Abstract: The digital broadcast receiver comprises: a signal input unit for receiving a received broadcast wave; a demodulation unit for demodulating the broadcast wave; an external module; an external module I/F (Interface) for connecting the receiver to the external module; a decoding unit for extracting necessary information containing a target content from the received signal; an output unit for outputting actual video/audio; a control unit for controlling the entire receiver; and a user I/F for transmitting and receiving information to/from a user. Further, there are provided: a packet processing unit that is located between the demodulation unit and the external module I/F, that monitors all the packets contained in a TS, and that performs a predetermined processing on packets matched with a predetermined condition; and a TS selector that is located between the external module I/F and a bus line and that selects and outputs one designated TS of the two TSs.

Abstract: A security control method in a cable network dynamic multicast session, and more particularly, a method of controlling forward secrecy and backward secrecy in a Data Over Cable Service Interface Specifications (DOCSIS) 3.0 network dynamic multicast session is provided. A security control method in a cable network dynamic multicast session, includes: maintaining a multicast group that is allocated with a first Downstream Service Identifier (DSID) and a first Security Association Identifier (SAID) and that is joined by a first cable modem and a second cable modem; receiving a LeaveMulticastSession message from the second cable modem; exchanging, corresponding to the LeaveMulticastSession message, a Dynamic Bonding Change (DBC) message for changing a multicast parameter with the second cable modem; and updating a first Traffic Encryption Key (TEK) corresponding to the first DSID with a second TEK.

Abstract: Methods and systems for adjusting control settings associated with filtering or classifying communications to a computer or a network. The adjustment of the control settings can include adjustment of policy and/or security settings associated with the computer or network. Ranges associated with the control settings can also be provided in some implementations.

Abstract: In one embodiment, a key list entry corresponding to a user's private key is securely deleted from a key list of a user device on shutdown of the user device. Subsequently, input of the user's private key will not allow decryption of an encrypted partition storing encrypted data on the user device. In another embodiment, a key list entry corresponding to a user's private key is automatically and securely re-provisioned on boot up of the user device. Subsequently, input of the user's private key will allow decryption of the encrypted partition on the user device.

Abstract: An encryption apparatus (14) includes a secure processing system (12) in the form of an integrated circuit. The secure processing system (12) includes an on-chip secure memory system (30). The secure memory system (30) includes a non-volatile, read-only, permanent key register (62) in which a permanent cryptographic key (64) is stored. The secure memory system (30) also includes a non-volatile, read-write, erasable key register (56) in which an erasable cryptographic key (60) is stored. Symmetric cryptographic operations take place in an encryption engine (46) using an operating cryptographic key (68) formed by combining (96) the permanent and erasable keys (64, 60). A tamper detection circuit (70) detects tampering and erases the erasable key (60) when a tamper event is detected.

Abstract: Intercepting a secure communication session includes distributing a key from a key distribution point to establish a secure communication session between a first endpoint and a second endpoint. A secure channel is established between the key distribution point and an intercepting point. The intercepting endpoint may be determined to be authorized to intercept the secure communication session. The key is provided to the intercepting endpoint only if the intercepting endpoint is authorized to intercept the secure communication session, where the key provides the intercepting endpoint with access to intercept the secure communication session.

Abstract: Methods are provided for detecting the processing status of data blocks in systems having intermittent connections. A hash value is used at times in place of a block's data content, thereby reducing processing of the block. Hash values may be maintained locally. Blocks collected locally may be stored locally at least until a connection to a server becomes available again. Systems and configured storage media are also provided.

Abstract: The present invention advantageously provides a system and method for management of cryptographic keys and certificates for a plurality of vehicles. Each vehicle of the plurality of vehicles generates public/private key pairs, requests multiple time-distributed certificates, creates an encrypted identity, and surrenders expired certificates. An assigning authority receives the public/private key pairs, the request for multiple time-distributed certificates, the encrypted identity, and the expired certificates from said vehicle. The assigning authority authorizes the vehicle with an authorizing authority, validates the expired certificates, proves ownership, and distributes the requested time-distributed certificates to said vehicle. Validation can comprise checking expired certificates against misused, compromised and/or previously surrendered certificates.

Abstract: A cryptographically signed filesystem provides a central database resident on a server that contains database objects. The server creates startup software to be installed in a client system's read only memory. The startup software contains a hash value for a second stage loader. The server also creates software for a bootstrap loader object which typically contains the operating system for a client system and also the bootstrap loader's hash value and a digital signature that is unique to the server. The startup software and objects created by the server are initially installed on a client device at the time of manufacture. The server can update a client's bootstrap loader and root filesystem at any time through the transmission of slices.

Abstract: A computer program for a controlling apparatus intended to control an image forming apparatus, executes a procedure of confirming each program running on the controlling apparatus. The computer program executes procedure of judging a program, which is not included in a preset list of programs that can be run to control the image forming apparatus among programs whose running states have been confirmed, as an illegal program resulting from computer virus infection. The illegal program is automatically deleted or isolated.

Abstract: Disclosed is a domain DRM system, a license sharing method for the domain DRM system, and a license server. The domain DRM system includes at least one domain including at least one user module adapted for encryption or decryption using a provided encryption key and a domain manager adapted for decryption using a provided encryption key, and a license server for creating encryption keys corresponding to the domain manager and the one user module, respectively, and providing them with the created contents, respectively, so that, when at least one user module requests contents, a contents encryption key used to encrypt the contents is encrypted by using an encryption key of the user module and an encryption key of the domain manager according to a commutative encryption scheme, and one of the domain manager and the user module is provided with a shared license obtained as a result of encryption.

Abstract: In a quantum cryptography communication apparatus, a light pulse is generated by a light source and split into a signal light pulse and a reference light pulse on a receiving side. The signal light pulse and the reference light pulse are transmitted to a sending side via a communication channel. On the sending side, the received reference light is passed through a first optical path and phase-modulated by a randomly selected amount. Communication information is acquired on the basis of the reference light passed through the first optical path and the signal light passed via a second optical path. Frequencies of the signal light pulse and the reference light pulse are shifted. The intensity of the signal light pulses is attenuated and phase-modulated by an amount corresponding to the communication information. The resultant signal light pulse and the reference light pulse are returned back to the receiving side.

Abstract: Systems, methods, and computer program products are defined that provide for secure online financial transaction text chat. According to present embodiments, the security provided to the text chat stream is less likely to be intercepted by a network attacker during communication. In addition to providing heightened security to text chat transmissions, methods, systems and computer program products provide for an alternate platform for delivering the text chat application in the form of a game console. In this regard, the methods, systems and the like provide for text chat on platforms other than personal computers, laptops and/or telephones.

Abstract: Systems, methods, and computer program products are defined that provide for secure online financial transaction voice chat. According to present embodiments, the security provided to the voice chat stream is less likely to be intercepted by a network attacker during communication. In addition to providing heightened security to voice chat transmissions, methods, systems and computer program products provide for an alternate platform for delivering the voice chat application in the form of a game console. In this regard, the methods, systems and the like provide for voice chat/calls on platforms other than personal computers, laptops and/or telephones.

Abstract: An apparatus, system, and method are disclosed for authenticating users through multiple communication channels. The authentication method of the present invention may be used to supplement password systems or replace password authentication, effectively enabling secure sharing, auditing, delegation, and revocation of authority.

Abstract: A disclosed unauthorized usage prevention system enables execution of at least one software item including an identification information item uniquely associated with the software item, based on a key information item in a key module. An information processing apparatus includes a key information storage unit, a control unit, an unauthorized usage prevention controller, and a port. The unauthorized usage prevention controller includes a connection recognition unit and a key information copying unit. When the unauthorized usage prevention controller recognizes that the key module is connected to the port, the unauthorized usage prevention controller copies the key information item in the key module into the key information storage unit, and the control unit enables execution of all of the software items with identification information items associated with the key information items held in the key information storage unit.

Abstract: The invention relates to a P2P traffic management apparatus and method. A P2P flow agent monitors an executed application program to extract a P2P application program, adds application identifiers to packets generated by the application program according to a set policy, and transmits the packets. In this case, a P2P security gateway monitors the inflowing packets from the P2P flow agent to extract packets having the application identifiers, uses the extracted application identifiers to inquire and acquire a related policy, and controls the packets according to the acquired policy.

Abstract: The present invention provides methods, devices, and systems for detecting and filtering SPam over Internet Telephony (SPIT). The invention includes a two level filter. The first level may include a robust audio hash used to filter audio messages based on their audio content and the second level may include a near-duplicate pattern matching algorithm having a number of content filters and an evaluator to aggregate the results from the multiple content filters. By supporting multiple aggregation methods, a more flexible SPIT detection scheme is provided.

Abstract: Rather than downloading each content document on demand from the publisher location to the user site, at the publisher location, each content document is encrypted and then multiple encrypted documents are assembled into a distribution archive that is itself encrypted with a scheduled key. The distribution archive is then downloaded into a content server at the user site. When the content server receives the distribution archive, it decrypts the archive file and unpacks the encrypted documents. The scheduled key used to decrypt an archive file is included with an archive file that was sent previously to the user site in accordance with the subscription service. The scheduled key to decrypt the first archive file sent to the user is sent from the publisher to the user over a communication channel different from the communication channel used to send the archive file from the publisher to the user.

Abstract: Embodiments of apparatus, articles, methods, and systems for secure platform voucher service for software components within an execution environment are generally described herein. An embodiment includes the ability for a Virtual Machine Monitor, Operating System Monitor, or other underlying platform capability to restrict memory regions for access only by specifically authenticated, authorized and verified software components, even when part of an otherwise compromised operating system environment. A provisioning remote entity or gateway only needs to know a platform's public key or certificate hierarchy in order to receive verification proof for any component in the platform. The verification proof or voucher helps to assure to the remote entity that no man-in-the-middle, rootkit, spyware or other malware running in the platform or on the network will have access to the provisioned material.