further relates to seeds and plants produced by such crossing.

Abstract: The invention provides sudangrass inbred and hybrid plants having adaptation, productivity, and disease resistance with reduced lignin concentration, reduced cell wall concentration, and improved digestibility. Plants and plant parts of the invention are useful in the efficient production of meat and milk due to improved whole plant and fiber digestibility.

Abstract: The present invention discloses rucola plants, including an E. sativa plant, with cytoplasmic inherited male sterility (CMS) for hybrid breeding purposes. The present invention includes plants that comprise CMS-cytoplasm from cauliflower (B. oleracea var. botrytis) transferred to E. sativa by a wide interspecific cross.

Abstract: Provided is a method for producing a homozygous non-human organism from a heterozygous non-human organism, which homozygous organism can be crossed to obtain a hybrid, comprising providing a heterozygous starting organism; allowing the organism to produce SDR-0 cells through meiosis, which cells originate from second division restitution; regenerating SDR-0 organisms from the SDR-0 cells; and producing the homozygous organism from the SDR-0 organisms thus obtained. Further provided is a method for producing a hybrid, comprising crossing a first homozygous organism that is produced according to the above method with a second homozygous organism. Also provided is a homozygous non-human organism and hybrid non-human organisms obtainable by these methods. In a preferred embodiment, the organisms are plants.

Abstract: The invention provides sudangrass inbred and hybrid plants having adaptation, productivity, and disease resistance with reduced lignin concentration, reduced cell wall concentration, and improved digestibility. Plants and plant parts of the invention are useful in the efficient production of meat and milk due to improved whole plant and fiber digestibility.

Abstract: The invention provides sudangrass inbred and hybrid plants having adaptation, productivity, and disease resistance with reduced lignin concentration, reduced cell wall concentration, and improved digestibility. Plants and plant parts of the invention are useful in the efficient production of meat and milk due to improved whole plant and fiber digestibility.

Abstract: A flow assembly has a hollow housing including a lumen extending from a proximal aperture to a distal aperture. The flow assembly can have a first set of blades including at least one first blade disposed within the lumen, wherein the at least one first blade extends from the housing and can be positioned between the proximal aperture and the distal aperture. The flow assembly also has a second set of blades including at least one second blade disposed within the lumen, wherein the at least one second blade extends from the housing and can be positioned between the at least one first blade and the distal aperture. Also, the flow assembly can have a central passageway substantially free of blades extending from the proximal aperture to the distal aperture.